whyisjake
e6644734de
General: WordPress updates
...
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.4 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.4@49402
git-svn-id: http://core.svn.wordpress.org/branches/4.4@49161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:04:23 +00:00
Pascal Birchler
3ad4757088
Adjust post meta checks
...
Merges [40692] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40696
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:51:31 +00:00
Pascal Birchler
ad081ea634
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40681
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:21:01 +00:00
Andrew Nacin
fb82faaac6
XML-RPC: Revert [34681] as it broke date handling.
...
Merges [36163] to the 4.4 branch.
props dossy, hnle, redsweater.
see #35053 , #30429 (original ticket).
Built from https://develop.svn.wordpress.org/branches/4.4@36164
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 19:50:22 +00:00
Scott Taylor
d8eacd51d8
Media: add a new image size, `medium_large`. Bumps db version to add new options.
...
Adds unit tests.
Props DH-Shredder, joemcgill, azaozz.
Fixes #34196 .
Built from https://develop.svn.wordpress.org/trunk@35479
git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Dion Hulse
a579aad05b
XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call.
...
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.
Props dd32, johnbillion.
Fixes #34336
Built from https://develop.svn.wordpress.org/trunk@35366
git-svn-id: http://core.svn.wordpress.org/trunk@35331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:46:24 +00:00
Drew Jaynes
217b661703
Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@35170
git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor
8c256a3357
XML-RPC: allow `wp_xmlrpc_server::wp_getPosts()` to receive `s` as a filter.
...
Props chriscct7.
Fixes #25406 .
Built from https://develop.svn.wordpress.org/trunk@34860
git-svn-id: http://core.svn.wordpress.org/trunk@34825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 13:41:26 +00:00
Sergey Biryukov
0aacea6535
Merge some strings with the same meaning in `wp-includes/class-wp-xmlrpc-server.php`.
...
Props pavelevap.
Fixes #33644 .
Built from https://develop.svn.wordpress.org/trunk@34798
git-svn-id: http://core.svn.wordpress.org/trunk@34763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 14:09:43 +00:00
Scott Taylor
111c05ba47
XML-RPC: calculate the proper offset for GMT in `wp.newPost`, `mw.newPost`, and `mw.editPost` when `post_date` is set, `wp.editComment` when `comment_date` is set. `post|comment_date` is assumed to be GMT. This is only true if the timezone string for the site matches GMT.
...
Adds unit tests for each.
Props smerriman, justdaiv, wonderboymusic.
Fixes #30429 .
Built from https://develop.svn.wordpress.org/trunk@34681
git-svn-id: http://core.svn.wordpress.org/trunk@34645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 04:05:24 +00:00
Scott Taylor
2c30a11518
After [34577], alter `wp_xmlrpc_server::mw_newMediaObject()` to check upload space in multisite.
...
See #21292 .
Built from https://develop.svn.wordpress.org/trunk@34603
git-svn-id: http://core.svn.wordpress.org/trunk@34567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 19:49:25 +00:00
Scott Taylor
0405a03b5e
XML-RPC: in `wp_xmlrpc_server::wp_editTerm()`, check `! empty` when applying `parent` logic.
...
Adds unit tests.
Props hrishiv90, markoheijnen, sam2kb.
Fixes #21977 .
Built from https://develop.svn.wordpress.org/trunk@34580
git-svn-id: http://core.svn.wordpress.org/trunk@34544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:31:25 +00:00
Scott Taylor
80ac048cbc
XML-RPC: upgrade the resposnse of`wp_xmlrpc_server::mw_newMediaObject()` based on work down in 3.4 so that it runs the struct through `->_prepare_media_item()`.
...
Props markoheijnen.
Fixes #6430 .
Built from https://develop.svn.wordpress.org/trunk@34579
git-svn-id: http://core.svn.wordpress.org/trunk@34543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:15:25 +00:00
Scott Taylor
e9aa518f04
XML-RPC: move the malfunctioning 'overwrite' code from `wp_xmlrpc_server::mw_newMediaObject()`. This was suggested 3 years ago.
...
Props markoheijnen.
Fixes #17604 .
Built from https://develop.svn.wordpress.org/trunk@34578
git-svn-id: http://core.svn.wordpress.org/trunk@34542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:03:24 +00:00
Scott Taylor
ffe7f0ec5a
XML-RPC: In `wp_xmlrpc_server::wp_getComments()`, allow `post_type` to be passed as part of `$struct`.
...
Props nprasath002.
Fixes #20026 .
Built from https://develop.svn.wordpress.org/trunk@34575
git-svn-id: http://core.svn.wordpress.org/trunk@34539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:45:25 +00:00
Scott Taylor
c8b308a647
XML-RPC: In `wp_xmlrpc_server::wp_getUsersBlogs()`, return the `isPrimary` flag for each blog.
...
Props SergeyBiryukov, daniloercoli.
Fixes #25958 .
Built from https://develop.svn.wordpress.org/trunk@34574
git-svn-id: http://core.svn.wordpress.org/trunk@34538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:35:25 +00:00
Scott Taylor
9b253bbc7b
XML-RPC: In `wp_xmlrpc_server::blogger_editPost()`, make use of the `$publish` arg (the 6th arg passed to the method) to specify `publish` or `draft`. Restores the arg, which I removed in [31092], because it was unused cruft.
...
Props mdawaffe.
Fixes #10764 .
Built from https://develop.svn.wordpress.org/trunk@34573
git-svn-id: http://core.svn.wordpress.org/trunk@34537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:01:26 +00:00
Scott Taylor
dd1098e7c5
XML-RPC: In `wp_xmlrpc_server::mw_newPost()`, if `$dateCreated` is not set, don't set `post_date` and `post_date_gmt`. It calls `wp_insert_post()`, which will handle it correctly. The problem was drafts being created and GMT date being set. It shouldn't be.
...
Adds unit test.
Fixes #16985 .
Built from https://develop.svn.wordpress.org/trunk@34572
git-svn-id: http://core.svn.wordpress.org/trunk@34536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 03:38:25 +00:00
Scott Taylor
a0ccd4eae8
XML-RPC: `wp.getComments` should be allowed to return approved comments to those without the `'moderate_comments'` cap.
...
Adds (rewrites) unit tests from 4 years ago that we never committed because....
Props wonderboymusic, koke, ericmann, nprasath002.
Fixes #17981 .
Built from https://develop.svn.wordpress.org/trunk@34570
git-svn-id: http://core.svn.wordpress.org/trunk@34534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 02:49:27 +00:00
Scott Taylor
5ea01de963
XML-RPC: Introduce the concept of unit testing to `wp_xmlrpc_server::wp_newComment()`:
...
* Don't allow comments to be created for posts that have `comment_status` set to `'closed'`
* Set some magic props on `WP_User` to vars before passing them to `wp_xmlrpc_server::escape()`
Props wonderboymusic, jesin.
Fixes #27471 .
Built from https://develop.svn.wordpress.org/trunk@34559
git-svn-id: http://core.svn.wordpress.org/trunk@34523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:20:23 +00:00
Scott Taylor
c871986819
Uploader: Fire 'wp_handle_upload' in `wp_upload_bits()`. Thusly, the filter in `wp_xmlrpc_server::mw_newMediaObject()` is redundant.
...
Props dllh.
Fixes #33539 .
Built from https://develop.svn.wordpress.org/trunk@34257
git-svn-id: http://core.svn.wordpress.org/trunk@34221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 04:46:25 +00:00
Dominik Schilling
e932a2dc5d
XMLRPC: Don't allow private posts to be sticky.
...
See #20662 .
Built from https://develop.svn.wordpress.org/trunk@34135
git-svn-id: http://core.svn.wordpress.org/trunk@34103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:38:23 +00:00
Scott Taylor
e73ee5ac98
Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
...
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619 .
Built from https://develop.svn.wordpress.org/trunk@33891
git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Sergey Biryukov
ce05b02a59
Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/users.php`.
...
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679 . see #14530 .
Built from https://develop.svn.wordpress.org/trunk@33885
git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov
b136b074bf
Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/edit.php`.
...
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33671 . see #14530 .
Built from https://develop.svn.wordpress.org/trunk@33861
git-svn-id: http://core.svn.wordpress.org/trunk@33829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:15:20 +00:00
Scott Taylor
ef87172270
`foreach` is a statement, not a function.
...
See #33491 .
Built from https://develop.svn.wordpress.org/trunk@33734
git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor
3982598305
Doc block for`_wp_specialchars`: `$quote_style` can also be `string` ('single' or 'double')
...
See #33491 .
Built from https://develop.svn.wordpress.org/trunk@33700
git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:36:24 +00:00
Drew Jaynes
02ec47fc92
Docs: Standardize `@deprecated` tag formatting in the DocBlock for `wp_xmlrpc_server::login_pass_ok()`.
...
Props Alphawolf.
See #28806 .
Built from https://develop.svn.wordpress.org/trunk@33677
git-svn-id: http://core.svn.wordpress.org/trunk@33644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 22:38:25 +00:00
Scott Taylor
45fc6a3def
Deprecate `post_permalink()` (Introduced in 1.0, already had a deprecated argument in 1.3), which just wraps `get_permalink()` and was only used by XML-RPC in 4 places.
...
Props solarissmoke.
Fixes #16982 .
Built from https://develop.svn.wordpress.org/trunk@33659
git-svn-id: http://core.svn.wordpress.org/trunk@33626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:24:26 +00:00
Scott Taylor
4a1f50f732
After [33325], supply a missing `post_type` in `->mw_editPost()`.
...
Add unit test.
Props ocean90.
Fixes #20662 .
Built from https://develop.svn.wordpress.org/trunk@33612
git-svn-id: http://core.svn.wordpress.org/trunk@33579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 15:28:27 +00:00
Drew Jaynes
bed02906f2
Docs: Fix incorrect indentation for the `wp_xmlrpc_server->wp_getPostFormats()` DocBlock.
...
Also adds a missing return description.
Props TomHarrigan.
Fixes #33078 .
Built from https://develop.svn.wordpress.org/trunk@33407
git-svn-id: http://core.svn.wordpress.org/trunk@33375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 13:19:27 +00:00
Scott Taylor
bf481ed496
After [33325], add a doc summary.
...
Fixes #20662 .
Built from https://develop.svn.wordpress.org/trunk@33343
git-svn-id: http://core.svn.wordpress.org/trunk@33315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-21 15:18:25 +00:00
Scott Taylor
432f9891f7
Ensure that private posts cannot be made sticky via Quick Edit.
...
DRY the logic for stickies in `wp_xmlrpc_server` by introducing `->_toggle_sticky()`.
Props wonderboymusic, obenland, chriscct7.
Fixes #20662 .
Built from https://develop.svn.wordpress.org/trunk@33325
git-svn-id: http://core.svn.wordpress.org/trunk@33297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-19 18:09:25 +00:00
Konstantin Obenland
a4e803fbd4
Use `get_default_comment_status()` globally.
...
Also makes the filter name static and passes the post type for context.
Props valendesigns.
Fixes #31168 .
Built from https://develop.svn.wordpress.org/trunk@33054
git-svn-id: http://core.svn.wordpress.org/trunk@33025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-02 22:32:25 +00:00
Dion Hulse
2a35e075d7
XML-RPC: Only escape what we need to in `wp.editPage`, this allows for passwords with the special characters `"'` to work in a request.
...
Props redsweater for initial Patch.
Fixes #32703
Built from https://develop.svn.wordpress.org/trunk@32993
git-svn-id: http://core.svn.wordpress.org/trunk@32964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 02:07:23 +00:00
Scott Taylor
5c6b63d3a6
`if` is a statment, not a function.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32800
git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor
f888767c73
`$status` shouldn't be loosely compared to `true` in `wp_xmlrpc_server::wp_deleteComment()`.
...
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32733
git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Scott Taylor
c502a281bb
After [32656], add `@access` annotations to methods that have no doc block in `wp-includes/*`.
...
Makes it easier to search for no doc blocks via `}[\n\t\r ]+(protected|private|public)`.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32657
git-svn-id: http://core.svn.wordpress.org/trunk@32627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 21:37:24 +00:00
Scott Taylor
19b8ef0c92
`get_comments()` can return `int`, so a few places need to check if the return value is traversable before passing what is assumed to be an `array`.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32600
git-svn-id: http://core.svn.wordpress.org/trunk@32570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:59:25 +00:00
Drew Jaynes
4c37f68b79
Fix inline documentation syntax in `wp_xmlrpc_server`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32591
git-svn-id: http://core.svn.wordpress.org/trunk@32561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 06:25:25 +00:00
Scott Taylor
bd8fafea54
Use `void` instead of `null` where appropriate when pipe-delimiting `@return` types. If a `@return` only contains `void`, remove it.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32568
git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes
459ccb0d8b
Add missing or incomplete argument and return descriptions for `wp_xmlrpc_server->wp_editPost()`.
...
Also includes many small syntax fixes for inline documentation throughout the file.
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32565
git-svn-id: http://core.svn.wordpress.org/trunk@32535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:47:25 +00:00
Drew Jaynes
2bebcf4c39
Add missing parameter and return descriptions to the DocBlock for `wp_xmlrpc_server->_convert_date_gmt()`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32564
git-svn-id: http://core.svn.wordpress.org/trunk@32534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:41:24 +00:00
Drew Jaynes
d94d97eab6
Add missing parameter and return descriptions to the DocBlock for `wp_xmlrpc_server->_convert_date()`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32563
git-svn-id: http://core.svn.wordpress.org/trunk@32533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:40:24 +00:00
Drew Jaynes
9f73a3351f
Fix inline documentation syntax in the DocBlock for `wp_xmlrpc_server->_prepare_taxonomy()`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32562
git-svn-id: http://core.svn.wordpress.org/trunk@32532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:38:25 +00:00
Drew Jaynes
8aa163e65a
Fix some inline documentation syntax in the DocBlock for `wp_xmlrpc_server->minimum_args()`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32561
git-svn-id: http://core.svn.wordpress.org/trunk@32531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:37:26 +00:00
Drew Jaynes
ebe60d1fc4
Use a valid parameter type of string for the `$name` parameter in the `xmlrpc_call` hook docs.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32560
git-svn-id: http://core.svn.wordpress.org/trunk@32530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:36:26 +00:00
Drew Jaynes
18066945ae
Add missing argument descriptions for the `$args` hash notation in `wp_xmlrpc_server->wp_getUsersBlogs()`.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@32559
git-svn-id: http://core.svn.wordpress.org/trunk@32529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:33:27 +00:00
Drew Jaynes
c76493d29b
Properly notate the inline link to the `xmlrpc_blog_options` filter in the description for `wp_xmlrpc_server->initialise_blog_option_info()`.
...
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@32558
git-svn-id: http://core.svn.wordpress.org/trunk@32528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:30:26 +00:00
Drew Jaynes
ed0421e7de
Add a proper return description for the `wp_xmlrpc_server->addTwoNumbers()` method.
...
See [30181]. See #30224 .
Built from https://develop.svn.wordpress.org/trunk@32557
git-svn-id: http://core.svn.wordpress.org/trunk@32527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:26:26 +00:00