From 71e8fedf6c94704403c722692dc4076f9eb6fc77 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 15 Oct 2019 16:43:01 +0000 Subject: [PATCH] Customize: Ensure that `WP_Customize_Manager::import_theme_starter_content()` properly handles starter content with (nested) arrays as values. Previously, searching for symbol references to replace with post or attachment IDs in array values resulted in a PHP warning. Props timph, JarretC, SergeyBiryukov. Fixes #45484. Built from https://develop.svn.wordpress.org/trunk@46548 git-svn-id: http://core.svn.wordpress.org/trunk@46345 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-manager.php | 51 +++++++++++++++++++++- wp-includes/version.php | 2 +- 2 files changed, 50 insertions(+), 3 deletions(-) diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index d1cde4ae43..36b9c7bea1 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -1517,7 +1517,27 @@ final class WP_Customize_Manager { // Options. foreach ( $options as $name => $value ) { - if ( preg_match( '/^{{(?P.+)}}$/', $value, $matches ) ) { + + // Serialize the value to check for post symbols. + $value = maybe_serialize( $value ); + + if ( is_serialized( $value ) ) { + if ( preg_match( '/s:\d+:"{{(?P.+)}}"/', $value, $matches ) ) { + if ( isset( $posts[ $matches['symbol'] ] ) ) { + $symbol_match = $posts[ $matches['symbol'] ]['ID']; + } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { + $symbol_match = $attachment_ids[ $matches['symbol'] ]; + } + + // If we have any symbol matches, update the values. + if ( isset( $symbol_match ) ) { + // Replace found string matches with post IDs. + $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); + } else { + continue; + } + } + } elseif ( preg_match( '/^{{(?P.+)}}$/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $value = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { @@ -1527,6 +1547,9 @@ final class WP_Customize_Manager { } } + // Unserialize values after checking for post symbols, so they can be properly referenced. + $value = maybe_unserialize( $value ); + if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { $this->set_post_value( $name, $value ); $this->pending_starter_content_settings_ids[] = $name; @@ -1535,7 +1558,28 @@ final class WP_Customize_Manager { // Theme mods. foreach ( $theme_mods as $name => $value ) { - if ( preg_match( '/^{{(?P.+)}}$/', $value, $matches ) ) { + + // Serialize the value to check for post symbols. + $value = maybe_serialize( $value ); + + // Check if value was serialized. + if ( is_serialized( $value ) ) { + if ( preg_match( '/s:\d+:"{{(?P.+)}}"/', $value, $matches ) ) { + if ( isset( $posts[ $matches['symbol'] ] ) ) { + $symbol_match = $posts[ $matches['symbol'] ]['ID']; + } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { + $symbol_match = $attachment_ids[ $matches['symbol'] ]; + } + + // If we have any symbol matches, update the values. + if ( isset( $symbol_match ) ) { + // Replace found string matches with post IDs. + $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); + } else { + continue; + } + } + } elseif ( preg_match( '/^{{(?P.+)}}$/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $value = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { @@ -1545,6 +1589,9 @@ final class WP_Customize_Manager { } } + // Unserialize values after checking for post symbols, so they can be properly referenced. + $value = maybe_unserialize( $value ); + // Handle header image as special case since setting has a legacy format. if ( 'header_image' === $name ) { $name = 'header_image_data'; diff --git a/wp-includes/version.php b/wp-includes/version.php index 0d4fbe2189..302b71d05d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-beta3-46547'; +$wp_version = '5.3-beta3-46548'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.