whyisjake
0ca56956ae
Administration: Ensure that admin referer nonce is valid.
...
Coding standards, ensure that nonce is valid with identical, rather then equal operator.
Backports [46477] to the 5.2 branch.
Props vortfu, xknown, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@46486
git-svn-id: http://core.svn.wordpress.org/branches/5.2@46284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:34:53 +00:00
Sergey Biryukov
c83ea95120
Formatting: In `wp_validate_redirect()`, normalize the path when validating the location for relative URLs, to account for Windows paths.
...
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Merges [46472] to the 5.2 branch.
Fixes #47980 .
Built from https://develop.svn.wordpress.org/branches/5.2@46473
git-svn-id: http://core.svn.wordpress.org/branches/5.2@46271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 11:04:55 +00:00
Sergey Biryukov
684ef4e3a7
Improve URL validation in `wp_validate_redirect()`.
...
Merges [45971] to the 5.2 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/5.2@45972
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:58:52 +00:00
John Blackbourn
d4d1267847
I18N: Improvements to and additions of translator comments for various email subject strings.
...
Props ramiy
Fixes #46920
Built from https://develop.svn.wordpress.org/trunk@45204
git-svn-id: http://core.svn.wordpress.org/trunk@45013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 22:39:50 +00:00
desrosj
79f8d9786d
Text Changes: Use simpler language for login detail email subjects.
...
Props: peterwilsoncc, desrosj.
Fixes #37940 .
Built from https://develop.svn.wordpress.org/trunk@45173
git-svn-id: http://core.svn.wordpress.org/trunk@44982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-12 18:16:52 +00:00
Gary Pendergast
9a80e2095b
Text Changes: Tweak the wording of email notification subjects.
...
This change brings more coherence between the subject lines of the various emails WordPress will send.
Props ramiy, pento.
Fixes #37940 .
Built from https://develop.svn.wordpress.org/trunk@45137
git-svn-id: http://core.svn.wordpress.org/trunk@44946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-08 06:17:51 +00:00
Sergey Biryukov
931f8046d3
Docs: Improve wording in a comment in `wp_set_current_user()`.
...
Props nielsdeblaauw.
Fixes #45032 .
Built from https://develop.svn.wordpress.org/trunk@44826
git-svn-id: http://core.svn.wordpress.org/trunk@44658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-11 10:57:55 +00:00
Gary Pendergast
655d44ffe8
Users: Add extra checking to `wp_new_user_notification()`.
...
Prevent a notification from being sent when an unrecognised value is passed in the `$notify` parameter.
Props cthreelabs, 360zen.
Fixes #44293 .
Built from https://develop.svn.wordpress.org/trunk@44611
git-svn-id: http://core.svn.wordpress.org/trunk@44442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 04:27:50 +00:00
desrosj
8f3ee6d243
Docs: Update `since` tag for `X-Redirect-By` header additions.
...
See [42408-42409], [42633], [42647].
Fixes #42313 .
Built from https://develop.svn.wordpress.org/trunk@44386
git-svn-id: http://core.svn.wordpress.org/trunk@44216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-03 18:11:52 +00:00
Gary Pendergast
bfc53e6a52
i18n: Improve consistency of translator comments.
...
Props ramonopoly.
Fixes #44998 .
Built from https://develop.svn.wordpress.org/trunk@43668
git-svn-id: http://core.svn.wordpress.org/trunk@43497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-10-02 19:51:24 +00:00
John Blackbourn
8992656b13
Docs: Correct and improve some docblocks.
...
See #42505
Built from https://develop.svn.wordpress.org/trunk@43642
git-svn-id: http://core.svn.wordpress.org/trunk@43471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-14 13:35:25 +00:00
Gary Pendergast
56c162fbc9
Coding Standards: Upgrade WPCS to 1.0.0
...
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes #44600 .
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov
0ff5536bac
Posts, Post Types: Use `COOKIEPATH` when clearing post password cookie, as that's the path it's created with.
...
See #44089 .
Built from https://develop.svn.wordpress.org/trunk@43318
git-svn-id: http://core.svn.wordpress.org/trunk@43147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 01:33:22 +00:00
Sergey Biryukov
a724d77a4e
Posts, Post Types: Clear post password cookie when logging out.
...
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Fixes #44089 .
Built from https://develop.svn.wordpress.org/trunk@43317
git-svn-id: http://core.svn.wordpress.org/trunk@43146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-26 12:43:23 +00:00
Dominik Schilling
5c291d49de
Pinking shears.
...
See #41057 .
Built from https://develop.svn.wordpress.org/trunk@42843
git-svn-id: http://core.svn.wordpress.org/trunk@42673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-18 14:23:33 +00:00
Sergey Biryukov
4848a09b35
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
...
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.
Fixes #43523 .
Built from https://develop.svn.wordpress.org/trunk@42827
git-svn-id: http://core.svn.wordpress.org/trunk@42657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-11 16:44:34 +00:00
Drew Jaynes
6e665d1f15
Docs: Link to the "Conditional Tags" article in the Theme Developer Handbook from the descriptions for a variety of core conditional tag functions.
...
These notations largely serve to direct consumers (of both the source and the parsed code reference) to extended information on individual and related conditional tags throughout WordPress. The changeset also standardizes corresponding DocBlock summaries to use third-person singular verbs.
Notations been added for the following functions:
* comments_open()
* email exists()
* has_excerpt()
* has_post_thumbnail()
* has_tag()
* in_category()
* in_the_loop()
* is_404()
* is_active_sidebar()
* is_active_widget()
* is_admin()
* is_admin_bar_showing()
* is_archive()
* is_attachment()
* is_author()
* is_blog_installed()
* is_category()
* is_comments_popup()
* is_date()
* is_day()
* is_dynamic_sidebar()
* is_feed()
* is_front_page()
* is_home()
* is_local_attachment()
* is_main_query
* is_month()
* is_multi_author
* is_new_day()
* is_page()
* is_page_template()
* is_paged()
* is_plugin_active()
* is_plugin_active_for_network()
* is_plugin_inactive()
* is_plugin_page()
* is_post_type_archive()
* is_preview()
* is_rtl()
* is_search()
* is_single()
* is_singular()
* is_sticky()
* is_tag()
* is_tax()
* is_taxonomy_hierarchical()
* is_time()
* is_trackback()
* is_user_logged_in()
* is_year()
* pings_open()
* post_type_exists()
* taxonomy_exists()
* term_exists()
* username exists()
* wp_attachment_is_image()
* wp_script_is()
Props janalwin.
Fixes #43254 .
Built from https://develop.svn.wordpress.org/trunk@42710
git-svn-id: http://core.svn.wordpress.org/trunk@42538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-13 16:54:31 +00:00
John Blackbourn
a1eb261cd1
Canonical: Add `$x_redirect_by` parameter to `wp_safe_redirect()`.
...
See [42633] and [42408].
Fixes #42313 .
Built from https://develop.svn.wordpress.org/trunk@42647
git-svn-id: http://core.svn.wordpress.org/trunk@42476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-04 16:05:32 +00:00
Sergey Biryukov
673ff22b2b
Canonical: Add `$x_redirect_by` parameter to `wp_redirect()` that allows applications doing the redirect to identify themselves.
...
This complements the `x_redirect_by` filter added in [42408].
Props NathanAtmoz, johnbillion.
Fixes #42313 .
Built from https://develop.svn.wordpress.org/trunk@42633
git-svn-id: http://core.svn.wordpress.org/trunk@42462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-01 15:06:35 +00:00
Sergey Biryukov
df07690883
Canonical: After [42408], remove `sprintf()` call for consistency with `Location` header.
...
See #42313 .
Built from https://develop.svn.wordpress.org/trunk@42409
git-svn-id: http://core.svn.wordpress.org/trunk@42238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-18 01:11:47 +00:00
Sergey Biryukov
0bc86bc220
Canonical: Introduce `x_redirect_by` filter that allows applications to identify themselves via `X-Redirect-By` header when they're doing a redirect.
...
Props joostdevalk.
Fixes #42313 .
Built from https://develop.svn.wordpress.org/trunk@42408
git-svn-id: http://core.svn.wordpress.org/trunk@42237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-18 01:04:52 +00:00
Sergey Biryukov
823ec0859a
Docs: Correct `@staticvar` entry for `wp_rand()`.
...
Props chetan200891, birgire.
Fixes #42796 .
Built from https://develop.svn.wordpress.org/trunk@42377
git-svn-id: http://core.svn.wordpress.org/trunk@42206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-07 13:53:47 +00:00
Drew Jaynes
f4faaa53c7
Docs: Improve the usefulness of docs for `wp_generate_password()` by noting the use of wp_rand() vs `rand()` or `mt_rand()`.
...
Props webdevmattcrom.
Fixes #42782 .
Built from https://develop.svn.wordpress.org/trunk@42373
git-svn-id: http://core.svn.wordpress.org/trunk@42202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-04 22:40:47 +00:00
Gary Pendergast
aaf99e6913
Code is Poetry.
...
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057 .
Built from https://develop.svn.wordpress.org/trunk@42343
git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn
bb5621a084
General: Pass on the return value from `wp_redirect()` for `wp_safe_redirect()`.
...
This brings the behaviour of the two functions in line with each other.
Props Drivingralle
Fixes 42108
Built from https://develop.svn.wordpress.org/trunk@42206
git-svn-id: http://core.svn.wordpress.org/trunk@42035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-20 20:24:48 +00:00
John Blackbourn
3be5d4b4f0
Docs: Improve inline docs for the `wp_redirect()` and `wp_safe_redirect()` functions.
...
See #42505 , #42108
Built from https://develop.svn.wordpress.org/trunk@42143
git-svn-id: http://core.svn.wordpress.org/trunk@41974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 13:44:47 +00:00
Sergey Biryukov
806b2a5af1
Comments: Change `IP` references in moderation option labels and email notifications to `IP address` for clarity.
...
Props mako09, gk.loveweb, bradparbs.
Fixes #40382 .
Built from https://develop.svn.wordpress.org/trunk@41704
git-svn-id: http://core.svn.wordpress.org/trunk@41538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 13:09:47 +00:00
John Blackbourn
9fdbe6538e
Docs: Remove `&` prefixes from parameter documentation to avoid doc parsing errors.
...
Props sudar for the original patch.
See #35974
Built from https://develop.svn.wordpress.org/trunk@41686
git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
John Blackbourn
f2a0b5267d
Login and Registration: Pass the user session token to the `set_auth_cookie` and `set_logged_in_cookie` filters.
...
This also adds some missing `@since` parameters for other uses of the token so that developers know when the token was first made available to various filters.
Fixes #41849
Built from https://develop.svn.wordpress.org/trunk@41365
git-svn-id: http://core.svn.wordpress.org/trunk@41198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 21:09:45 +00:00
John Blackbourn
dee0e3a67b
Users: Switch to using array style filters for the newly introduced filters in `wp_password_change_notification()` and `wp_new_user_notification()`.
...
This introduces three new filters, replacing those that were introduced in [41153]:
* `wp_password_change_notification_email`
* `wp_new_user_notification_email_admin`
* `wp_new_user_notification_email`
Props pbearne
Fixes #38068
Built from https://develop.svn.wordpress.org/trunk@41213
git-svn-id: http://core.svn.wordpress.org/trunk@41053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 13:21:46 +00:00
Sergey Biryukov
7d2b400876
Users: Use `esc_url()` instead of `esc_attr()` to escape the value of the `srcset` attribute in `get_avatar()`.
...
Props joemcgill, henry.wright.
Fixes #41215 .
Built from https://develop.svn.wordpress.org/trunk@41156
git-svn-id: http://core.svn.wordpress.org/trunk@40996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 13:22:44 +00:00
John Blackbourn
b6ca2d77a8
Users: Introduce filters for the contents of email notifications for new user registrations and password resets.
...
Introduces:
* `wp_password_change_notification_subject`
* `wp_password_change_notification_message`
* `wp_password_change_notification_headers`
* `wp_new_user_notification_admin_subject`
* `wp_new_user_notification_admin_message`
* `wp_new_user_notification_admin_headers`
* `wp_new_user_notification_subject`
* `wp_new_user_notification_message`
* `wp_new_user_notification_headers`
Props pbearne, dipesh.kakadiya
Fixes #38068
Built from https://develop.svn.wordpress.org/trunk@41153
git-svn-id: http://core.svn.wordpress.org/trunk@40993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 00:54:43 +00:00
John Blackbourn
9c7c11f268
Users: Clear the user settings cookies when clearing auth cookies.
...
This prevents lingering cookies when logging out and when switching between user accounts.
Props soulseekah, shanee
Fixes #32567
Built from https://develop.svn.wordpress.org/trunk@40580
git-svn-id: http://core.svn.wordpress.org/trunk@40450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 16:54:42 +00:00
Pascal Birchler
72c19648bc
Load: Only load `PasswordHash` class when needed.
...
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.
Props DavidAnderson, ketuchetan.
Fixes #39445 .
Built from https://develop.svn.wordpress.org/trunk@40387
git-svn-id: http://core.svn.wordpress.org/trunk@40294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-06 18:01:42 +00:00
Sergey Biryukov
41666b5e0c
Mail: Use correct capitalization for PHPMailer methods in `wp_mail()`.
...
Props Soean, reidbusi.
Fixes #39702 .
Built from https://develop.svn.wordpress.org/trunk@40363
git-svn-id: http://core.svn.wordpress.org/trunk@40270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 14:34:43 +00:00
John Blackbourn
96b2923e62
Docs: Remove the duplicate hook documentation for the newly introduced `send_auth_cookies` filter.
...
See #39367
Built from https://develop.svn.wordpress.org/trunk@40264
git-svn-id: http://core.svn.wordpress.org/trunk@40184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 15:03:42 +00:00
John Blackbourn
265a0f4d98
Build/Test tools: Don't override the `wp_set_auth_cookie()` and `wp_clear_auth_cookie()` functions.
...
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.
This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.
Fixes #39367
Built from https://develop.svn.wordpress.org/trunk@40263
git-svn-id: http://core.svn.wordpress.org/trunk@40183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 14:33:46 +00:00
John Blackbourn
4dffd5b82e
Build/Test tools: Revert [40239] due to unrelated changes.
...
See #39486
Built from https://develop.svn.wordpress.org/trunk@40240
git-svn-id: http://core.svn.wordpress.org/trunk@40170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:05:42 +00:00
John Blackbourn
28055b9ff5
Build/Test tools: In Travis, skip some tests when not on trunk.
...
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes #39486
Built from https://develop.svn.wordpress.org/trunk@40239
git-svn-id: http://core.svn.wordpress.org/trunk@40169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:01:46 +00:00
Aaron Campbell
288cd46939
Strip control characters before validating redirect.
...
Built from https://develop.svn.wordpress.org/trunk@40183
git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:38:41 +00:00
Dion Hulse
577a192ebd
Mail: In PHPMailer 5.2.7 the case of the `Send()` method changed to `send()`, update our call for consistency with the library.
...
Props michalzuber.
Fixes #39469 .
Built from https://develop.svn.wordpress.org/trunk@39691
git-svn-id: http://core.svn.wordpress.org/trunk@39631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:10:42 +00:00
Dion Hulse
1a40f6b7ae
Mail: Ensure that any `phpmailerException` exceptions generated by `setFrom()` are caught to avoid PHP Fatal errors.
...
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.
See #25239 for correcting the email address.
Fixes #39360 .
Built from https://develop.svn.wordpress.org/trunk@39655
git-svn-id: http://core.svn.wordpress.org/trunk@39595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 06:44:40 +00:00
John Blackbourn
80a839de13
Docs: Misc corrections and additions to inline documentation.
...
See #39130
Props keesiemeijer
Built from https://develop.svn.wordpress.org/trunk@39639
git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn
c2d709e9d6
I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment.
...
See #38882
Built from https://develop.svn.wordpress.org/trunk@39326
git-svn-id: http://core.svn.wordpress.org/trunk@39266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 02:46:30 +00:00
John Blackbourn
4cf5550d8d
I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
...
Adds context to one string used in two different contexts for the new user and new site signup email notification.
More to come.
See #38882
Built from https://develop.svn.wordpress.org/trunk@39323
git-svn-id: http://core.svn.wordpress.org/trunk@39263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 01:22:32 +00:00
Helen Hou-Sandí
dab566d973
Mail: Set a better error code when triggering `wp_mail_failed`.
...
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.
props Kau-Boy, stephenharris.
fixes #35598 .
Built from https://develop.svn.wordpress.org/trunk@39086
git-svn-id: http://core.svn.wordpress.org/trunk@39028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 04:27:34 +00:00
Drew Jaynes
5f4497f0af
Docs: Fix multiple trivial typos throughout a variety of core files.
...
Props ottok.
Fixes #38489 .
Built from https://develop.svn.wordpress.org/trunk@39051
git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Dominik Schilling
7819e2b4ba
I18N: Introduce a locale-switching function.
...
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.
This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.
`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).
Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783 .
Fixes #26511 .
Built from https://develop.svn.wordpress.org/trunk@38961
git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Scott Taylor
a3ffebce30
Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
...
See #36335 .
Built from https://develop.svn.wordpress.org/trunk@38470
git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
John Blackbourn
a1d61a95e1
Security: Return a `403` instead of a `200` HTTP status when `check_ajax_referer()` fails.
...
This is, unfortunately, untestable in the current test suite, even in the AJAX tests.
Fixes #36362
Built from https://develop.svn.wordpress.org/trunk@38421
git-svn-id: http://core.svn.wordpress.org/trunk@38362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:31:30 +00:00