Commit Graph

12144 Commits

Author SHA1 Message Date
Andrew Nacin 1ec392175c Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.
* Check if the host is considered a safe redirect host.
 * Check if the host is another domain in a multisite installation.
 * Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:44:57 +00:00
Bot (Assets) 3f860c8ec4 Compress scripts/styles: 3.7-alpha-24912.
git-svn-id: http://core.svn.wordpress.org/trunk@24912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 04:58:59 +00:00
Andrew Nacin a0c25d31c9 New build of MediaElement.js SWF. see #24183.
git-svn-id: http://core.svn.wordpress.org/trunk@24910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 04:38:34 +00:00
Andrew Nacin 4df303ff76 Heartbeat: Reduce the heartbeat from 120 sec to 100 sec when the window doesn't have the focus, to be shorter than the post lock expiration window.
props azaozz.
fixes #24894.



git-svn-id: http://core.svn.wordpress.org/trunk@24908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 03:23:22 +00:00
Michael Adams c30925d20e Improved XML handling for oEmbed.
git-svn-id: http://core.svn.wordpress.org/trunk@24902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 21:57:27 +00:00
Andrew Nacin 3fc038fd6f Add missing documentation from [24894]. see #24646.
git-svn-id: http://core.svn.wordpress.org/trunk@24895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 18:39:57 +00:00
Andrew Nacin 8c7adaa7bd Introduce wp_safe_remote_request(). Also wp_safe_remote_head(), wp_safe_remote_get(), wp_safe_remote_post().
Reverts [24482].

see #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 15:37:01 +00:00
Dion Hulse 94b2ed9164 WP_HTTP: PHPDoc updates for WP_Http::handle_redirects(). Props DrewAPicture. Fixes #16889
git-svn-id: http://core.svn.wordpress.org/trunk@24890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 06:47:03 +00:00
Andrew Nacin ee1e8501d1 New build of SWFUpload that ignores URL query strings.
git-svn-id: http://core.svn.wordpress.org/trunk@24880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 19:15:00 +00:00
Bot (Assets) 2572ccaf00 Compress scripts/styles: 3.7-alpha-24877.
git-svn-id: http://core.svn.wordpress.org/trunk@24877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:58:59 +00:00
Jon Cave 5c57c78afa Fix potential SQLi through improper use of API functions.
git-svn-id: http://core.svn.wordpress.org/trunk@24875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:16:47 +00:00
Andrew Nacin f39e2c28ce Reset $wpdb->insert_id on a failed INSERT or REPLACE. See [24459] [24494].
git-svn-id: http://core.svn.wordpress.org/trunk@24872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:14:05 +00:00
Andrew Nacin 7f12e16e47 Limit pingback response size. fixes #4137. for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@24871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:00:06 +00:00
Andrew Nacin a1c4a3fb76 Update MediaElement.js SWF file from upstream. Fixes issues with controls. fixes #24183.
git-svn-id: http://core.svn.wordpress.org/trunk@24861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 09:16:02 +00:00
Andrew Nacin 70109f6202 Update HTML classes in the audio and video shortcodes. props rfair404. fixes #24820.
git-svn-id: http://core.svn.wordpress.org/trunk@24857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 06:51:46 +00:00
Bot (Assets) 8637a08836 Compress scripts/styles: 3.7-alpha-24851.
git-svn-id: http://core.svn.wordpress.org/trunk@24851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 04:58:59 +00:00
Andrew Nacin 34ce599935 Don't override an existing WP_Error object in wp_authenticate_username_password().
props willnorris.
fixes #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 03:43:22 +00:00
Andrew Nacin 23bc457498 Avoid racing TinyMCE, which avoids the creation of unnecessary autosaves. props azaozz. see #7392.
git-svn-id: http://core.svn.wordpress.org/trunk@24849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 03:37:14 +00:00
Andrew Nacin 5c20d1eca1 Remove "special" multisite spam check in the authentication API.
The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 03:23:51 +00:00
Bot (Assets) cc4cedcf59 Compress scripts/styles: 3.7-alpha-24847.
git-svn-id: http://core.svn.wordpress.org/trunk@24847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 02:58:58 +00:00
Dion Hulse ac424c08ca WP_HTTP: When multiple location headers are specified, use the last specified location url as the redirect location. Fixes #16890
git-svn-id: http://core.svn.wordpress.org/trunk@24846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 02:11:46 +00:00
Dion Hulse d6656cc1f1 WP_HTTP: Fsockopen: Respect a specified Host header in the Fsockopen WP_HTTP transport. Fixes #24182
git-svn-id: http://core.svn.wordpress.org/trunk@24845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 01:47:01 +00:00
Andrew Nacin edc0882d2f If wp-login.php is accessed over HTTPS, get_home_url() should not return HTTPS. This is the same assumption we use in the admin.
props willnorris.
fixes #16822.



git-svn-id: http://core.svn.wordpress.org/trunk@24844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 01:21:27 +00:00
Dion Hulse c61a2dac03 WP_HTTP: Abstract out the Redirection handling code into it's own method and fix a bunch of redirection edgecases at the same time.
Fixes #17588
Fixes 16889
Props wonderboymusic and kovshenin for initial patches


git-svn-id: http://core.svn.wordpress.org/trunk@24843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 01:19:54 +00:00
Helen Hou-Sandí d8f819fdda Set the default internal search value for the link dialog to be the text that is highlighted in the editor. props greuben. fixes #16276.
git-svn-id: http://core.svn.wordpress.org/trunk@24841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 01:01:33 +00:00
Bot (Assets) 1469cb17dd Compress scripts/styles: 3.7-alpha-24839.
git-svn-id: http://core.svn.wordpress.org/trunk@24839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 00:58:57 +00:00
Mark Jaquith 0a2ca92b33 Fix a variable typo in `get_post_gallery_images()`.
props rodrigosprimo. Fixes #24202 for trunk.

git-svn-id: http://core.svn.wordpress.org/trunk@24837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 00:52:31 +00:00
Andrew Nacin ac1f98d4ce Add description argument to register_taxonomy().
props aaronholbrook.
fixes #24808.



git-svn-id: http://core.svn.wordpress.org/trunk@24833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 23:01:56 +00:00
Andrew Nacin c95a24f2d9 When registering a post type, pass the correct argument for feeds to add_permastruct().
props butuzov, johnpbloch.
fixes #23302.



git-svn-id: http://core.svn.wordpress.org/trunk@24830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 22:28:18 +00:00
Andrew Nacin cd47b3dc90 Add $taxonomy to edit_terms and edited_terms actions. props SergeyBiryukov, fixes #22542.
git-svn-id: http://core.svn.wordpress.org/trunk@24829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 22:15:03 +00:00
Andrew Nacin 87f9d112c0 Return an empty stdClass from wp_count_posts() when a nonexistent post type is requested.
props johnpbloch.
fixes #24803.



git-svn-id: http://core.svn.wordpress.org/trunk@24826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 21:38:00 +00:00
Andrew Nacin f19377fb81 Inline documentation for esc_attr_x() and esc_html_x(). props fjarrett, fixes #24212.
git-svn-id: http://core.svn.wordpress.org/trunk@24825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 21:26:10 +00:00
Andrew Nacin aa6d93cd3e Pass $update to the save_post and wp_insert_post hooks in wp_insert_post(). props ericmann, fixes #21450.
git-svn-id: http://core.svn.wordpress.org/trunk@24823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 21:05:25 +00:00
Bot (Assets) 5857eb099e Compress scripts/styles: 3.7-alpha-24822.
git-svn-id: http://core.svn.wordpress.org/trunk@24822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 20:58:51 +00:00
Andrew Ozz 19fb0f1153 Add "experimental" to heartbeat phpdoc, fixes #24855 for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@24818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 20:54:48 +00:00
Andrew Nacin 02b214cd85 Allow has_post_format() to accept an array of formats to check. props ericmann. fixes #17320.
git-svn-id: http://core.svn.wordpress.org/trunk@24817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 20:48:09 +00:00
Jon Cave b0f446b5ba Introduce a new endpoint mask for all archives, fixes #16303.
git-svn-id: http://core.svn.wordpress.org/trunk@24812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 19:18:19 +00:00
Michael Adams ec6f40342a Allow HTTPS URL enclosures.
Props markjaquith with a patch that predates all WordCamps.

Fixes #2875.


git-svn-id: http://core.svn.wordpress.org/trunk@24810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 19:07:43 +00:00
Jon Cave dffea4e020 Drop leading / by retrieving the inner subpattern when matching attachment endpoints.
Fixes #22619


git-svn-id: http://core.svn.wordpress.org/trunk@24809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 19:02:08 +00:00
Michael Adams f993cfd8e3 Fix inline docs for posts functions that no longer use `$wpdb`.
Props jdgrimes, JustinSainton.


git-svn-id: http://core.svn.wordpress.org/trunk@24807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 18:52:56 +00:00
Andrew Nacin 093982421b Trunk is now 3.7-alpha.
git-svn-id: http://core.svn.wordpress.org/trunk@24806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 18:48:36 +00:00
Bot (Assets) efa8b042f9 Compress scripts/styles: 3.6-RC2-24803.
git-svn-id: http://core.svn.wordpress.org/trunk@24803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-27 12:16:23 +00:00
Bot (Assets) 4cd737c99d Compress scripts/styles: 3.6-RC2-24801.
git-svn-id: http://core.svn.wordpress.org/trunk@24801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-27 08:58:53 +00:00
Mark Jaquith ea1092eb7c Parse `attrs` before comparing to `attachment.attributes`. Small efficiency gain.
Props garyc40. Fixes #24753.

git-svn-id: http://core.svn.wordpress.org/trunk@24800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-27 07:09:05 +00:00
Mark Jaquith df8bd7ca9b 3.6-RC2
git-svn-id: http://core.svn.wordpress.org/trunk@24794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 07:15:05 +00:00
Bot (Assets) 91173f1f9c Compress scripts/styles: 3.6-RC1-24793.
git-svn-id: http://core.svn.wordpress.org/trunk@24793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 06:57:40 +00:00
Mark Jaquith 48eefd5240 Oops. Forgot that we support a PHP version from 2007. Either that or I've been doing a lot of JS.
Props kovshenin. See [24789].

git-svn-id: http://core.svn.wordpress.org/trunk@24792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 06:36:29 +00:00
Andrew Nacin 0c87edd981 jQuery.noConflict(). see [24781]. see #24821.
git-svn-id: http://core.svn.wordpress.org/trunk@24791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 06:33:54 +00:00
Andrew Nacin c8fe64a602 Revisions changes.
* Eliminates the bloated Revisions meta box in favor of 'Revisions: #' in the publish box.
 * Adds ability to compare autosave to current post, when revisions are disabled.
 * Makes autosaves stand out visually, including "Restore This Autosave".

Also:
 * Adds missing capability check for restoring a revision.
 * When no revision matches the post's current modified time, avoid marking an autosave as 'current'.
 * Fixes wp_get_post_autosave() to return an autosave even when revisions are disabled.
 * Add 'check_enabled' arg to wp_get_post_revisions(); false avoids the wp_revisions_enabled() check.
 * Adds a responsive slider that is narrower for fewer versions. props markjaquith.

see #24804.



git-svn-id: http://core.svn.wordpress.org/trunk@24790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 06:08:14 +00:00
Mark Jaquith 290d61138c Fix some sizing issues with video embeds, and improve video/audio embed shortcode flexibility.
* `loop`, `autoplay`, and `preload` are now available via the shortcode. Use them non-annoyingly, please!
* Attributes that pass through the filters are now proper key/value pairs, not an array of `key="value"` strings.
* `preload` defaults to `metadata` for videos. This fixes the vertical video preview and Safari ogv/webm playback issues.
* Wrap a div around video embeds to combat a ME.js issue with responsive width=100% themes. Props kovshenin.

Fixes #24134, #24798.

git-svn-id: http://core.svn.wordpress.org/trunk@24789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-24 05:52:49 +00:00