Commit Graph

16463 Commits

Author SHA1 Message Date
audrasjb 34709f8440 WordPress 4.8.25.
Built from https://develop.svn.wordpress.org/branches/4.8@58520


git-svn-id: http://core.svn.wordpress.org/branches/4.8@57968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-24 16:33:04 +00:00
Joe McGill afd1e6770e WordPress 4.8.24.
Built from https://develop.svn.wordpress.org/branches/4.8@57422


git-svn-id: http://core.svn.wordpress.org/branches/4.8@56928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 16:17:23 +00:00
Aaron Jorbin 3609ec4f2e Grouped Backports to the 4.8 branch.
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.

Merges [57388] and [57389] to the 4.8 branch.

Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.

Built from https://develop.svn.wordpress.org/branches/4.8@57407


git-svn-id: http://core.svn.wordpress.org/branches/4.8@56913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 15:05:23 +00:00
audrasjb 66e18dcb6e WordPress 4.8.23.
Built from https://develop.svn.wordpress.org/branches/4.8@56869


git-svn-id: http://core.svn.wordpress.org/branches/4.8@56380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:17:34 +00:00
davidbaumwald 9fd0b00c91 Grouped backports to the 4.8 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], [56838], and [56840] to the 4.8 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.8@56864


git-svn-id: http://core.svn.wordpress.org/branches/4.8@56375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:14:39 +00:00
Sergey Biryukov 70a0960dff Grouped backports to the 4.8 branch.
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.

Merges [55763] and [55764] to the 4.8 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.
Built from https://develop.svn.wordpress.org/branches/4.8@55786


git-svn-id: http://core.svn.wordpress.org/branches/4.8@55298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:52:27 +00:00
Peter Wilson 7cd8649bbe I18N: Add new strings to `about.php` for use with end-of-life updates.
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.

Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 4.8 branch.
Fixes #57216.

Built from https://develop.svn.wordpress.org/branches/4.8@55384


git-svn-id: http://core.svn.wordpress.org/branches/4.8@54917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-21 03:06:23 +00:00
Sergey Biryukov 9c48bd85e4 WordPress 4.8.21.
Built from https://develop.svn.wordpress.org/branches/4.8@54594


git-svn-id: http://core.svn.wordpress.org/branches/4.8@54148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 19:55:14 +00:00
Sergey Biryukov 92a93cd9be Grouped backports to the 4.8 branch.
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Media: Refactor search by filename within the admin,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Comments: Apply kses when editing comments,
- Customize: Escape blogname option in underscores templates,
- REST API: Lockdown post parameter of the terms endpoint,
- Mail: Reset PHPMailer properties between use,
- Query: Validate relation in `WP_Date_Query`,
- Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 4.8 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Built from https://develop.svn.wordpress.org/branches/4.8@54568


git-svn-id: http://core.svn.wordpress.org/branches/4.8@54122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 18:14:23 +00:00
Peter Wilson 65b7a0e48b Security: Introduce strings to indicate support status.
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.8 branch.
See #56532.

Built from https://develop.svn.wordpress.org/branches/4.8@54452


git-svn-id: http://core.svn.wordpress.org/branches/4.8@54011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 22:07:23 +00:00
desrosj 61be176e5a WordPress 4.8.20.
Built from https://develop.svn.wordpress.org/branches/4.8@53999


git-svn-id: http://core.svn.wordpress.org/branches/4.8@53558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 17:35:59 +00:00
Sergey Biryukov 7a558af3c8 Grouped backports to the 4.8 branch.
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.

Merges [53958-53960] to the 4.8 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/4.8@53975


git-svn-id: http://core.svn.wordpress.org/branches/4.8@53534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 15:45:23 +00:00
davidbaumwald 12bfb972db WordPress 4.8.19.
Built from https://develop.svn.wordpress.org/branches/4.8@52883


git-svn-id: http://core.svn.wordpress.org/branches/4.8@52472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 22:10:23 +00:00
desrosj cf7dbdbdca WordPress 4.8.18.
Built from https://develop.svn.wordpress.org/branches/4.8@52497


git-svn-id: http://core.svn.wordpress.org/branches/4.8@52089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:53:41 +00:00
desrosj 02a98204d7 Grouped backports to the 4.8 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 4.8 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.8@52475


git-svn-id: http://core.svn.wordpress.org/branches/4.8@52067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:16:48 +00:00
Peter Wilson e68cfb41cd WordPress 4.8.17.
Built from https://develop.svn.wordpress.org/branches/4.8@50878


git-svn-id: http://core.svn.wordpress.org/branches/4.8@50487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:19:24 +00:00
desrosj 0632e81b28 Grouped merges for 4.8.16.
* REST API: Allow authors to read their own password protected posts.
* About page update

Merges [50717] to the 4.8 branch.


Built from https://develop.svn.wordpress.org/branches/4.8@50734


git-svn-id: http://core.svn.wordpress.org/branches/4.8@50343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:15:24 +00:00
desrosj 8ebf24672f Build/Test Tools: Backport GitHub Action and build improvements to the 4.8 branch.
This backports several build and test tool improvements to the 4.8 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50379,50387,50413,50416,50432,50435,50436,50444,50446,50473,50474,50476,50479,50485,50486,50487,50545,50579,50590] to the 4.8 branch.
See #50401, #51801, #51802, #52548, #52608, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/4.8@50635


git-svn-id: http://core.svn.wordpress.org/branches/4.8@50247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 15:25:25 +00:00
desrosj a68590b382 Build/Test Tools: Support NodeJS 14.x in the 4.8 branch.
This updates the 4.8 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.

In addition to backporting the package updates that happened after branching 4.8, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185,50192] to the 4.8 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.8@50203


git-svn-id: http://core.svn.wordpress.org/branches/4.8@49877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:10:38 +00:00
desrosj 03c2d89d0a WordPress 4.8.15.
Built from https://develop.svn.wordpress.org/branches/4.8@49416


git-svn-id: http://core.svn.wordpress.org/branches/4.8@49175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:39:27 +00:00
whyisjake 2544e89df4 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.8 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.8@49398


git-svn-id: http://core.svn.wordpress.org/branches/4.8@49157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:55:23 +00:00
Sergey Biryukov f175cf83a7 Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.8 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.8@48250


git-svn-id: http://core.svn.wordpress.org/branches/4.8@48019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:50:46 +00:00
desrosj 499c907011 WordPress 4.8.14.
Built from https://develop.svn.wordpress.org/branches/4.8@47995


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:37:26 +00:00
whyisjake 27f0839d04 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.8 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.8@47980


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:56:52 +00:00
Sergey Biryukov f501f7d79b Update the About page for WordPress 4.8.13
Built from https://develop.svn.wordpress.org/branches/4.8@47698


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:35:07 +00:00
Sergey Biryukov 9548cae7ec WordPress 4.8.12
Built from https://develop.svn.wordpress.org/branches/4.8@46925


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:28:21 +00:00
desrosj c359dde932 WordPress 4.8.11.
Built from https://develop.svn.wordpress.org/branches/4.8@46512


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:09:50 +00:00
desrosj 0f9e4ca0a2 WordPress 4.8.10.
Built from https://develop.svn.wordpress.org/branches/4.8@46042


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:05:29 +00:00
Sergey Biryukov 33f4539c6e Escape the output in `wp_ajax_upload_attachment()`.
Merges [45936] to the 4.8 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.8@45944


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:31:23 +00:00
Gary Pendergast b3a9479bd3 WordPress 4.8.9
Built from https://develop.svn.wordpress.org/branches/4.8@44870


git-svn-id: http://core.svn.wordpress.org/branches/4.8@44701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:05:20 +00:00
Sergey Biryukov a32075cd83 Comments: Improve comment content filtering.
Merges [44842] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@44846


git-svn-id: http://core.svn.wordpress.org/branches/4.8@44678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:35:20 +00:00
Jeremy Felt d86c7ad402 Bump 4.8 branch to version 4.8.8.
Built from https://develop.svn.wordpress.org/branches/4.8@44079


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:13:20 +00:00
Gary Pendergast 7bd776bdb3 Editor: Remove unwanted fields before saving posts.
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.8 branch.


Built from https://develop.svn.wordpress.org/branches/4.8@44055


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:40:21 +00:00
Peter Wilson dfc71aee34 Multisite: Validate activation links.
Merges [44048] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@44052


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:35:21 +00:00
Aaron Campbell ad514185cd Bump 4.8 branch to version 4.8.7
Built from https://develop.svn.wordpress.org/branches/4.8@43408


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:11:22 +00:00
Aaron Campbell b9381e6229 Bump 4.8 branch to version 4.8.6
Built from https://develop.svn.wordpress.org/branches/4.8@42934


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:23:31 +00:00
Dion Hulse d75574cd84 Bump the 4.8 branch to 4.8.5.
Built from https://develop.svn.wordpress.org/branches/4.8@42495


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:39:32 +00:00
Dion Hulse 726b806eab External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Fixes #42720 for 4.8.

Built from https://develop.svn.wordpress.org/branches/4.8@42478


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:02:34 +00:00
Dion Hulse 53c05552f3 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
Props joemcgill, dd32.
Merges [42434] to the 4.8 branch.
Fixes #42963 for 4.8.

Built from https://develop.svn.wordpress.org/branches/4.8@42466


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:53:33 +00:00
John Blackbourn 9222292ccb Bump 4.8 branch to version 4.8.4.
Built from https://develop.svn.wordpress.org/branches/4.8@42317


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 18:57:33 +00:00
John Blackbourn 2aba074c5b Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42268


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:13:35 +00:00
Gary Pendergast 3fdaf059b9 Bump 4.8 branch to version 4.8.3.
Built from https://develop.svn.wordpress.org/branches/4.8@42069


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:07:32 +00:00
Dominik Schilling c38ae9a68f Taxonomy/Users: Use correct escaping function for URLs.
Merge of [41522] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@41523


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:20:32 +00:00
Dominik Schilling 27433a5d25 Bump 4.8 branch to version 4.8.2.
Built from https://develop.svn.wordpress.org/branches/4.8@41509


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:42:33 +00:00
John Blackbourn 3e77adc619 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@41458


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:37:33 +00:00
Dominik Schilling 07e1f9a6ca Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@41417


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:11:33 +00:00
John Blackbourn 846bd22a79 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41399], with additions, to the 4.8 branch.

See #13377

Built from https://develop.svn.wordpress.org/branches/4.8@41412


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:21:16 +00:00
Dominik Schilling b7d54dd918 Widgets: Prevent visual Text widget from decoding encoded HTML.
Also apply `the_editor_content` filters on widget `text` with `format_for_editor()` as is done for the post editor.

Merge of [41260] to the 4.8 branch.

Amends [40631].
Props westonruter, azaozz.
See #35243.
Fixes #41596.
Built from https://develop.svn.wordpress.org/branches/4.8@41392


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 07:44:32 +00:00
Dominik Schilling 93ba8ea6fb I18N: Allow numbers in locales during installation.
The current regex was a bit to strict for locales like `pt_PT_ao90` which were already supported by `wp_get_installed_translations()`.

Merge of [41335] to the 4.8 branch.

See #41794.
Built from https://develop.svn.wordpress.org/branches/4.8@41336


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-04 19:38:33 +00:00
Weston Ruter e10af224e2 Bump 4.8 branch to version 4.8.1.
Built from https://develop.svn.wordpress.org/branches/4.8@41210


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-02 20:58:32 +00:00