WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,835 Commits 50 Branches 749 Tags 904 MiB
Commit Graph

23835 Commits

Author SHA1 Message Date
John Blackbourn 1d5a7892f2 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@41469


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:47:09 +00:00
John Blackbourn 8d241beedb General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41434] with changes to the 3.7 branch.

See #13377

Built from https://develop.svn.wordpress.org/branches/3.7@41456


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 13:52:09 +00:00
Dominik Schilling 774f81b780 Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@41428


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:15:50 +00:00
Dominik Schilling 86b3a35dd7 Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog. 
Merge of [41393] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@41411


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:20:44 +00:00
Aaron Campbell fe080e84db Bump 3.7 branch to version 3.7.21. 
Built from https://develop.svn.wordpress.org/branches/3.7@40758


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:54:15 +00:00
Pascal Birchler 8ae6705fd2 Media: Simplify upload error message construction. 
Merges [40736] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40747


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:05:51 +00:00
Aaron Campbell f5fca82e63 Add nonce for updating file system credentials. 
Merges [40723] to 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40734


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:58:09 +00:00
Dominik Schilling 303264210a Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@40715


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:23:10 +00:00
Pascal Birchler b89aca0478 Adjust post meta checks 
Merges [40692] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40703


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:54:35 +00:00
Pascal Birchler 1ab98bf52d Whitelist post arguments in XML-RPC 
Merges [40677] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40688


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:31:09 +00:00
Pascal Birchler a2797f26d2 Bump 3.7 branch to version 3.7.20. 
Built from https://develop.svn.wordpress.org/branches/3.7@40497


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:30:10 +00:00
Pascal Birchler 63b4b6a006 Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40470


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-17 13:48:09 +00:00
James Nylen 85e61d7921 Bump 3.7 branch to version 3.7.19. 
Built from https://develop.svn.wordpress.org/branches/3.7@40212


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:50:09 +00:00
Aaron Campbell 3e68b0c7d1 Strip control characters before validating redirect. 
Merges [40183] to 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40194


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:47:09 +00:00
Aaron Campbell c6ab9f325b Plugins: Add file check to plugin deletions. 
Merges [40169] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@40180


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:06:09 +00:00
Jeremy Felt ec48ddfb4e Validate video and audio metadata. 
Merge of [40148] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@40159


git-svn-id: http://core.svn.wordpress.org/branches/3.7@40098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 08:14:10 +00:00
Aaron Campbell 44b16a7d23 Bump 3.7 branch to version 3.7.18. 
Built from https://develop.svn.wordpress.org/branches/3.7@40006


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 18:31:11 +00:00
John Blackbourn 0a1cbe9d09 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. 
Merges [39956] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39989


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 14:24:09 +00:00
Dominik Schilling 9669f73c62 Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 
Merge of [39968] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39982


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 14:16:21 +00:00
Dominik Schilling e62f79cfd7 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39966


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 13:53:22 +00:00
Aaron Campbell 0a294916d9 Bump 3.7 branch to version 3.7.17. 
Built from https://develop.svn.wordpress.org/branches/3.7@39870


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 17:00:22 +00:00
Joe McGill 8d4f4a9a05 Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39861


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:46:22 +00:00
Joe McGill e6de513be6 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39842


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:21:09 +00:00
Dominik Schilling dbb5bf710f Updates: Translate plugin data on the Updates screen. 
Merge of [39808] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39830


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:44:10 +00:00
Dominik Schilling 30b010ce8a Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39819


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:13:14 +00:00
Jeremy Felt c094d37899 Multisite: Use `wp_rand()` in signup key creation. 
Merges [39795] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39806


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:36:51 +00:00
Dion Hulse 784f429843 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 3.7 branch.
Fixes #37210 for 3.7.

Built from https://develop.svn.wordpress.org/branches/3.7@39794


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:28:09 +00:00
Jeremy Felt 2d2f78d640 Mail: Disable wp-mail.php when `mailserver_url` is mail.example.com. 
Merges [39772] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39784


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:22:07 +00:00
Aaron Campbell bf3ac93baf Add nonce for widget accessibility mode. 
Props vortfu.

See #23328.

Merges [39765] to 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39771


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 01:54:09 +00:00
Dion Hulse 45af63e137 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645], [36083], [33142], [33124], [29783], [27385] to the 3.7 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/3.7@39731


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:07:14 +00:00
Joe McGill b01225018a Media: Improved media titles when created from filename. 
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 3.7 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/3.7@39719


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:02:17 +00:00
Dion Hulse fba955f893 General: Update copyright year to 2017 in license.txt. 
Props Nikschavan.
Merges [39659] to the 3.7 branch.
Fixes #39433.

Built from https://develop.svn.wordpress.org/branches/3.7@39707


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 21:55:48 +00:00
Jeremy Felt 4afbabc9ca Bump 3.7 branch to 3.7.16. 
Built from https://develop.svn.wordpress.org/branches/3.7@38558


git-svn-id: http://core.svn.wordpress.org/branches/3.7@38501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 15:02:36 +00:00
Jeremy Felt 2d1b0ab4c6 Media: Sanitize upload filename. 
Merge of [38538] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@38548


git-svn-id: http://core.svn.wordpress.org/branches/3.7@38491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 14:01:10 +00:00
Pascal Birchler b40b064e8a Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. 
Merge of [38524] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@38534


git-svn-id: http://core.svn.wordpress.org/branches/3.7@38475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-06 18:07:12 +00:00
Boone Gorges afe460ad19 Bump 3.7 branch to 3.7.15. 
Built from https://develop.svn.wordpress.org/branches/3.7@37836


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 16:52:09 +00:00
Joe McGill eab4230e88 Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 3.7 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/3.7@37825


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 15:02:09 +00:00
Nikolay Bachiyski 7fab797d2c Admin: escape URL-encoded permalinks 
Merge of [37801] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@37823


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 15:00:10 +00:00
Rachel Baker 6319a5f7ea Revisions: Change the capability needed to view revision diffs to `edit_post`. 
Merge of [37779] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@37808


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:51:37 +00:00
Nikolay Bachiyski 361dc33680 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@37795


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:30:09 +00:00
Boone Gorges 9aed168b89 Taxonomy: More specific cap check when processing category data on post save. 
Ports [37691] to the 3.7 branch.

Props dlh.
Fixes #36379.
Built from https://develop.svn.wordpress.org/branches/3.7@37788


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:25:40 +00:00
Dominik Schilling 7b14133f66 Customize: Make sure that preview and return URLs are URLs. 
Merge of [37527] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@37780


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:22:34 +00:00
Jeremy Felt 5e739be4f6 Admin: Allow for the consistent filtering of `auth_redirect_scheme` 
Merge of [37651] to the 3.7 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/3.7@37766


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:14:10 +00:00
Dominik Schilling 5543fabff3 Bump 3.7 branch to 3.7.14. 
Built from https://develop.svn.wordpress.org/branches/3.7@37392


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 18:16:17 +00:00
Nikolay Bachiyski b3887842de External Libaries: missed SWF file changes from [37368] 
Built from https://develop.svn.wordpress.org/branches/3.7@37369


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 17:51:08 +00:00
Nikolay Bachiyski f5195ba547 External Libraries: Disable Flash backend for Plupload 
Built from https://develop.svn.wordpress.org/branches/3.7@37368


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 17:36:10 +00:00
Nikolay Bachiyski 3d1fc411a1 Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@37142


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 17:43:08 +00:00
Jeremy Felt d38dbe39a7 Multisite: Improve escaping in network settings. 
Merge of [37124] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@37132


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 16:07:17 +00:00
Dominik Schilling fa21da538e HTTP: Improve detection of valid IP addresses. 
Merge of [37115] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@37123


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 15:54:08 +00:00
Dominik Schilling 8523aeed0b Multisite: Validate new email address confirmations. 
Merge of [37103] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@37111


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 14:51:31 +00:00