John Blackbourn
8c9519f1e7
Hardening: Add escaping to the language attributes used on `html` elements.
...
Merges [42259] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@42305
git-svn-id: http://core.svn.wordpress.org/branches/3.9@42134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:41:04 +00:00
John Blackbourn
d8e9c02011
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@42304
git-svn-id: http://core.svn.wordpress.org/branches/3.9@42133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:40:50 +00:00
Dion Hulse
80a325fda9
WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined.
...
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 3.9 branch.
Fixes #42431 and #42401 for 3.9.
Built from https://develop.svn.wordpress.org/branches/3.9@42239
git-svn-id: http://core.svn.wordpress.org/branches/3.9@42068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:14:32 +00:00
John Blackbourn
a17059be19
General: Remove the version number from the readme file in the 4.
...
See #42386
Built from https://develop.svn.wordpress.org/branches/3.9@42097
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 18:02:33 +00:00
Gary Pendergast
76ec03176d
Bump 3.9 branch to version 3.9.21.
...
Built from https://develop.svn.wordpress.org/branches/3.9@42078
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:45:15 +00:00
Gary Pendergast
9b92304fd1
Database: Restore numbered placeholders in `wpdb::prepare()`.
...
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 3.9 branch.
See #41925 .
Built from https://develop.svn.wordpress.org/branches/3.9@42066
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:57:16 +00:00
Dominik Schilling
ee47cb6d42
Users: Use correct escaping function for URLs.
...
Merge of [41522] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41532
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:40:14 +00:00
Aaron Campbell
79224df81a
Bump 3.9 branch to version 3.9.20.
...
Built from https://develop.svn.wordpress.org/branches/3.9@41519
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:13:15 +00:00
Aaron Campbell
f6afa94bef
Database: Hardening to bring `wpdb::prepare()` inline with documentation.
...
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41506
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:43:15 +00:00
Aaron Campbell
30570f494f
Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`.
...
While `wpdb::prepare()` does not support null values (see #12819 ) they still appear in the wild like in the WordPress Importer and other plugins.
Merges [41483] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41493
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:27:16 +00:00
Aaron Campbell
a5756e9c27
Database: Hardening for `wpdb::prepare()`
...
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41480
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:04:33 +00:00
John Blackbourn
f5db1e4375
Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
...
Merges [41457] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41467
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:45:15 +00:00
John Blackbourn
d46699267b
General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
...
Merges [41434] with changes to the 3.9 branch.
See #13377
Built from https://develop.svn.wordpress.org/branches/3.9@41449
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:44:15 +00:00
Dominik Schilling
0237d2915a
Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41426
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:15:31 +00:00
Dominik Schilling
435ca07747
Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog.
...
Merge of [41393] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@41409
git-svn-id: http://core.svn.wordpress.org/branches/3.9@41242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:20:24 +00:00
Aaron Campbell
66aaaa6aa8
Bump 3.9 branch to version 3.9.19.
...
Built from https://develop.svn.wordpress.org/branches/3.9@40756
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:53:55 +00:00
Pascal Birchler
73b0352cba
Media: Simplify upload error message construction.
...
Merges [40736] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40745
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:05:32 +00:00
Aaron Campbell
700dd168fd
Add nonce for updating file system credentials.
...
Merges [40723] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40732
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:57:32 +00:00
Dominik Schilling
9febffc6f7
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40713
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:21:15 +00:00
Pascal Birchler
c2f264d25f
Adjust post meta checks
...
Merges [40692] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40701
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:54:15 +00:00
Pascal Birchler
a81079c403
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40686
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:29:15 +00:00
Pascal Birchler
063e974bd7
Bump 3.9 branch to version 3.9.18.
...
Built from https://develop.svn.wordpress.org/branches/3.9@40495
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:28:15 +00:00
Pascal Birchler
a05429ecd1
Fix broken audio/video functions when sanitizing ID3 data
...
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.
See #40075 , #40085 .
Merges [40400] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40468
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:34:16 +00:00
James Nylen
f2ef35f4a9
Bump 3.9 branch to version 3.9.17.
...
Built from https://develop.svn.wordpress.org/branches/3.9@40210
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:42:15 +00:00
Aaron Campbell
244804028c
Strip control characters before validating redirect.
...
Merges [40183] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40192
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:45:58 +00:00
Aaron Campbell
fcec9ed6ff
Plugins: Add file check to plugin deletions.
...
Merges [40169] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40178
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:05:15 +00:00
Jeremy Felt
ca488f141f
Validate video and audio metadata.
...
Merge of [40148] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40157
git-svn-id: http://core.svn.wordpress.org/branches/3.9@40096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:12:16 +00:00
Aaron Campbell
946d349b71
Bump 3.9 branch to version 3.9.16.
...
Built from https://develop.svn.wordpress.org/branches/3.9@40004
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:29:15 +00:00
John Blackbourn
6e66a60c3c
Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
...
Merges [39956] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39987
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:20:15 +00:00
Dominik Schilling
a81be45d5d
Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
...
Merge of [39968] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39979
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:14:58 +00:00
Dominik Schilling
13a15e6e07
Query: Ensure that queries work correctly with post type names with special characters.
...
Merge of [39952] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39964
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:53:00 +00:00
Aaron Campbell
ec5bf14855
Bump 3.9 branch to version 3.9.15.
...
Built from https://develop.svn.wordpress.org/branches/3.9@39868
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:59:32 +00:00
Joe McGill
e2ef6cefbe
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39859
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:45:15 +00:00
Joe McGill
c47e0b66a2
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39840
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:20:15 +00:00
Dominik Schilling
95c2ed6e0d
Updates: Translate plugin data on the Updates screen.
...
Merge of [39808] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39828
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:43:22 +00:00
Dominik Schilling
d9f0c45795
Themes: Fix markup for theme name fallbacks.
...
Merge of [39807] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39817
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:12:53 +00:00
Jeremy Felt
8d2a900277
Multisite: Use `wp_rand()` in signup key creation.
...
Merges [39795] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39804
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:36:32 +00:00
Dion Hulse
924f935cb3
Update PHPMailer to 5.2.22.
...
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22
Merges [39759] to the 3.9 branch.
Fixes #37210 for 3.9.
Built from https://develop.svn.wordpress.org/branches/3.9@39792
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:26:32 +00:00
Jeremy Felt
498ad8eb14
Mail: Disable wp-mail.php when `mailserver_url` is mail.example.com.
...
Merges [39772] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39781
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:21:15 +00:00
Aaron Campbell
1db0b6e251
Add nonce for widget accessibility mode.
...
Props vortfu.
See #23328 .
Merges [39765] to 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39769
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:52:15 +00:00
Dion Hulse
40ce4b29b1
Mail: Upgrade PHPMailer to 5.2.21.
...
Merges [39645], [36083], [33142], [33124], [29783] to the 3.9 branch.
See #37210 .
Built from https://develop.svn.wordpress.org/branches/3.9@39729
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:06:55 +00:00
Joe McGill
57383c5143
Media: Improved media titles when created from filename.
...
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.
Merge of [38615] to the 3.9 branch.
Fixes #37989 .
Built from https://develop.svn.wordpress.org/branches/3.9@39717
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:01:57 +00:00
Dion Hulse
04cab520ed
General: Update copyright year to 2017 in license.txt.
...
Props Nikschavan.
Merges [39659] to the 3.9 branch.
Fixes #39433 .
Built from https://develop.svn.wordpress.org/branches/3.9@39705
git-svn-id: http://core.svn.wordpress.org/branches/3.9@39645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 21:55:27 +00:00
Jeremy Felt
ca27550a35
Bump 3.9 branch to 3.9.14.
...
Built from https://develop.svn.wordpress.org/branches/3.9@38556
git-svn-id: http://core.svn.wordpress.org/branches/3.9@38499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 15:02:18 +00:00
Jeremy Felt
cc80d2c131
Media: Sanitize upload filename.
...
Merge of [38538] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@38546
git-svn-id: http://core.svn.wordpress.org/branches/3.9@38489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:00:34 +00:00
Pascal Birchler
391fa0940c
Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
...
Merge of [38524] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@38532
git-svn-id: http://core.svn.wordpress.org/branches/3.9@38473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 18:03:16 +00:00
Boone Gorges
41276a8b92
Bump 3.9 branch to 3.9.13.
...
Built from https://develop.svn.wordpress.org/branches/3.9@37834
git-svn-id: http://core.svn.wordpress.org/branches/3.9@37799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:44:14 +00:00
Joe McGill
b7be0d01c0
Media: Improve handling of extensionless filenames.
...
Merge of [37756] to the 3.9 branch.
See #37111 .
Built from https://develop.svn.wordpress.org/branches/3.9@37822
git-svn-id: http://core.svn.wordpress.org/branches/3.9@37787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:59:24 +00:00
Nikolay Bachiyski
9858249ed9
Admin: escape URL-encoded permalinks
...
Merge of [37801] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37820
git-svn-id: http://core.svn.wordpress.org/branches/3.9@37785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:58:32 +00:00
Rachel Baker
5d8157a774
Revisions: Change the capability needed to view revision diffs to `edit_post`.
...
Merge of [37779] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37803
git-svn-id: http://core.svn.wordpress.org/branches/3.9@37768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:48:15 +00:00