This updates the 5.3 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
In addition to backporting the package updates that happened after branching 5.3, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [47404,47867,47872-47873,48213,48705,49636,49933,49937,49939,49940,49983,49989,50017,50126,50176,50185] to the 5.3 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/5.3@50190
git-svn-id: http://core.svn.wordpress.org/branches/5.3@49868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit brings the changes in [49452] to the 5.3 branch.
If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that$
Fixes#51676.
Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.3@49455
git-svn-id: http://core.svn.wordpress.org/branches/5.3@49214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.3 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.3@49393
git-svn-id: http://core.svn.wordpress.org/branches/5.3@49152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures the ability to run NodeJS related tasks when using `nvm install` or `nvm use` will continue to be usable as new versions of NodeJS are moved into LTS.
The alias `lts/*` currently resolves to NodeJS 12.x (which is the highest version of NodeJS supported in the 5.3 branch). However, `lts/*` will point to newer versions in the near future.
This also removes the explicit version when running `nvm install` during automated testing. The command will now fall back to the version in the `.nvmrc` file.
See #51603.
Built from https://develop.svn.wordpress.org/branches/5.3@49279
git-svn-id: http://core.svn.wordpress.org/branches/5.3@49039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that `wp_validate_redirect()` sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend `set-screen-option`.
Merges [47948-47951] to the 5.3 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.3@47959
git-svn-id: http://core.svn.wordpress.org/branches/5.3@47731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After a comment is submitted, only allow a brief window where the comment is live on the site.
Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov.
Merges [47887] and [47889] to the 5.3 branch.
See #49956.
Built from https://develop.svn.wordpress.org/branches/5.3@47916
git-svn-id: http://core.svn.wordpress.org/branches/5.3@47690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.4 branch.
Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.
Built from https://develop.svn.wordpress.org/branches/5.3@47644
git-svn-id: http://core.svn.wordpress.org/branches/5.3@47419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove `WordPress` from `Requires at least` headers.
* Ensure the `Requires at least` and `Requires PHP` headers are present in the `style.css` file.
Follow-up to [46676], which updated `style-rtl.css`, but not `style.scss` or `style.css`.
Merges [47136] to the 5.3 branch.
See #48517.
Built from https://develop.svn.wordpress.org/branches/5.3@47137
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Fix PHP warnings in `wp_unique_filename()` when the destination directory is unreadable.
- Run the final name collision test only for files that are saved to the uploads directory.
- Update the unit tests to match.
Props eden159, audrasjb, azaozz.
Merges [46965] to the 5.3 branch.
Fixes#48960.
Built from https://develop.svn.wordpress.org/branches/5.3@46979
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[3525] allowed a difference up to 59 seconds between the post date/time and the current time to consider the post published instead of scheduled, but that didn't take start of a new minute into account.
Rapidly creating post fixtures in unit tests could encounter a one-second discrepancy between `current_time( 'mysql' )` and `gmdate( 'Y-m-d H:i:s' )`, returning values like `2019-12-16 23:43:00` vs. `2019-12-16 23:42:59`, respectively, and setting the post to a `future` status instead of `publish`.
[45851], while working as intended, made the issue somewhat more likely to occur.
This caused all sorts of occasional random failures in various tests on Travis, mostly on PHP 7.1.
Merges [46968] and [46969] to the 5.3 branch.
Fixes#48145.
Built from https://develop.svn.wordpress.org/branches/5.3@46975
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/5.3@46899
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46699 1a063a9b-81f0-0310-95a4-ce76da25c4cd