Commit Graph

281 Commits

Author SHA1 Message Date
ryan 593659b8d0 Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 15:56:42 +00:00
ryan bc667be71b Allow plus '+' character when sanitizing mime type. Props cyberhobo. fixes #17855
git-svn-id: http://svn.automattic.com/wordpress/trunk@18324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 20:05:57 +00:00
westi fda24a53ed Ensure we have a valid timezone identifier before trying to use it.
Validate the new timezone identifier during option update.
Fixes #17840.

git-svn-id: http://svn.automattic.com/wordpress/trunk@18323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 14:58:50 +00:00
azaozz ae81d75d39 Fix typo in remove_accents(), props scribu, fixes #16232
git-svn-id: http://svn.automattic.com/wordpress/trunk@18159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-06 02:22:50 +00:00
ryan 4da684cf9a Update @since
git-svn-id: http://svn.automattic.com/wordpress/trunk@18032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 15:47:17 +00:00
ryan 81a5f821fb Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:19:42 +00:00
ryan 569c17df7f Properly anchor mime preg.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:17:09 +00:00
nacin 98bd4c0b2f s/coma/comma/. props ocean90.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-21 15:20:25 +00:00
ryan b2c2e302be Revert part of [17920]. Support for empty tz must remain. Props johnjamesjacoby. fixes #17448
git-svn-id: http://svn.automattic.com/wordpress/trunk@17958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-18 18:56:42 +00:00
westi 65e341d0cb Fix typos and inconsistencies in PHPdoc / function declarations. See #17414 props duck_
git-svn-id: http://svn.automattic.com/wordpress/trunk@17925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 09:50:20 +00:00
ryan 58767691f4 Remove PHP5 back compat code from get_gmt_from_date. Props technosailor. fixes #16920
git-svn-id: http://svn.automattic.com/wordpress/trunk@17920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-13 19:17:07 +00:00
ryan 74354459f1 Performance improvements for wptexturize(). Props solarissmoke, hakre. fixes #16684
git-svn-id: http://svn.automattic.com/wordpress/trunk@17636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-13 17:11:35 +00:00
nacin 14ec951269 Make underscores valid in sanitize_html_class. fixes #17067.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-06 21:28:52 +00:00
ryan 975a6a8c8d Reduce backtracking in make_clickable() regex. Reduce pcre.recursion_limit to avoid segfaulting. Props hakre. For trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-28 21:39:16 +00:00
ryan 4d46e8d95e Lose create_function() in links_add_target() and links_add_base_url(). esc_attr() the target to provide extra coverage for plugins. Props Justin Rainbow, nacin. For trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-16 19:24:18 +00:00
ryan 85f1feed84 Bring out the shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
ryan 81cd855720 Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
git-svn-id: http://svn.automattic.com/wordpress/trunk@17171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 20:45:37 +00:00
nacin 95726df854 Revert [16995] due to the way the data enters the db. props garyc40, see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-25 18:10:59 +00:00
ryan 3a66c698ee Remove some unnecessary esc_textarea() calls. Props garyc40. see #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@17001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 17:48:20 +00:00
markjaquith 49c11dc768 Use ENT_QUOTES in esc_textarea() in case someone uses it in a value='' situation by accident. see #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:24:22 +00:00
westi 60aa1d3062 Ultimate make_clickable. Fixes #14993 props filosofo
git-svn-id: http://svn.automattic.com/wordpress/trunk@16948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-15 13:43:30 +00:00
westi 1df7f1be64 Revert [16279] - the recursive nature of this regex doesn't play well with stack space. See #14993
git-svn-id: http://svn.automattic.com/wordpress/trunk@16692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 17:26:06 +00:00
nacin b8ce0261df More param fixes, props duck_. see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-18 19:12:48 +00:00
ryan 847499e531 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
markjaquith 6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
nacin 3f5b442306 Revert changes to wptexturize() until test cases pass. Reverts [16280], [16378]. see #4539 and #15241.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-16 22:18:48 +00:00
westi 17d25e2cdc Fix regression in wptexturize with single quotes when used for contraction. See #15241 props norbertm.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-15 08:52:36 +00:00
nacin 81a8f2d3ce Use square brackets instead of braces for string access. props hakre, fixes #13900.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 09:53:55 +00:00
nacin 5f4a583fb1 Remove more create_function calls. props huichen, see #14424.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 22:50:36 +00:00
westi 71fab5576a Improved RegEx for quote matching in wptexturize. Fixes #4539 and #15241 props norbertm.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-10 19:23:57 +00:00
westi 2d09607167 Don't capture the pesky trailing punctuation. Fixes #14993 props filosofo
git-svn-id: http://svn.automattic.com/wordpress/trunk@16279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-10 17:47:46 +00:00
ryan dbf7388c5b Don't anchor regex. Props ozh. fixes #14628
git-svn-id: http://svn.automattic.com/wordpress/trunk@16207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 15:29:50 +00:00
scribu fdd3556806 Introduce wp_basename() and use it for media handling. See #11887
git-svn-id: http://svn.automattic.com/wordpress/trunk@16154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-02 17:19:55 +00:00
westi 81a1c190c4 Revert 16150 - breaks things more than it fixes things. See #14993
git-svn-id: http://svn.automattic.com/wordpress/trunk@16151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-02 11:42:30 +00:00
westi c6471ef6e2 Don't capture RFC3986 sub-delims when making urls clickable except for ). Fixes #14993 props filosofo.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-02 09:45:09 +00:00
westi 51c714b256 Always capture ! as part of a url. See #14993 props filosofo.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-31 09:09:29 +00:00
westi fed42ecdf1 Purger more create_function usage during autop and iso descrambling. See #14424 props ScottMac.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 07:38:00 +00:00
ryan 614dd3b3a9 Idempotence for sanitize_user(). Make sanitize_key() match its phpdoc. Props duck_ fixes #15198
git-svn-id: http://svn.automattic.com/wordpress/trunk@15948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-24 20:33:54 +00:00
scribu 81025846b1 Also convert uppercase letters in Latin Extended-B. See #9591
git-svn-id: http://svn.automattic.com/wordpress/trunk@15931 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-23 15:36:16 +00:00
scribu 633daa01cb remove_accents(): Nordic characters fixes. Props einare. Fixes #4739. See #9591
git-svn-id: http://svn.automattic.com/wordpress/trunk@15930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-23 13:00:21 +00:00
scribu c613576e77 Introduce sanitize_title_for_query(). See #9591
git-svn-id: http://svn.automattic.com/wordpress/trunk@15929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-23 12:55:55 +00:00
ryan fd2896de77 Improve regex performance in wptexturize(). Props mdawaffe. fixes #15093
git-svn-id: http://svn.automattic.com/wordpress/trunk@15816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-15 14:34:38 +00:00
ryan 6b351163ef Simplify sanitize_key() and use it in more places. see #14910
git-svn-id: http://svn.automattic.com/wordpress/trunk@15635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-20 15:28:58 +00:00
nacin 5a20c05d27 Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 11:21:11 +00:00
ryan 5d5f2ed563 Make smilies links SSL aware. Props tech163. fixes #14360
git-svn-id: http://svn.automattic.com/wordpress/trunk@15554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-31 18:26:18 +00:00
markjaquith 798ba9900d Leonard Lin was kind enough to relicense his balanceTags() function as "GPL (any version)" instead of "GPL v2.0." http://github.com/lhl/balanceTags/blob/master/README
git-svn-id: http://svn.automattic.com/wordpress/trunk@15536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-26 15:43:32 +00:00
markjaquith 57deb5ec03 More judicious Wordpress-to-WordPress correction, to avoid bungling reasonable URLs. fixes #13971
git-svn-id: http://svn.automattic.com/wordpress/trunk@15377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-08 19:35:29 +00:00
dd32 a14d289755 Alot more tabs. Props jacobsantos & Viper007bond. See #14147
git-svn-id: http://svn.automattic.com/wordpress/trunk@15355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-30 00:05:18 +00:00
nacin 2eadcb9aef Fix warnings related to static pages. props zeo for initial patch. fixes #13830.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-11 17:04:06 +00:00
nacin c3cf7e4ee0 Forever eliminate 'Wordpress' from the planet (or at least the little bit we can influence). props matt.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-27 16:11:27 +00:00