Commit Graph

9 Commits

Author SHA1 Message Date
davidbaumwald ae04cdeb91 Grouped backports to the 4.9 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], [56838], and [56840] to the 4.9 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.9@56865


git-svn-id: http://core.svn.wordpress.org/branches/4.9@56376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:15:06 +00:00
whyisjake 01a575e1b0 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.9 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.9@49397


git-svn-id: http://core.svn.wordpress.org/branches/4.9@49156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:53:27 +00:00
Dion Hulse d317fa487f HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.
Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the `Host:` header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

Built from https://develop.svn.wordpress.org/trunk@38727


git-svn-id: http://core.svn.wordpress.org/trunk@38670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-05 03:24:37 +00:00
Dion Hulse 1dd3ed4bd5 Requests: Update to Requests master (fb5b517) which corrects a logic inversion in the cURL transport checks.
Previously if a host had only disabled one of `curl_init()` or `curl_exec()` it wouldn't get detected correctly by Requests, which caused cURL warnings for users on an affecte dhost.

Fixes #37700 for trunk.

Built from https://develop.svn.wordpress.org/trunk@38274


git-svn-id: http://core.svn.wordpress.org/trunk@38215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-18 03:48:31 +00:00
Dion Hulse 2d860ae3d6 Requests: Merge handling for custom HTTP methods.
This merges the latest changes to Requests from upstream to add support for custom HTTP methods.
See 1b5ffd8501

Props Ipstenu, ocean90.
Fixes #37503 for trunk.

Built from https://develop.svn.wordpress.org/trunk@38191


git-svn-id: http://core.svn.wordpress.org/trunk@38132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-04 07:14:31 +00:00
Ryan McCue b8b7a00889 HTTP API: Update Requests.
This introduces a minimum value of 1 second for timeouts passed to cURL.

Internally, cURL uses alarm() for interrupts, which accepts a second-resolution timeout. Any values lower than 1 second are instantly failed rather than being rounded upwards. While this makes the experience worse for those using asynchronous DNS lookups, there's no way to detect which DNS resolver is being used from PHP.

See #33055, #8923.

Built from https://develop.svn.wordpress.org/trunk@37694


git-svn-id: http://core.svn.wordpress.org/trunk@37660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 05:30:28 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Ryan McCue 1e40ba291e HTTP API: Fix compatibility with cURL <7.22
Ensure connections are closed after usage to fix an issue with WP.com URLs used in the tests.

Resynched from GitHub at 95518ce.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37430


git-svn-id: http://core.svn.wordpress.org/trunk@37396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 11:15:29 +00:00
Ryan McCue 37f6e6813a HTTP API: Replace internals with Requests library.
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00