Commit Graph

20226 Commits

Author SHA1 Message Date
John Blackbourn 448ccd4397 Bump 4.4 branch to version 4.4.13.
Built from https://develop.svn.wordpress.org/branches/4.4@42321


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:01:31 +00:00
John Blackbourn 4fac456d88 Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability.
Merges [42261] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@42287


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:30:31 +00:00
John Blackbourn 94ed06c3c0 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@42286


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:29:31 +00:00
John Blackbourn 5f6f29f00a Hardening: Add escaping to the language attributes used on `html` elements.
Merges [42259] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@42285


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:29:00 +00:00
Dion Hulse 5da6b7c200 WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined.
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.4 branch.
Fixes #42431 and #42401 for 4.4.

Built from https://develop.svn.wordpress.org/branches/4.4@42234


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:11:03 +00:00
Gary Pendergast 2f96a03e6c Bump 4.4 branch to version 4.4.12.
Built from https://develop.svn.wordpress.org/branches/4.4@42073


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:26:30 +00:00
Gary Pendergast aec6946594 Database: Restore numbered placeholders in `wpdb::prepare()`.
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.4 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.4@42061


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:46:31 +00:00
Dominik Schilling a80bb4a686 Bump 4.4 branch to version 4.4.11.
Built from https://develop.svn.wordpress.org/branches/4.4@41514


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:02:00 +00:00
Aaron Campbell a89b23a75a Database: Hardening to bring `wpdb::prepare()` inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.4 branch.


Built from https://develop.svn.wordpress.org/branches/4.4@41501


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:15:37 +00:00
Aaron Campbell 5a0f95b6cf Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`.
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.4 branch.


Built from https://develop.svn.wordpress.org/branches/4.4@41488


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:24:03 +00:00
Aaron Campbell 45280bda66 Database: Hardening for `wpdb::prepare()`
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.4 branch.


Built from https://develop.svn.wordpress.org/branches/4.4@41475


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:02:30 +00:00
Aaron Campbell 78462a6178 oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
Merges [41448] to 4.4 branch.


Built from https://develop.svn.wordpress.org/branches/4.4@41455


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:51:01 +00:00
Dominik Schilling 2603a8b4d6 TinyMCE: Improve the previews for shortcodes.
Merge of [41395] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@41439


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:43:37 +00:00
Dominik Schilling c448e53286 Customize: Ensure valid themes in the preview.
Merge of [41397] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@41433


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:52:37 +00:00
Dominik Schilling 6b08998219 Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog.
Merge of [41393] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@41404


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:31 +00:00
John Blackbourn 866662a9fd General: Backport PHP 7.1 fixes to the 4.4 branch to avoid fatal errors and warnings.
See #41135

Built from https://develop.svn.wordpress.org/branches/4.4@41129


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-24 22:27:31 +00:00
Aaron Campbell 13db27bb7b Bump 4.7 branch to version 4.4.10.
Built from https://develop.svn.wordpress.org/branches/4.4@40751


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:51:30 +00:00
Pascal Birchler 9f7f4e5848 Media: Simplify upload error message construction.
Merges [40736] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40740


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:01 +00:00
Dominik Schilling db7b82e90a Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40708


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:17:32 +00:00
Pascal Birchler 3ad4757088 Adjust post meta checks
Merges [40692] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40696


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:51:31 +00:00
Pascal Birchler ad081ea634 Whitelist post arguments in XML-RPC
Merges [40677] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40681


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:21:01 +00:00
Pascal Birchler 96a0557865 Bump 4.4 branch to version 4.4.9.
Built from https://develop.svn.wordpress.org/branches/4.4@40490


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:24:32 +00:00
James Nylen b96b3f4d38 Bump 4.4 branch to version 4.4.8.
Built from https://develop.svn.wordpress.org/branches/4.4@40205


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:23:31 +00:00
Aaron Campbell 442a4f4936 Strip control characters before validating redirect.
Merges [40183] to 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40187


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:43:31 +00:00
Dominik Schilling 3f478808ae Embeds: URL encode YouTube video IDs for broader compatibility.
Merge of [40160] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40164


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:34 +00:00
Aaron Campbell df7d68c218 Bump 4.4 branch to version 4.4.7.
Built from https://develop.svn.wordpress.org/branches/4.4@39999


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:23:31 +00:00
Dominik Schilling bda00ecf73 Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39959


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:03 +00:00
Aaron Campbell 7fcfc68c0b Bump 4.4 branch to version 4.4.6.
Built from https://develop.svn.wordpress.org/branches/4.4@39863


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:56:29 +00:00
Joe McGill af0a3c59d1 Media: Fix exif_imagetype check in wp_get_image_mime
This is a follow up to [39831].

Merges [39850] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@39854


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:31 +00:00
Joe McGill 47bc8e98bd Media: Improve image filetype checking.
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@39835


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:16:32 +00:00
Dominik Schilling 26c8103030 Themes: Fix markup for theme name fallbacks.
Merge of [39807] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39812


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:10:35 +00:00
Jeremy Felt e6a894dc68 Multisite: Use `wp_rand()` in signup key creation.
Merges [39795] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@39799


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:02 +00:00
Dion Hulse 2fb6c7ae35 Update PHPMailer to 5.2.22.
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.4 branch.
Fixes #37210 for 4.4.

Built from https://develop.svn.wordpress.org/branches/4.4@39787


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:24:00 +00:00
Dion Hulse 891d7effb0 Mail: Upgrade PHPMailer to 5.2.21.
Merges [39645] to the 4.4 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.4@39724


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:05:06 +00:00
Jeremy Felt 6f2d676f76 Bump 4.4 branch to 4.4.5.
Built from https://develop.svn.wordpress.org/branches/4.4@38551


git-svn-id: http://core.svn.wordpress.org/branches/4.4@38494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:58:58 +00:00
Gary Pendergast 1d21012923 The 4.4 branch is now 4.4.5-alpha.
Built from https://develop.svn.wordpress.org/branches/4.4@37935


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 06:22:28 +00:00
Boone Gorges 74ef49671f Bump 4.4 branch to 4.4.4.
Built from https://develop.svn.wordpress.org/branches/4.4@37829


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:21:26 +00:00
Joe McGill f68837fd6f Media: Improve handling of extensionless filenames.
Merge of [37756] to the 4.4 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.4@37810


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:53:31 +00:00
Pascal Birchler 0a517e47ec Embeds: Improve performance when embedding a post from the current site.
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Merge of [37708], [37710] and [37729] to the 4.4 branch.

Fixes #36767.
Built from https://develop.svn.wordpress.org/branches/4.4@37798


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:42:29 +00:00
Nikolay Bachiyski e22ceae1b7 Admin: Escape attachment name in case it contains special characters
Merge of [37774] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@37785


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:24:27 +00:00
Dominik Schilling 30bb01b2e4 Customize: Make sure that preview and return URLs are URLs.
Merge of [37527] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37769


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:18:30 +00:00
Jeremy Felt a0f643da35 Admin: Allow for the consistent filtering of `auth_redirect_scheme`
Merge of [37651] to the 4.4 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.4@37758


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:11:28 +00:00
Dominik Schilling 90afd7e46c Bump 4.4 branch to 4.4.3.
Built from https://develop.svn.wordpress.org/branches/4.4@37385


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:11:55 +00:00
Nikolay Bachiyski f3907c1da9 External Libraries: Update plupload from upstream
Built from https://develop.svn.wordpress.org/branches/4.4@37381


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:00:51 +00:00
Dominik Schilling b1e244d828 External Libraries: Update MediaElement.js from upstream.
Merge of [37370] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37372


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:53:28 +00:00
Nikolay Bachiyski b2fde3d346 4.4.3-RC1
Built from https://develop.svn.wordpress.org/branches/4.4@37149


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 19:44:26 +00:00
Nikolay Bachiyski 2c818e3fbd Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@37134


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:17:28 +00:00
Dominik Schilling 434d135f12 HTTP: Improve detection of valid IP addresses.
Merge of [37115] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37116


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:51:26 +00:00
Nikolay Bachiyski e0cfe8655c Snoopy: use escapeshellarg instead of escapeshellcmd
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

Built from https://develop.svn.wordpress.org/branches/4.4@37095


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:03:28 +00:00
Pascal Birchler eb51235b19 Embeds: Improve how iframes are loaded after being initially hidden.
Use a more accessible way to initially hide the iframe. After that, only display an iframe when it was successfully loaded.

Merge of [36648] and [36708] to the 4.4 branch.

Fixes #35894.
Built from https://develop.svn.wordpress.org/branches/4.4@37093


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 10:57:27 +00:00
Gary Pendergast 3331f83d78 Emoji: Fix the diversity emoji check in Safari.
When the browser test for diversity emoji was added in [36160], it included a workaround for Chrome not being able to compare Uint8ClampedArray objects directly, by converting them to a string. Unfortunately, Safari doesn't support the Uint8ClampedArray.toString() method correctly, so the test was incorrectly failing in Safari.

Merge of [37028] to the 4.4 branch.

Fixes #36266.

Built from https://develop.svn.wordpress.org/branches/4.4@37090


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:19:28 +00:00
Gary Pendergast f9fa129053 Emoji: Add some extra IE11 compatibility.
IE 11's implementation of MutationObserver is buggy. It unnecessarily splits text nodes when it encounters a HTML template interpolation symbol ( "{{", for example ). So, we join the text nodes back together as a work-around.

Merge of [36817] and [36981] to the 4.4 branch.

Fixes #35977.


Built from https://develop.svn.wordpress.org/branches/4.4@37089


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:02:51 +00:00
Boone Gorges f2410b407d Query: Ignore search terms consisting of a single dash.
Due to the "exclude" support added in WP 4.4, single dashes were being
converted to "NOT LIKE '%%'" clauses, causing all searches to fail.

Ports [36989] to the 4.4 branch.

Props RomSocial, swissspidy.
Fixes #36195.

Built from https://develop.svn.wordpress.org/branches/4.4@37082


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 18:41:27 +00:00
Sergey Biryukov 71788d7c89 Mail: Correct `compact()` usage in `wp_mail()`.
Merges [36688] to the 4.4 branch.

Props Ankit K Gupta, maweder.
Fixes #35781.
Built from https://develop.svn.wordpress.org/branches/4.4@37081


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 17:07:27 +00:00
Dominik Schilling abae151cbd Bump 4.4 branch to 4.4.2.
Built from https://develop.svn.wordpress.org/branches/4.4@36455


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:10:27 +00:00
Dominik Schilling 16414c4f90 Better validation of the URL used in HTTP redirects.
Merges [36444] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@36447


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:59:28 +00:00
Dominik Schilling 59523c0dba HTTP: `0.1.2.3` is not a valid IP.
Merges [36435] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@36436


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:03:28 +00:00
Dominik Schilling ff833390f5 Bump 4.4 branch to 4.4.2-RC1.
Built from https://develop.svn.wordpress.org/branches/4.4@36431


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 15:09:27 +00:00
Dominik Schilling 98b994303e Media: In `wp_read_image_metadata()` make sure that IPTC keywords are UTF8 encoded.
Prevents missing `_wp_attachment_metadata` when an image contains keywords with latin extended characters.

Merges [36429] to the 4.4 branch.
See #35316.
Built from https://develop.svn.wordpress.org/branches/4.4@36430


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:58:28 +00:00
Dominik Schilling 9770d9e317 Emoji: Explicitly use https as the scheme for emoji fallback images, as they're only served over HTTPS by the CDN anyway.
Merges [36249] to the 4.4 branch.
See #35376.
Built from https://develop.svn.wordpress.org/branches/4.4@36428


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:24:28 +00:00
Dominik Schilling 176d2efa1b Multisite: Add the global cache group `networks` to `restore_current_blog()`.
Merges [36411] to the 4.4 branch.
See #35251.
Built from https://develop.svn.wordpress.org/branches/4.4@36412


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-27 13:48:27 +00:00
Dion Hulse 487580f7c4 Emoji: Work around a `mod_security` rule which prevents pages with 4 or more instances of `String.fromCharCode(` from being served.
Merges [36359] to the 4.4 branch.
Fixes #35412.

Built from https://develop.svn.wordpress.org/branches/4.4@36410


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-27 10:11:28 +00:00
Dion Hulse 46e43fdbb8 Add a commit number to the 4.4 branch so that branch nightly updates are automatically installed again.
Background Updates (even for development releases) don't install if `$wp_version == $offered_version`, without a commit number in `$wp_version` testers are forced to manually update.

Built from https://develop.svn.wordpress.org/branches/4.4@36378


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-22 07:24:27 +00:00
Dion Hulse 5daed64fde Customizer: Prevent erroneously directing user to login screen when closing.
Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents `WP_Customize_Manager::get_return_url()` from using `wp-login.php` as a referer.

Merges [36261] to the 4.4 branch.
Props chandrapatel.
See #32637.
Fixes #35355.

Built from https://develop.svn.wordpress.org/branches/4.4@36363


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 08:37:26 +00:00
Dion Hulse 7d81c464aa Comments: Ignore hierarchy in pagination calculation when comment threading is disabled.
In order to calculate comment pagination when newest comments are displayed
first, `comments_template()` must perform a separate query to determine the
total number of paginating comments available on a post. See [34729], #8071,
pagination calculation - can be defined as a top-level comment, or a comment
with `parent=0`. However, when comment threading is disabled, yet comments
exist in the database that have parents, all comments - even those with a
parent - are "paginating". (This typically happens when comments threading was
once enabled, but has since been turned off.) As such, the total-paginating-
comments query should only be limited to top-level comments when
'thread_comments' is disabled.

Merges [36275] to the 4.4 branch.
Props jmdodd.
Fixes #35419.

Built from https://develop.svn.wordpress.org/branches/4.4@36362


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 08:32:27 +00:00
Dion Hulse 7baf5daba3 Comments: Respect all post-related filters in `WP_Comment_Query`.
The refactor of `WP_Comment_Query`'s SQL generation in [34542] introduced a bug
that caused only the last post-related filter to be respected in comment
queries. In other words, if querying for comments using params
`post_status=draft&post_author=3`, only the last-processed of these params
would be respected. The current changeset fixes the logic so that these clauses
don't overwrite each other.

Merges [36326] to the 4.4 branch.
Props chriscct7.
Fixes #35478.

Built from https://develop.svn.wordpress.org/branches/4.4@36361


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 08:02:26 +00:00
Dion Hulse 6f9a213268 Comments: Respect custom pagination params when using `wp_list_comments()` in a query loop.
[36157] fixed a problem, introduced in 4.4, that caused custom pagination
parameters passed to `wp_list_comments()`. However, the fix introduced in that
changeset was limited to the `is_singular()` context, so that the bug remained
when `wp_list_comments()` is used within a non-singular `WP_Query` loop. We
fix this by removing the `is_singular()` check and using the more general
`get_the_ID()` to identify the correct post_id to use for the secondary
comment query.

Merges [36324] to the 4.4 branch.
Props boonebgorges.
Fixes #35402.

Built from https://develop.svn.wordpress.org/branches/4.4@36360


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 07:59:25 +00:00
Dion Hulse 3131897233 Taxonomy: Populate term cache with proper clone of term objects.
[34999] modified the cache strategy for terms in the context of
`wp_get_object_terms()`. As part of these changes, the `object_id` property of
term objects had to be unset before being cached. To avoid modifying passed-by-
reference terms, `update_term_cache()` attempted to make a copy of the terms
passed to the function; however, it failed to use the `clone` keyword, and thus
only created a reference instead of a copy.

Merges [36323] to the 4.4 branch.
Props berengerzyla.
Fixes #35462.

Built from https://develop.svn.wordpress.org/branches/4.4@36358


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 05:35:27 +00:00
Dion Hulse d1c894df29 Comments: Use the post-filter WHERE clause when querying for comment descendants.
The descendant query in `WP_Comment_Query::fill_descendants()` uses the clauses
of the main `get_comment_ids()` query as a basis, discarding the `parent`,
`parent__in`, and `parent__not_in` clauses. As implemented in WP 4.4 [34546],
the WHERE clause was assembled in such a way that any modifications applied
using the `comments_clauses` filter were not inherited by `fill_descendants()`.
This resulted in descendant queries that did not always properly filter
results, and sometimes contained syntax errors.

The current changeset fixes the problem by using the post-filter WHERE clause
as the basis for the `fill_descendants()` query. This change requires a new
approach for eliminating the unneeded parent-related clauses: instead of
eliminating values in an associative array, we must use regular expressions.

Merges [36277] to the 4.4 branch.
Props boonebgorges, firebird75.
Fixes #35192.

Built from https://develop.svn.wordpress.org/branches/4.4@36357


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 05:28:26 +00:00
Dion Hulse a8e4c25622 Comments: Always respect `$comments` array passed to `wp_list_comments()`.
[36157] fixed a bug whereby `wp_list_comments()` would not properly recognize
custom pagination arguments. See #35175. However, it inadvertently introduced
a bug that caused any `$comments` array explicitly passed to the function to be
ignored, when that array was accompanied by pagination arguments that differ
from those in `$wp_query`. We address this bug by moving the logic introduced
in [36157] inside a block that only fires when no `$comments` array has been
provided to the function.

Merges [36276] to the 4.4 branch.
Props ivankristianto, boonebgorges.
Fixes #35356.

Built from https://develop.svn.wordpress.org/branches/4.4@36356


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 05:24:27 +00:00
Dion Hulse b2275a579b Query: Avoid invalid SQL when building ORDER BY clause using long search strings.
The introduction of negative search terms in 4.4 [34934] introduced the
possibility that the ORDER BY clause of a search query could be assembled in
such a way as to create invalid syntax. The current changeset fixes this by
ensuring that the ORDER BY clause corresponding to the search terms is
excluded when it would otherwise be empty.

Merges [36251] to the 4.4 branch.
Props salvoaranzulla, boonebgorges.
Fixes #35361.

Built from https://develop.svn.wordpress.org/branches/4.4@36354


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 04:38:27 +00:00
Dion Hulse 7b2cd6dbd9 Comments: In comments_template(), don't run hierarchical queries if comment threading is disabled.
When hierarchical=true, WP_Comment_Query will always fetch comments according to the comment hierarchy, even if 'thread_comments' is disabled for the site.
This can cause problems when comment threading is disabled after threaded comments have been recorded on the site; comments will no longer be returned in a strictly chronological order.
We address the issue by refraining from querying hierarchically when comment threading is disabled.

Merges [36226] to the 4.4 branch.
Props jmdodd.
Fixes #35378.

Built from https://develop.svn.wordpress.org/branches/4.4@36353


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 04:33:27 +00:00
Dion Hulse 3a05448edf Canonical / Query: After [36280] remove the unit tests which are no longer supported for 4.4.
This also removes the `is_feed()` code to avoid confusion - only pages & embeds will be redirected.
See #35344

Built from https://develop.svn.wordpress.org/branches/4.4@36281


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-13 08:49:26 +00:00
Dion Hulse 26c5f0137f Canonical / Query: Restore the `is_404()` check in `wp_old_slug_redirect()` which was removed in [34659].
This reverts part of [34659] due to excessive canonical problems it's caused in 4.4.x.

Fixes #35344, #21602 for the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@36280


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-13 08:20:28 +00:00
Dion Hulse 75aa06ea84 Multisite: The `networks` group should be global.
Merges [36258] to the 4.4 branch.
Fixes #35251.

Built from https://develop.svn.wordpress.org/branches/4.4@36259


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-11 05:06:27 +00:00
Dion Hulse 9e8fdddea2 Random_Compat: The version included with 4.4 only supports the PHP 5.2+ namespace version of libsodium, don't attempt to use it with PHP 5.2 or old libsodium versions.
Fixes #35327.

Built from https://develop.svn.wordpress.org/branches/4.4@36257


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-11 04:38:28 +00:00
Dominik Schilling 3fff7c5e00 The 4.4 branch is now 4.4.2-alpha.
Built from https://develop.svn.wordpress.org/branches/4.4@36239


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 12:56:28 +00:00
Aaron Jorbin eb8c091033 Bump version to 4.4.1
Built from https://develop.svn.wordpress.org/branches/4.4@36194


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:08:27 +00:00
Aaron Jorbin a1aae78c7d Theme: Escape error messages
[36185] for 4.4 branch

Built from https://develop.svn.wordpress.org/branches/4.4@36186


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 17:24:27 +00:00
Dion Hulse 578b9a1ae4 Background Updates: Remove the 7am/7pm background update check.
This changeset is a more basic version of [36180], clearing the extra now redundant schedule.
As the functionality for this was introduced in 3.9, [28129] has been backported to 3.7/3.8, allowing the API TTL to be respected by those versions.

See #27772.
Fixes #35323.

Built from https://develop.svn.wordpress.org/trunk@36184


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 13:24:33 +00:00
Aaron Jorbin be1284566e Bump branches/4.4 to 4.4.1 Release Candidate 1
Built from https://develop.svn.wordpress.org/branches/4.4@36170


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-04 23:40:28 +00:00
Konstantin Obenland d99c88fb66 Template: Always display the site title on the front page.
Limits using the page title to the blog page when the site has a static front page,
bringing it N’Sync with `wp_title()`.

Merges [36168] to the 4.4 branch.

Props peterwilsoncc.
Fixes #34962.


Built from https://develop.svn.wordpress.org/branches/4.4@36169


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-04 17:19:27 +00:00
Andrew Ozz c9c10c4752 Media: when inserting an attachment in the editor and it is not an image, ensure the link is set to something else than `none`.
Props eherman24, azaozz.
Fixes #35153 for 4.4.1.
Built from https://develop.svn.wordpress.org/branches/4.4@36167


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-04 00:41:26 +00:00
Aaron Jorbin 001e5d3951 Add npm-shrinkwrap.json for 4.4
By shrinkwraping our dependencies, the same versions of everything will be installed no matter what rules the dependency package.json has specificed.

See #30787
props nacin, ocean90, netweb

Built from https://develop.svn.wordpress.org/branches/4.4@36165


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 22:37:26 +00:00
Andrew Nacin fb82faaac6 XML-RPC: Revert [34681] as it broke date handling.
Merges [36163] to the 4.4 branch.

props dossy, hnle, redsweater.
see #35053, #30429 (original ticket).

Built from https://develop.svn.wordpress.org/branches/4.4@36164


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 19:50:22 +00:00
Gary Pendergast 410109ca49 Emoji: Add Emoji Diversity support, and fall back to twemoji if the browser doesn't support diverse emoji.
Merge of [36126] and [36160] to the 4.4 branch.

See #33592.


Built from https://develop.svn.wordpress.org/branches/4.4@36161


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 04:42:23 +00:00
Boone Gorges 15e9e6f6d9 Ensure that non-default pagination values work in `wp_list_comments()`.
Prior to 4.4, it was possible to pass 'page' and 'per_page' values to
`wp_list_comments()` that do not match the corresponding global query vars.
This ability was lost in 4.4 with the refactor of how `comments_template()`
queries for comments; when the main comment query started fetching only the
comments that ought to appear on a page, instead of all of a post's comments,
it became impossible for the comment walker to select comments corresponding to
custom pagination parameters. See #8071.

We restore the previous behavior by (a) detecting when a 'page' or 'per_page'
parameter has been passed to `wp_list_comments()` that does not match the
corresponding query vars (so that the desired comments will not be found in
`$wp_query`), and if so, then (b) querying for all of the post's comments and
passing them to the comment walker for pagination, as was the case before 4.4.

Merges [36157] to the 4.4 branch.

Props boonebgorges, smerriman.
Fixes #35175.

Built from https://develop.svn.wordpress.org/branches/4.4@36158


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 02:07:23 +00:00
Dion Hulse ced6b063a3 List Tables: When a user has hidden all columns, do not override that with the `default_hidden_columns` filter.
Merges [36154] to the 4.4 branch.
Props Compute, jorbin, voldemortensen.
Fixes #35057.

Built from https://develop.svn.wordpress.org/branches/4.4@36155


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 04:45:22 +00:00
Dion Hulse dd821410c9 Admin: After [35128], make the 'Configure' link work again for dashboard widgets.
This merges the CSS changes from [35896] into an inline function in formatting.php to avoid a `wp-admin.min.css` rebuild.

Fixes #34987.

Built from https://develop.svn.wordpress.org/branches/4.4@36153


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 04:34:22 +00:00
Dion Hulse 2ef6daa428 Responsive images: fix the check whether the attachment meta matches the image src to work with http/https and CDNs.
Merges [36121] to the 4.4 branch.
Props webaware, joemcgill, azaozz.
Fixes #35045 and #35102.

Built from https://develop.svn.wordpress.org/branches/4.4@36152


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:56:22 +00:00
Dion Hulse 67c8061bb9 Responsive images: add compatibility for versions < 2.7 when the full image path was stored in the metadata. Introduces `_wp_get_attachment_relative_path()` and uses it in `wp_get_attachment_url()`.
Merges [36120] to the 4.4 branch.
Props dd32, SergeyBiryukov.
Fixes #35106.

Built from https://develop.svn.wordpress.org/branches/4.4@36151


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:54:22 +00:00
Dion Hulse b2da9c0fd4 Responsive Images: when creating `srcset` do not exclude the image size which is in the src attribute even when it is larger than `max_srcset_image_width`.
Merges [36110] to the 4.4 branch.
Props joemcgill.
Fixes #35108.

Built from https://develop.svn.wordpress.org/branches/4.4@36150


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:53:22 +00:00
Dion Hulse fd22afea0c Bump the `license.txt` year to 2016 to appease the unit tests.
Merges [36141] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@36149


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:48:21 +00:00
Dion Hulse 24967882b6 Widgets: Revert [34465], as it introduced a regression, making the `$index` argument of `dynamic_sidebar()` case-sensitive.
Merges [36130] to the 4.4 branch.
See #23423.
Fixes #34995.

Built from https://develop.svn.wordpress.org/branches/4.4@36148


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:39:21 +00:00
Dion Hulse 50efb6e0e0 Embeds: Change attachment metadata condition to prevent a warning in the embeds template.
Merges [36123] to the 4.4 branch.
Fixes #35237.

Built from https://develop.svn.wordpress.org/branches/4.4@36147


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:36:21 +00:00
Dion Hulse 3ce481f130 Comments: Ensure only approved comments trigger post author notifications
Posts that are trashed shouldn't trigger post author notifications. Adds unit tests to enforce this.

Merges [36119] to the 4.4 branch.
Props scottbrownconsulting, peterwilsoncc, swissspidy.
Fixes #35006.

Built from https://develop.svn.wordpress.org/branches/4.4@36146


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:35:21 +00:00
Dion Hulse ac6b8ae319 Admin: Restore the "Show advanced menu properties" checkboxes IDs.
These checkboxes are used on the Menus screen options and the Customizer Menus options.
Their IDs were removed in [34991] but they're needed to get the checkboxes to be saved
via AJAX. Also, avoids a useless AJAX call.

Merge [36137] to the 4.4 branch.
Props afercia.
Fixes #35112.

Built from https://develop.svn.wordpress.org/branches/4.4@36145


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:34:21 +00:00
Dion Hulse a048514d43 Admin: fix repositioning of notices when the first header is not an immediate children of `.wrap`.
Merges [36134] to the 4.4 branch.
Props afercia, DvanKooten.
Fixes #35047.

Built from https://develop.svn.wordpress.org/branches/4.4@36144


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:32:23 +00:00
Dion Hulse 8232ed4640 XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client.
XMLRPC has many quirks in it's operation, #16980 being just one of the many, #35185 just became yet another quirk.

Merges [36132] to the 4.4 branch.
See #16980.
Fixes #35185.

Built from https://develop.svn.wordpress.org/branches/4.4@36133


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-31 04:07:22 +00:00
Gary Pendergast 39875a50f3 Upgrade PHPMailer from 5.2.10 to 5.2.14.
The full list of changes is available here: https://github.com/PHPMailer/PHPMailer/compare/v5.2.10...v5.2.14

Merge of [36083] to the 4.4 branch.

Fixes #35212.


Built from https://develop.svn.wordpress.org/branches/4.4@36131


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-31 03:32:22 +00:00