Nikolay Bachiyski
25df9d65a8
Admin: Escape attachment name in case it contains special characters
...
Merge of [37774] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37790
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:26:33 +00:00
Boone Gorges
79e7b2e6aa
Taxonomy: More specific cap check when processing category data on post save.
...
Ports [37691] to the 4.1 branch.
Props dlh.
Fixes #36379 .
Built from https://develop.svn.wordpress.org/branches/4.1@37781
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:22:56 +00:00
Dominik Schilling
65b88f9802
Customize: Make sure that preview and return URLs are URLs.
...
Merge of [37527] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37773
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:20:25 +00:00
Jeremy Felt
8d2141b7ee
Admin: Allow for the consistent filtering of `auth_redirect_scheme`
...
Merge of [37651] to the 4.1 branch.
See #37047 .
Built from https://develop.svn.wordpress.org/branches/4.1@37762
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:13:23 +00:00
Dominik Schilling
2dbd645312
Bump 4.1 branch to 4.1.11.
...
Built from https://develop.svn.wordpress.org/branches/4.1@37388
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:14:22 +00:00
Nikolay Bachiyski
58a1804e9c
External Libraries: Update plupload from upstream
...
Built from https://develop.svn.wordpress.org/branches/4.1@37378
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:57:22 +00:00
Nikolay Bachiyski
38154c01ce
Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
...
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.
Merge of [37133] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37138
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:32:22 +00:00
Jeremy Felt
92c3f699a9
Multisite: Improve escaping in network settings.
...
Merge of [37124] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37128
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 16:05:21 +00:00
Dominik Schilling
e73593c805
HTTP: Improve detection of valid IP addresses.
...
Merge of [37115] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37119
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:52:33 +00:00
Dominik Schilling
cd0d7d699d
Multisite: Validate new email address confirmations.
...
Merge of [37103] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37107
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:50:48 +00:00
Nikolay Bachiyski
63bde8f97e
Snoopy: use escapeshellarg instead of escapeshellcmd
...
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.
Merges [37094] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@37098
git-svn-id: http://core.svn.wordpress.org/branches/4.1@37065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:10:23 +00:00
Dominik Schilling
7df345b1cc
Bump 4.1 branch to 4.1.10.
...
Built from https://develop.svn.wordpress.org/branches/4.1@36458
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:29:22 +00:00
Dominik Schilling
5b076e981c
Better validation of the URL used in HTTP redirects.
...
Merges [36444] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@36450
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:00:50 +00:00
Dominik Schilling
ac434506e1
HTTP: `0.1.2.3` is not a valid IP.
...
Merges [36435] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@36439
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:04:42 +00:00
Dominik Schilling
197d5128b2
Bump 4.1 branch to 4.1.9.
...
Built from https://develop.svn.wordpress.org/branches/4.1@36199
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:50:23 +00:00
Aaron Jorbin
e253e4e3d6
Theme: Escape error messages
...
[36185] for 4.1 branch
Built from https://develop.svn.wordpress.org/branches/4.1@36189
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 17:26:50 +00:00
Dion Hulse
3ff8fa5386
Background Updates: Remove the 7am/7pm background update check.
...
This changeset is a more basic version of [36180], clearing the extra now redundant schedule.
As the functionality for this was introduced in 3.9, [28129] has been backported to 3.7/3.8, allowing the API TTL to be respected by those versions.
See #27772 .
Fixes #35323 .
Built from https://develop.svn.wordpress.org/trunk@36184
git-svn-id: http://core.svn.wordpress.org/branches/4.1@36151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 13:24:33 +00:00
Dion Hulse
a86aa0bf8e
Update Akismet externals
...
git-svn-id: http://core.svn.wordpress.org/branches/4.1@35107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 17:19:01 +00:00
Helen Hou-Sandí
a39030c223
Finish bumping the 4.1 branch to 4.1.8.
...
Built from https://develop.svn.wordpress.org/branches/4.1@34192
git-svn-id: http://core.svn.wordpress.org/branches/4.1@34160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 14:51:36 +00:00
Helen Hou-Sandí
a4add78415
Bump 4.1 branch to 4.1.8.
...
Built from https://develop.svn.wordpress.org/branches/4.1@34183
git-svn-id: http://core.svn.wordpress.org/branches/4.1@34151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 14:28:10 +00:00
Dominik Schilling
d38d60223d
XMLRPC: Don't allow private posts to be sticky.
...
Merge of [33325], [33612], and [34135] to the 4.1 branch.
See #20662 .
Built from https://develop.svn.wordpress.org/branches/4.1@34153
git-svn-id: http://core.svn.wordpress.org/branches/4.1@34121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 23:01:22 +00:00
Nikolay Bachiyski
76e13dd238
Shortcodes: don't allow unclosed HTML elements in attributes
...
Merges [34134] for 4.1 branch
Built from https://develop.svn.wordpress.org/branches/4.1@34146
git-svn-id: http://core.svn.wordpress.org/branches/4.1@34114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:48:48 +00:00
Nikolay Bachiyski
0da231a2d9
List tables: escape user e-mails
...
Merges [34133] for 4.1 branch
Built from https://develop.svn.wordpress.org/branches/4.1@34139
git-svn-id: http://core.svn.wordpress.org/branches/4.1@34107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:42:23 +00:00
Gary Pendergast
76718f2ec0
WPDB: `get_table_from_query()` didn't find table names with hyphens in them.
...
Merge of [33718] to the 4.1 branch.
Props dustinbolton, pento.
See #33470 .
Built from https://develop.svn.wordpress.org/branches/4.1@33993
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 07:00:23 +00:00
Gary Pendergast
a3540aa14d
Capabilities: Fall back to the `edit_posts` capability for orphaned comments.
...
Merge of the `capabilities.php` part of [33614] to the 4.2 branch.
Props pento, dd32.
See #33154 .
Built from https://develop.svn.wordpress.org/branches/4.1@33973
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 06:06:23 +00:00
Dominik Schilling
9460b427a2
Bump 4.1 branch to version 4.1.7.
...
Built from https://develop.svn.wordpress.org/branches/4.1@33574
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 11:51:21 +00:00
Dion Hulse
c1e878721b
Fix `do_shortcode('<[shortcode]')` edge case.
...
Props miqrogroove.
Merges [33499] to the 4.1 branch.
See #33116 .
Built from https://develop.svn.wordpress.org/branches/4.1@33564
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 07:17:21 +00:00
Dominik Schilling
738c837a58
Comments: IDs are integers.
...
Merge of [33555] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33557
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 04:59:20 +00:00
Dominik Schilling
e32ef74d05
Themes: Fix some broken links in the legacy theme preview.
...
Merge of [33549] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33550
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 04:57:08 +00:00
Dominik Schilling
f5171862ba
Heartbeat: Ensure post locks are released.
...
Merge of [33542] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33544
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 04:55:19 +00:00
Dominik Schilling
a967da1a9e
Customizer: Use `hash_equals()` for widgets.
...
Merge of [33535] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33537
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 04:52:35 +00:00
Dominik Schilling
3b8a94550b
Nav menus: Consistent titles in widgets.
...
Merge of [33529] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33530
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-03 20:58:03 +00:00
Andrew Ozz
922040e867
Backport r33469 and r33470 to 4.1.
...
See #33106 .
Built from https://develop.svn.wordpress.org/branches/4.1@33521
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-31 01:43:23 +00:00
Gary Pendergast
cec063ad22
WPDB: When checking the encoding of strings against the database, make sure we're only relying on the return value of strings that were sent to the database. Also make sure that we're not trying to sanity check strings that've been marked as not needing sanity checking.
...
Merge of [33455] to the 4.1 branch.
See #32279 .
Built from https://develop.svn.wordpress.org/branches/4.1@33480
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 06:49:21 +00:00
Gary Pendergast
50e855410b
WPDB: `::strip_text_from_query()` doesn't pass a length to `::strip_invalid_text()`, which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL.
...
Props dd32, mdawaffe, pento.
Merges [33310] to the 4.1 branch.
See #32279 .
Built from https://develop.svn.wordpress.org/branches/4.1@33479
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 06:46:21 +00:00
Gary Pendergast
0f529b177c
WPDB: Remove some of the complexities in `::strip_invalid_text()` associated with switching character sets between queries. Instead of trying to dynamically change connection character sets, we now rely on the value of `::charset`. This also fixes the case where queries were being blocked when `DB_CHARSET` was `utf8`, but the column character set was non-`utf8`.
...
Merge of [33308] to the 4.1 branch.
See #32165 .
Built from https://develop.svn.wordpress.org/branches/4.1@33478
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 06:35:21 +00:00
Gary Pendergast
eb9a250ae8
WPDB: When checking that text isn't too long to insert into a column, `LONGTEXT` columns could fail, as their length is longer than `PHP_INT_MAX`. Treating their length as a `float` instead of an `int` fixes this.
...
Merge of [33276] to the 4.1 branch.
See #32165 .
Built from https://develop.svn.wordpress.org/branches/4.1@33477
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 06:29:22 +00:00
Gary Pendergast
fae5374051
Bump 4.1 branch to version 4.1.6.
...
Built from https://develop.svn.wordpress.org/branches/4.1@33396
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 11:05:21 +00:00
Gary Pendergast
00ffae7300
Shortcodes: Improve the reliablity of shortcodes inside HTML tags.
...
Merge of [33359] to the 4.1 branch.
Props miqrogroove.
See #15694 .
Built from https://develop.svn.wordpress.org/branches/4.1@33380
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 04:37:22 +00:00
Gary Pendergast
a9e97c7ad5
Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.
...
Merge of [33357] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@33375
git-svn-id: http://core.svn.wordpress.org/branches/4.1@33346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 03:54:21 +00:00
Michael Adams
3989e1f450
Upgrade: `$wpdb->get_col_length()` sanity check: bail on unexpected return value.
...
Merges [32429] for the 4.1 branch.
See #32165 .
Built from https://develop.svn.wordpress.org/branches/4.1@32431
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 23:13:22 +00:00
Dominik Schilling
3e3300395a
Add closing paragraph tag for the 4.1.5 changelog entry.
...
Built from https://develop.svn.wordpress.org/branches/4.1@32428
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 23:04:23 +00:00
Dominik Schilling
3aa108639d
4.1.5 version bumps.
...
Built from https://develop.svn.wordpress.org/branches/4.1@32425
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 22:18:23 +00:00
Michael Adams
2b8283ed89
Upgrade: Ensure unintelligible DB schemas don't result in content loss.
...
Merge of [32417] to the 4.1 branch.
See #32165 .
Props ocean90.
Built from https://develop.svn.wordpress.org/branches/4.1@32419
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:51:24 +00:00
John Blackbourn
4d1c0c85a6
WPDB: Allow queries to reference tables in the dbname.tablename format, and allow table names to contain any valid character, rather than just ASCII.
...
Merge of [32368] to the 4.1 branch.
Props pento, willstedt for the initial patch.
See #32090 .
Built from https://develop.svn.wordpress.org/branches/4.1@32412
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:02:23 +00:00
Dominik Schilling
dc0748284b
WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.
...
Merges [32374] to the 4.1 branch.
props pento.
see #32104 .
Built from https://develop.svn.wordpress.org/branches/4.1@32402
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:02:23 +00:00
Aaron Jorbin
26563868af
When upgrading WordPress remove genericons example.html files
...
[32385] for 4.1 branch
Props @dd32, @boonebgorges, @johnjamesjacoby, @drewapicture, @jorbin
Built from https://develop.svn.wordpress.org/branches/4.1@32401
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:58:22 +00:00
Helen Hou-Sandí
e258184716
The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
...
Merges [32375] to the 4.1 branch.
props pento.
See #32204 .
Built from https://develop.svn.wordpress.org/branches/4.1@32396
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:42:23 +00:00
Dominik Schilling
4f3aedcdbe
Bundled Themes: Remove Genericons example.html files.
...
Merge [32392] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@32394
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:34:22 +00:00
Michael Adams
bb96e5b686
WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
...
Merge of [32364] to the 4.1 branch.
Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.
See #32165 .
Built from https://develop.svn.wordpress.org/branches/4.1@32387
git-svn-id: http://core.svn.wordpress.org/branches/4.1@32357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:07:25 +00:00