Changeset 60835
- Timestamp:
- 09/30/2025 05:05:30 PM (8 weeks ago)
- Location:
- branches/5.1
- Files:
-
- 11 edited
-
. (modified) (1 prop)
-
src/js/_enqueues/lib/nav-menu.js (modified) (2 diffs)
-
src/js/_enqueues/wp/customize/nav-menus.js (modified) (2 diffs)
-
src/wp-includes/class-wp-customize-nav-menus.php (modified) (3 diffs)
-
src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php (modified) (12 diffs)
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (1 diff)
-
src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php (modified) (1 diff)
-
src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (4 diffs)
-
tests/phpunit/tests/customize/nav-menu-item-setting.php (modified) (2 diffs)
-
tests/phpunit/tests/customize/nav-menus.php (modified) (4 diffs)
-
tests/phpunit/tests/rest-api/rest-users-controller.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/5.1
- Property svn:mergeinfo changed
/trunk merged: 60814-60816
- Property svn:mergeinfo changed
-
branches/5.1/src/js/_enqueues/lib/nav-menu.js
r44680 r60835 1177 1177 1178 1178 eventOnClickMenuSave : function() { 1179 var locs = '',1180 menuName = $('#menu-name'),1181 menuNameVal = menuName.val(); 1182 // Cancel and warn if invalid menu name 1179 var menuName = $('#menu-name'), 1180 menuNameVal = menuName.val(); 1181 1182 // Cancel and warn if invalid menu name. 1183 1183 if ( ! menuNameVal || ! menuNameVal.replace( /\s+/, '' ) ) { 1184 1184 menuName.parent().addClass( 'form-invalid' ); 1185 1185 return false; 1186 1186 } 1187 // Copy menu theme locations 1187 // Copy menu theme locations. 1188 // Note: This appears to be dead code since #nav-menu-theme-locations no longer exists, perhaps removed in r32842. 1189 var $updateNavMenu = $('#update-nav-menu'); 1188 1190 $('#nav-menu-theme-locations select').each(function() { 1189 locs += '<input type="hidden" name="' + this.name + '" value="' + $(this).val() + '" />'; 1190 }); 1191 $('#update-nav-menu').append( locs ); 1192 // Update menu item position data 1191 $updateNavMenu.append( 1192 $( '<input>', { 1193 type: 'hidden', 1194 name: this.name, 1195 value: $( this ).val() 1196 } ) 1197 ); 1198 }); 1199 // Update menu item position data. 1193 1200 api.menuList.find('.menu-item-data-position').val( function(index) { return index + 1; } ); 1194 1201 window.onbeforeunload = null; … … 1230 1237 1231 1238 if( ! $items.length ) { 1232 $('.categorychecklist', panel).html( '<li><p>' + navMenuL10n.noResultsFound + '</p></li>' ); 1239 var li = $( '<li>' ); 1240 var p = $( '<p>', { text: navMenuL10n.noResultsFound } ); 1241 li.append( p ); 1242 $('.categorychecklist', panel).empty().append( li ); 1233 1243 $( '.spinner', panel ).removeClass( 'is-active' ); 1234 1244 wrapper.addClass( 'has-no-menu-item' ); -
branches/5.1/src/js/_enqueues/wp/customize/nav-menus.js
r44539 r60835 525 525 } 526 526 527 this.currentMenuControl.addItemToMenu( menu_item.attributes ); 527 // Leave the title as empty to reuse the original title as a placeholder if set. 528 var nav_menu_item = Object.assign( {}, menu_item.attributes ); 529 if ( nav_menu_item.title === nav_menu_item.original_title ) { 530 nav_menu_item.title = ''; 531 } 532 533 this.currentMenuControl.addItemToMenu( nav_menu_item ); 528 534 529 535 $( menuitemTpl ).find( '.menu-item-handle' ).addClass( 'item-added' ); … … 2978 2984 { 2979 2985 nav_menu_term_id: menuControl.params.menu_id, 2980 original_title: item.title,2981 2986 position: position 2982 2987 } -
branches/5.1/src/wp-includes/class-wp-customize-nav-menus.php
r44328 r60835 159 159 } elseif ( 'post' !== $object && 0 === $page && $post_type->has_archive ) { 160 160 // Add a post type archive link. 161 $title = $post_type->labels->archives; 161 162 $items[] = array( 162 'id' => $object . '-archive', 163 'title' => $post_type->labels->archives, 164 'type' => 'post_type_archive', 165 'type_label' => __( 'Post Type Archive' ), 166 'object' => $object, 167 'url' => get_post_type_archive_link( $object ), 163 'id' => $object_name . '-archive', 164 'title' => $title, 165 'original_title' => $title, 166 'type' => 'post_type_archive', 167 'type_label' => __( 'Post Type Archive' ), 168 'object' => $object_name, 169 'url' => get_post_type_archive_link( $object_name ), 168 170 ); 169 171 } … … 199 201 $post_title = sprintf( __( '#%d (no title)' ), $post->ID ); 200 202 } 203 204 $title = html_entity_decode( $post_title, ENT_QUOTES, get_bloginfo( 'charset' ) ); 201 205 $items[] = array( 202 'id' => "post-{$post->ID}", 203 'title' => html_entity_decode( $post_title, ENT_QUOTES, get_bloginfo( 'charset' ) ), 204 'type' => 'post_type', 205 'type_label' => get_post_type_object( $post->post_type )->labels->singular_name, 206 'object' => $post->post_type, 207 'object_id' => intval( $post->ID ), 208 'url' => get_permalink( intval( $post->ID ) ), 206 'id' => "post-{$post->ID}", 207 'title' => $title, 208 'original_title' => $title, 209 'type' => 'post_type', 210 'type_label' => get_post_type_object( $post->post_type )->labels->singular_name, 211 'object' => $post->post_type, 212 'object_id' => (int) $post->ID, 213 'url' => get_permalink( (int) $post->ID ), 209 214 ); 210 215 } … … 230 235 231 236 foreach ( $terms as $term ) { 237 $title = html_entity_decode( $term->name, ENT_QUOTES, get_bloginfo( 'charset' ) ); 232 238 $items[] = array( 233 'id' => "term-{$term->term_id}", 234 'title' => html_entity_decode( $term->name, ENT_QUOTES, get_bloginfo( 'charset' ) ), 235 'type' => 'taxonomy', 236 'type_label' => get_taxonomy( $term->taxonomy )->labels->singular_name, 237 'object' => $term->taxonomy, 238 'object_id' => intval( $term->term_id ), 239 'url' => get_term_link( intval( $term->term_id ), $term->taxonomy ), 239 'id' => "term-{$term->term_id}", 240 'title' => $title, 241 'original_title' => $title, 242 'type' => 'taxonomy', 243 'type_label' => get_taxonomy( $term->taxonomy )->labels->singular_name, 244 'object' => $term->taxonomy, 245 'object_id' => (int) $term->term_id, 246 'url' => get_term_link( (int) $term->term_id, $term->taxonomy ), 240 247 ); 241 248 } -
branches/5.1/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
r43571 r60835 57 57 'xfn' => '', 58 58 'status' => 'publish', 59 'original_title' => '',60 59 'nav_menu_term_id' => 0, // This will be supplied as the $menu_id arg for wp_update_nav_menu_item(). 61 60 '_invalid' => false, … … 212 211 */ 213 212 public function value() { 214 if ( $this->is_previewed && $this->_previewed_blog_id === get_current_blog_id() ) { 213 $type_label = null; 214 if ( $this->is_previewed && get_current_blog_id() === $this->_previewed_blog_id ) { 215 215 $undefined = new stdClass(); // Symbol. 216 216 $post_value = $this->post_value( $undefined ); … … 220 220 } else { 221 221 $value = $post_value; 222 }223 if ( ! empty( $value ) && empty( $value['original_title'] ) ) {224 $value['original_title'] = $this->get_original_title( (object) $value );225 222 } 226 223 } elseif ( isset( $this->value ) ) { … … 235 232 $is_title_empty = empty( $post->post_title ); 236 233 $value = (array) wp_setup_nav_menu_item( $post ); 234 if ( isset( $value['type_label'] ) ) { 235 $type_label = $value['type_label']; 236 } 237 237 if ( $is_title_empty ) { 238 238 $value['title'] = ''; … … 251 251 } 252 252 253 if ( ! empty( $value ) && empty( $value['type_label'] ) ) { 254 $value['type_label'] = $this->get_type_label( (object) $value ); 253 // These properties are read-only and are part of the setting for use in the Customizer UI. 254 if ( is_array( $value ) ) { 255 $value_obj = (object) $value; 256 $value['type_label'] = isset( $type_label ) ? $type_label : $this->get_type_label( $value_obj ); 257 $value['original_title'] = $this->get_original_title( $value_obj ); 255 258 } 256 259 … … 259 262 260 263 /** 264 * Prepares the value for editing on the client. 265 * 266 * @since 6.8.3 267 * 268 * @return array|false Value prepared for the client. 269 */ 270 public function js_value() { 271 $value = parent::js_value(); 272 if ( is_array( $value ) && isset( $value['original_title'] ) ) { 273 // Decode entities for the sake of displaying the original title as a placeholder. 274 $value['original_title'] = html_entity_decode( $value['original_title'], ENT_QUOTES, get_bloginfo( 'charset' ) ); 275 } 276 return $value; 277 } 278 279 /** 261 280 * Get original title. 262 281 * … … 264 283 * 265 284 * @param object $item Nav menu item. 266 * @return string The original title .285 * @return string The original title, without entity decoding. 267 286 */ 268 287 protected function get_original_title( $item ) { … … 290 309 } 291 310 } 292 $original_title = html_entity_decode( $original_title, ENT_QUOTES, get_bloginfo( 'charset' ) );293 311 return $original_title; 294 312 } … … 346 364 $this->value['status'] = $this->value['post_status']; 347 365 unset( $this->value['post_status'] ); 348 }349 350 if ( ! isset( $this->value['original_title'] ) ) {351 $this->value['original_title'] = $this->get_original_title( (object) $this->value );352 366 } 353 367 … … 593 607 unset( $item->position ); 594 608 595 if ( empty( $item->original_title ) ) {596 $item->original_title = $this->get_original_title( $item );597 }598 609 if ( empty( $item->title ) && ! empty( $item->original_title ) ) { 599 $item->title = $item->original_title; 610 $item->title = $item->original_title; // This is NOT entity-decoded. It comes from self::get_original_title(). 600 611 } 601 612 if ( $item->title ) { … … 647 658 * @since 4.3.0 648 659 * 649 * @param array $menu_item_value Thevalue to sanitize.660 * @param array|false $value The menu item value to sanitize. 650 661 * @return array|false|null|WP_Error Null or WP_Error if an input isn't valid. False if it is marked for deletion. 651 662 * Otherwise the sanitized value. … … 701 712 } 702 713 703 $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );704 705 714 // Apply the same filters as when calling wp_insert_post(). 706 715 -
branches/5.1/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r50730 r60835 347 347 348 348 foreach ( $query_result as $post ) { 349 if ( ! $this->check_read_permission( $post ) ) { 349 if ( 'edit' === $request['context'] ) { 350 $permission = $this->check_update_permission( $post ); 351 } else { 352 $permission = $this->check_read_permission( $post ); 353 } 354 355 if ( ! $permission ) { 350 356 continue; 351 357 } -
branches/5.1/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r54570 r60835 327 327 328 328 foreach ( $query_result as $term ) { 329 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) { 330 continue; 331 } 332 329 333 $data = $this->prepare_item_for_response( $term, $request ); 330 334 $response[] = $this->prepare_response_for_collection( $data ); -
branches/5.1/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r56873 r60835 192 192 193 193 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 194 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );194 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit users.' ), array( 'status' => rest_authorization_required_code() ) ); 195 195 } 196 196 … … 306 306 307 307 foreach ( $query->results as $user ) { 308 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) { 309 continue; 310 } 311 308 312 $data = $this->prepare_item_for_response( $user, $request ); 309 313 $users[] = $this->prepare_response_for_collection( $data ); … … 400 404 } 401 405 402 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 403 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 404 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 406 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) { 407 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 408 } 409 410 if ( ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) && ! count_user_posts( $user->ID, $types ) ) { 405 411 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 406 412 } … … 923 929 } 924 930 925 if ( in_array( 'roles', $fields, true ) ) {931 if ( in_array( 'roles', $fields, true ) && ( current_user_can( 'list_users' ) || current_user_can( 'edit_user', $user->ID ) ) ) { 926 932 // Defensively call array_values() to ensure an array is returned. 927 933 $data['roles'] = array_values( $user->roles ); -
branches/5.1/tests/phpunit/tests/customize/nav-menu-item-setting.php
r43571 r60835 90 90 'xfn' => '', 91 91 'status' => 'publish', 92 'original_title' => '',93 92 'nav_menu_term_id' => 0, 94 93 '_invalid' => false, … … 580 579 'xfn' => 'hello inject', 581 580 'status' => 'draft', 582 'original_title' => 'Hi ',581 'original_title' => 'Hi<script>unfilteredHtml()</script>', 583 582 'nav_menu_term_id' => 0, 584 583 ); -
branches/5.1/tests/phpunit/tests/customize/nav-menus.php
r43571 r60835 169 169 // Expected menu item array. 170 170 $expected = array( 171 'id' => "post-{$post_id}", 172 'title' => 'Post Title', 173 'type' => 'post_type', 174 'type_label' => 'Post', 175 'object' => 'post', 176 'object_id' => intval( $post_id ), 177 'url' => get_permalink( intval( $post_id ) ), 171 'id' => "post-{$post_id}", 172 'title' => 'Post Title', 173 'original_title' => 'Post Title', 174 'type' => 'post_type', 175 'type_label' => 'Post', 176 'object' => 'post', 177 'object_id' => intval( $post_id ), 178 'url' => get_permalink( intval( $post_id ) ), 178 179 ); 179 180 … … 201 202 // Expected menu item array. 202 203 $expected = array( 203 'id' => "post-{$page_id}", 204 'title' => 'Page Title', 205 'type' => 'post_type', 206 'type_label' => 'Page', 207 'object' => 'page', 208 'object_id' => intval( $page_id ), 209 'url' => get_permalink( intval( $page_id ) ), 204 'id' => "post-{$page_id}", 205 'title' => 'Page Title', 206 'original_title' => 'Page Title', 207 'type' => 'post_type', 208 'type_label' => 'Page', 209 'object' => 'page', 210 'object_id' => intval( $page_id ), 211 'url' => get_permalink( intval( $page_id ) ), 210 212 ); 211 213 … … 227 229 // Expected menu item array. 228 230 $expected = array( 229 'id' => "post-{$post_id}", 230 'title' => 'Post Title', 231 'type' => 'post_type', 232 'type_label' => 'Post', 233 'object' => 'post', 234 'object_id' => intval( $post_id ), 235 'url' => get_permalink( intval( $post_id ) ), 231 'id' => "post-{$post_id}", 232 'title' => 'Post Title', 233 'original_title' => 'Post Title', 234 'type' => 'post_type', 235 'type_label' => 'Post', 236 'object' => 'post', 237 'object_id' => intval( $post_id ), 238 'url' => get_permalink( intval( $post_id ) ), 236 239 ); 237 240 … … 253 256 // Expected menu item array. 254 257 $expected = array( 255 'id' => "term-{$term_id}", 256 'title' => 'Term Title', 257 'type' => 'taxonomy', 258 'type_label' => 'Category', 259 'object' => 'category', 260 'object_id' => intval( $term_id ), 261 'url' => get_term_link( intval( $term_id ), 'category' ), 258 'id' => "term-{$term_id}", 259 'title' => 'Term Title', 260 'original_title' => 'Term Title', 261 'type' => 'taxonomy', 262 'type_label' => 'Category', 263 'object' => 'category', 264 'object_id' => intval( $term_id ), 265 'url' => get_term_link( intval( $term_id ), 'category' ), 262 266 ); 263 267 -
branches/5.1/tests/phpunit/tests/rest-api/rest-users-controller.php
r44642 r60835 1050 1050 $request->set_param( 'context', 'edit' ); 1051 1051 $response = rest_get_server()->dispatch( $request ); 1052 $this->assertErrorResponse( 'rest_ user_cannot_view', $response, 401 );1052 $this->assertErrorResponse( 'rest_forbidden_context', $response, 401 ); 1053 1053 } 1054 1054
Note: See TracChangeset
for help on using the changeset viewer.