WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,901 Commits 50 Branches 749 Tags 991 MiB
Commit Graph

22110 Commits

Author SHA1 Message Date
Aaron Campbell 22f3d4e600 Database: Hardening for `wpdb::prepare()` 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@41473


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:00:35 +00:00
Aaron Campbell 77b60a60a0 oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 
Merges [41448] to 4.6 branch.



Built from https://develop.svn.wordpress.org/branches/4.6@41453


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 13:49:46 +00:00
Dominik Schilling 441a970ecd TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@41437


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 12:42:38 +00:00
Dominik Schilling e684cc66cd Customize: Ensure valid themes in the preview. 
Merge of [41397] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@41431


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:51:38 +00:00
Dominik Schilling 7e0de7a0e3 Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog. 
Merge of [41393] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@41402


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:16:42 +00:00
Aaron Campbell bacf919c26 Bump 4.7 branch to version 4.6.6. 
Built from https://develop.svn.wordpress.org/branches/4.6@40749


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:49:33 +00:00
Pascal Birchler 600e9f1b49 Media: Simplify upload error message construction. 
Merges [40736] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40738


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:01:08 +00:00
Dominik Schilling f2f9b5e493 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40706


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:15:34 +00:00
Pascal Birchler 687f87a4e6 Adjust post meta checks 
Merges [40692] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40694


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:49:34 +00:00
Pascal Birchler 81a5ef373a Improve redirect handling 
Merges[40689] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40691


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:41:33 +00:00
Pascal Birchler 5c4b703f38 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40679


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:19:35 +00:00
Pascal Birchler 43c3b11cee Bump 4.6 branch to version 4.6.5. 
Built from https://develop.svn.wordpress.org/branches/4.6@40488


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:22:35 +00:00
James Nylen 299bfe429c Bump 4.6 branch to version 4.6.4. 
Built from https://develop.svn.wordpress.org/branches/4.6@40203


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:08:34 +00:00
Aaron Campbell 0e1bc61b1f Strip control characters before validating redirect. 
Merges [40183] to 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40185


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:41:33 +00:00
Dominik Schilling e61cac5d13 Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40162


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 12:05:34 +00:00
Aaron Campbell baf66f786a Bump 4.6 branch to version 4.6.3. 
Built from https://develop.svn.wordpress.org/branches/4.6@39996


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 18:16:33 +00:00
Dominik Schilling c3794cc9b3 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39955


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 13:40:34 +00:00
Joe McGill 18f8236b61 Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39852


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:39:33 +00:00
Aaron Campbell 74ecd3d1f3 Bump 4.6 branch to version 4.6.2. 
Built from https://develop.svn.wordpress.org/branches/4.6@39846


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 15:24:33 +00:00
Joe McGill db42241c13 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@39833


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:14:33 +00:00
Dominik Schilling b6f03a6084 Updates: Translate plugin data on the Updates screen. 
Merge of [39808] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39821


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:40:06 +00:00
Dominik Schilling efc07abeb3 Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39810


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:09:35 +00:00
Jeremy Felt 116a5c2fa7 Multisite: Use `wp_rand()` in signup key creation. 
Merges [39795] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39797


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:32:07 +00:00
Dion Hulse 5694c55375 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.6 branch.
Fixes #37210 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@39785


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:22:39 +00:00
Jeremy Felt 3855756ad2 Mail: Disable wp-mail.php when `mailserver_url` is mail.example.com. 
Merges [39772] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39774


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:16:34 +00:00
Aaron Campbell ebbfc7179c Add nonce for widget accessibility mode. 
Props vortfu.

See #23328.

Merges [39760] to 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39762


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 01:43:35 +00:00
Dion Hulse 53cecfcd72 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645] to the 4.6 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.6@39722


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:04:04 +00:00
Dion Hulse 9a487ee432 General: Update copyright year to 2017 in license.txt. 
Props Nikschavan.
Merges [39659] to the 4.6 branch.
Fixes #39433.

Built from https://develop.svn.wordpress.org/branches/4.6@39698


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-05 08:38:37 +00:00
Dion Hulse f5f0032925 HTTP: Call `mbstring_binary_safe_encoding()` before making a request with Requests to avoid issues with `mbstring.func_overload`. 
Props SergeyBiryukov.
Merges [38894] to the 4.6 branch.
Fixes #38226.

Built from https://develop.svn.wordpress.org/branches/4.6@38895


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-10-25 00:47:30 +00:00
Dion Hulse 4d089ce55b HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. 
Merges [38727] to the 4.6 branch.

Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the `Host:` header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

Built from https://develop.svn.wordpress.org/branches/4.6@38728


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-10-05 03:27:31 +00:00
Aaron Campbell 38430b0533 Media: Improved media titles when created from filename. 
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38614] to the 4.6 branch.

Props joemcgill.
Fixes #37989.


Built from https://develop.svn.wordpress.org/branches/4.6@38615


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-17 06:27:31 +00:00
Gary Pendergast 74d49a9288 Database: Fall back to `utf8` when `utf8mb4` isn't supported. 
Sometimes, `DB_CHARSET` will be set to `utf8mb4`, even if the current setup doesn't support `utf8mb4`. After [38442], this can cause significant character set failures, causing the connection to fall back to `latin1`.

Instead of doing this, we now check that the connection supports `utf8mb4` before trying to use it, and fall back to `utf8` when we need to.

Merge of [38580] to the 4.6 branch.
Fixes #37982.


Built from https://develop.svn.wordpress.org/branches/4.6@38581


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-08 23:54:31 +00:00
Jeremy Felt 17b03600af The 4.6 branch is now 4.6.2-alpha. 
Built from https://develop.svn.wordpress.org/branches/4.6@38570


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 17:18:32 +00:00
Jeremy Felt 1e85e502a0 Bump 4.6 branch to 4.6.1. 
Built from https://develop.svn.wordpress.org/branches/4.6@38549


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 14:57:32 +00:00
Jeremy Felt e860e24b6e Media: Sanitize upload filename. 
Merge of [38538] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@38539


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 13:57:29 +00:00
Jeremy Felt 927e102a78 Comments: Revert [38497] 
Restore direct SQL query when fetching descendants.

See #37696, #37966.

Built from https://develop.svn.wordpress.org/branches/4.6@38537


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 13:41:34 +00:00
Pascal Birchler b9f38d1aa8 Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. 
Merge of [38524] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@38525


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-06 17:29:31 +00:00
Jeremy Felt bc85c9c739 Post 4.6.1-RC1 version bump 
Built from https://develop.svn.wordpress.org/branches/4.6@38499


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-01 15:41:30 +00:00
Jeremy Felt f09c426ddd WordPress 4.6.1-RC1 
Built from https://develop.svn.wordpress.org/branches/4.6@38498


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-01 15:28:30 +00:00
Jeremy Felt d873404562 Comments: Don't do direct SQL query when fetching decendants. 
The SQL query was built using the clauses compiled when querying for
top-level comments. But in cases where the top-level comment query
results are already in the cache, the SQL clauses are not built, and
so are unavailable for `fill_descendants()`. Instead, we call
`get_comments()`, using modified versions of the parameters passed
to the main `WP_Comment_Query` class.

Merge of [38446] to the 4.6 branch.

Props boonebgorges, Akeif, Rarst for testing.
Fixes #37696.

Built from https://develop.svn.wordpress.org/branches/4.6@38497


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-01 15:15:32 +00:00
Jeremy Felt 9214ae47a6 TinyMCE: fix toolbars alignment in RTL. 
Merge of [38349] to the 4.6 branch.

Props azaozz, geminorum for testing.
Fixes #37760.

Built from https://develop.svn.wordpress.org/branches/4.6@38488


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 23:43:29 +00:00
Jeremy Felt 0c064f4ed8 Editor: fix jumpiness on pressing backspace and delete in the Text editor. 
Merge of [38426] to the 4.6 branch.

Props azaozz.
Fixes #37690.

Built from https://develop.svn.wordpress.org/branches/4.6@38487


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 23:13:30 +00:00
Jeremy Felt b6151949af HTTP: Handle an edgecase within the URI parsing library included in Requests, where if a double slash exists at the start of the path the URL is passed to cURL malformed. 
Merge of [38429] to the 4.6 branch.

Props dd32, flixos90 for initial patch.
Fixes #37733.

Built from https://develop.svn.wordpress.org/branches/4.6@38485


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 22:01:31 +00:00
Jeremy Felt 0d0310bcd6 Post Thumbnails: Prevent post thumbnail previews from spilling into other images. 
After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures `_wp_preview_post_thumbnail_filter()`
is only applied if the `$post_id` of the post meta being filtered is
equal to the post or page being previewed.

Merge of [38433] to the 4.6 branch.

Props swissspidy, joemcgill.
Fixes #37697.

Built from https://develop.svn.wordpress.org/branches/4.6@38476


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 18:44:29 +00:00
Jeremy Felt b39313803a Upgrade/Install: After [37687], fix the number of params passed to the upgrade hooks. 
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.

Merge of [38415] to the 4.6 branch.

Props ionutst, gitlost, swissspidy.
Fixes #37731.

Built from https://develop.svn.wordpress.org/branches/4.6@38475


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 18:12:30 +00:00
Jeremy Felt d6980d1c0d Script Loader: Close the `<link>` tag in `wp_resource_hints()`. 
Adjusts tests to match markup change.

Merge of [38443] and [38447] to the 4.6 branch.

Props Chaos Engine, SergeyBiryukov, swissspidy.
Fixes #37800.

Built from https://develop.svn.wordpress.org/branches/4.6@38473


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 17:26:31 +00:00
Jeremy Felt 575e4ef0db TinyMCE: change the default font for the vi locale to the same stack as he_IL. 
Merge of [38427] to the 4.6 branch.

Props azaozz, nmt90 for reporting and testing.
Fixes #37755.

Built from https://develop.svn.wordpress.org/branches/4.6@38472


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 17:16:31 +00:00
Dion Hulse 6ddc8affb1 HTTP: Accept non-string values in cookies, fixing a regression since 4.5. 
Props swissspidy.
Merges [38430] to the 4.6 branch.
Fixes #37768.

Built from https://develop.svn.wordpress.org/branches/4.6@38461


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 06:07:31 +00:00
Dion Hulse c53ae0299a Bootstrap: Check that ini_get_all() exists before calling it, allows us to work around hosts who disable the function for "security purposes". 
Merges [38431] to the 4.6 branch.
Fixes #37680.

Built from https://develop.svn.wordpress.org/branches/4.6@38460


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-31 06:06:32 +00:00
Gary Pendergast 33c1c022e3 Database: Don't force an unsupported character set that previously would've silently failed. 
[37320] corrected some behaviour in how PHP and MySQL character sets are matched up. This was correct, but had the side effect of causing some incorrectly configured sites to start failing.

Prior to [37320], if `DB_CHARSET` was set to `utf8mb4`, but the PHP version didn't support `utf8mb4`, it would fall back to the default character set - usually `latin1`. After [37320], the `SET NAMES` query would force MySQL to treat the connection character set as `utf8mb4`, even if PHP wasn't able to understand it.

By checking if `mysqli_set_charset()` succeeded, we can simulate the old behaviour, while maintaining the fix in [37320].

Merge of [38441] to the 4.6 branch.

Props danielkanchev fo helping to diagnose this issue.
Fixes #37689.


Built from https://develop.svn.wordpress.org/branches/4.6@38442


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-08-30 07:42:49 +00:00