Commit Graph

25796 Commits

Author SHA1 Message Date
Dominik Schilling 16156dcff9 WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.
Merges [32374] to the 3.9 branch.

props pento.
see #32104.
Built from https://develop.svn.wordpress.org/branches/3.9@32405


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:05:46 +00:00
Helen Hou-Sandí cfb6ef101b The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
Merges [32375] to the 3.9 branch.

props pento.
See #32204.

Built from https://develop.svn.wordpress.org/branches/3.9@32398


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:43:51 +00:00
Michael Adams 1c86df8bbf WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
Merge of [32364] to the 3.9 branch.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.

Built from https://develop.svn.wordpress.org/branches/3.9@32389


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:12:16 +00:00
Andrew Ozz b2c747a38e TinyMCE: work-around a bug in the tags matching regex.
For 3.9.
Built from https://develop.svn.wordpress.org/branches/3.9@32373


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 05:36:17 +00:00
Michael Adams 10be03b2d7 3.9:
- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
- When upgrading, remove any suspicious comments.

Built from https://develop.svn.wordpress.org/branches/3.9@32316


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 18:30:15 +00:00
Gary Pendergast ad0a3701d4 3.9 branch is now 3.9.6.
Built from https://develop.svn.wordpress.org/branches/3.9@32303


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 14:12:15 +00:00
Helen Hou-Sandí 67a0654bcb The 3.9 branch is now 3.9.5.
Built from https://develop.svn.wordpress.org/branches/3.9@32284


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 21:35:52 +00:00
Gary Pendergast fa12b4a44c WPDB: When sanity checking a string by sending it to MySQL for conversion checks, the incorrect data structure was being returned from wpdb::strip_invalid_text(), causing all write queries to fail for some character sets when the query contained non-ASCII characters.
Merge of [32261] to the 3.9 branch.

See #32051.


Built from https://develop.svn.wordpress.org/branches/3.9@32273


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 11:48:16 +00:00
Gary Pendergast 4e39f0ba11 WPDB: When deciding if a query needs extra sanity checking based on collation, return early when we can. Merges [32232] and [32233] to the 3.9 branch.
See #32029.


Built from https://develop.svn.wordpress.org/branches/3.9@32239


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 06:58:14 +00:00
Gary Pendergast b435ecd2f8 Fix some `wpdb::check_safe_collation()` calls missed in [32182].
Built from https://develop.svn.wordpress.org/branches/3.9@32224


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 19:04:15 +00:00
Gary Pendergast 6af36f8915 Bump 3.9 branch to 3.9.4.
Built from https://develop.svn.wordpress.org/branches/3.9@32217


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 17:37:28 +00:00
Gary Pendergast f56dd747c8 3.9: Update about.php.
Built from https://develop.svn.wordpress.org/branches/3.9@32216


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 17:37:14 +00:00
Gary Pendergast 2a42fc2e73 Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.9 branch.
Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/branches/3.9@32204


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:39:14 +00:00
Gary Pendergast 7bd9e93fef In Multisite, prevent plugins from unintentionally switching sites. Merge of [32173] to the 3.9 branch.
Props mdawaffe, pento.


Built from https://develop.svn.wordpress.org/branches/3.9@32200


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:23:15 +00:00
Gary Pendergast 6c6ea88f7d Update the Plupload Flash file to the latest version. Merge of [32168] to the 3.9 branch.
Props azaozz.


Built from https://develop.svn.wordpress.org/branches/3.9@32198


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:11:15 +00:00
Gary Pendergast dc27207e1f Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 3.9 branch.
Props azaozz.


Built from https://develop.svn.wordpress.org/branches/3.9@32194


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:52:16 +00:00
Gary Pendergast 27c4e15959 Clean up some edge cases in `sanitize_sql_orderby()`. Merge of [32164] to the 3.9 branch.
Props vortfu, dd32.


Built from https://develop.svn.wordpress.org/branches/3.9@32190


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:36:14 +00:00
Gary Pendergast ff692384e0 `wpdb::$checking_collation` was incorrectly marked as `protected` instead of `private` in [32182].
Built from https://develop.svn.wordpress.org/branches/3.9@32185


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 11:24:15 +00:00
Gary Pendergast e4e09f8491 Merge the query sanity checks from #21212 to the 3.9 branch.
Props pento, nacin, mdawaffe, DrewAPicture.


Built from https://develop.svn.wordpress.org/branches/3.9@32182


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 11:09:15 +00:00
Gary Pendergast 8b1471168e 3.9: Bump package.json, readme.html and license.txt.
Built from https://develop.svn.wordpress.org/branches/3.9@32156


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:41:14 +00:00
Gary Pendergast 932a7677e8 The 3.9 branch is now 3.9.4-alpha.
Built from https://develop.svn.wordpress.org/branches/3.9@32155


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:40:15 +00:00
Andrew Nacin d7aecf3611 3.9.3 version bumps.
Built from https://develop.svn.wordpress.org/branches/3.9@30474


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:29:14 +00:00
Andrew Nacin a067868b73 Prevent high resource usage when hashing large passwords. props mdawaffe, pento
Merges [30466] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30468


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:06:14 +00:00
Andrew Nacin 6f300d7d12 Validate image data.
Merges [30458] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30463


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 15:53:52 +00:00
Andrew Nacin 940eb60ad7 Anchor texturize to shortcodes to improve regex efficiency.
For the 3.9 branch; see [30449] for trunk.

props miqrogroove.
see #29557 for segfault issues.

Built from https://develop.svn.wordpress.org/branches/3.9@30452


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:32:15 +00:00
Andrew Nacin ca3e6728d1 Better validation of the URL used in core HTTP requests.
Merges [30443] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30445


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:02:14 +00:00
Andrew Nacin 5594f44f40 Press This: Ensure the error message is printed. props johnbillion
Merges [30438] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30440


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:59:09 +00:00
Andrew Nacin bb7e7f5a0b TinyMCE: Verify HTML in captions. props azaozz
Merges [30435] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30437


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:52:15 +00:00
Andrew Nacin e8ea407eb6 Invalidate password keys when a user's email changes.
Merges [30430] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30432


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:42:16 +00:00
Andrew Nacin c0357c466d Fix typo in style filter. props miqrogroove
Merges [30425] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30427


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:16:42 +00:00
Andrew Nacin 3fa0efa6e3 Playlists are video by default. props duck_
Merges [30422] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30424


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:12:45 +00:00
Andrew Nacin 05c849b3ee Form validation for password resets.
Merges [30417] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30419


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:23:46 +00:00
Andrew Nacin 3224f9b9c2 Use hash_equals() for old md5 hashes.
Merges [30412] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30414


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:02:50 +00:00
Andrew Nacin 14f8d5a6e5 Password resets: Use network_site_url() for form actions.
Merges [29631] to the 3.9 branch.

props mdawaffe.
fixes #29156.

Built from https://develop.svn.wordpress.org/branches/3.9@29638


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 03:02:15 +00:00
Andrew Nacin f62b6a2c8b 3.9.2
Built from https://develop.svn.wordpress.org/branches/3.9@29411


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 18:27:16 +00:00
Andrew Nacin f00aac7c5c Use delimiters when building nonce hashes. Part two of [29384].
Built from https://develop.svn.wordpress.org/branches/3.9@29408


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:53:16 +00:00
Andrew Nacin 824ca5b030 Ignore entities in XML-RPC requests.
Merges [29404] to the 3.9 branch.

props mdawaffe, nacin.

Built from https://develop.svn.wordpress.org/branches/3.9@29405


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:40:17 +00:00
Andrew Nacin 9173953c3e Escape late in get_avatar().
Merges [29397] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@29398


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:51:15 +00:00
Andrew Nacin ac2d674473 Don't pass around the password reset key.
Merges [29327] and [29381] to the 3.9 branch.

props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/branches/3.9@29394


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 06:37:15 +00:00
Andrew Nacin b86cd8511b Disable external entities in ID3.
Merges [29378] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@29390


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:57:16 +00:00
Andrew Nacin ad39a33a22 Verify the MAC earlier in WP_Customize_Widgets. props duck_.
Merges [29377] (and [29028]) to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@29389


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:51:15 +00:00
Andrew Nacin c4b546f41f Constant time for wp_verify_nonce().
Merges [29382] to the 3.9 branch.

Adds a second copy of hash_equals() to pluggable.php in case compat.php is not copied over in an update. (The general goal is no cross-file dependencies for minor releases.)

Built from https://develop.svn.wordpress.org/branches/3.9@29384


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:42:16 +00:00
Andrew Nacin 7d2bc0ab0d 3.9.2-alpha
Built from https://develop.svn.wordpress.org/branches/3.9@29383


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:31 +00:00
Andrew Nacin ef84a2bea6 Update the Akismet external to 3.0.1 for the 3.9 branch.
git-svn-id: http://core.svn.wordpress.org/branches/3.9@29143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-03 17:14:50 +00:00
Andrew Nacin c462d023dd Use the same string on the about, credits, and freedoms screens.
Built from https://develop.svn.wordpress.org/branches/3.9@28353


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-08 17:01:16 +00:00
Andrew Nacin 01793d489b About 3.9.1
Built from https://develop.svn.wordpress.org/branches/3.9@28346


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-07 20:43:15 +00:00
Andrew Nacin 38b8a2fbf9 3.9.1
Built from https://develop.svn.wordpress.org/branches/3.9@28345


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-07 20:13:14 +00:00
Andrew Nacin f87cbbf9c9 Add missing Dashicons classes to User Admin menu.
Merges [28284] to the 3.9 branch.

props imath.
fixes #28144, #26630.

Built from https://develop.svn.wordpress.org/branches/3.9@28344


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-07 20:11:15 +00:00
Andrew Nacin 3c530e46cb 3.9.1-RC1
Built from https://develop.svn.wordpress.org/branches/3.9@28282


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 05:33:31 +00:00
Andrew Nacin e1f345903f Multisite: Treat 'www' as a special subdomain, reversing 3.9 regression.
Merges [28280] to the 3.9 branch.

props jeremyfelt.
fixes #27927.

Built from https://develop.svn.wordpress.org/branches/3.9@28281


git-svn-id: http://core.svn.wordpress.org/branches/3.9@28109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 05:33:17 +00:00