From 946ec8492fbde448af0a5441912a2267c12825f5 Mon Sep 17 00:00:00 2001 From: whyisjake Date: Mon, 14 Oct 2019 15:20:03 +0000 Subject: [PATCH] Query: Remove the static query property. Prevent unauthenticated views of publicly queryables content types. Props aaroncampbell, whyisjake, nickdaugherty, xknown. Built from https://develop.svn.wordpress.org/trunk@46474 git-svn-id: http://core.svn.wordpress.org/trunk@46272 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-query.php | 3 +-- wp-includes/class-wp.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/wp-includes/class-wp-query.php b/wp-includes/class-wp-query.php index cee5310d7c..43317ab838 100644 --- a/wp-includes/class-wp-query.php +++ b/wp-includes/class-wp-query.php @@ -538,7 +538,6 @@ class WP_Query { 'attachment', 'attachment_id', 'name', - 'static', 'pagename', 'page_id', 'second', @@ -805,7 +804,7 @@ class WP_Query { // If year, month, day, hour, minute, and second are set, a single // post is being queried. $this->is_single = true; - } elseif ( '' != $qv['static'] || '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) { + } elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) { $this->is_page = true; $this->is_single = false; } else { diff --git a/wp-includes/class-wp.php b/wp-includes/class-wp.php index 59f1a90dbb..e05826d157 100644 --- a/wp-includes/class-wp.php +++ b/wp-includes/class-wp.php @@ -14,7 +14,7 @@ class WP { * @since 2.0.0 * @var string[] */ - public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); + public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); /** * Private query variables. diff --git a/wp-includes/version.php b/wp-includes/version.php index 39b23db8c1..a4f93bdb27 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-beta3-46472'; +$wp_version = '5.3-beta3-46474'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.