Commit Graph

753 Commits

Author SHA1 Message Date
audrasjb 172ba98d63 Grouped backports to the 5.6 branch.
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.
- I18N: Introduce sanitization function for locale.
- Editor: Ensure block comments are of a valid form.

Merges [55760-55764] to the 5.6 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.


Built from https://develop.svn.wordpress.org/branches/5.6@55781


git-svn-id: http://core.svn.wordpress.org/branches/5.6@55293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:42:08 +00:00
desrosj bbc7ab2628 Grouped backports to the 5.6 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 5.6 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/5.6@52467


git-svn-id: http://core.svn.wordpress.org/branches/5.6@52059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 17:58:00 +00:00
desrosj 1c26077cf1 Build/Test Tools: Update several dependencies in the 5.6 branch.
This backports several dependency updates to the 5.6 branch as a part of #52341 to allow all branches receiving security updates to run on NodeJS 14.x.

Backports [49933,49937,49939,49940,49983,49989,49990,50016,50017] to the 5.6 branch.
See #51801, #52341.
Built from https://develop.svn.wordpress.org/branches/5.6@50023


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-26 15:18:33 +00:00
Sergey Biryukov af95efdd34 Docs: Add a `@see` reference to `esc_url()` from `esc_url_raw()`.
Follow-up to [49512].

See #50585.
Built from https://develop.svn.wordpress.org/trunk@49513


git-svn-id: http://core.svn.wordpress.org/trunk@49268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 14:16:07 +00:00
Sergey Biryukov 6dd28116a1 Docs: Improve return value description for `esc_url()`.
Add a reference to `esc_url()` from `esc_url_raw()` return value description.

Props stevenlinx, audrasjb, helen.
Fixes #50585.
Built from https://develop.svn.wordpress.org/trunk@49512


git-svn-id: http://core.svn.wordpress.org/trunk@49267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 14:03:06 +00:00
Sergey Biryukov 1543954adc Docs: Update description for the `$context` parameter of `sanitize_title()` and `sanitize_title_with_dashes()`.
This brings some consistency between the two DocBlocks and adjusts the latter one per the documentation standards.

Follow-up to [49482].

See #50569.
Built from https://develop.svn.wordpress.org/trunk@49484


git-svn-id: http://core.svn.wordpress.org/trunk@49243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-02 20:20:07 +00:00
Helen Hou-Sandí f2875b6f7c Formatting: Update docs for `$context` in `sanitize_title_with_dashes()`.
Props stevenlinx, audrasjb.
Fixes #50569.

Built from https://develop.svn.wordpress.org/trunk@49482


git-svn-id: http://core.svn.wordpress.org/trunk@49241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-02 20:12:06 +00:00
desrosj 8f7975cbea Emoji: Update Twemoji to version 13.0.1.
This release fixes minor issues with 8 different Emoji and revises the person/woman/man kneeling Emoji to be in a more obvious kneeling position.

🧎

These updates were pushed to a new, `13.0.1` folder on the CDN in [dotorg:16573].

For a full list of changes in this update, see https://github.com/twitter/twemoji/compare/v13.0.0...v13.0.1.

Props hareesh-pillai, otto42, desrosj.
Fixes #51356.
Built from https://develop.svn.wordpress.org/trunk@49239


git-svn-id: http://core.svn.wordpress.org/trunk@49001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 16:55:23 +00:00
Sergey Biryukov 651f426b3a General: Remove `noreferrer` from `wp_targeted_link_rel()` and other uses.
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.

Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.

Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes #49558.
Built from https://develop.svn.wordpress.org/trunk@49215


git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 23:39:04 +00:00
Sergey Biryukov 0e3147c40e Coding Standards: Replace alias PHP functions with the canonical names.
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.

This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast

In part, this is a follow-up to #47746.

Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193


git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 17:27:06 +00:00
Sergey Biryukov 120291367a Formatting: Deprecate `wp_slash_strings_only()` in favor of `wp_slash()`.
The reason for introducing `wp_slash_strings_only()` in [46454] was to keep non-string values untouched.

Later, `wp_slash()` itself was updated in [48433] to prevent changing non-string values.

To avoid confusion, `wp_slash_strings_only()` is now deprecated.

Props ayeshrajans, ocean90.
Fixes #50635.
Built from https://develop.svn.wordpress.org/trunk@49188


git-svn-id: http://core.svn.wordpress.org/trunk@48950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 06:57:04 +00:00
Sergey Biryukov 897f004a9c General: Replace older-style PHP type conversion functions with type casts.
This improves performance, readability, and consistency throughout core.

* `intval()` → `(int)`
* `strval()` → `(string)`
* `floatval()` → `(float)`

Props ayeshrajans.
Fixes #42918.
Built from https://develop.svn.wordpress.org/trunk@49108


git-svn-id: http://core.svn.wordpress.org/trunk@48870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 21:15:13 +00:00
Sergey Biryukov ac00862f44 Formatting: Make sure `links_add_target()` adds the `target` attribute to the correct tag.
Previously, the attribute could unintentionally be added to a tag that starts with the same characters, e.g. `<aside>` instead of `<a>`.

Props antonlukin.
Fixes #51313.
Built from https://develop.svn.wordpress.org/trunk@48983


git-svn-id: http://core.svn.wordpress.org/trunk@48745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-17 10:14:07 +00:00
Sergey Biryukov 13647464a5 Formatting: Make the check for empty text in `wp_trim_excerpt()` more resilient.
This addresses a regression in [47808], which caused excerpts to be generated from post content if an empty string is passed, but not for other values considered empty, e.g. `null` or `false`.

Props riaanlom, laxman-prajapati, SergeyBiryukov.
Fixes #51042.
Built from https://develop.svn.wordpress.org/trunk@48817


git-svn-id: http://core.svn.wordpress.org/trunk@48579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-18 15:10:04 +00:00
Sergey Biryukov 101d00601e Media: Remove accents in `sanitize_file_name()`.
This brings some consistency with `sanitize_title()` and `sanitize_user()`.

Props tar.gz, NumidWasNotAvailable, juliobox, p_enrique, cristovaov, zodiac1978, mikeschroder, markoheijnen, chriscct7, swissspidy, DrProtocols, pento, gitlost, joemcgill, dustinbolton, programmin, Vayu, MaximeCulea, lucasbustamante, nilovelez, RavanH, audrasjb, SergeyBiryukov.
See #22363.
Built from https://develop.svn.wordpress.org/trunk@48603


git-svn-id: http://core.svn.wordpress.org/trunk@48365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-24 18:03:02 +00:00
Sergey Biryukov 544fbefffa Media: Filter out a few more special characters in `sanitize_file_name()`.
Props audrasjb.
Fixes #50231.
Built from https://develop.svn.wordpress.org/trunk@48596


git-svn-id: http://core.svn.wordpress.org/trunk@48358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-24 00:59:07 +00:00
Sergey Biryukov e1830a8182 Formatting: Filter out the bullet character in `sanitize_title_with_dashes()`.
Props roytanck, deepaklalwani, veromary.
Fixes #49791.
Built from https://develop.svn.wordpress.org/trunk@48593


git-svn-id: http://core.svn.wordpress.org/trunk@48355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-24 00:03:05 +00:00
John Blackbourn 9bc7d0a776 Docs: Another pass at some inline docs fixes mostly made by PHPCBF.
See #49572, #50744
Built from https://develop.svn.wordpress.org/trunk@48590


git-svn-id: http://core.svn.wordpress.org/trunk@48352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 21:11:05 +00:00
Aaron Jorbin 6cab8cce22 General: Update code for readability and inclusion
There are two pieces in here:

1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.

2) This improves backwards compatibility for code that was accessing the now deprecated code.

Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]

Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413


Built from https://develop.svn.wordpress.org/trunk@48575


git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 03:14:06 +00:00
Sergey Biryukov 81a001117c Docs: Improve documentation for `sanitize_user()`, `sanitize_title()`, `sanitize_title_with_dashes()`.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48444


git-svn-id: http://core.svn.wordpress.org/trunk@48213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-12 01:13:02 +00:00
Sergey Biryukov c38f99df9a Docs: Synchronize `@since` notes for `add_magic_quotes()` and `wp_slash()`.
Follow-up to [48205], [48433].

See #49572.
Built from https://develop.svn.wordpress.org/trunk@48441


git-svn-id: http://core.svn.wordpress.org/trunk@48210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-11 22:48:07 +00:00
whyisjake 7448ce4839 Formatting: Prevent wp_slash from returning non-strings as strings.
If a bool/float/int is passed into wp_slash it will be coerced into a string.

This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.

Fixes #42195, #24106.

Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48433


git-svn-id: http://core.svn.wordpress.org/trunk@48202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-11 00:13:04 +00:00
whyisjake 919729508c Formatting: Improve the docblock for `sanitize_title()`.
Since sanitize title is largely used for html attributes, or post slugs, make note that accents will be removed and that the string will be limited to alphanumeric characters, underscores, and dashes.

Fixes #33756.
Props ericlewis, swissspidy, wonderboymusic, psdtohtmlguru, DrewAPicture, SergeyBiryukov, sjmur, gma992, shulard, ebinnion, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48432


git-svn-id: http://core.svn.wordpress.org/trunk@48201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-10 23:28:04 +00:00
Sergey Biryukov 3336009e34 Docs: Replace "html" and "xhtml" instances in DocBlocks and comments with "HTML" and "XHTML".
This ensures consistent capitalization where appropriate.

Props navidos, desrosj.
Fixes #50473.
Built from https://develop.svn.wordpress.org/trunk@48199


git-svn-id: http://core.svn.wordpress.org/trunk@47968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-28 14:02:06 +00:00
Sergey Biryukov 40c389c95e Docs: Standardize on "Returning a value from the filter" vs. "Passing a value to the filter".
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.

The documentation is referring to the latter.

Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185


git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-26 18:49:09 +00:00
Sergey Biryukov a55c84380a Docs: Spell "line breaks" in a consistent way.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48175


git-svn-id: http://core.svn.wordpress.org/trunk@47944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-26 09:30:11 +00:00
Sergey Biryukov a659c36414 Docs: Add a note that the `$br` parameter of `wpautop()` does not affect line breaks within `<script>`, `<style>`, and `<svg>` tags.
Props stevenlinx.
Fixes #50477.
Built from https://develop.svn.wordpress.org/trunk@48174


git-svn-id: http://core.svn.wordpress.org/trunk@47943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-26 09:20:11 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Sergey Biryukov b16368c268 Docs: Remove `@staticvar` tags from core.
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.

Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.

Props alishanvr, jrf.
Fixes #50426.
Built from https://develop.svn.wordpress.org/trunk@48109


git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 12:40:12 +00:00
John Blackbourn 1a77bb81d8 Docs: Remove unnecessary variables names from `@return` tags.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48100


git-svn-id: http://core.svn.wordpress.org/trunk@47869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:55:12 +00:00
John Blackbourn 37234874a5 Docs: Misc improvements to inline docs.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48099


git-svn-id: http://core.svn.wordpress.org/trunk@47868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:28:13 +00:00
Sergey Biryukov 99d49a0cc3 Build/Test Tools: Replace the banner text from `wp-emoji-loader.min.js` in `formatting.php` during build process.
This ensures that `/*! This file is auto-generated */` comment is not included on front end as part of the inline Emoji detection script.

Follow-up to [41271], [46589].

Props superpoincare, SergeyBiryukov.
Fixes #49861.
Built from https://develop.svn.wordpress.org/trunk@48096


git-svn-id: http://core.svn.wordpress.org/trunk@47865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:08:08 +00:00
Pascal Birchler 609dd1d14f Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

Built from https://develop.svn.wordpress.org/trunk@48072


git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 15:24:07 +00:00
desrosj 4cdd79af25 Emoji: Upgrade Twemoji to version 13.0.0.
🥸

Props kraftbj, desrosj, otto42.
Fixes #50148.
Built from https://develop.svn.wordpress.org/trunk@48048


git-svn-id: http://core.svn.wordpress.org/trunk@47815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-15 18:04:26 +00:00
Sergey Biryukov b9751d4efe Coding Standards: Use strict comparison for `count()` calls.
See #49542.
Built from https://develop.svn.wordpress.org/trunk@47848


git-svn-id: http://core.svn.wordpress.org/trunk@47624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-23 11:38:08 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov 2517abb4bd Docs: Add a note that the `$protocols` parameter of `esc_url_raw()` defaults to return value of `wp_allowed_protocols()`.
This complements already existing note in `esc_url()`.

Props audrasjb.
Fixes #50147.
Built from https://develop.svn.wordpress.org/trunk@47783


git-svn-id: http://core.svn.wordpress.org/trunk@47559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-11 20:34:13 +00:00
whyisjake fd21a9346c Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Props: xknown, peterwilsoncc.

Built from https://develop.svn.wordpress.org/trunk@47638


git-svn-id: http://core.svn.wordpress.org/trunk@47413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 15:40:07 +00:00
Sergey Biryukov 38676936ba Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
John Blackbourn 7004afe4f4 Docs: Various docblock corrections and improvements.
See #49572
Built from https://develop.svn.wordpress.org/trunk@47461


git-svn-id: http://core.svn.wordpress.org/trunk@47248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-16 18:40:07 +00:00
Sergey Biryukov f82fd2c436 Docs: Use more specific type in parameter description for `wp_unslash()`.
Props marekdedic.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47400


git-svn-id: http://core.svn.wordpress.org/trunk@47187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-01 16:26:05 +00:00
Sergey Biryukov 641c632b0c Coding Standards: Use Yoda conditions where appropriate.
See #49222.
Built from https://develop.svn.wordpress.org/trunk@47219


git-svn-id: http://core.svn.wordpress.org/trunk@47019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:55:09 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov 2900bb8ea7 Docs: Update links to https://secure.php.net/, they now redirect to https://www.php.net/.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47088


git-svn-id: http://core.svn.wordpress.org/trunk@46888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-20 03:14:06 +00:00
Sergey Biryukov 8260786e64 Docs: Clarify descriptions for `get_gmt_from_date()` and `get_date_from_gmt()`.
Props johnbillion, Rarst.
Fixes #48650.
Built from https://develop.svn.wordpress.org/trunk@46958


git-svn-id: http://core.svn.wordpress.org/trunk@46757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-13 21:45:02 +00:00
whyisjake 317465e2fe Prevent stored XSS in the block editor.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras, 

Built from https://develop.svn.wordpress.org/trunk@46896


git-svn-id: http://core.svn.wordpress.org/trunk@46696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:02:03 +00:00
whyisjake 80eab318eb Prevent stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.


Built from https://develop.svn.wordpress.org/trunk@46894


git-svn-id: http://core.svn.wordpress.org/trunk@46694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 17:54:02 +00:00
John Blackbourn f545bb3f63 Docs: Improve documentation of known return types, plus other docs fixes.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46660


git-svn-id: http://core.svn.wordpress.org/trunk@46460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-05 21:23:02 +00:00
John Blackbourn c8f91f77ac Docs: Correct invalid hook docblocks.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46603


git-svn-id: http://core.svn.wordpress.org/trunk@46400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-27 19:11:02 +00:00
John Blackbourn 3caaa40fc6 Docs: Switch more docs over to typed array notation, plus some fixes.
See #48303, #41756

Built from https://develop.svn.wordpress.org/trunk@46596


git-svn-id: http://core.svn.wordpress.org/trunk@46393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 21:09:04 +00:00