WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,137 Commits 50 Branches 749 Tags 982 MiB
Commit Graph

6121 Commits

Author SHA1 Message Date
whyisjake a14f1a83a9 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.5 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.5@49401


git-svn-id: http://core.svn.wordpress.org/branches/4.5@49160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:02:24 +00:00
Sergey Biryukov 36436be2e3 Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.5 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.5@48253


git-svn-id: http://core.svn.wordpress.org/branches/4.5@48022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:51:55 +00:00
whyisjake acdabf9d25 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.5 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.5@47973


git-svn-id: http://core.svn.wordpress.org/branches/4.5@47743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:54:52 +00:00
Sergey Biryukov 65d87ce862 Escape the output in `wp_ajax_upload_attachment()`. 
Merges [45936] to the 4.5 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.5@45950


git-svn-id: http://core.svn.wordpress.org/branches/4.5@45761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:37:09 +00:00
Sergey Biryukov fb7f4bf7b6 Comments: Improve comment content filtering. 
Merges [44842] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@44849


git-svn-id: http://core.svn.wordpress.org/branches/4.5@44681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:38:19 +00:00
Gary Pendergast ab40c9608a Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.5 branch.


Built from https://develop.svn.wordpress.org/branches/4.5@44060


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:45:20 +00:00
Peter Wilson baa754b110 Multisite: Validate activation links. 
Merges [44048] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@44059


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:44:20 +00:00
Dion Hulse c5126cd06a External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.5 branch.
Fixes #42720 for 4.5.

Built from https://develop.svn.wordpress.org/branches/4.5@42481


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:08:33 +00:00
Dion Hulse fce8018006 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.5 branch.
Fixes #42963 for 4.5.

Built from https://develop.svn.wordpress.org/branches/4.5@42469


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:56:04 +00:00
John Blackbourn 6208a0780c Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@41461


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:41:31 +00:00
John Blackbourn 367007e79a General: Remove context added in [41414] in order to avoid a string change in a point release. 
See #13377

Built from https://develop.svn.wordpress.org/branches/4.5@41416


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:46:31 +00:00
John Blackbourn 9d2e40d699 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41414] into the 4.5. branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.5@41415


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:32:31 +00:00
Aaron Campbell a6878209f8 Add nonce for updating file system credentials. 
Merges [40723] to 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40726


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:54:03 +00:00
Pascal Birchler 4e293bfa45 Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40462


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-17 13:14:34 +00:00
John Blackbourn 806d303a20 Press This: Verify intent before fetching in-page resources using Press This. 
Props vortfu

Merges [40195] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40198


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:59:30 +00:00
Jeremy Felt d3d39735ce Validate video and audio metadata. 
Merge of [40148] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40151


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 08:05:33 +00:00
John Blackbourn 864dc6eb0d Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. 
Merges [39956] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39977


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 14:14:26 +00:00
Dominik Schilling 4bc646125d Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 
Merge of [39968] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@39972


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 14:11:03 +00:00
Aaron Campbell 1bed90114d Add nonce for widget accessibility mode. 
Props vortfu.

See #23328.

Merges [39760] to 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39763


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 01:44:31 +00:00
Joe McGill da1c938fe9 Media: Improved media titles when created from filename. 
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 4.5 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/4.5@39711


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 21:59:35 +00:00
Jeremy Felt ff1790b8e8 Media: Sanitize upload filename. 
Merge of [38538] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@38540


git-svn-id: http://core.svn.wordpress.org/branches/4.5@38483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 13:57:58 +00:00
Pascal Birchler b7bb8822d7 Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. 
Merge of [38524] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@38526


git-svn-id: http://core.svn.wordpress.org/branches/4.5@38467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-06 17:34:33 +00:00
Nikolay Bachiyski df44f6cbc4 Admin: escape URL-encoded permalinks 
Merge of [37801] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@37806


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:50:03 +00:00
Rachel Baker 01fbbebff4 Revisions: Change the capability needed to view revision diffs to `edit_post`. 
Merge of [37779] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@37791


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:27:33 +00:00
Nikolay Bachiyski 97bcc889a7 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@37783


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:23:45 +00:00
Boone Gorges 4113f3fb69 Taxonomy: More specific cap check when processing category data on post save. 
Ports [37691] to the 4.5 branch.

 Props dlh.
 Fixes #36379.
 Please enter the commit message for your changes. Lines starting
Built from https://develop.svn.wordpress.org/branches/4.5@37759


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:11:55 +00:00
Dominik Schilling caf7ab7df5 Database: `dbDelta()` will no longer try to downgrade the size of `TEXT` and `BLOB` columns. 
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.

On the subsequent upgrade, after the `utf8mb4` upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their original size, so let's do that.

Merge of [37525] to the 4.5 branch.

Props pento.
See #36748.


Built from https://develop.svn.wordpress.org/branches/4.5@37606


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-01 12:59:28 +00:00
Dominik Schilling 9bfc7ded12 Media: Remove an extra quote when sending a link of a media file to the editor. 
Introduced in [37035].

Merge of [37288] to the 4.5 branch.

Props joemcgill, swissspidy, boonebgorges.
Fixes #36578.
Built from https://develop.svn.wordpress.org/branches/4.5@37289


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-04-21 21:34:30 +00:00
Dominik Schilling 9f63726656 Rewrite Rules: After [36953], correctly replace existing rules on IIS when updating them. 
Merge of [37273] to the 4.5 branch.

Props WiZZarD_.
Fixes #36506.
Built from https://develop.svn.wordpress.org/branches/4.5@37274


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-04-21 09:37:29 +00:00
Dominik Schilling 3067561bd7 Plugins: Use correct placeholder for the number of reviews. 
`number_format_i18n()` returns a string, not an integer.

See #35111.
Fixes #36395.
Built from https://develop.svn.wordpress.org/trunk@37156


git-svn-id: http://core.svn.wordpress.org/trunk@37122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-04-02 11:17:26 +00:00
Dominik Schilling 72a544168a I18N: Clarify translator comment for an a11y label added in [36618]. 
Props TacoVerdo.
See #35111.
Fixes #36396.
Built from https://develop.svn.wordpress.org/trunk@37155


git-svn-id: http://core.svn.wordpress.org/trunk@37121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-04-02 11:12:26 +00:00
Weston Ruter a311bea6d1 Customize: Fix toggle of title attribute field visibility on nav menus admin page. 
Improves alignment with nav menus in the Customizer, fixing regression introduced in [36908].

See #35273.
Props sidati, westonruter.
Fixes #36353.

Built from https://develop.svn.wordpress.org/trunk@37153


git-svn-id: http://core.svn.wordpress.org/trunk@37119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 21:55:27 +00:00
Aaron Jorbin 4e3df608dc Remove Debugging code introduced in [37145] 
Built from https://develop.svn.wordpress.org/trunk@37148


git-svn-id: http://core.svn.wordpress.org/trunk@37115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 18:58:26 +00:00
Aaron Jorbin bd7ffca854 Add Nonce to updating wporg_favorites user meta field 
Built from https://develop.svn.wordpress.org/trunk@37145


git-svn-id: http://core.svn.wordpress.org/trunk@37112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 18:36:26 +00:00
Nikolay Bachiyski 9b7a775413 Add nonce to AJAX action for script compression setting 
Built from https://develop.svn.wordpress.org/trunk@37143


git-svn-id: http://core.svn.wordpress.org/trunk@37110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 18:21:25 +00:00
Dominik Schilling 6c81a0cbf6 Users: In `edit_user()` check for a blank password when adding a user. 
Props wesleye, gitlost, adamsilverstein.
Fixes #35715.
Built from https://develop.svn.wordpress.org/trunk@37059


git-svn-id: http://core.svn.wordpress.org/trunk@37026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-22 23:07:27 +00:00
Andrew Ozz d47a15ed3c Media: fix erroneously inserting a rel attribute in `get_image_send_to_editor()`. Reverts most of [34259] and [34260] and adds a unit test. 
Props joemcgill, azaozz.
Fixes #36084.
Built from https://develop.svn.wordpress.org/trunk@37035


git-svn-id: http://core.svn.wordpress.org/trunk@37002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-18 20:05:26 +00:00
Dominik Schilling 6a90070793 I18N: Move translatable Codex URLs to separate strings in `wp-admin/includes/meta-boxes.php`. 
Props ramiy.
Fixes #35751.
Built from https://develop.svn.wordpress.org/trunk@37016


git-svn-id: http://core.svn.wordpress.org/trunk@36983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-16 16:58:26 +00:00
John Blackbourn 852f085d19 Docs: The `$update_result` parameter passed to `WP_Automatic_Updater::after_core_update()` is never a `WP_Error`. If an error is returned, the error object lives in the `result` property of the paramter. 
See #32246

Built from https://develop.svn.wordpress.org/trunk@36995


git-svn-id: http://core.svn.wordpress.org/trunk@36962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-14 22:43:27 +00:00
Andrew Ozz 13c885bdce TinyMCE, inline link: 
- Remove unused user setting for wpLink.
- Remove redundant text and variable from wp_link_dialog().

Props afercia, azaozz.
See #33301.
Built from https://develop.svn.wordpress.org/trunk@36985


git-svn-id: http://core.svn.wordpress.org/trunk@36952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-14 01:39:26 +00:00
Dominik Schilling d8f3325c14 Docs: Correct grammar when referring to "a URL" vs "an URL" in several places. 
Fixes #36218.
Built from https://develop.svn.wordpress.org/trunk@36970


git-svn-id: http://core.svn.wordpress.org/trunk@36938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-12 12:39:27 +00:00
Andrea Fercia fd1f45a7cf Accessibility: Improve accessibility for the Plugin details modal. 
The plugin details modal can be invoked from several screens. There's now a new
`.open-plugin-details-modal` CSS class to be used in combination with the
`.thickbox` CSS class that adds everything needed for accessibility.

- Adds an ARIA role `dialog` and an `aria-label` attribute to the modal
- Adds a `title` attribute to the iframe inside the modal
- Constrains tabbing within the modal
- Restores focus back in a proper place when closing the modal

Also, improves a bit the native Thickbox implementation: it should probably be
replaced with some more modern tool but at least keyboard focus should be moved
inside the modal.

Fixes #33305.
Built from https://develop.svn.wordpress.org/trunk@36964


git-svn-id: http://core.svn.wordpress.org/trunk@36932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-10 22:37:26 +00:00
Aaron Jorbin 1972aa2a2a Add grunt prerelease task 
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.

See #35557

Built from https://develop.svn.wordpress.org/trunk@36930


git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-10 05:37:27 +00:00
Weston Ruter 7441acafaf Customize: Fix persistence of toggles for displayed nav menu item properties. 
* Eliminates need to click more than one checkbox to have preferences saved.
* Adds debouncing to saving user-selected menu item properties.
* Also removes discrepancies between available nav menu item properties on admin page vs Customizer.

Fixes #35273.
Props afercia, westonruter.

Built from https://develop.svn.wordpress.org/trunk@36908


git-svn-id: http://core.svn.wordpress.org/trunk@36876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-09 21:41:28 +00:00
Dominik Schilling 7e8e3429e1 Media: Change wording for media files which aren't attached. 
The media library can contain files which aren't attached yet. When attaching a file you currently get "Media attachment reattached.", or the opposite "Media attachment detached.". That's redundant and can be inaccurate. It's also not easy to translate in some languages.

This change generalizes the strings to refer to a "media file" instead.

Props SergeyBiryukov, ocean90, netweb.
Fixes #36089.
Built from https://develop.svn.wordpress.org/trunk@36887


git-svn-id: http://core.svn.wordpress.org/trunk@36854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-08 17:43:25 +00:00
Andrea Fercia 34ab7ae5ac Accessibility: Remove the title attributes from the old Media UI. 
Also, adds better indication and attributes for the required form fields.
Moves some styles to `deprecated-media.css`.

Props andg, afercia.
Fixes #34944.
Built from https://develop.svn.wordpress.org/trunk@36879


git-svn-id: http://core.svn.wordpress.org/trunk@36846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-07 22:29:26 +00:00
Drew Jaynes d59fdfd951 Docs: Add a missing `@since` version to the DocBlock for `wp_add_dashboard_widget()`. 
See #32246.

Built from https://develop.svn.wordpress.org/trunk@36878


git-svn-id: http://core.svn.wordpress.org/trunk@36845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-07 22:17:26 +00:00
Pascal Birchler 033044a872 Taxonomy: Improve backward compatibility on the `wp-admin/term.php` page. 
Specifically, run `do_action( 'edit-tags.php' );` on this new term edit page introduced in [36308]. Changes the GET param back to `tag_ID` and properly sets the screen base in `WP_Screen`.

See #34988.
Built from https://develop.svn.wordpress.org/trunk@36874


git-svn-id: http://core.svn.wordpress.org/trunk@36841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-07 12:56:28 +00:00
Andrea Fercia aaa040eee9 CSS: Rename the handle for `deprecated-media.css` after [36341]. 
The `media` handle is now used for `media.css` thus the stylesheet
for the old media UI needs a different handle name.

See #35229.
Built from https://develop.svn.wordpress.org/trunk@36869


git-svn-id: http://core.svn.wordpress.org/trunk@36836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-06 15:38:28 +00:00
Sergey Biryukov b80a516549 Docs: Add `wp_add_dashboard_widget()` parameter descriptions. 
Props meitar for initial patch.
Fixes #36092.
Built from https://develop.svn.wordpress.org/trunk@36868


git-svn-id: http://core.svn.wordpress.org/trunk@36835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-06 12:08:28 +00:00