Changeset 3263809
- Timestamp:
- 03/29/2025 11:53:24 AM (12 months ago)
- Location:
- dashi
- Files:
-
- 2 added
- 1 deleted
- 6 edited
- 23 copied
-
tags/3.2.2 (copied) (copied from dashi/trunk)
-
tags/3.2.2/classes/Alias.php (copied) (copied from dashi/trunk/classes/Alias.php)
-
tags/3.2.2/classes/Field.php (copied) (copied from dashi/trunk/classes/Field.php)
-
tags/3.2.2/classes/Posttype/Another.php (copied) (copied from dashi/trunk/classes/Posttype/Another.php)
-
tags/3.2.2/classes/Posttype/Base.php (copied) (copied from dashi/trunk/classes/Posttype/Base.php) (1 diff)
-
tags/3.2.2/classes/Posttype/Copy.php (copied) (copied from dashi/trunk/classes/Posttype/Copy.php)
-
tags/3.2.2/classes/Posttype/Csv.php (copied) (copied from dashi/trunk/classes/Posttype/Csv.php)
-
tags/3.2.2/classes/Posttype/CustomFieldsCategories.php (copied) (copied from dashi/trunk/classes/Posttype/CustomFieldsCategories.php)
-
tags/3.2.2/classes/Posttype/Index.php (copied) (copied from dashi/trunk/classes/Posttype/Index.php)
-
tags/3.2.2/classes/Posttype/Posttype.php (copied) (copied from dashi/trunk/classes/Posttype/Posttype.php) (6 diffs)
-
tags/3.2.2/classes/Posttype/PublicForm.php (copied) (copied from dashi/trunk/classes/Posttype/PublicForm.php)
-
tags/3.2.2/classes/Posttype/Redirect.php (copied) (copied from dashi/trunk/classes/Posttype/Redirect.php)
-
tags/3.2.2/classes/Posttype/Save.php (copied) (copied from dashi/trunk/classes/Posttype/Save.php)
-
tags/3.2.2/classes/Posttype/Search.php (copied) (copied from dashi/trunk/classes/Posttype/Search.php)
-
tags/3.2.2/classes/Posttype/Virtual.php (added)
-
tags/3.2.2/classes/Save.php (deleted)
-
tags/3.2.2/classes/Security.php (copied) (copied from dashi/trunk/classes/Security.php)
-
tags/3.2.2/dashi.php (copied) (copied from dashi/trunk/dashi.php) (3 diffs)
-
tags/3.2.2/file.php (copied) (copied from dashi/trunk/file.php)
-
tags/3.2.2/posttype/Crawlsearch.php (copied) (copied from dashi/trunk/posttype/Crawlsearch.php) (1 diff)
-
tags/3.2.2/posttype/Editablehelp.php (copied) (copied from dashi/trunk/posttype/Editablehelp.php)
-
tags/3.2.2/posttype/Pagepart.php (copied) (copied from dashi/trunk/posttype/Pagepart.php) (1 diff)
-
tags/3.2.2/readme.txt (copied) (copied from dashi/trunk/readme.txt) (2 diffs)
-
tags/3.2.2/templates/base.php (copied) (copied from dashi/trunk/templates/base.php)
-
tags/3.2.2/templates/search.php (copied) (copied from dashi/trunk/templates/search.php)
-
trunk/classes/Posttype/Base.php (modified) (1 diff)
-
trunk/classes/Posttype/Posttype.php (modified) (6 diffs)
-
trunk/classes/Posttype/Virtual.php (added)
-
trunk/dashi.php (modified) (3 diffs)
-
trunk/posttype/Crawlsearch.php (modified) (1 diff)
-
trunk/posttype/Pagepart.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
dashi/tags/3.2.2/classes/Posttype/Base.php
r3146734 r3263809 196 196 if (property_exists($instance, $name)) 197 197 { 198 if ($name == 'description') { 199 return __($instance->$name, 'dashi'); 200 } 198 201 return $instance->$name; 199 202 } -
dashi/tags/3.2.2/classes/Posttype/Posttype.php
r3262809 r3263809 40 40 41 41 // load posttypes 42 add_action(' init', array('\\Dashi\\Core\\Posttype\\Posttype', 'load'));42 add_action('widgets_init', array('\\Dashi\\Core\\Posttype\\Posttype', 'load')); 43 43 44 44 // add_meta_box is must be invoke by admin_menu … … 356 356 private static function loadPostTypeFiles() 357 357 { 358 $posttypes_files = array(); 359 foreach (glob(get_stylesheet_directory()."/posttype/*.php") as $filename) 360 { 361 include($filename); 362 $posttypes_files[] = $filename; 363 } 364 365 /* 366 require PHP7: 367 foreach (glob(get_stylesheet_directory()."/posttype/*.php") as $filename) 368 { 369 try { 370 require_once($filename); 371 } catch (\ParseError $e) { 372 trigger_error("cannot include posttype file. '$e'", E_USER_ERROR); 373 } 374 $posttypes_files[] = $filename; 375 } 376 */ 358 $dir = get_stylesheet_directory() . '/posttype'; 359 $posttypes_files = []; 360 foreach (glob($dir . "/*.php") as $filepath) 361 { 362 $filename = basename($filepath); 363 if (!preg_match('/^[A-Za-z0-9_]+\.php$/', $filename)) { 364 continue; 365 } 366 $real = realpath($filepath); 367 if ($real === false || strpos($real, realpath($dir)) !== 0) { 368 continue; 369 } 370 include_once $real; 371 372 $posttypes_files[] = $real; 373 } 377 374 378 375 // 子テーマを使っているなら、親テーマを読む … … 380 377 if (get_stylesheet_directory() != get_template_directory()) 381 378 { 382 foreach (glob(get_template_directory()."/posttype/*.php") as $filename) 383 { 384 if (in_array(basename($filename), $pt_check)) continue; 385 include($filename); 386 $posttypes_files[] = $filename; 387 } 388 } 389 return $posttypes_files; 390 } 379 $dir = get_template_directory() . '/posttype'; 380 foreach (glob($dir . "/*.php") as $filepath) 381 { 382 $filename = basename($filepath); 383 if (in_array($filename, $pt_check)) continue; 384 if (!preg_match('/^[A-Za-z0-9_]+\.php$/', $filename)) { 385 continue; 386 } 387 $real = realpath($filepath); 388 if ($real === false || strpos($real, realpath($dir)) !== 0) { 389 continue; 390 } 391 include_once $real; 392 393 $posttypes_files[] = $real; 394 } 395 } 396 return $posttypes_files; 397 } 391 398 392 399 /** … … 397 404 private static function definePostTypes($posttypes_files) 398 405 { 399 $posttypes = array(); 400 401 foreach ($posttypes_files as $filename) 402 { 403 $class = '\\Dashi\\Posttype\\'.ucfirst(substr(basename($filename), 0, -4)); 404 if (is_callable($class, '__init')) 405 { 406 $posttypes[] = $class; 407 } 406 $posttypes = []; 407 408 foreach ($posttypes_files as $filepath) 409 { 410 $filename = basename($filepath, '.php'); 411 412 // クラス名組み立て(明示的に制限) 413 if (!preg_match('/^[A-Za-z0-9_]+$/', $filename)) { 414 continue; // ファイル名不正 415 } 416 $class = '\\Dashi\\Posttype\\' . ucfirst($filename); 417 418 // クラス存在& __init メソッドが明示的に定義されているか確認 419 if (!class_exists($class)) { 420 continue; 421 } 422 423 // Reflectionで __init が実際にそのクラスで定義されているかを確認 424 try { 425 $ref = new \ReflectionClass($class); 426 if ($ref->hasMethod('__init')) { 427 $posttypes[] = $class; 428 } 429 } catch (\ReflectionException $e) { 430 continue; // 不正なクラスがあったらスキップ 431 } 408 432 } 409 433 … … 596 620 } 597 621 598 /** 599 * virtual 600 * 601 * @return void 602 */ 603 private static function virtual($posttype) 604 { 605 // 投稿タイプ名に使える文字を制限(a〜z, A〜Z, 0〜9, _) 606 if (!preg_match('/^[A-Za-z0-9_]+$/', $posttype)) { 607 return; 608 } 609 $posttype = ucfirst($posttype); 610 eval("namespace Dashi\\Posttype;class {$posttype} extends \\Dashi\\Core\\Posttype\\Base {public static function __init (){ static::set('is_dashi', false); } }"); 611 } 622 /** 623 * virtual 624 * 625 * @return void 626 */ 627 private static function virtual($posttype) 628 { 629 // 投稿タイプ名に使える文字を制限(a〜z, A〜Z, 0〜9, _) 630 if (!preg_match('/^[A-Za-z0-9_]+$/', $posttype)) { 631 return; 632 } 633 634 $virtual_class = 'Dashi\\Posttype\\' . ucfirst($posttype); 635 $base_class = 'Dashi\\Core\\Posttype\\Virtual'; 636 637 if (!class_exists($virtual_class)) { 638 class_alias($base_class, $virtual_class); 639 } 640 } 612 641 613 642 /** … … 759 788 } 760 789 790 $name = __($posttype::get('name'), 'dashi'); 791 761 792 $labels = array( 762 'name' => $ posttype::get('name'),763 'singular_name' => $posttype::get('singular_name') ?: $ posttype::get('name'),764 'menu_name' => $posttype::get('menu_name') ?: $ posttype::get('name'),765 'add_new' => sprintf(__('add %s', 'dashi'), $ posttype::get('name')),766 'add_new_item' => sprintf(__('add %s', 'dashi'), $ posttype::get('name')),767 'edit_item' => sprintf(__('edit %s', 'dashi'), $ posttype::get('name')),768 'new_item' => sprintf(__('new %s', 'dashi'), $ posttype::get('name')),769 'view_item' => sprintf(__('view %s', 'dashi'), $ posttype::get('name')),793 'name' => $name, 794 'singular_name' => $posttype::get('singular_name') ?: $name, 795 'menu_name' => $posttype::get('menu_name') ?: $name, 796 'add_new' => sprintf(__('add %s', 'dashi'), $name), 797 'add_new_item' => sprintf(__('add %s', 'dashi'), $name), 798 'edit_item' => sprintf(__('edit %s', 'dashi'), $name), 799 'new_item' => sprintf(__('new %s', 'dashi'), $name), 800 'view_item' => sprintf(__('view %s', 'dashi'), $name), 770 801 'parent_item_colon' => '', 771 802 ); -
dashi/tags/3.2.2/dashi.php
r3263423 r3263809 7 7 Text Domain: dashi 8 8 Domain Path: /languages/ 9 Version: 3.2. 19 Version: 3.2.2 10 10 Author URI: http://www.jidaikobo.com/ 11 11 thx: https://github.com/trentrichardson/jQuery-Timepicker-Addon/tree/master/src … … 28 28 */ 29 29 30 // WP_INSTALLING31 if (defined('WP_INSTALLING') && WP_INSTALLING) 32 { 33 34 } 30 // Do nothing 31 32 if (defined('WP_INSTALLING') && WP_INSTALLING) return; 33 if (defined('REST_REQUEST') && REST_REQUEST) return; 34 if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) return; 35 35 36 36 // language … … 43 43 plugin_basename(__DIR__).'/languages' 44 44 ); 45 } 45 }, 46 0 46 47 ); 47 48 -
dashi/tags/3.2.2/posttype/Crawlsearch.php
r3263423 r3263809 9 9 public static function __init () 10 10 { 11 static::set('name', __('Crawlsearch'));11 static::set('name', 'Crawlsearch'); 12 12 static::set('is_searchable', true); 13 13 static::set('is_redirect', true); -
dashi/tags/3.2.2/posttype/Pagepart.php
r3263423 r3263809 10 10 { 11 11 // settings 12 static::set('name', __('Page Part', 'dashi'));13 static::set('description', __('Page Part can not be displayed by itself.<br />If you describe <code>[get_pagepart slug=slug_name]</code>, page part is called to that place.<br />you can not change the slug created from the shortcode.', 'dashi'));12 static::set('name', 'Page Part'); 13 static::set('description', 'Page Part can not be displayed by itself.<br />If you describe <code>[get_pagepart slug=slug_name]</code>, page part is called to that place.<br />you can not change the slug created from the shortcode.'); 14 14 static::set('order', 2); 15 15 static::set('is_searchable', true); -
dashi/tags/3.2.2/readme.txt
r3263423 r3263809 5 5 Requires at least: 4.9.7 6 6 Tested up to: 6.7.1 7 Stable tag: 3.2. 17 Stable tag: 3.2.2 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 44 44 == Changelog == 45 45 46 = 3.2.2 = 47 security review "Posttype::class" 48 46 49 = 3.2.1 = 47 50 secure search logic -
dashi/trunk/classes/Posttype/Base.php
r3146734 r3263809 196 196 if (property_exists($instance, $name)) 197 197 { 198 if ($name == 'description') { 199 return __($instance->$name, 'dashi'); 200 } 198 201 return $instance->$name; 199 202 } -
dashi/trunk/classes/Posttype/Posttype.php
r3262809 r3263809 40 40 41 41 // load posttypes 42 add_action(' init', array('\\Dashi\\Core\\Posttype\\Posttype', 'load'));42 add_action('widgets_init', array('\\Dashi\\Core\\Posttype\\Posttype', 'load')); 43 43 44 44 // add_meta_box is must be invoke by admin_menu … … 356 356 private static function loadPostTypeFiles() 357 357 { 358 $posttypes_files = array(); 359 foreach (glob(get_stylesheet_directory()."/posttype/*.php") as $filename) 360 { 361 include($filename); 362 $posttypes_files[] = $filename; 363 } 364 365 /* 366 require PHP7: 367 foreach (glob(get_stylesheet_directory()."/posttype/*.php") as $filename) 368 { 369 try { 370 require_once($filename); 371 } catch (\ParseError $e) { 372 trigger_error("cannot include posttype file. '$e'", E_USER_ERROR); 373 } 374 $posttypes_files[] = $filename; 375 } 376 */ 358 $dir = get_stylesheet_directory() . '/posttype'; 359 $posttypes_files = []; 360 foreach (glob($dir . "/*.php") as $filepath) 361 { 362 $filename = basename($filepath); 363 if (!preg_match('/^[A-Za-z0-9_]+\.php$/', $filename)) { 364 continue; 365 } 366 $real = realpath($filepath); 367 if ($real === false || strpos($real, realpath($dir)) !== 0) { 368 continue; 369 } 370 include_once $real; 371 372 $posttypes_files[] = $real; 373 } 377 374 378 375 // 子テーマを使っているなら、親テーマを読む … … 380 377 if (get_stylesheet_directory() != get_template_directory()) 381 378 { 382 foreach (glob(get_template_directory()."/posttype/*.php") as $filename) 383 { 384 if (in_array(basename($filename), $pt_check)) continue; 385 include($filename); 386 $posttypes_files[] = $filename; 387 } 388 } 389 return $posttypes_files; 390 } 379 $dir = get_template_directory() . '/posttype'; 380 foreach (glob($dir . "/*.php") as $filepath) 381 { 382 $filename = basename($filepath); 383 if (in_array($filename, $pt_check)) continue; 384 if (!preg_match('/^[A-Za-z0-9_]+\.php$/', $filename)) { 385 continue; 386 } 387 $real = realpath($filepath); 388 if ($real === false || strpos($real, realpath($dir)) !== 0) { 389 continue; 390 } 391 include_once $real; 392 393 $posttypes_files[] = $real; 394 } 395 } 396 return $posttypes_files; 397 } 391 398 392 399 /** … … 397 404 private static function definePostTypes($posttypes_files) 398 405 { 399 $posttypes = array(); 400 401 foreach ($posttypes_files as $filename) 402 { 403 $class = '\\Dashi\\Posttype\\'.ucfirst(substr(basename($filename), 0, -4)); 404 if (is_callable($class, '__init')) 405 { 406 $posttypes[] = $class; 407 } 406 $posttypes = []; 407 408 foreach ($posttypes_files as $filepath) 409 { 410 $filename = basename($filepath, '.php'); 411 412 // クラス名組み立て(明示的に制限) 413 if (!preg_match('/^[A-Za-z0-9_]+$/', $filename)) { 414 continue; // ファイル名不正 415 } 416 $class = '\\Dashi\\Posttype\\' . ucfirst($filename); 417 418 // クラス存在& __init メソッドが明示的に定義されているか確認 419 if (!class_exists($class)) { 420 continue; 421 } 422 423 // Reflectionで __init が実際にそのクラスで定義されているかを確認 424 try { 425 $ref = new \ReflectionClass($class); 426 if ($ref->hasMethod('__init')) { 427 $posttypes[] = $class; 428 } 429 } catch (\ReflectionException $e) { 430 continue; // 不正なクラスがあったらスキップ 431 } 408 432 } 409 433 … … 596 620 } 597 621 598 /** 599 * virtual 600 * 601 * @return void 602 */ 603 private static function virtual($posttype) 604 { 605 // 投稿タイプ名に使える文字を制限(a〜z, A〜Z, 0〜9, _) 606 if (!preg_match('/^[A-Za-z0-9_]+$/', $posttype)) { 607 return; 608 } 609 $posttype = ucfirst($posttype); 610 eval("namespace Dashi\\Posttype;class {$posttype} extends \\Dashi\\Core\\Posttype\\Base {public static function __init (){ static::set('is_dashi', false); } }"); 611 } 622 /** 623 * virtual 624 * 625 * @return void 626 */ 627 private static function virtual($posttype) 628 { 629 // 投稿タイプ名に使える文字を制限(a〜z, A〜Z, 0〜9, _) 630 if (!preg_match('/^[A-Za-z0-9_]+$/', $posttype)) { 631 return; 632 } 633 634 $virtual_class = 'Dashi\\Posttype\\' . ucfirst($posttype); 635 $base_class = 'Dashi\\Core\\Posttype\\Virtual'; 636 637 if (!class_exists($virtual_class)) { 638 class_alias($base_class, $virtual_class); 639 } 640 } 612 641 613 642 /** … … 759 788 } 760 789 790 $name = __($posttype::get('name'), 'dashi'); 791 761 792 $labels = array( 762 'name' => $ posttype::get('name'),763 'singular_name' => $posttype::get('singular_name') ?: $ posttype::get('name'),764 'menu_name' => $posttype::get('menu_name') ?: $ posttype::get('name'),765 'add_new' => sprintf(__('add %s', 'dashi'), $ posttype::get('name')),766 'add_new_item' => sprintf(__('add %s', 'dashi'), $ posttype::get('name')),767 'edit_item' => sprintf(__('edit %s', 'dashi'), $ posttype::get('name')),768 'new_item' => sprintf(__('new %s', 'dashi'), $ posttype::get('name')),769 'view_item' => sprintf(__('view %s', 'dashi'), $ posttype::get('name')),793 'name' => $name, 794 'singular_name' => $posttype::get('singular_name') ?: $name, 795 'menu_name' => $posttype::get('menu_name') ?: $name, 796 'add_new' => sprintf(__('add %s', 'dashi'), $name), 797 'add_new_item' => sprintf(__('add %s', 'dashi'), $name), 798 'edit_item' => sprintf(__('edit %s', 'dashi'), $name), 799 'new_item' => sprintf(__('new %s', 'dashi'), $name), 800 'view_item' => sprintf(__('view %s', 'dashi'), $name), 770 801 'parent_item_colon' => '', 771 802 ); -
dashi/trunk/dashi.php
r3263423 r3263809 7 7 Text Domain: dashi 8 8 Domain Path: /languages/ 9 Version: 3.2. 19 Version: 3.2.2 10 10 Author URI: http://www.jidaikobo.com/ 11 11 thx: https://github.com/trentrichardson/jQuery-Timepicker-Addon/tree/master/src … … 28 28 */ 29 29 30 // WP_INSTALLING31 if (defined('WP_INSTALLING') && WP_INSTALLING) 32 { 33 34 } 30 // Do nothing 31 32 if (defined('WP_INSTALLING') && WP_INSTALLING) return; 33 if (defined('REST_REQUEST') && REST_REQUEST) return; 34 if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) return; 35 35 36 36 // language … … 43 43 plugin_basename(__DIR__).'/languages' 44 44 ); 45 } 45 }, 46 0 46 47 ); 47 48 -
dashi/trunk/posttype/Crawlsearch.php
r3263423 r3263809 9 9 public static function __init () 10 10 { 11 static::set('name', __('Crawlsearch'));11 static::set('name', 'Crawlsearch'); 12 12 static::set('is_searchable', true); 13 13 static::set('is_redirect', true); -
dashi/trunk/posttype/Pagepart.php
r3263423 r3263809 10 10 { 11 11 // settings 12 static::set('name', __('Page Part', 'dashi'));13 static::set('description', __('Page Part can not be displayed by itself.<br />If you describe <code>[get_pagepart slug=slug_name]</code>, page part is called to that place.<br />you can not change the slug created from the shortcode.', 'dashi'));12 static::set('name', 'Page Part'); 13 static::set('description', 'Page Part can not be displayed by itself.<br />If you describe <code>[get_pagepart slug=slug_name]</code>, page part is called to that place.<br />you can not change the slug created from the shortcode.'); 14 14 static::set('order', 2); 15 15 static::set('is_searchable', true); -
dashi/trunk/readme.txt
r3263423 r3263809 5 5 Requires at least: 4.9.7 6 6 Tested up to: 6.7.1 7 Stable tag: 3.2. 17 Stable tag: 3.2.2 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 44 44 == Changelog == 45 45 46 = 3.2.2 = 47 security review "Posttype::class" 48 46 49 = 3.2.1 = 47 50 secure search logic
Note: See TracChangeset
for help on using the changeset viewer.