WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,927 Commits 50 Branches 749 Tags 981 MiB
Commit Graph

25927 Commits

Author SHA1 Message Date
desrosj 52f7b371de WordPress 3.9.33. 
Built from https://develop.svn.wordpress.org/branches/3.9@49425


git-svn-id: http://core.svn.wordpress.org/branches/3.9@49184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:43:06 +00:00
whyisjake 03372aee6e General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 3.9 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/3.9@49407


git-svn-id: http://core.svn.wordpress.org/branches/3.9@49166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:15:11 +00:00
Sergey Biryukov 896d4d588b Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 3.9 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/3.9@48259


git-svn-id: http://core.svn.wordpress.org/branches/3.9@48028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:54:23 +00:00
desrosj 9f7a3edab3 WordPress 3.9.32. 
Built from https://develop.svn.wordpress.org/branches/3.9@48004


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:40:26 +00:00
Sergey Biryukov c7feb3f848 Themes: Ensure a broken theme name is returned properly. 
Follow-up to [47966] for the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@47979


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:56:31 +00:00
whyisjake 6965572495 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 3.9 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/3.9@47966


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:52:30 +00:00
desrosj c623e36b53 Updating the About page for WordPress 3.9.31 
Built from https://develop.svn.wordpress.org/branches/3.9@47687


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:15:11 +00:00
desrosj f8abe372b5 WordPress 3.9.31 
Built from https://develop.svn.wordpress.org/branches/3.9@47681


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:04:10 +00:00
whyisjake 348c871b83 User: Invalidate `user_activation_key` on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 3.9 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/3.9@47660


git-svn-id: http://core.svn.wordpress.org/branches/3.9@47437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:56:12 +00:00
Sergey Biryukov a6e4d88a7a WordPress 3.9.30 
Built from https://develop.svn.wordpress.org/branches/3.9@46934


git-svn-id: http://core.svn.wordpress.org/branches/3.9@46734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:35:11 +00:00
Sergey Biryukov 1150c36593 Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 3.9 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/3.9@46906


git-svn-id: http://core.svn.wordpress.org/branches/3.9@46706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:34:13 +00:00
desrosj dc7409e713 WordPress 3.9.29. 
Built from https://develop.svn.wordpress.org/branches/3.9@46521


git-svn-id: http://core.svn.wordpress.org/branches/3.9@46318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:19:11 +00:00
whyisjake 9442d0f7e5 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@46503


git-svn-id: http://core.svn.wordpress.org/branches/3.9@46300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:27:12 +00:00
desrosj fab981a1cb WordPress 3.9.28. 
Built from https://develop.svn.wordpress.org/branches/3.9@46033


git-svn-id: http://core.svn.wordpress.org/branches/3.9@45845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:02:29 +00:00
desrosj 128e2430a8 Fix for URL sanitization in `wp_kses_bad_protocol_once()`. 
Merges [45997] to the 3.9 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/3.9@46016


git-svn-id: http://core.svn.wordpress.org/branches/3.9@45827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:43:16 +00:00
Sergey Biryukov 58a90c49c1 Improve URL validation in `wp_validate_redirect()`. 
Merges [45971] to the 3.9 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/3.9@45986


git-svn-id: http://core.svn.wordpress.org/branches/3.9@45797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:16:25 +00:00
Sergey Biryukov e1a05244d9 Escape the output in `wp_ajax_upload_attachment()`. 
Merges [45936] to the 3.9 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/3.9@45966


git-svn-id: http://core.svn.wordpress.org/branches/3.9@45777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:48:23 +00:00
whyisjake 2dd32a25ce Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 3.9 branch.

Props vortfu, whyisjake, peterwilsoncc


Built from https://develop.svn.wordpress.org/branches/3.9@45965


git-svn-id: http://core.svn.wordpress.org/branches/3.9@45776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:48:12 +00:00
Gary Pendergast 8c00811afd WordPress 3.9.27 
Built from https://develop.svn.wordpress.org/branches/3.9@44888


git-svn-id: http://core.svn.wordpress.org/branches/3.9@44719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 03:05:12 +00:00
Sergey Biryukov df6538cd9e Comments: Improve comment content filtering. 
Merges [44842] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@44855


git-svn-id: http://core.svn.wordpress.org/branches/3.9@44687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:50:12 +00:00
Jeremy Felt 3fa991919a Bump 3.9 branch to version 3.9.26. 
Built from https://develop.svn.wordpress.org/branches/3.9@44088


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:16:19 +00:00
Gary Pendergast 188c405997 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@44072


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:59:10 +00:00
Peter Wilson 69cb93fc01 Multisite: Validate activation links. 
Merges [44048] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@44071


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:58:11 +00:00
iandunn 7bd9d508d8 KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `3.9` branch.

Built from https://develop.svn.wordpress.org/branches/3.9@44045


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:22:10 +00:00
Peter Wilson 7fb75fbac4 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@44038


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:04:11 +00:00
Gary Pendergast 006095dd57 KSES: Conditionally remove the `<form>` element from `$allowedposttags`. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@44016


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:58:11 +00:00
Jeremy Felt 7fd3a9f5f7 Media: Improve verification of MIME file types. 
Merges [43988] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@44010


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:44:11 +00:00
Aaron Campbell 682e48d5bd Bump 3.9 branch to version 3.9.25 
Built from https://develop.svn.wordpress.org/branches/3.9@43417


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:14:11 +00:00
John Blackbourn 309d82f2bc Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@43403


git-svn-id: http://core.svn.wordpress.org/branches/3.9@43231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:14:12 +00:00
Aaron Campbell b5bae28a24 Bump 3.9 branch to version 3.9.24 
Built from https://develop.svn.wordpress.org/branches/3.9@42943


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:32:23 +00:00
Dominik Schilling 09ddadad9c Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42927


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:11:23 +00:00
Dominik Schilling 19b1303e66 Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42905


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:34:27 +00:00
Sergey Biryukov e4a4b23b1e General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 3.9 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/3.9@42562


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:30:27 +00:00
Dion Hulse 1b8cce073d Bump the 3.9 branch to 3.9.23. 
Built from https://develop.svn.wordpress.org/branches/3.9@42504


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:47:15 +00:00
Dion Hulse c46690c68b External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 3.9 branch.
Fixes #42720 for 3.9.

Built from https://develop.svn.wordpress.org/branches/3.9@42487


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:15:17 +00:00
Dion Hulse 046ba97ee5 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 3.9 branch.
Fixes #42963 for 3.9.

Built from https://develop.svn.wordpress.org/branches/3.9@42475


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:59:15 +00:00
John Blackbourn 62423cc81f Bump 3.9 branch to version 3.9.22. 
Built from https://develop.svn.wordpress.org/branches/3.9@42326


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:04:15 +00:00
John Blackbourn 2a5436237f Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability. 
Merges [42261] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42307


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:42:29 +00:00
John Blackbourn a18a45296d Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42306


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:42:15 +00:00
John Blackbourn 8c9519f1e7 Hardening: Add escaping to the language attributes used on `html` elements. 
Merges [42259] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42305


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:41:04 +00:00
John Blackbourn d8e9c02011 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 
Merges [42258] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42304


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:40:50 +00:00
Dion Hulse 80a325fda9 WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 3.9 branch.
Fixes #42431 and #42401 for 3.9.

Built from https://develop.svn.wordpress.org/branches/3.9@42239


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:14:32 +00:00
John Blackbourn a17059be19 General: Remove the version number from the readme file in the 4. 
See #42386

Built from https://develop.svn.wordpress.org/branches/3.9@42097


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 18:02:33 +00:00
Gary Pendergast 76ec03176d Bump 3.9 branch to version 3.9.21. 
Built from https://develop.svn.wordpress.org/branches/3.9@42078


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:45:15 +00:00
Gary Pendergast 9b92304fd1 Database: Restore numbered placeholders in `wpdb::prepare()`. 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 3.9 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/3.9@42066


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:57:16 +00:00
Dominik Schilling ee47cb6d42 Users: Use correct escaping function for URLs. 
Merge of [41522] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@41532


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:40:14 +00:00
Aaron Campbell 79224df81a Bump 3.9 branch to version 3.9.20. 
Built from https://develop.svn.wordpress.org/branches/3.9@41519


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:13:15 +00:00
Aaron Campbell f6afa94bef Database: Hardening to bring `wpdb::prepare()` inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41506


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:43:15 +00:00
Aaron Campbell 30570f494f Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`. 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41493


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:27:16 +00:00
Aaron Campbell a5756e9c27 Database: Hardening for `wpdb::prepare()` 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41480


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:04:33 +00:00