WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,903 Commits 50 Branches 749 Tags 982 MiB
Commit Graph

30903 Commits

Author SHA1 Message Date
desrosj 70f76efa31 WordPress 4.3.25. 
Built from https://develop.svn.wordpress.org/branches/4.3@49421


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:42:02 +00:00
whyisjake b8d6fd57e5 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.3 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.3@49403


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:06:19 +00:00
Sergey Biryukov 0516bef529 Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.3 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.3@48255


git-svn-id: http://core.svn.wordpress.org/branches/4.3@48024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:53:18 +00:00
desrosj 9bd186c0b2 WordPress 4.3.24. 
Built from https://develop.svn.wordpress.org/branches/4.3@48000


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:39:14 +00:00
whyisjake 1bb15bafa8 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.3 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.3@47982


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 19:04:18 +00:00
desrosj 55f80c7741 Update the About page for WordPress 4.3.23 
Built from https://develop.svn.wordpress.org/branches/4.3@47693


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:26:19 +00:00
desrosj 7844e2d115 WordPress 4.3.23 
Built from https://develop.svn.wordpress.org/branches/4.3@47677


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:03:06 +00:00
whyisjake 9ff45194c0 User: Invalidate `user_activation_key` on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.3 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.3@47656


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:49:18 +00:00
Sergey Biryukov 96e62740a8 WordPress 4.3.22 
Built from https://develop.svn.wordpress.org/branches/4.3@46930


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:31:38 +00:00
Sergey Biryukov 101d18ce97 Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.3@46911


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:43:19 +00:00
desrosj cb4bfad89c WordPress 4.3.21. 
Built from https://develop.svn.wordpress.org/branches/4.3@46517


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:13:18 +00:00
whyisjake ee4a39e150 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@46499


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:12:19 +00:00
desrosj 6bb34dde2a WordPress 4.3.20. 
Built from https://develop.svn.wordpress.org/branches/4.3@46037


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:03:39 +00:00
desrosj 573fefce22 Fix for URL sanitization in `wp_kses_bad_protocol_once()`. 
Merges [45997] to the 4.3 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.3@46011


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:41:14 +00:00
Sergey Biryukov 96c871a4f9 Improve URL validation in `wp_validate_redirect()`. 
Merges [45971] to the 4.3 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.3@45982


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:14:37 +00:00
whyisjake 3bdd96e940 Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.3 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.3@45959


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:42:00 +00:00
Sergey Biryukov 778afee0d3 Escape the output in `wp_ajax_upload_attachment()`. 
Merges [45936] to the 4.3 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.3@45952


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:38:39 +00:00
Gary Pendergast 84ca459390 WordPress 4.3.19 
Built from https://develop.svn.wordpress.org/branches/4.3@44880


git-svn-id: http://core.svn.wordpress.org/branches/4.3@44711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:37:17 +00:00
Sergey Biryukov ffaeca3c2d Comments: Improve comment content filtering. 
Merges [44842] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@44851


git-svn-id: http://core.svn.wordpress.org/branches/4.3@44683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:41:18 +00:00
Jeremy Felt c213a12d6f Bump 4.3 branch to version 4.3.18. 
Built from https://develop.svn.wordpress.org/branches/4.3@44084


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:15:17 +00:00
Gary Pendergast e89067cafb Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@44064


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:51:17 +00:00
Peter Wilson 100ac12da0 Multisite: Validate activation links. 
Merges [44048] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44063


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:49:37 +00:00
iandunn 7af3db4bdb KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.3` branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44041


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:14:24 +00:00
Peter Wilson 5be5e9f54a Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44033


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:54:38 +00:00
Gary Pendergast 5514a623ed KSES: Conditionally remove the `<form>` element from `$allowedposttags`. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@44005


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:37:18 +00:00
Jeremy Felt f7082228ba Media: Improve verification of MIME file types. 
Merges [43988] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43996


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:17:18 +00:00
Aaron Campbell 260ca2571b Bump 4.3 branch to version 4.3.17 
Built from https://develop.svn.wordpress.org/branches/4.3@43413


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:13:07 +00:00
John Blackbourn e9c11f3385 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43399


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:03:22 +00:00
Aaron Campbell 0f6c066275 Bump 4.3 branch to version 4.3.16 
Built from https://develop.svn.wordpress.org/branches/4.3@42939


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:30:26 +00:00
Dominik Schilling 9adb5428e9 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42923


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:09:03 +00:00
Dominik Schilling 11ab85e805 Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42901


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:32:08 +00:00
Sergey Biryukov 89fe744a7d General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.3 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.3@42558


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:28:42 +00:00
Dion Hulse 2f6ab42321 Bump the 4.3 branch to 4.3.15. 
Built from https://develop.svn.wordpress.org/branches/4.3@42500


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:43:27 +00:00
Dion Hulse 8b6b82d51e External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.3 branch.
Fixes #42720 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42483


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:10:28 +00:00
Dion Hulse 912cef3697 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.3 branch.
Fixes #42963 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42471


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:57:27 +00:00
John Blackbourn d36d7535ef Bump 4.3 branch to version 4.3.14. 
Built from https://develop.svn.wordpress.org/branches/4.3@42322


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:01:56 +00:00
John Blackbourn 9bde3962d9 Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability. 
Merges [42261] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42291


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:32:55 +00:00
John Blackbourn 599b8a9765 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42290


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:32:31 +00:00
John Blackbourn e7c75e3542 Hardening: Add escaping to the language attributes used on `html` elements. 
Merges [42259] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42289


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:31:22 +00:00
John Blackbourn 93d2ea12fe Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 
Merges [42258] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42288


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:30:57 +00:00
Dion Hulse 6c16725459 WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42235


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:12:26 +00:00
John Blackbourn be37b2ea7b General: Remove the version number from the readme file in the 4.3 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/4.3@42093


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 17:44:26 +00:00
Gary Pendergast b4ba20d05a Bump 4.3 branch to version 4.3.13. 
Built from https://develop.svn.wordpress.org/branches/4.3@42074


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:33:26 +00:00
Gary Pendergast 8227bf664f Database: Restore numbered placeholders in `wpdb::prepare()`. 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.3 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.3@42062


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:49:26 +00:00
Dominik Schilling 73bbbf0ec7 Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41528


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:38:25 +00:00
Dominik Schilling 1aff8f778b Bump 4.3 branch to version 4.3.12. 
Built from https://develop.svn.wordpress.org/branches/4.3@41515


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:02:26 +00:00
Aaron Campbell 6e1daaea02 Database: Hardening to bring `wpdb::prepare()` inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41502


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:28:25 +00:00
Aaron Campbell 0ca1d61d97 Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`. 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41489


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:25:25 +00:00
Aaron Campbell a5edf110c0 Database: Hardening for `wpdb::prepare()` 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41476


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:02:55 +00:00
John Blackbourn 18e349c3b6 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41463


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:43:27 +00:00