General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.” With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434). Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase. Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort. Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam. See #48900, #50434. Fixes #50413. git-svn-id: https://develop.svn.wordpress.org/trunk@48121 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
9e3b322f8f
commit
e26394bb2d
@ -220,7 +220,7 @@
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass1 );
|
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass1 );
|
||||||
|
|
||||||
switch ( strength ) {
|
switch ( strength ) {
|
||||||
case -1:
|
case -1:
|
||||||
|
@ -22,16 +22,16 @@ window.wp = window.wp || {};
|
|||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
*
|
*
|
||||||
* @param {string} password1 The subject password.
|
* @param {string} password1 The subject password.
|
||||||
* @param {Array} blacklist An array of words that will lower the entropy of
|
* @param {Array} disallowedList An array of words that will lower the entropy of
|
||||||
* the password.
|
* the password.
|
||||||
* @param {string} password2 The password confirmation.
|
* @param {string} password2 The password confirmation.
|
||||||
*
|
*
|
||||||
* @return {number} The password strength score.
|
* @return {number} The password strength score.
|
||||||
*/
|
*/
|
||||||
meter : function( password1, blacklist, password2 ) {
|
meter : function( password1, disallowedList, password2 ) {
|
||||||
if ( ! $.isArray( blacklist ) )
|
if ( ! $.isArray( disallowedList ) )
|
||||||
blacklist = [ blacklist.toString() ];
|
disallowedList = [ disallowedList.toString() ];
|
||||||
|
|
||||||
if (password1 != password2 && password2 && password2.length > 0)
|
if (password1 != password2 && password2 && password2.length > 0)
|
||||||
return 5;
|
return 5;
|
||||||
@ -41,7 +41,7 @@ window.wp = window.wp || {};
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
var result = zxcvbn( password1, blacklist );
|
var result = zxcvbn( password1, disallowedList );
|
||||||
return result.score;
|
return result.score;
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -49,20 +49,43 @@ window.wp = window.wp || {};
|
|||||||
* Builds an array of words that should be penalized.
|
* Builds an array of words that should be penalized.
|
||||||
*
|
*
|
||||||
* Certain words need to be penalized because it would lower the entropy of a
|
* Certain words need to be penalized because it would lower the entropy of a
|
||||||
* password if they were used. The blacklist is based on user input fields such
|
* password if they were used. The disallowedList is based on user input fields such
|
||||||
* as username, first name, email etc.
|
* as username, first name, email etc.
|
||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
|
||||||
*
|
*
|
||||||
* @return {string[]} The array of words to be blacklisted.
|
* @return {string[]} The array of words to be disallowed.
|
||||||
*/
|
*/
|
||||||
userInputBlacklist : function() {
|
userInputBlacklist : function() {
|
||||||
|
wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
|
||||||
|
version: '5.5.0',
|
||||||
|
alternative: 'wp.passwordStrength.userInputDisallowedList()',
|
||||||
|
plugin: 'WordPress',
|
||||||
|
hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
|
||||||
|
} );
|
||||||
|
|
||||||
|
return wp.passwordStrength.userInputDisallowedList();
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Builds an array of words that should be penalized.
|
||||||
|
*
|
||||||
|
* Certain words need to be penalized because it would lower the entropy of a
|
||||||
|
* password if they were used. The disallowed list is based on user input fields such
|
||||||
|
* as username, first name, email etc.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @return {string[]} The array of words to be disallowed.
|
||||||
|
*/
|
||||||
|
userInputDisallowedList : function() {
|
||||||
var i, userInputFieldsLength, rawValuesLength, currentField,
|
var i, userInputFieldsLength, rawValuesLength, currentField,
|
||||||
rawValues = [],
|
rawValues = [],
|
||||||
blacklist = [],
|
disallowedList = [],
|
||||||
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
||||||
|
|
||||||
// Collect all the strings we want to blacklist.
|
// Collect all the strings we want to disallow.
|
||||||
rawValues.push( document.title );
|
rawValues.push( document.title );
|
||||||
rawValues.push( document.URL );
|
rawValues.push( document.URL );
|
||||||
|
|
||||||
@ -85,7 +108,7 @@ window.wp = window.wp || {};
|
|||||||
rawValuesLength = rawValues.length;
|
rawValuesLength = rawValues.length;
|
||||||
for ( i = 0; i < rawValuesLength; i++ ) {
|
for ( i = 0; i < rawValuesLength; i++ ) {
|
||||||
if ( rawValues[ i ] ) {
|
if ( rawValues[ i ] ) {
|
||||||
blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -93,15 +116,15 @@ window.wp = window.wp || {};
|
|||||||
* Remove empty values, short words and duplicates. Short words are likely to
|
* Remove empty values, short words and duplicates. Short words are likely to
|
||||||
* cause many false positives.
|
* cause many false positives.
|
||||||
*/
|
*/
|
||||||
blacklist = $.grep( blacklist, function( value, key ) {
|
disallowedList = $.grep( disallowedList, function( value, key ) {
|
||||||
if ( '' === value || 4 > value.length ) {
|
if ( '' === value || 4 > value.length ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $.inArray( value, blacklist ) === key;
|
return $.inArray( value, disallowedList ) === key;
|
||||||
});
|
});
|
||||||
|
|
||||||
return blacklist;
|
return disallowedList;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
|
|||||||
add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
|
add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
|
||||||
|
|
||||||
// Plugin hooks.
|
// Plugin hooks.
|
||||||
add_filter( 'whitelist_options', 'option_update_filter' );
|
add_filter( 'allowed_options', 'option_update_filter' );
|
||||||
|
|
||||||
// Plugin Install hooks.
|
// Plugin Install hooks.
|
||||||
add_action( 'install_plugins_featured', 'install_dashboard' );
|
add_action( 'install_plugins_featured', 'install_dashboard' );
|
||||||
|
@ -47,10 +47,10 @@ class WP_Plugins_List_Table extends WP_List_Table {
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$status_whitelist = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
|
$allowed_statuses = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
|
||||||
|
|
||||||
$status = 'all';
|
$status = 'all';
|
||||||
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $status_whitelist, true ) ) {
|
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $allowed_statuses, true ) ) {
|
||||||
$status = $_REQUEST['plugin_status'];
|
$status = $_REQUEST['plugin_status'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1776,8 +1776,9 @@ class WP_Site_Health {
|
|||||||
/**
|
/**
|
||||||
* Test if HTTP requests are blocked.
|
* Test if HTTP requests are blocked.
|
||||||
*
|
*
|
||||||
* It's possible to block all outgoing communication (with the possibility of whitelisting hosts) via the
|
* It's possible to block all outgoing communication (with the possibility of allowing certain
|
||||||
* HTTP API. This may create problems for users as many features are running as services these days.
|
* hosts) via the HTTP API. This may create problems for users as many features are running as
|
||||||
|
* services these days.
|
||||||
*
|
*
|
||||||
* @since 5.2.0
|
* @since 5.2.0
|
||||||
*
|
*
|
||||||
@ -1833,8 +1834,8 @@ class WP_Site_Health {
|
|||||||
$result['description'] .= sprintf(
|
$result['description'] .= sprintf(
|
||||||
'<p>%s</p>',
|
'<p>%s</p>',
|
||||||
sprintf(
|
sprintf(
|
||||||
/* translators: 1: Name of the constant used. 2: List of hostnames whitelisted. */
|
/* translators: 1: Name of the constant used. 2: List of allowed hostnames. */
|
||||||
__( 'HTTP requests have been blocked by the %1$s constant, with some hosts whitelisted: %2$s.' ),
|
__( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ),
|
||||||
'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
|
'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
|
||||||
implode( ',', $hosts )
|
implode( ',', $hosts )
|
||||||
)
|
)
|
||||||
|
@ -159,8 +159,8 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
|
|||||||
* @deprecated 3.0.0 Use register_setting()
|
* @deprecated 3.0.0 Use register_setting()
|
||||||
* @see register_setting()
|
* @see register_setting()
|
||||||
*
|
*
|
||||||
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
|
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
|
||||||
* Default whitelisted option key names include 'general', 'discussion', 'media',
|
* Default allowed option key names include 'general', 'discussion', 'media',
|
||||||
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
||||||
* @param string $option_name The name of an option to sanitize and save.
|
* @param string $option_name The name of an option to sanitize and save.
|
||||||
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
|
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
|
||||||
@ -1530,7 +1530,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Data_Export_Reque
|
|||||||
$args['screen'] = 'export-personal-data';
|
$args['screen'] = 'export-personal-data';
|
||||||
}
|
}
|
||||||
|
|
||||||
parent::__construct( $args );
|
parent::__construct( $args );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2136,12 +2136,12 @@ function user_can_access_admin_page() {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Whitelist functions */
|
/* Allowed list functions */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Refreshes the value of the options whitelist available via the 'whitelist_options' hook.
|
* Refreshes the value of the allowed options list available via the 'allowed_options' hook.
|
||||||
*
|
*
|
||||||
* See the {@see 'whitelist_options'} filter.
|
* See the {@see 'allowed_options'} filter.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
*
|
*
|
||||||
@ -2154,77 +2154,77 @@ function option_update_filter( $options ) {
|
|||||||
global $new_whitelist_options;
|
global $new_whitelist_options;
|
||||||
|
|
||||||
if ( is_array( $new_whitelist_options ) ) {
|
if ( is_array( $new_whitelist_options ) ) {
|
||||||
$options = add_option_whitelist( $new_whitelist_options, $options );
|
$options = add_option_allowed_list( $new_whitelist_options, $options );
|
||||||
}
|
}
|
||||||
|
|
||||||
return $options;
|
return $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds an array of options to the options whitelist.
|
* Adds an array of options to the list of allowed options.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
*
|
*
|
||||||
* @global array $whitelist_options
|
* @global array $allowed_options
|
||||||
*
|
*
|
||||||
* @param array $new_options
|
* @param array $new_options
|
||||||
* @param string|array $options
|
* @param string|array $options
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function add_option_whitelist( $new_options, $options = '' ) {
|
function add_option_allowed_list( $new_options, $options = '' ) {
|
||||||
if ( '' === $options ) {
|
if ( '' === $options ) {
|
||||||
global $whitelist_options;
|
global $allowed_options;
|
||||||
} else {
|
} else {
|
||||||
$whitelist_options = $options;
|
$allowed_options = $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $new_options as $page => $keys ) {
|
foreach ( $new_options as $page => $keys ) {
|
||||||
foreach ( $keys as $key ) {
|
foreach ( $keys as $key ) {
|
||||||
if ( ! isset( $whitelist_options[ $page ] ) || ! is_array( $whitelist_options[ $page ] ) ) {
|
if ( ! isset( $allowed_options[ $page ] ) || ! is_array( $allowed_options[ $page ] ) ) {
|
||||||
$whitelist_options[ $page ] = array();
|
$allowed_options[ $page ] = array();
|
||||||
$whitelist_options[ $page ][] = $key;
|
$allowed_options[ $page ][] = $key;
|
||||||
} else {
|
} else {
|
||||||
$pos = array_search( $key, $whitelist_options[ $page ], true );
|
$pos = array_search( $key, $allowed_options[ $page ], true );
|
||||||
if ( false === $pos ) {
|
if ( false === $pos ) {
|
||||||
$whitelist_options[ $page ][] = $key;
|
$allowed_options[ $page ][] = $key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $whitelist_options;
|
return $allowed_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes a list of options from the options whitelist.
|
* Removes a list of options from the allowed options list.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @global array $whitelist_options
|
* @global array $allowed_options
|
||||||
*
|
*
|
||||||
* @param array $del_options
|
* @param array $del_options
|
||||||
* @param string|array $options
|
* @param string|array $options
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function remove_option_whitelist( $del_options, $options = '' ) {
|
function remove_option_allowed_list( $del_options, $options = '' ) {
|
||||||
if ( '' === $options ) {
|
if ( '' === $options ) {
|
||||||
global $whitelist_options;
|
global $allowed_options;
|
||||||
} else {
|
} else {
|
||||||
$whitelist_options = $options;
|
$allowed_options = $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $del_options as $page => $keys ) {
|
foreach ( $del_options as $page => $keys ) {
|
||||||
foreach ( $keys as $key ) {
|
foreach ( $keys as $key ) {
|
||||||
if ( isset( $whitelist_options[ $page ] ) && is_array( $whitelist_options[ $page ] ) ) {
|
if ( isset( $allowed_options[ $page ] ) && is_array( $allowed_options[ $page ] ) ) {
|
||||||
$pos = array_search( $key, $whitelist_options[ $page ], true );
|
$pos = array_search( $key, $allowed_options[ $page ], true );
|
||||||
if ( false !== $pos ) {
|
if ( false !== $pos ) {
|
||||||
unset( $whitelist_options[ $page ][ $pos ] );
|
unset( $allowed_options[ $page ][ $pos ] );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $whitelist_options;
|
return $allowed_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -2234,7 +2234,7 @@ function get_block_categories( $post ) {
|
|||||||
function get_block_editor_server_block_settings() {
|
function get_block_editor_server_block_settings() {
|
||||||
$block_registry = WP_Block_Type_Registry::get_instance();
|
$block_registry = WP_Block_Type_Registry::get_instance();
|
||||||
$blocks = array();
|
$blocks = array();
|
||||||
$fields_to_pick = array(
|
$fields_to_pick = array(
|
||||||
'title' => 'title',
|
'title' => 'title',
|
||||||
'description' => 'description',
|
'description' => 'description',
|
||||||
'icon' => 'icon',
|
'icon' => 'icon',
|
||||||
|
@ -446,8 +446,6 @@ function populate_options( array $options = array() ) {
|
|||||||
'recently_edited' => '',
|
'recently_edited' => '',
|
||||||
'template' => $template,
|
'template' => $template,
|
||||||
'stylesheet' => $stylesheet,
|
'stylesheet' => $stylesheet,
|
||||||
'comment_whitelist' => 1,
|
|
||||||
'blacklist_keys' => '',
|
|
||||||
'comment_registration' => 0,
|
'comment_registration' => 0,
|
||||||
'html_type' => 'text/html',
|
'html_type' => 'text/html',
|
||||||
|
|
||||||
@ -532,6 +530,10 @@ function populate_options( array $options = array() ) {
|
|||||||
|
|
||||||
// 5.3.0
|
// 5.3.0
|
||||||
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
|
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
|
||||||
|
|
||||||
|
// 5.5.0
|
||||||
|
'blocklist_keys' => '',
|
||||||
|
'comment_previously_approved' => 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
// 3.3.0
|
// 3.3.0
|
||||||
@ -550,7 +552,7 @@ function populate_options( array $options = array() ) {
|
|||||||
$options = wp_parse_args( $options, $defaults );
|
$options = wp_parse_args( $options, $defaults );
|
||||||
|
|
||||||
// Set autoload to no for these options.
|
// Set autoload to no for these options.
|
||||||
$fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys', 'uninstall_plugins' );
|
$fat_options = array( 'moderation_keys', 'recently_edited', 'blocklist_keys', 'uninstall_plugins' );
|
||||||
|
|
||||||
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
|
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
|
||||||
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
|
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
|
||||||
@ -1140,7 +1142,7 @@ function populate_network_meta( $network_id, array $meta = array() ) {
|
|||||||
$allowed_themes[ WP_DEFAULT_THEME ] = true;
|
$allowed_themes[ WP_DEFAULT_THEME ] = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme.
|
// If WP_DEFAULT_THEME doesn't exist, also include the latest core default theme.
|
||||||
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
|
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
|
||||||
$core_default = WP_Theme::get_core_default_theme();
|
$core_default = WP_Theme::get_core_default_theme();
|
||||||
if ( $core_default ) {
|
if ( $core_default ) {
|
||||||
|
@ -835,7 +835,7 @@ function upgrade_all() {
|
|||||||
upgrade_530();
|
upgrade_530();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $wp_current_db_version < 47597 ) {
|
if ( $wp_current_db_version < 48082 ) {
|
||||||
upgrade_550();
|
upgrade_550();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2168,6 +2168,15 @@ function upgrade_530() {
|
|||||||
function upgrade_550() {
|
function upgrade_550() {
|
||||||
update_option( 'finished_updating_comment_type', 0 );
|
update_option( 'finished_updating_comment_type', 0 );
|
||||||
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
|
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
|
||||||
|
|
||||||
|
// Use more clear and inclusive language.
|
||||||
|
$blocklist = get_option( 'blacklist_keys', '' );
|
||||||
|
update_option( 'blocklist_keys', $blocklist );
|
||||||
|
delete_option( 'blacklist_keys' );
|
||||||
|
|
||||||
|
$comment_previously_approved = get_option( 'comment_whitelist', '' );
|
||||||
|
update_option( 'comment_previously_approved', $comment_previously_approved );
|
||||||
|
delete_option( 'comment_whitelist' );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -181,7 +181,7 @@ printf( __( 'Comments should be displayed with the %s comments at the top of eac
|
|||||||
<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
|
<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
|
||||||
<?php _e( 'Comment must be manually approved' ); ?> </label>
|
<?php _e( 'Comment must be manually approved' ); ?> </label>
|
||||||
<br />
|
<br />
|
||||||
<label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked( '1', get_option( 'comment_whitelist' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
|
<label for="comment_previously_approved"><input type="checkbox" name="comment_previously_approved" id="comment_previously_approved" value="1" <?php checked( '1', get_option( 'comment_previously_approved' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
@ -206,9 +206,9 @@ printf(
|
|||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
|
<th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
|
||||||
<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
|
<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
|
||||||
<p><label for="blacklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.' ); ?></label></p>
|
<p><label for="blocklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.' ); ?></label></p>
|
||||||
<p>
|
<p>
|
||||||
<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea>
|
<textarea name="blocklist_keys" rows="10" cols="50" id="blocklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blocklist_keys' ) ); ?></textarea>
|
||||||
</p>
|
</p>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
@ -80,7 +80,7 @@ if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$whitelist_options = array(
|
$allowed_options = array(
|
||||||
'general' => array(
|
'general' => array(
|
||||||
'blogname',
|
'blogname',
|
||||||
'blogdescription',
|
'blogdescription',
|
||||||
@ -100,10 +100,10 @@ $whitelist_options = array(
|
|||||||
'moderation_notify',
|
'moderation_notify',
|
||||||
'comment_moderation',
|
'comment_moderation',
|
||||||
'require_name_email',
|
'require_name_email',
|
||||||
'comment_whitelist',
|
'comment_previously_approved',
|
||||||
'comment_max_links',
|
'comment_max_links',
|
||||||
'moderation_keys',
|
'moderation_keys',
|
||||||
'blacklist_keys',
|
'blocklist_keys',
|
||||||
'show_avatars',
|
'show_avatars',
|
||||||
'avatar_rating',
|
'avatar_rating',
|
||||||
'avatar_default',
|
'avatar_default',
|
||||||
@ -146,36 +146,36 @@ $whitelist_options = array(
|
|||||||
'default_post_format',
|
'default_post_format',
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
$whitelist_options['misc'] = array();
|
$allowed_options['misc'] = array();
|
||||||
$whitelist_options['options'] = array();
|
$allowed_options['options'] = array();
|
||||||
$whitelist_options['privacy'] = array();
|
$allowed_options['privacy'] = array();
|
||||||
|
|
||||||
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
|
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
|
||||||
|
|
||||||
if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
|
if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
|
||||||
$whitelist_options['reading'][] = 'blog_charset';
|
$allowed_options['reading'][] = 'blog_charset';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
|
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
|
||||||
$whitelist_options['writing'][] = 'use_smilies';
|
$allowed_options['writing'][] = 'use_smilies';
|
||||||
$whitelist_options['writing'][] = 'use_balanceTags';
|
$allowed_options['writing'][] = 'use_balanceTags';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! is_multisite() ) {
|
if ( ! is_multisite() ) {
|
||||||
if ( ! defined( 'WP_SITEURL' ) ) {
|
if ( ! defined( 'WP_SITEURL' ) ) {
|
||||||
$whitelist_options['general'][] = 'siteurl';
|
$allowed_options['general'][] = 'siteurl';
|
||||||
}
|
}
|
||||||
if ( ! defined( 'WP_HOME' ) ) {
|
if ( ! defined( 'WP_HOME' ) ) {
|
||||||
$whitelist_options['general'][] = 'home';
|
$allowed_options['general'][] = 'home';
|
||||||
}
|
}
|
||||||
|
|
||||||
$whitelist_options['general'][] = 'users_can_register';
|
$allowed_options['general'][] = 'users_can_register';
|
||||||
$whitelist_options['general'][] = 'default_role';
|
$allowed_options['general'][] = 'default_role';
|
||||||
|
|
||||||
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
|
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
|
||||||
$whitelist_options['writing'][] = 'ping_sites';
|
$allowed_options['writing'][] = 'ping_sites';
|
||||||
|
|
||||||
$whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
|
$allowed_options['media'][] = 'uploads_use_yearmonth_folders';
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If upload_url_path is not the default (empty),
|
* If upload_url_path is not the default (empty),
|
||||||
@ -183,8 +183,8 @@ if ( ! is_multisite() ) {
|
|||||||
* they can be edited, otherwise they're locked.
|
* they can be edited, otherwise they're locked.
|
||||||
*/
|
*/
|
||||||
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
|
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
|
||||||
$whitelist_options['media'][] = 'upload_path';
|
$allowed_options['media'][] = 'upload_path';
|
||||||
$whitelist_options['media'][] = 'upload_url_path';
|
$allowed_options['media'][] = 'upload_url_path';
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/**
|
/**
|
||||||
@ -195,18 +195,28 @@ if ( ! is_multisite() ) {
|
|||||||
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
|
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
|
||||||
*/
|
*/
|
||||||
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
|
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
|
||||||
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
|
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the options whitelist.
|
* Filters the allowed options list.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
|
||||||
*
|
*
|
||||||
* @param array $whitelist_options The options whitelist.
|
* @param array $allowed_options The allowed options list.
|
||||||
*/
|
*/
|
||||||
$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
|
$allowed_options = apply_filters_deprecated( 'whitelist_options', array( $allowed_options ), '5.5.0', 'apply_filters_deprecated', __( 'Please consider writing more inclusive code.' ) );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filters the allowed options list.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @param array $allowed_options The allowed options list.
|
||||||
|
*/
|
||||||
|
$allowed_options = apply_filters( 'allowed_options', $allowed_options );
|
||||||
|
|
||||||
if ( 'update' === $action ) { // We are saving settings sent from a settings page.
|
if ( 'update' === $action ) { // We are saving settings sent from a settings page.
|
||||||
if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
|
if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
|
||||||
@ -217,11 +227,11 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
|
|||||||
check_admin_referer( $option_page . '-options' );
|
check_admin_referer( $option_page . '-options' );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! isset( $whitelist_options[ $option_page ] ) ) {
|
if ( ! isset( $allowed_options[ $option_page ] ) ) {
|
||||||
wp_die(
|
wp_die(
|
||||||
sprintf(
|
sprintf(
|
||||||
/* translators: %s: The options page name. */
|
/* translators: %s: The options page name. */
|
||||||
__( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
|
__( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
|
||||||
'<code>' . esc_html( $option_page ) . '</code>'
|
'<code>' . esc_html( $option_page ) . '</code>'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
@ -233,7 +243,7 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
|
|||||||
}
|
}
|
||||||
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
|
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
|
||||||
} else {
|
} else {
|
||||||
$options = $whitelist_options[ $option_page ];
|
$options = $allowed_options[ $option_page ];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'general' === $option_page ) {
|
if ( 'general' === $option_page ) {
|
||||||
|
@ -233,7 +233,7 @@ class Featured_Content {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// We need to respect post IDs already in the blacklist.
|
// We need to respect post IDs already in the exclude list.
|
||||||
$post__not_in = $query->get( 'post__not_in' );
|
$post__not_in = $query->get( 'post__not_in' );
|
||||||
|
|
||||||
if ( ! empty( $post__not_in ) ) {
|
if ( ! empty( $post__not_in ) ) {
|
||||||
|
@ -20,7 +20,6 @@
|
|||||||
"options": {
|
"options": {
|
||||||
"autoRename": false,
|
"autoRename": false,
|
||||||
"autoRenameStrict": false,
|
"autoRenameStrict": false,
|
||||||
"blacklist": {},
|
|
||||||
"clean": true,
|
"clean": true,
|
||||||
"greedy": false,
|
"greedy": false,
|
||||||
"processUrls": false,
|
"processUrls": false,
|
||||||
|
@ -33,7 +33,6 @@
|
|||||||
"options": {
|
"options": {
|
||||||
"autoRename": false,
|
"autoRename": false,
|
||||||
"autoRenameStrict": false,
|
"autoRenameStrict": false,
|
||||||
"blacklist": {},
|
|
||||||
"clean": true,
|
"clean": true,
|
||||||
"greedy": false,
|
"greedy": false,
|
||||||
"processUrls": false,
|
"processUrls": false,
|
||||||
|
@ -125,7 +125,7 @@ class Requests_SSL {
|
|||||||
* @return boolean Does the domain match?
|
* @return boolean Does the domain match?
|
||||||
*/
|
*/
|
||||||
public static function match_domain($host, $reference) {
|
public static function match_domain($host, $reference) {
|
||||||
// Check if the reference is blacklisted first
|
// Check if the reference is blocklisted first
|
||||||
if (self::verify_reference_name($reference) !== true) {
|
if (self::verify_reference_name($reference) !== true) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -149,4 +149,4 @@ class Requests_SSL {
|
|||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1684,7 +1684,7 @@ final class WP_Customize_Widgets {
|
|||||||
* List of the tag names seen for before_widget strings.
|
* List of the tag names seen for before_widget strings.
|
||||||
*
|
*
|
||||||
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
|
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
|
||||||
* data-* attributes can be whitelisted.
|
* data-* attributes can be allowed.
|
||||||
*
|
*
|
||||||
* @since 4.5.0
|
* @since 4.5.0
|
||||||
* @var array
|
* @var array
|
||||||
|
@ -462,10 +462,10 @@ class WP_Date_Query {
|
|||||||
/**
|
/**
|
||||||
* Validates a column name parameter.
|
* Validates a column name parameter.
|
||||||
*
|
*
|
||||||
* Column names without a table prefix (like 'post_date') are checked against a whitelist of
|
* Column names without a table prefix (like 'post_date') are checked against a list of
|
||||||
* known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended.
|
* allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
|
||||||
* Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check,
|
* prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
|
||||||
* and are only sanitized to remove illegal characters.
|
* check, and are only sanitized to remove illegal characters.
|
||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
*
|
*
|
||||||
|
@ -305,8 +305,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
|
|||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the filter value if '$filter_name' name is in our whitelist and the related
|
* Set the filter value if '$filter_name' name is in the allowed list and the related
|
||||||
* Imagick constant is defined or fall back to our default filter.
|
* Imagick constant is defined or fall back to the default filter.
|
||||||
*/
|
*/
|
||||||
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
|
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
|
||||||
$filter = constant( 'Imagick::' . $filter_name );
|
$filter = constant( 'Imagick::' . $filter_name );
|
||||||
|
@ -94,7 +94,7 @@ final class WP_oEmbed_Controller {
|
|||||||
'sanitize_callback' => 'absint',
|
'sanitize_callback' => 'absint',
|
||||||
),
|
),
|
||||||
'discover' => array(
|
'discover' => array(
|
||||||
'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
|
'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ),
|
||||||
'type' => 'boolean',
|
'type' => 'boolean',
|
||||||
'default' => true,
|
'default' => true,
|
||||||
),
|
),
|
||||||
|
@ -131,10 +131,10 @@ class WP_oEmbed {
|
|||||||
self::$early_providers = array();
|
self::$early_providers = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the list of whitelisted oEmbed providers.
|
* Filters the list of sanctioned oEmbed providers.
|
||||||
*
|
*
|
||||||
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
|
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
|
||||||
* iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
|
* iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to
|
||||||
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
|
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
|
||||||
*
|
*
|
||||||
* Supported providers:
|
* Supported providers:
|
||||||
|
@ -275,7 +275,7 @@ class WP {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the query variables whitelist before processing.
|
* Filters the query variables allowed before processing.
|
||||||
*
|
*
|
||||||
* Allows (publicly allowed) query vars to be added, removed, or changed prior
|
* Allows (publicly allowed) query vars to be added, removed, or changed prior
|
||||||
* to executing the query. Needed to allow custom rewrite rules using your own arguments
|
* to executing the query. Needed to allow custom rewrite rules using your own arguments
|
||||||
@ -283,7 +283,7 @@ class WP {
|
|||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
*
|
*
|
||||||
* @param string[] $public_query_vars The array of whitelisted query variable names.
|
* @param string[] $public_query_vars The array of allowed query variable names.
|
||||||
*/
|
*/
|
||||||
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
|
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
|
||||||
|
|
||||||
|
@ -10,15 +10,15 @@
|
|||||||
* Check whether a comment passes internal checks to be allowed to add.
|
* Check whether a comment passes internal checks to be allowed to add.
|
||||||
*
|
*
|
||||||
* If manual comment moderation is set in the administration, then all checks,
|
* If manual comment moderation is set in the administration, then all checks,
|
||||||
* regardless of their type and whitelist, will fail and the function will
|
* regardless of their type and substance, will fail and the function will
|
||||||
* return false.
|
* return false.
|
||||||
*
|
*
|
||||||
* If the number of links exceeds the amount in the administration, then the
|
* If the number of links exceeds the amount in the administration, then the
|
||||||
* check fails. If any of the parameter contents match the blacklist of words,
|
* check fails. If any of the parameter contents contain any disallowed words,
|
||||||
* then the check fails.
|
* then the check fails.
|
||||||
*
|
*
|
||||||
* If the comment author was approved before, then the comment is automatically
|
* If the comment author was approved before, then the comment is automatically
|
||||||
* whitelisted.
|
* approved.
|
||||||
*
|
*
|
||||||
* If all checks pass, the function will return true.
|
* If all checks pass, the function will return true.
|
||||||
*
|
*
|
||||||
@ -126,7 +126,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
|
|||||||
* as well as whether there are any moderation keywords (if set) present in the author
|
* as well as whether there are any moderation keywords (if set) present in the author
|
||||||
* email address. If both checks pass, return true. Otherwise, return false.
|
* email address. If both checks pass, return true. Otherwise, return false.
|
||||||
*/
|
*/
|
||||||
if ( 1 == get_option( 'comment_whitelist' ) ) {
|
if ( 1 == get_option( 'comment_previously_approved' ) ) {
|
||||||
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
|
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
|
||||||
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
|
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
|
||||||
if ( ! empty( $comment_user->ID ) ) {
|
if ( ! empty( $comment_user->ID ) ) {
|
||||||
@ -815,7 +815,7 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
|
|||||||
$approved = 0;
|
$approved = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( wp_blacklist_check(
|
if ( wp_blocklist_check(
|
||||||
$commentdata['comment_author'],
|
$commentdata['comment_author'],
|
||||||
$commentdata['comment_author_email'],
|
$commentdata['comment_author_email'],
|
||||||
$commentdata['comment_author_url'],
|
$commentdata['comment_author_url'],
|
||||||
@ -1262,9 +1262,9 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Does comment contain blacklisted characters or words.
|
* Checks if a comment contains disallowed characters or words.
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @param string $author The author of the comment
|
* @param string $author The author of the comment
|
||||||
* @param string $email The email of the comment
|
* @param string $email The email of the comment
|
||||||
@ -1272,13 +1272,14 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
|
|||||||
* @param string $comment The comment content
|
* @param string $comment The comment content
|
||||||
* @param string $user_ip The comment author's IP address
|
* @param string $user_ip The comment author's IP address
|
||||||
* @param string $user_agent The author's browser user agent
|
* @param string $user_agent The author's browser user agent
|
||||||
* @return bool True if comment contains blacklisted content, false if comment does not
|
* @return bool True if comment contains disallowed content, false if comment does not
|
||||||
*/
|
*/
|
||||||
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
function wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
||||||
/**
|
/**
|
||||||
* Fires before the comment is tested for blacklisted characters or words.
|
* Fires before the comment is tested for disallowed characters or words.
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'wp_blocklist_check'} instead.
|
||||||
*
|
*
|
||||||
* @param string $author Comment author.
|
* @param string $author Comment author.
|
||||||
* @param string $email Comment author's email.
|
* @param string $email Comment author's email.
|
||||||
@ -1287,14 +1288,28 @@ function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_ag
|
|||||||
* @param string $user_ip Comment author's IP address.
|
* @param string $user_ip Comment author's IP address.
|
||||||
* @param string $user_agent Comment author's browser user agent.
|
* @param string $user_agent Comment author's browser user agent.
|
||||||
*/
|
*/
|
||||||
do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
|
do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_blocklist_check', __( 'Please consider writing more inclusive code.' ) );
|
||||||
|
|
||||||
$mod_keys = trim( get_option( 'blacklist_keys' ) );
|
/**
|
||||||
|
* Fires before the comment is tested for disallowed characters or words.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @param string $author Comment author.
|
||||||
|
* @param string $email Comment author's email.
|
||||||
|
* @param string $url Comment author's URL.
|
||||||
|
* @param string $comment Comment content.
|
||||||
|
* @param string $user_ip Comment author's IP address.
|
||||||
|
* @param string $user_agent Comment author's browser user agent.
|
||||||
|
*/
|
||||||
|
do_action( 'wp_blocklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
|
||||||
|
|
||||||
|
$mod_keys = trim( get_option( 'blocklist_keys' ) );
|
||||||
if ( '' === $mod_keys ) {
|
if ( '' === $mod_keys ) {
|
||||||
return false; // If moderation keys are empty.
|
return false; // If moderation keys are empty.
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure HTML tags are not being used to bypass the blacklist.
|
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
|
||||||
$comment_without_html = wp_strip_all_tags( $comment );
|
$comment_without_html = wp_strip_all_tags( $comment );
|
||||||
|
|
||||||
$words = explode( "\n", $mod_keys );
|
$words = explode( "\n", $mod_keys );
|
||||||
|
@ -96,7 +96,7 @@ add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
|
|||||||
add_filter( 'post_mime_type', 'sanitize_mime_type' );
|
add_filter( 'post_mime_type', 'sanitize_mime_type' );
|
||||||
|
|
||||||
// Meta.
|
// Meta.
|
||||||
add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
|
add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );
|
||||||
|
|
||||||
// Post meta.
|
// Post meta.
|
||||||
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
|
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
|
||||||
|
@ -3995,3 +3995,83 @@ function wp_unregister_GLOBALS() { // phpcs:ignore WordPress.NamingConventions.
|
|||||||
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
|
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
|
||||||
_deprecated_function( __FUNCTION__, '5.5.0' );
|
_deprecated_function( __FUNCTION__, '5.5.0' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Does comment contain disallowed characters or words.
|
||||||
|
*
|
||||||
|
* @since 1.5.0
|
||||||
|
* @deprecated 5.5.0 Use wp_blocklist_check() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @param string $author The author of the comment
|
||||||
|
* @param string $email The email of the comment
|
||||||
|
* @param string $url The url used in the comment
|
||||||
|
* @param string $comment The comment content
|
||||||
|
* @param string $user_ip The comment author's IP address
|
||||||
|
* @param string $user_agent The author's browser user agent
|
||||||
|
* @return bool True if comment contains disallowed content, false if comment does not
|
||||||
|
*/
|
||||||
|
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'wp_blocklist_check()' );
|
||||||
|
|
||||||
|
return wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filters out `register_meta()` args based on an allowed list.
|
||||||
|
*
|
||||||
|
* `register_meta()` args may change over time, so requiring the allowed list
|
||||||
|
* to be explicitly turned off is a warranty seal of sorts.
|
||||||
|
*
|
||||||
|
* @access private
|
||||||
|
* @since 4.6.0
|
||||||
|
* @deprecated 5.5.0 Use _wp_register_meta_args_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @param array $args Arguments from `register_meta()`.
|
||||||
|
* @param array $default_args Default arguments for `register_meta()`.
|
||||||
|
* @return array Filtered arguments.
|
||||||
|
*/
|
||||||
|
function _wp_register_meta_args_whitelist( $args, $default_args ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', '_wp_register_meta_args_allowed_list()' );
|
||||||
|
|
||||||
|
return _wp_register_meta_args_allowed_list( $args, $default_args );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adds an array of options to the list of allowed options.
|
||||||
|
*
|
||||||
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use add_option_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @global array $allowed_options
|
||||||
|
*
|
||||||
|
* @param array $new_options
|
||||||
|
* @param string|array $options
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
function add_option_whitelist( $new_options, $options = '' ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'add_option_allowed_list()' );
|
||||||
|
|
||||||
|
return add_option_allowed_list( $new_options, $options );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes a list of options from the allowed options list.
|
||||||
|
*
|
||||||
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use remove_option_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @global array $allowed_options
|
||||||
|
*
|
||||||
|
* @param array $del_options
|
||||||
|
* @param string|array $options
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
function remove_option_whitelist( $del_options, $options = '' ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'remove_option_allowed_list()' );
|
||||||
|
|
||||||
|
return remove_option_allowed_list( $del_options, $options );
|
||||||
|
}
|
||||||
|
@ -2048,7 +2048,7 @@ function sanitize_file_name( $filename ) {
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Loop over any intermediate extensions. Postfix them with a trailing underscore
|
* Loop over any intermediate extensions. Postfix them with a trailing underscore
|
||||||
* if they are a 2 - 5 character long alpha string not in the extension whitelist.
|
* if they are a 2 - 5 character long alpha string not in the allowed extension list.
|
||||||
*/
|
*/
|
||||||
foreach ( (array) $parts as $part ) {
|
foreach ( (array) $parts as $part ) {
|
||||||
$filename .= '.' . $part;
|
$filename .= '.' . $part;
|
||||||
@ -4852,7 +4852,7 @@ function sanitize_option( $option, $value ) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'moderation_keys':
|
case 'moderation_keys':
|
||||||
case 'blacklist_keys':
|
case 'blocklist_keys':
|
||||||
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
|
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
|
||||||
if ( is_wp_error( $value ) ) {
|
if ( is_wp_error( $value ) ) {
|
||||||
$error = $value->get_error_message();
|
$error = $value->get_error_message();
|
||||||
|
@ -593,7 +593,7 @@ function wp_http_validate_url( $url ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whitelists allowed redirect hosts for safe HTTP requests as well.
|
* Mark allowed redirect hosts safe for HTTP requests as well.
|
||||||
*
|
*
|
||||||
* Attached to the {@see 'http_request_host_is_external'} filter.
|
* Attached to the {@see 'http_request_host_is_external'} filter.
|
||||||
*
|
*
|
||||||
@ -611,7 +611,8 @@ function allowed_http_request_hosts( $is_external, $host ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whitelists any domain in a multisite installation for safe HTTP requests.
|
* Adds any domain in a multisite installation for safe HTTP requests to the
|
||||||
|
* allowed list.
|
||||||
*
|
*
|
||||||
* Attached to the {@see 'http_request_host_is_external'} filter.
|
* Attached to the {@see 'http_request_host_is_external'} filter.
|
||||||
*
|
*
|
||||||
|
@ -1720,13 +1720,14 @@ function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
|
|||||||
* Callback for `wp_kses_bad_protocol_once()` regular expression.
|
* Callback for `wp_kses_bad_protocol_once()` regular expression.
|
||||||
*
|
*
|
||||||
* This function processes URL protocols, checks to see if they're in the
|
* This function processes URL protocols, checks to see if they're in the
|
||||||
* whitelist or not, and returns different data depending on the answer.
|
* list of allowed protocols or not, and returns different data depending
|
||||||
|
* on the answer.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @ignore
|
* @ignore
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
* @param string $string URI scheme to check against the whitelist.
|
* @param string $string URI scheme to check against the list of allowed protocols.
|
||||||
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
||||||
* @return string Sanitized content.
|
* @return string Sanitized content.
|
||||||
*/
|
*/
|
||||||
@ -1772,7 +1773,7 @@ function wp_kses_normalize_entities( $string, $context = 'html' ) {
|
|||||||
// Disarm all entities by converting & to &
|
// Disarm all entities by converting & to &
|
||||||
$string = str_replace( '&', '&', $string );
|
$string = str_replace( '&', '&', $string );
|
||||||
|
|
||||||
// Change back the allowed entities in our entity whitelist.
|
// Change back the allowed entities in our list of allowed entities.
|
||||||
if ( 'xml' === $context ) {
|
if ( 'xml' === $context ) {
|
||||||
$string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
|
$string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
|
||||||
} else {
|
} else {
|
||||||
@ -1912,7 +1913,7 @@ function valid_unicode( $i ) {
|
|||||||
*
|
*
|
||||||
* This function decodes numeric HTML entities (`A` and `A`).
|
* This function decodes numeric HTML entities (`A` and `A`).
|
||||||
* It doesn't do anything with named entities like `ä`, but we don't
|
* It doesn't do anything with named entities like `ä`, but we don't
|
||||||
* need them in the URL protocol whitelisting system anyway.
|
* need them in the allowed URL protocols system anyway.
|
||||||
*
|
*
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
|
@ -1396,19 +1396,19 @@ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters out `register_meta()` args based on a whitelist.
|
* Filters out `register_meta()` args based on an allowed list.
|
||||||
*
|
*
|
||||||
* `register_meta()` args may change over time, so requiring the whitelist
|
* `register_meta()` args may change over time, so requiring the allowed list
|
||||||
* to be explicitly turned off is a warranty seal of sorts.
|
* to be explicitly turned off is a warranty seal of sorts.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @since 4.6.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @param array $args Arguments from `register_meta()`.
|
* @param array $args Arguments from `register_meta()`.
|
||||||
* @param array $default_args Default arguments for `register_meta()`.
|
* @param array $default_args Default arguments for `register_meta()`.
|
||||||
* @return array Filtered arguments.
|
* @return array Filtered arguments.
|
||||||
*/
|
*/
|
||||||
function _wp_register_meta_args_whitelist( $args, $default_args ) {
|
function _wp_register_meta_args_allowed_list( $args, $default_args ) {
|
||||||
return array_intersect_key( $args, $default_args );
|
return array_intersect_key( $args, $default_args );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -720,9 +720,9 @@ function update_blog_status( $blog_id, $pref, $value, $deprecated = null ) {
|
|||||||
_deprecated_argument( __FUNCTION__, '3.1.0' );
|
_deprecated_argument( __FUNCTION__, '3.1.0' );
|
||||||
}
|
}
|
||||||
|
|
||||||
$pref_whitelist = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_field_names = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
|
|
||||||
if ( ! in_array( $pref, $pref_whitelist, true ) ) {
|
if ( ! in_array( $pref, $allowed_field_names, true ) ) {
|
||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -124,5 +124,5 @@ add_action( 'update_option_home', 'clean_site_details_cache', 10, 0 );
|
|||||||
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
|
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
|
||||||
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
|
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
|
||||||
|
|
||||||
// Whitelist multisite domains for HTTP requests.
|
// Allow multisite domains for HTTP requests.
|
||||||
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
|
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
|
||||||
|
@ -441,7 +441,8 @@ function is_email_address_unsafe( $user_email ) {
|
|||||||
* Sanitize and validate data required for a user sign-up.
|
* Sanitize and validate data required for a user sign-up.
|
||||||
*
|
*
|
||||||
* Verifies the validity and uniqueness of user names and user email addresses,
|
* Verifies the validity and uniqueness of user names and user email addresses,
|
||||||
* and checks email addresses against admin-provided domain whitelists and blacklists.
|
* and checks email addresses against allowed and disallowed domains provided by
|
||||||
|
* administrators.
|
||||||
*
|
*
|
||||||
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
|
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
|
||||||
* process. The value $result, which is passed to the hook, contains both the user-provided
|
* process. The value $result, which is passed to the hook, contains both the user-provided
|
||||||
@ -1358,7 +1359,7 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
|
|||||||
wp_installing( true );
|
wp_installing( true );
|
||||||
}
|
}
|
||||||
|
|
||||||
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
|
|
||||||
$site_data = array_merge(
|
$site_data = array_merge(
|
||||||
array(
|
array(
|
||||||
@ -1366,14 +1367,14 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
|
|||||||
'path' => $path,
|
'path' => $path,
|
||||||
'network_id' => $network_id,
|
'network_id' => $network_id,
|
||||||
),
|
),
|
||||||
array_intersect_key( $options, array_flip( $site_data_whitelist ) )
|
array_intersect_key( $options, array_flip( $allowed_data_fields ) )
|
||||||
);
|
);
|
||||||
|
|
||||||
// Data to pass to wp_initialize_site().
|
// Data to pass to wp_initialize_site().
|
||||||
$site_initialization_data = array(
|
$site_initialization_data = array(
|
||||||
'title' => $title,
|
'title' => $title,
|
||||||
'user_id' => $user_id,
|
'user_id' => $user_id,
|
||||||
'options' => array_diff_key( $options, array_flip( $site_data_whitelist ) ),
|
'options' => array_diff_key( $options, array_flip( $allowed_data_fields ) ),
|
||||||
);
|
);
|
||||||
|
|
||||||
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
|
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
|
||||||
@ -1840,12 +1841,12 @@ function get_most_recent_post_of_user( $user_id ) {
|
|||||||
//
|
//
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check an array of MIME types against a whitelist.
|
* Check an array of MIME types against a list of allowed types.
|
||||||
*
|
*
|
||||||
* WordPress ships with a set of allowed upload filetypes,
|
* WordPress ships with a set of allowed upload filetypes,
|
||||||
* which is defined in wp-includes/functions.php in
|
* which is defined in wp-includes/functions.php in
|
||||||
* get_allowed_mime_types(). This function is used to filter
|
* get_allowed_mime_types(). This function is used to filter
|
||||||
* that list against the filetype whitelist provided by Multisite
|
* that list against the filetypes allowed provided by Multisite
|
||||||
* Super Admins at wp-admin/network/settings.php.
|
* Super Admins at wp-admin/network/settings.php.
|
||||||
*
|
*
|
||||||
* @since MU (3.0.0)
|
* @since MU (3.0.0)
|
||||||
|
@ -114,10 +114,10 @@ function wp_insert_site( array $data ) {
|
|||||||
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
|
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using whitelisted keys.
|
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using allowed keys.
|
||||||
// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
|
// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
|
||||||
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
$meta = array_merge( array_intersect_key( $data, array_flip( $site_data_whitelist ) ), $meta );
|
$meta = array_merge( array_intersect_key( $data, array_flip( $allowed_data_fields ) ), $meta );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fires immediately after a new site is created.
|
* Fires immediately after a new site is created.
|
||||||
@ -492,8 +492,8 @@ function wp_prepare_site_data( $data, $defaults, $old_site = null ) {
|
|||||||
*/
|
*/
|
||||||
$data = apply_filters( 'wp_normalize_site_data', $data );
|
$data = apply_filters( 'wp_normalize_site_data', $data );
|
||||||
|
|
||||||
$whitelist = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $whitelist ) );
|
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $allowed_data_fields ) );
|
||||||
|
|
||||||
$errors = new WP_Error();
|
$errors = new WP_Error();
|
||||||
|
|
||||||
|
@ -2097,8 +2097,8 @@ function register_initial_settings() {
|
|||||||
* @global array $new_whitelist_options
|
* @global array $new_whitelist_options
|
||||||
* @global array $wp_registered_settings
|
* @global array $wp_registered_settings
|
||||||
*
|
*
|
||||||
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
|
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
|
||||||
* Default whitelisted option key names include 'general', 'discussion', 'media',
|
* Default allowed option key names include 'general', 'discussion', 'media',
|
||||||
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
||||||
* @param string $option_name The name of an option to sanitize and save.
|
* @param string $option_name The name of an option to sanitize and save.
|
||||||
* @param array $args {
|
* @param array $args {
|
||||||
|
@ -1466,7 +1466,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
|||||||
$wpp = parse_url( home_url() );
|
$wpp = parse_url( home_url() );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the whitelist of hosts to redirect to.
|
* Filters the list of allowed hosts to redirect to.
|
||||||
*
|
*
|
||||||
* @since 2.3.0
|
* @since 2.3.0
|
||||||
*
|
*
|
||||||
|
@ -605,7 +605,7 @@ class WP_REST_Server {
|
|||||||
$embedded = array();
|
$embedded = array();
|
||||||
|
|
||||||
foreach ( $data['_links'] as $rel => $links ) {
|
foreach ( $data['_links'] as $rel => $links ) {
|
||||||
// If a list of relations was specified, and the link relation is not in the whitelist, don't process the link.
|
// If a list of relations was specified, and the link relation is not in the list of allowed relations, don't process the link.
|
||||||
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
|
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -251,7 +251,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Whitelist the supported types for settings, as we don't want invalid types
|
* Allow the supported types for settings, as we don't want invalid types
|
||||||
* to be updated with arbitrary values that we can't do decent sanitizing for.
|
* to be updated with arbitrary values that we can't do decent sanitizing for.
|
||||||
*/
|
*/
|
||||||
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
|
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
|
||||||
@ -304,7 +304,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
|
|||||||
*
|
*
|
||||||
* By default, the schema of settings will throw an error if a value is set to
|
* By default, the schema of settings will throw an error if a value is set to
|
||||||
* `null` as it's not a valid value for something like "type => string". We
|
* `null` as it's not a valid value for something like "type => string". We
|
||||||
* provide a wrapper sanitizer to whitelist the use of `null`.
|
* provide a wrapper sanitizer to allow the use of `null`.
|
||||||
*
|
*
|
||||||
* @since 4.7.0
|
* @since 4.7.0
|
||||||
*
|
*
|
||||||
|
@ -1064,7 +1064,7 @@ function wp_default_scripts( $scripts ) {
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
|
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'wp-deprecated', 'zxcvbn-async' ), false, 1 );
|
||||||
did_action( 'init' ) && $scripts->localize(
|
did_action( 'init' ) && $scripts->localize(
|
||||||
'password-strength-meter',
|
'password-strength-meter',
|
||||||
'pwsL10n',
|
'pwsL10n',
|
||||||
@ -1077,6 +1077,7 @@ function wp_default_scripts( $scripts ) {
|
|||||||
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
|
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
$scripts->set_translations( 'password-strength-meter' );
|
||||||
|
|
||||||
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
|
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
|
||||||
did_action( 'init' ) && $scripts->localize(
|
did_action( 'init' ) && $scripts->localize(
|
||||||
|
@ -376,8 +376,8 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
|
|||||||
*/
|
*/
|
||||||
public static function small_order($R)
|
public static function small_order($R)
|
||||||
{
|
{
|
||||||
/** @var array<int, array<int, int>> $blacklist */
|
/** @var array<int, array<int, int>> $blocklist */
|
||||||
$blacklist = array(
|
$blocklist = array(
|
||||||
/* 0 (order 4) */
|
/* 0 (order 4) */
|
||||||
array(
|
array(
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
@ -463,13 +463,13 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
|
|||||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
/** @var int $countBlacklist */
|
/** @var int $countBlocklist */
|
||||||
$countBlacklist = count($blacklist);
|
$countBlocklist = count($blocklist);
|
||||||
|
|
||||||
for ($i = 0; $i < $countBlacklist; ++$i) {
|
for ($i = 0; $i < $countBlocklist; ++$i) {
|
||||||
$c = 0;
|
$c = 0;
|
||||||
for ($j = 0; $j < 32; ++$j) {
|
for ($j = 0; $j < 32; ++$j) {
|
||||||
$c |= self::chrToInt($R[$j]) ^ (int) $blacklist[$i][$j];
|
$c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j];
|
||||||
}
|
}
|
||||||
if ($c === 0) {
|
if ($c === 0) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -378,7 +378,7 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
|
|||||||
*/
|
*/
|
||||||
public static function small_order($R)
|
public static function small_order($R)
|
||||||
{
|
{
|
||||||
static $blacklist = array(
|
static $blocklist = array(
|
||||||
/* 0 (order 4) */
|
/* 0 (order 4) */
|
||||||
array(
|
array(
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
@ -464,13 +464,13 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
|
|||||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
/** @var array<int, array<int, int>> $blacklist */
|
/** @var array<int, array<int, int>> $blocklist */
|
||||||
$countBlacklist = count($blacklist);
|
$countBlocklist = count($blocklist);
|
||||||
|
|
||||||
for ($i = 0; $i < $countBlacklist; ++$i) {
|
for ($i = 0; $i < $countBlocklist; ++$i) {
|
||||||
$c = 0;
|
$c = 0;
|
||||||
for ($j = 0; $j < 32; ++$j) {
|
for ($j = 0; $j < 32; ++$j) {
|
||||||
$c |= self::chrToInt($R[$j]) ^ $blacklist[$i][$j];
|
$c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j];
|
||||||
}
|
}
|
||||||
if ($c === 0) {
|
if ($c === 0) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -2823,7 +2823,7 @@ function get_theme_support( $feature, ...$args ) {
|
|||||||
* @return bool|void Whether feature was removed.
|
* @return bool|void Whether feature was removed.
|
||||||
*/
|
*/
|
||||||
function remove_theme_support( $feature ) {
|
function remove_theme_support( $feature ) {
|
||||||
// Blacklist: for internal registrations not used directly by themes.
|
// Do not remove internal registrations that are not used directly by themes.
|
||||||
if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
|
if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -2832,11 +2832,11 @@ function remove_theme_support( $feature ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Do not use. Removes theme support internally, ignorant of the blacklist.
|
* Do not use. Removes theme support internally without knowledge of those not used by
|
||||||
|
* themes directly.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @since 3.1.0
|
* @since 3.1.0
|
||||||
*
|
|
||||||
* @global array $_wp_theme_features
|
* @global array $_wp_theme_features
|
||||||
* @global Custom_Image_Header $custom_image_header
|
* @global Custom_Image_Header $custom_image_header
|
||||||
* @global Custom_Background $custom_background
|
* @global Custom_Background $custom_background
|
||||||
|
@ -1593,11 +1593,11 @@ function wp_insert_user( $userdata ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the list of blacklisted usernames.
|
* Filters the list of disallowed usernames.
|
||||||
*
|
*
|
||||||
* @since 4.4.0
|
* @since 4.4.0
|
||||||
*
|
*
|
||||||
* @param array $usernames Array of blacklisted usernames.
|
* @param array $usernames Array of disallowed usernames.
|
||||||
*/
|
*/
|
||||||
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
|
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ $wp_version = '5.5-alpha-47426-src';
|
|||||||
*
|
*
|
||||||
* @global int $wp_db_version
|
* @global int $wp_db_version
|
||||||
*/
|
*/
|
||||||
$wp_db_version = 48072;
|
$wp_db_version = 48121;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the TinyMCE version.
|
* Holds the TinyMCE version.
|
||||||
|
@ -1282,7 +1282,7 @@ function retrieve_widgets( $theme_changed = false ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compares a list of sidebars with their widgets against a whitelist.
|
* Compares a list of sidebars with their widgets against an allowed list.
|
||||||
*
|
*
|
||||||
* @since 4.9.0
|
* @since 4.9.0
|
||||||
* @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
|
* @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
|
||||||
@ -1457,22 +1457,22 @@ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compares a list of sidebars with their widgets against a whitelist.
|
* Compares a list of sidebars with their widgets against an allowed list.
|
||||||
*
|
*
|
||||||
* @since 4.9.0
|
* @since 4.9.0
|
||||||
*
|
*
|
||||||
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
|
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
|
||||||
* @param array $whitelist Optional. List of widget IDs to compare against. Default: Registered widgets.
|
* @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets.
|
||||||
* @return array Sidebars with whitelisted widgets.
|
* @return array Sidebars with allowed widgets.
|
||||||
*/
|
*/
|
||||||
function _wp_remove_unregistered_widgets( $sidebars_widgets, $whitelist = array() ) {
|
function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) {
|
||||||
if ( empty( $whitelist ) ) {
|
if ( empty( $allowed_widget_ids ) ) {
|
||||||
$whitelist = array_keys( $GLOBALS['wp_registered_widgets'] );
|
$allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $sidebars_widgets as $sidebar => $widgets ) {
|
foreach ( $sidebars_widgets as $sidebar => $widgets ) {
|
||||||
if ( is_array( $widgets ) ) {
|
if ( is_array( $widgets ) ) {
|
||||||
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $whitelist );
|
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -40,12 +40,12 @@ class WP_UnitTest_Factory_For_Blog extends WP_UnitTest_Factory_For_Thing {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $args['meta'] ) ) {
|
if ( isset( $args['meta'] ) ) {
|
||||||
// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
|
// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
|
||||||
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
|
|
||||||
foreach ( $args['meta'] as $key => $value ) {
|
foreach ( $args['meta'] as $key => $value ) {
|
||||||
// Promote whitelisted keys to top-level arguments, add others to the options array.
|
// Promote allowed keys to top-level arguments, add others to the options array.
|
||||||
if ( in_array( $key, $site_data_whitelist, true ) ) {
|
if ( in_array( $key, $allowed_data_fields, true ) ) {
|
||||||
$args[ $key ] = $value;
|
$args[ $key ] = $value;
|
||||||
} else {
|
} else {
|
||||||
$args['options'][ $key ] = $value;
|
$args['options'][ $key ] = $value;
|
||||||
|
@ -159,7 +159,7 @@ class Tests_Admin_Includes_Schema extends WP_UnitTestCase {
|
|||||||
'use_quicktags' => '1',
|
'use_quicktags' => '1',
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
// This option is on a blacklist and should never exist.
|
// This option disallowed and should never exist.
|
||||||
'use_quicktags' => false,
|
'use_quicktags' => false,
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* @group comment
|
* @group comment
|
||||||
*/
|
*/
|
||||||
class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
||||||
public function test_should_return_true_when_comment_whitelist_is_disabled() {
|
public function test_should_return_true_when_comment_previously_approved_is_disabled() {
|
||||||
$author = 'BobtheBuilder';
|
$author = 'BobtheBuilder';
|
||||||
$author_email = 'bob@example.com';
|
$author_email = 'bob@example.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -13,12 +13,12 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
$comment_type = '';
|
$comment_type = '';
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
|
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
|
||||||
$this->assertTrue( $results );
|
$this->assertTrue( $results );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_false_when_comment_whitelist_is_enabled_and_author_does_not_have_approved_comment() {
|
public function test_should_return_false_when_comment_previously_approved_is_enabled_and_author_does_not_have_approved_comment() {
|
||||||
$author = 'BobtheBuilder';
|
$author = 'BobtheBuilder';
|
||||||
$author_email = 'bob@example.com';
|
$author_email = 'bob@example.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -27,13 +27,13 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
$comment_type = '';
|
$comment_type = '';
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 1 );
|
update_option( 'comment_previously_approved', 1 );
|
||||||
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
|
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
|
||||||
$this->assertFalse( $results );
|
$this->assertFalse( $results );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_true_when_comment_whitelist_is_enabled_and_author_has_approved_comment() {
|
public function test_should_return_true_when_comment_previously_approved_is_enabled_and_author_has_approved_comment() {
|
||||||
$post_id = self::factory()->post->create();
|
$post_id = self::factory()->post->create();
|
||||||
$prev_args = array(
|
$prev_args = array(
|
||||||
'comment_post_ID' => $post_id,
|
'comment_post_ID' => $post_id,
|
||||||
@ -44,7 +44,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
);
|
);
|
||||||
$prev_comment_id = self::factory()->comment->create( $prev_args );
|
$prev_comment_id = self::factory()->comment->create( $prev_args );
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 1 );
|
update_option( 'comment_previously_approved', 1 );
|
||||||
|
|
||||||
$author = 'BobtheBuilder';
|
$author = 'BobtheBuilder';
|
||||||
$author_email = 'bob@example.com';
|
$author_email = 'bob@example.com';
|
||||||
@ -69,7 +69,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_false_when_content_matches_moderation_key() {
|
public function test_should_return_false_when_content_matches_moderation_key() {
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
|
|
||||||
$author = 'WendytheBuilder';
|
$author = 'WendytheBuilder';
|
||||||
$author_email = 'wendy@example.com';
|
$author_email = 'wendy@example.com';
|
||||||
@ -85,7 +85,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_true_when_content_does_not_match_moderation_keys() {
|
public function test_should_return_true_when_content_does_not_match_moderation_keys() {
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
|
|
||||||
$author = 'WendytheBuilder';
|
$author = 'WendytheBuilder';
|
||||||
$author_email = 'wendy@example.com';
|
$author_email = 'wendy@example.com';
|
||||||
@ -101,7 +101,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_false_when_link_count_exceeds_comment_max_length_setting() {
|
public function test_should_return_false_when_link_count_exceeds_comment_max_length_setting() {
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
|
|
||||||
$author = 'BobtheBuilder';
|
$author = 'BobtheBuilder';
|
||||||
$author_email = 'bob@example.com';
|
$author_email = 'bob@example.com';
|
||||||
@ -117,7 +117,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_true_when_link_count_does_not_exceed_comment_max_length_setting() {
|
public function test_should_return_true_when_link_count_does_not_exceed_comment_max_length_setting() {
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
|
|
||||||
$author = 'BobtheBuilder';
|
$author = 'BobtheBuilder';
|
||||||
$author_email = 'bob@example.com';
|
$author_email = 'bob@example.com';
|
||||||
@ -135,7 +135,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
/**
|
/**
|
||||||
* @ticket 28603
|
* @ticket 28603
|
||||||
*/
|
*/
|
||||||
public function test_should_return_true_when_comment_whitelist_is_enabled_and_user_has_previously_approved_comments_with_different_email() {
|
public function test_should_return_true_when_comment_previously_approved_is_enabled_and_user_has_previously_approved_comments_with_different_email() {
|
||||||
$subscriber_id = $this->factory()->user->create(
|
$subscriber_id = $this->factory()->user->create(
|
||||||
array(
|
array(
|
||||||
'role' => 'subscriber',
|
'role' => 'subscriber',
|
||||||
@ -158,7 +158,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
|
|
||||||
wp_update_user( $subscriber_user );
|
wp_update_user( $subscriber_user );
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 1 );
|
update_option( 'comment_previously_approved', 1 );
|
||||||
|
|
||||||
$results = check_comment( 'foo', 'newsub@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
|
$results = check_comment( 'foo', 'newsub@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
|
||||||
$this->assertTrue( $results );
|
$this->assertTrue( $results );
|
||||||
@ -167,7 +167,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
/**
|
/**
|
||||||
* @ticket 28603
|
* @ticket 28603
|
||||||
*/
|
*/
|
||||||
public function test_should_return_false_when_comment_whitelist_is_enabled_and_user_does_not_have_a_previously_approved_comment_with_any_email() {
|
public function test_should_return_false_when_comment_previously_approved_is_enabled_and_user_does_not_have_a_previously_approved_comment_with_any_email() {
|
||||||
$subscriber_id = $this->factory()->user->create(
|
$subscriber_id = $this->factory()->user->create(
|
||||||
array(
|
array(
|
||||||
'role' => 'subscriber',
|
'role' => 'subscriber',
|
||||||
@ -180,7 +180,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
|
|||||||
|
|
||||||
wp_update_user( $subscriber_user );
|
wp_update_user( $subscriber_user );
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 1 );
|
update_option( 'comment_previously_approved', 1 );
|
||||||
|
|
||||||
$results = check_comment( 'bar', 'zag@example.com', 'http://example.com', 'This is my first comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
|
$results = check_comment( 'bar', 'zag@example.com', 'http://example.com', 'This is my first comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
|
||||||
$this->assertFalse( $results );
|
$this->assertFalse( $results );
|
||||||
|
@ -22,14 +22,14 @@ class Tests_Comment_WpAllowComment extends WP_UnitTestCase {
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 0 );
|
update_option( 'comment_previously_approved', 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
function tearDown() {
|
function tearDown() {
|
||||||
wp_delete_post( self::$post_id, true );
|
wp_delete_post( self::$post_id, true );
|
||||||
wp_delete_comment( self::$comment_id, true );
|
wp_delete_comment( self::$comment_id, true );
|
||||||
|
|
||||||
update_option( 'comment_whitelist', 1 );
|
update_option( 'comment_previously_approved', 1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_allow_comment_if_comment_author_emails_differ() {
|
public function test_allow_comment_if_comment_author_emails_differ() {
|
||||||
|
@ -3,9 +3,9 @@
|
|||||||
/**
|
/**
|
||||||
* @group comment
|
* @group comment
|
||||||
*/
|
*/
|
||||||
class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
class Tests_WP_Blocklist_Check extends WP_UnitTestCase {
|
||||||
|
|
||||||
public function test_should_return_true_when_content_matches_blacklist_keys() {
|
public function test_should_return_true_when_content_matches_blocklist_keys() {
|
||||||
$author = 'Sting';
|
$author = 'Sting';
|
||||||
$author_email = 'sting@example.com';
|
$author_email = 'sting@example.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -13,9 +13,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', "well\nfoo" );
|
update_option( 'blocklist_keys', "well\nfoo" );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertTrue( $result );
|
$this->assertTrue( $result );
|
||||||
}
|
}
|
||||||
@ -23,7 +23,7 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
/**
|
/**
|
||||||
* @ticket 37208
|
* @ticket 37208
|
||||||
*/
|
*/
|
||||||
public function test_should_return_true_when_content_with_html_matches_blacklist_keys() {
|
public function test_should_return_true_when_content_with_html_matches_blocklist_keys() {
|
||||||
$author = 'Sting';
|
$author = 'Sting';
|
||||||
$author_email = 'sting@example.com';
|
$author_email = 'sting@example.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -31,14 +31,14 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', "halfway\nfoo" );
|
update_option( 'blocklist_keys', "halfway\nfoo" );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertTrue( $result );
|
$this->assertTrue( $result );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_true_when_author_matches_blacklist_keys() {
|
public function test_should_return_true_when_author_matches_blocklist_keys() {
|
||||||
$author = 'Sideshow Mel';
|
$author = 'Sideshow Mel';
|
||||||
$author_email = 'mel@example.com';
|
$author_email = 'mel@example.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -46,14 +46,14 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', "sideshow\nfoo" );
|
update_option( 'blocklist_keys', "sideshow\nfoo" );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertTrue( $result );
|
$this->assertTrue( $result );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_return_true_when_url_matches_blacklist_keys() {
|
public function test_should_return_true_when_url_matches_blocklist_keys() {
|
||||||
$author = 'Rainier Wolfcastle';
|
$author = 'Rainier Wolfcastle';
|
||||||
$author_email = 'rainier@wolfcastle.com';
|
$author_email = 'rainier@wolfcastle.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -61,9 +61,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', "example\nfoo" );
|
update_option( 'blocklist_keys', "example\nfoo" );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertTrue( $result );
|
$this->assertTrue( $result );
|
||||||
}
|
}
|
||||||
@ -71,7 +71,7 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
/**
|
/**
|
||||||
* @ticket 37208
|
* @ticket 37208
|
||||||
*/
|
*/
|
||||||
public function test_should_return_true_when_link_matches_blacklist_keys() {
|
public function test_should_return_true_when_link_matches_blocklist_keys() {
|
||||||
$author = 'Rainier Wolfcastle';
|
$author = 'Rainier Wolfcastle';
|
||||||
$author_email = 'rainier@wolfcastle.com';
|
$author_email = 'rainier@wolfcastle.com';
|
||||||
$author_url = 'http://example.com';
|
$author_url = 'http://example.com';
|
||||||
@ -79,9 +79,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', '/spam/' );
|
update_option( 'blocklist_keys', '/spam/' );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertTrue( $result );
|
$this->assertTrue( $result );
|
||||||
}
|
}
|
||||||
@ -94,9 +94,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
|
|||||||
$author_ip = '192.168.0.1';
|
$author_ip = '192.168.0.1';
|
||||||
$user_agent = '';
|
$user_agent = '';
|
||||||
|
|
||||||
update_option( 'blacklist_keys', "sideshow\nfoobar" );
|
update_option( 'blocklist_keys', "sideshow\nfoobar" );
|
||||||
|
|
||||||
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
|
||||||
|
|
||||||
$this->assertFalse( $result );
|
$this->assertFalse( $result );
|
||||||
}
|
}
|
||||||
|
@ -1473,7 +1473,7 @@ EOF;
|
|||||||
$expected = '';
|
$expected = '';
|
||||||
|
|
||||||
foreach ( $image_meta['sizes'] as $name => $size ) {
|
foreach ( $image_meta['sizes'] as $name => $size ) {
|
||||||
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
|
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
|
||||||
if ( in_array( $name, $intermediates, true ) ) {
|
if ( in_array( $name, $intermediates, true ) ) {
|
||||||
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
||||||
}
|
}
|
||||||
@ -1518,7 +1518,7 @@ EOF;
|
|||||||
$expected = '';
|
$expected = '';
|
||||||
|
|
||||||
foreach ( $image_meta['sizes'] as $name => $size ) {
|
foreach ( $image_meta['sizes'] as $name => $size ) {
|
||||||
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
|
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
|
||||||
if ( in_array( $name, $intermediates, true ) ) {
|
if ( in_array( $name, $intermediates, true ) ) {
|
||||||
$expected .= $uploads_dir_url . $size['file'] . ' ' . $size['width'] . 'w, ';
|
$expected .= $uploads_dir_url . $size['file'] . ' ' . $size['width'] . 'w, ';
|
||||||
}
|
}
|
||||||
@ -1595,7 +1595,7 @@ EOF;
|
|||||||
$expected = '';
|
$expected = '';
|
||||||
|
|
||||||
foreach ( $image_meta['sizes'] as $name => $size ) {
|
foreach ( $image_meta['sizes'] as $name => $size ) {
|
||||||
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
|
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
|
||||||
if ( in_array( $name, $intermediates, true ) ) {
|
if ( in_array( $name, $intermediates, true ) ) {
|
||||||
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
||||||
}
|
}
|
||||||
@ -1874,7 +1874,7 @@ EOF;
|
|||||||
$expected = '';
|
$expected = '';
|
||||||
|
|
||||||
foreach ( $image_meta['sizes'] as $name => $size ) {
|
foreach ( $image_meta['sizes'] as $name => $size ) {
|
||||||
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
|
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
|
||||||
if ( in_array( $name, $intermediates, true ) ) {
|
if ( in_array( $name, $intermediates, true ) ) {
|
||||||
$expected .= $uploads_dir . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
$expected .= $uploads_dir . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
|
||||||
}
|
}
|
||||||
|
@ -2461,14 +2461,14 @@ if ( is_multisite() ) :
|
|||||||
|
|
||||||
public function data_wpmu_new_blog_action_backward_commpatible() {
|
public function data_wpmu_new_blog_action_backward_commpatible() {
|
||||||
return array(
|
return array(
|
||||||
'default values' => array(
|
'default values' => array(
|
||||||
array(),
|
array(),
|
||||||
array(
|
array(
|
||||||
'public' => 0, // `public` is one of the default metas in `wpmu_create_blog()' function prior to WordPress 5.1.0.
|
'public' => 0, // `public` is one of the default metas in `wpmu_create_blog()' function prior to WordPress 5.1.0.
|
||||||
'WPLANG' => 'en_US', // WPLANG is another default meta in `wpmu_create_blog()` function prior to WordPress 5.1.0.
|
'WPLANG' => 'en_US', // WPLANG is another default meta in `wpmu_create_blog()` function prior to WordPress 5.1.0.
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'public site' => array(
|
'public site' => array(
|
||||||
array(
|
array(
|
||||||
'public' => 1,
|
'public' => 1,
|
||||||
),
|
),
|
||||||
@ -2477,7 +2477,7 @@ if ( is_multisite() ) :
|
|||||||
'WPLANG' => 'en_US',
|
'WPLANG' => 'en_US',
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'all whitelisted' => array(
|
'allowed_keys' => array(
|
||||||
array(
|
array(
|
||||||
'public' => -1,
|
'public' => -1,
|
||||||
'archived' => 0,
|
'archived' => 0,
|
||||||
@ -2497,7 +2497,7 @@ if ( is_multisite() ) :
|
|||||||
'lang_id' => 11,
|
'lang_id' => 11,
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'extra meta key' => array(
|
'extra meta key' => array(
|
||||||
array(
|
array(
|
||||||
'foo' => 'bar',
|
'foo' => 'bar',
|
||||||
),
|
),
|
||||||
|
@ -9,101 +9,101 @@ if ( is_multisite() ) :
|
|||||||
*/
|
*/
|
||||||
class Tests_Multisite_Site_Details extends WP_UnitTestCase {
|
class Tests_Multisite_Site_Details extends WP_UnitTestCase {
|
||||||
/**
|
/**
|
||||||
* @dataProvider data_whitelisted_options
|
* @dataProvider data_allowed_options
|
||||||
*
|
*
|
||||||
* @ticket 40063
|
* @ticket 40063
|
||||||
*/
|
*/
|
||||||
public function test_update_whitelisted_option_deletes_site_details_cache( $whitelisted_option, $temporary_value ) {
|
public function test_update_allowed_option_deletes_site_details_cache( $allowed_option, $temporary_value ) {
|
||||||
$site = get_site();
|
$site = get_site();
|
||||||
|
|
||||||
$original_value = $site->$whitelisted_option;
|
$original_value = $site->$allowed_option;
|
||||||
update_option( $whitelisted_option, $temporary_value );
|
update_option( $allowed_option, $temporary_value );
|
||||||
|
|
||||||
$cached_result = wp_cache_get( $site->id, 'site-details' );
|
$cached_result = wp_cache_get( $site->id, 'site-details' );
|
||||||
|
|
||||||
/* Reset to original value. */
|
/* Reset to original value. */
|
||||||
update_option( $whitelisted_option, $original_value );
|
update_option( $allowed_option, $original_value );
|
||||||
|
|
||||||
$this->assertFalse( $cached_result );
|
$this->assertFalse( $cached_result );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider data_whitelisted_options
|
* @dataProvider data_allowed_options
|
||||||
*
|
*
|
||||||
* @ticket 40063
|
* @ticket 40063
|
||||||
*/
|
*/
|
||||||
public function test_update_whitelisted_option_deletes_blog_details_cache( $whitelisted_option, $temporary_value ) {
|
public function test_update_allowed_option_deletes_blog_details_cache( $allowed_option, $temporary_value ) {
|
||||||
$blog_details = get_blog_details();
|
$blog_details = get_blog_details();
|
||||||
|
|
||||||
$original_value = $blog_details->$whitelisted_option;
|
$original_value = $blog_details->$allowed_option;
|
||||||
update_option( $whitelisted_option, $temporary_value );
|
update_option( $allowed_option, $temporary_value );
|
||||||
|
|
||||||
$cached_result = wp_cache_get( $blog_details->id, 'blog-details' );
|
$cached_result = wp_cache_get( $blog_details->id, 'blog-details' );
|
||||||
|
|
||||||
/* Reset to original value. */
|
/* Reset to original value. */
|
||||||
update_option( $whitelisted_option, $original_value );
|
update_option( $allowed_option, $original_value );
|
||||||
|
|
||||||
$this->assertFalse( $cached_result );
|
$this->assertFalse( $cached_result );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider data_whitelisted_options
|
* @dataProvider data_allowed_options
|
||||||
*
|
*
|
||||||
* @ticket 40063
|
* @ticket 40063
|
||||||
*/
|
*/
|
||||||
public function test_update_whitelisted_option_does_not_delete_site_cache( $whitelisted_option, $temporary_value ) {
|
public function test_update_allowed_option_does_not_delete_site_cache( $allowed_option, $temporary_value ) {
|
||||||
$site = get_site();
|
$site = get_site();
|
||||||
|
|
||||||
$original_value = $site->$whitelisted_option;
|
$original_value = $site->$allowed_option;
|
||||||
update_option( $whitelisted_option, $temporary_value );
|
update_option( $allowed_option, $temporary_value );
|
||||||
|
|
||||||
$cached_result = wp_cache_get( $site->id, 'sites' );
|
$cached_result = wp_cache_get( $site->id, 'sites' );
|
||||||
|
|
||||||
/* Reset to original value. */
|
/* Reset to original value. */
|
||||||
update_option( $whitelisted_option, $original_value );
|
update_option( $allowed_option, $original_value );
|
||||||
|
|
||||||
$this->assertNotFalse( $cached_result );
|
$this->assertNotFalse( $cached_result );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider data_whitelisted_options
|
* @dataProvider data_allowed_options
|
||||||
*
|
*
|
||||||
* @ticket 40063
|
* @ticket 40063
|
||||||
*/
|
*/
|
||||||
public function test_update_whitelisted_option_does_not_delete_short_blog_details_cache( $whitelisted_option, $temporary_value ) {
|
public function test_update_allowed_option_does_not_delete_short_blog_details_cache( $allowed_option, $temporary_value ) {
|
||||||
$blog_details = get_blog_details( null, false );
|
$blog_details = get_blog_details( null, false );
|
||||||
|
|
||||||
$original_value = get_option( $whitelisted_option );
|
$original_value = get_option( $allowed_option );
|
||||||
update_option( $whitelisted_option, $temporary_value );
|
update_option( $allowed_option, $temporary_value );
|
||||||
|
|
||||||
$cached_result = wp_cache_get( $blog_details->id . 'short', 'blog-details' );
|
$cached_result = wp_cache_get( $blog_details->id . 'short', 'blog-details' );
|
||||||
|
|
||||||
/* Reset to original value. */
|
/* Reset to original value. */
|
||||||
update_option( $whitelisted_option, $original_value );
|
update_option( $allowed_option, $original_value );
|
||||||
|
|
||||||
$this->assertNotFalse( $cached_result );
|
$this->assertNotFalse( $cached_result );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider data_whitelisted_options
|
* @dataProvider data_allowed_options
|
||||||
*
|
*
|
||||||
* @ticket 40063
|
* @ticket 40063
|
||||||
*/
|
*/
|
||||||
public function test_update_whitelisted_option_does_not_update_sites_last_changed( $whitelisted_option, $temporary_value ) {
|
public function test_update_allowed_option_does_not_update_sites_last_changed( $allowed_option, $temporary_value ) {
|
||||||
$last_changed = wp_cache_get_last_changed( 'sites' );
|
$last_changed = wp_cache_get_last_changed( 'sites' );
|
||||||
|
|
||||||
$original_value = get_option( $whitelisted_option );
|
$original_value = get_option( $allowed_option );
|
||||||
update_option( $whitelisted_option, $temporary_value );
|
update_option( $allowed_option, $temporary_value );
|
||||||
|
|
||||||
$new_last_changed = wp_cache_get_last_changed( 'sites' );
|
$new_last_changed = wp_cache_get_last_changed( 'sites' );
|
||||||
|
|
||||||
/* Reset to original value. */
|
/* Reset to original value. */
|
||||||
update_option( $whitelisted_option, $original_value );
|
update_option( $allowed_option, $original_value );
|
||||||
|
|
||||||
$this->assertSame( $new_last_changed, $last_changed );
|
$this->assertSame( $new_last_changed, $last_changed );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function data_whitelisted_options() {
|
public function data_allowed_options() {
|
||||||
return array(
|
return array(
|
||||||
array( 'blogname', 'Custom Site' ),
|
array( 'blogname', 'Custom Site' ),
|
||||||
array( 'home', 'http://custom-site-url.org' ),
|
array( 'home', 'http://custom-site-url.org' ),
|
||||||
|
@ -54,7 +54,7 @@ if ( is_multisite() ) :
|
|||||||
remove_filter( 'is_email', '__return_false' );
|
remove_filter( 'is_email', '__return_false' );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_fail_for_emails_from_non_whitelisted_domains() {
|
public function test_should_fail_for_emails_from_disallowed_domains() {
|
||||||
$domains = array( 'foo.com', 'bar.org' );
|
$domains = array( 'foo.com', 'bar.org' );
|
||||||
update_site_option( 'limited_email_domains', $domains );
|
update_site_option( 'limited_email_domains', $domains );
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ if ( is_multisite() ) :
|
|||||||
$this->assertContains( 'user_email', $v['errors']->get_error_codes() );
|
$this->assertContains( 'user_email', $v['errors']->get_error_codes() );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_should_not_fail_for_emails_from_whitelisted_domains_with_mixed_case() {
|
public function test_should_not_fail_for_emails_from_allowed_domains_with_mixed_case() {
|
||||||
$domains = array( 'foo.com', 'bar.org' );
|
$domains = array( 'foo.com', 'bar.org' );
|
||||||
update_site_option( 'limited_email_domains', $domains );
|
update_site_option( 'limited_email_domains', $domains );
|
||||||
|
|
||||||
|
@ -466,7 +466,7 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
|
|||||||
public function test_wp_attachment_is_default() {
|
public function test_wp_attachment_is_default() {
|
||||||
// On Multisite, psd is not an allowed mime type by default.
|
// On Multisite, psd is not an allowed mime type by default.
|
||||||
if ( is_multisite() ) {
|
if ( is_multisite() ) {
|
||||||
add_filter( 'upload_mimes', array( $this, 'whitelist_psd_mime_type' ), 10, 2 );
|
add_filter( 'upload_mimes', array( $this, 'allow_psd_mime_type' ), 10, 2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
$filename = DIR_TESTDATA . '/images/test-image.psd';
|
$filename = DIR_TESTDATA . '/images/test-image.psd';
|
||||||
@ -481,7 +481,7 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
|
|||||||
$this->assertFalse( wp_attachment_is( 'video', $attachment_id ) );
|
$this->assertFalse( wp_attachment_is( 'video', $attachment_id ) );
|
||||||
|
|
||||||
if ( is_multisite() ) {
|
if ( is_multisite() ) {
|
||||||
remove_filter( 'upload_mimes', array( $this, 'whitelist_psd_mime_type' ), 10, 2 );
|
remove_filter( 'upload_mimes', array( $this, 'allow_psd_mime_type' ), 10, 2 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -493,21 +493,21 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
|
|||||||
|
|
||||||
$this->assertFalse( $upload['error'] );
|
$this->assertFalse( $upload['error'] );
|
||||||
|
|
||||||
add_filter( 'upload_mimes', array( $this, 'blacklist_jpg_mime_type' ) );
|
add_filter( 'upload_mimes', array( $this, 'disallow_jpg_mime_type' ) );
|
||||||
|
|
||||||
$upload = wp_upload_bits( wp_basename( $filename ), null, $contents );
|
$upload = wp_upload_bits( wp_basename( $filename ), null, $contents );
|
||||||
|
|
||||||
remove_filter( 'upload_mimes', array( $this, 'blacklist_jpg_mime_type' ) );
|
remove_filter( 'upload_mimes', array( $this, 'disallow_jpg_mime_type' ) );
|
||||||
|
|
||||||
$this->assertNotEmpty( $upload['error'] );
|
$this->assertNotEmpty( $upload['error'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function whitelist_psd_mime_type( $mimes ) {
|
public function allow_psd_mime_type( $mimes ) {
|
||||||
$mimes['psd'] = 'application/octet-stream';
|
$mimes['psd'] = 'application/octet-stream';
|
||||||
return $mimes;
|
return $mimes;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function blacklist_jpg_mime_type( $mimes ) {
|
public function disallow_jpg_mime_type( $mimes ) {
|
||||||
unset( $mimes['jpg|jpeg|jpe'] );
|
unset( $mimes['jpg|jpeg|jpe'] );
|
||||||
return $mimes;
|
return $mimes;
|
||||||
}
|
}
|
||||||
|
@ -128,9 +128,9 @@ class Tests_Post_WpUniquePostSlug extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider whitelist_post_statuses
|
* @dataProvider allowed_post_statuses
|
||||||
*/
|
*/
|
||||||
public function test_whitelisted_post_statuses_should_not_be_forced_to_be_unique( $status ) {
|
public function test_allowed_post_statuses_should_not_be_forced_to_be_unique( $status ) {
|
||||||
$p1 = self::factory()->post->create(
|
$p1 = self::factory()->post->create(
|
||||||
array(
|
array(
|
||||||
'post_type' => 'post',
|
'post_type' => 'post',
|
||||||
@ -149,7 +149,7 @@ class Tests_Post_WpUniquePostSlug extends WP_UnitTestCase {
|
|||||||
$this->assertSame( 'foo', $actual );
|
$this->assertSame( 'foo', $actual );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function whitelist_post_statuses() {
|
public function allowed_post_statuses() {
|
||||||
return array(
|
return array(
|
||||||
array( 'draft' ),
|
array( 'draft' ),
|
||||||
array( 'pending' ),
|
array( 'pending' ),
|
||||||
|
@ -378,7 +378,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that result fields are not whitelisted if no request['_fields'] is present.
|
* Ensure that result fields are not allowed if no request['_fields'] is present.
|
||||||
*/
|
*/
|
||||||
public function test_rest_filter_response_fields_no_request_filter() {
|
public function test_rest_filter_response_fields_no_request_filter() {
|
||||||
$response = new WP_REST_Response();
|
$response = new WP_REST_Response();
|
||||||
@ -390,7 +390,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that result fields are whitelisted if request['_fields'] is present.
|
* Ensure that result fields are allowed if request['_fields'] is present.
|
||||||
*/
|
*/
|
||||||
public function test_rest_filter_response_fields_single_field_filter() {
|
public function test_rest_filter_response_fields_single_field_filter() {
|
||||||
$response = new WP_REST_Response();
|
$response = new WP_REST_Response();
|
||||||
@ -410,7 +410,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that multiple comma-separated fields may be whitelisted with request['_fields'].
|
* Ensure that multiple comma-separated fields may be allowed with request['_fields'].
|
||||||
*/
|
*/
|
||||||
public function test_rest_filter_response_fields_multi_field_filter() {
|
public function test_rest_filter_response_fields_multi_field_filter() {
|
||||||
$response = new WP_REST_Response();
|
$response = new WP_REST_Response();
|
||||||
@ -440,7 +440,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that multiple comma-separated fields may be whitelisted
|
* Ensure that multiple comma-separated fields may be allowed
|
||||||
* with request['_fields'] using query parameter array syntax.
|
* with request['_fields'] using query parameter array syntax.
|
||||||
*/
|
*/
|
||||||
public function test_rest_filter_response_fields_multi_field_filter_array() {
|
public function test_rest_filter_response_fields_multi_field_filter_array() {
|
||||||
@ -472,7 +472,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that request['_fields'] whitelists apply to items in response collections.
|
* Ensure that request['_fields'] allowed list apply to items in response collections.
|
||||||
*/
|
*/
|
||||||
public function test_rest_filter_response_fields_numeric_array() {
|
public function test_rest_filter_response_fields_numeric_array() {
|
||||||
$response = new WP_REST_Response();
|
$response = new WP_REST_Response();
|
||||||
@ -520,7 +520,7 @@ class Tests_REST_API extends WP_UnitTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensure that nested fields may be whitelisted with request['_fields'].
|
* Ensure that nested fields may be allowed with request['_fields'].
|
||||||
*
|
*
|
||||||
* @ticket 42094
|
* @ticket 42094
|
||||||
*/
|
*/
|
||||||
|
@ -1054,9 +1054,9 @@ class Tests_Widgets extends WP_UnitTestCase {
|
|||||||
'array_version' => 3,
|
'array_version' => 3,
|
||||||
);
|
);
|
||||||
|
|
||||||
$whitelist = array( 'tag_cloud-1', 'text-1' );
|
$allowed_widgets = array( 'tag_cloud-1', 'text-1' );
|
||||||
|
|
||||||
$filtered_widgets = _wp_remove_unregistered_widgets( $widgets, $whitelist );
|
$filtered_widgets = _wp_remove_unregistered_widgets( $widgets, $allowed_widgets );
|
||||||
|
|
||||||
$this->assertInternalType( 'array', $filtered_widgets );
|
$this->assertInternalType( 'array', $filtered_widgets );
|
||||||
$this->assertArrayHasKey( 'fantasy', $filtered_widgets );
|
$this->assertArrayHasKey( 'fantasy', $filtered_widgets );
|
||||||
|
@ -602,7 +602,7 @@ class Test_WP_Widget_Text extends WP_UnitTestCase {
|
|||||||
$this->assertTrue( $widget->is_legacy_instance( $instance ), 'Legacy when not-wpautop and there is HTML that is not liable to be mutated.' );
|
$this->assertTrue( $widget->is_legacy_instance( $instance ), 'Legacy when not-wpautop and there is HTML that is not liable to be mutated.' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check text examples that will migrate to TinyMCE, where elements and attributes are not in whitelist.
|
// Check text examples that will migrate to TinyMCE, where elements and attributes are not in the allowed list.
|
||||||
$migratable_text_examples = array(
|
$migratable_text_examples = array(
|
||||||
'Check out <a href="http://example.com">Example</a>',
|
'Check out <a href="http://example.com">Example</a>',
|
||||||
'<img src="http://example.com/img.jpg" alt="Img">',
|
'<img src="http://example.com/img.jpg" alt="Img">',
|
||||||
|
@ -137,7 +137,7 @@ mockedApiResponse.Schema = {
|
|||||||
"discover": {
|
"discover": {
|
||||||
"required": false,
|
"required": false,
|
||||||
"default": true,
|
"default": true,
|
||||||
"description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
|
"description": "Whether to perform an oEmbed discovery request for unsanctioned providers.",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -4702,7 +4702,7 @@ mockedApiResponse.oembed = {
|
|||||||
"discover": {
|
"discover": {
|
||||||
"required": false,
|
"required": false,
|
||||||
"default": true,
|
"default": true,
|
||||||
"description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
|
"description": "Whether to perform an oEmbed discovery request for unsanctioned providers.",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -80,23 +80,23 @@ jQuery( function() {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
QUnit.test( 'blacklisted words in password should be penalized', function( assert ) {
|
QUnit.test( 'disallowed words in password should be penalized', function( assert ) {
|
||||||
var allowedPasswordScore, penalizedPasswordScore,
|
var allowedPasswordScore, penalizedPasswordScore,
|
||||||
allowedPassword = 'a[janedoefoe]4',
|
allowedPassword = 'a[janedoefoe]4',
|
||||||
penalizedPassword = 'a[johndoefoe]4',
|
penalizedPassword = 'a[johndoefoe]4',
|
||||||
blacklist = [ 'extra', 'johndoefoe', 'superfluous' ];
|
disallowedList = [ 'extra', 'johndoefoe', 'superfluous' ];
|
||||||
|
|
||||||
allowedPasswordScore = passwordStrength( allowedPassword, blacklist, allowedPassword );
|
allowedPasswordScore = passwordStrength( allowedPassword, disallowedList, allowedPassword );
|
||||||
penalizedPasswordScore = passwordStrength( penalizedPassword, blacklist, penalizedPassword );
|
penalizedPasswordScore = passwordStrength( penalizedPassword, disallowedList, penalizedPassword );
|
||||||
|
|
||||||
assert.ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
|
assert.ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
|
||||||
});
|
});
|
||||||
|
|
||||||
QUnit.test( 'user input blacklist array should contain expected words', function( assert ) {
|
QUnit.test( 'user input disallowed list array should contain expected words', function( assert ) {
|
||||||
var blacklist = wp.passwordStrength.userInputBlacklist();
|
var disallowedList = wp.passwordStrength.userInputDisallowedList();
|
||||||
|
|
||||||
assert.ok( jQuery.isArray( blacklist ), 'blacklist is an array' );
|
assert.ok( jQuery.isArray( disallowedList ), 'disallowed list is an array' );
|
||||||
assert.ok( jQuery.inArray( 'WordPress', blacklist ) > -1, 'blacklist contains "WordPress" from page title' );
|
assert.ok( jQuery.inArray( 'WordPress', disallowedList ) > -1, 'disallowed list contains "WordPress" from page title' );
|
||||||
assert.ok( jQuery.inArray( 'tests', blacklist ) > -1, 'blacklist contains "tests" from site URL' );
|
assert.ok( jQuery.inArray( 'tests', disallowedList ) > -1, 'disallowed list contains "tests" from site URL' );
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user