Commit Graph

12721 Commits

Author SHA1 Message Date
John Blackbourn d8e9c02011 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42304


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:40:50 +00:00
Gary Pendergast 76ec03176d Bump 3.9 branch to version 3.9.21.
Built from https://develop.svn.wordpress.org/branches/3.9@42078


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:45:15 +00:00
Dominik Schilling ee47cb6d42 Users: Use correct escaping function for URLs.
Merge of [41522] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@41532


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:40:14 +00:00
Aaron Campbell 79224df81a Bump 3.9 branch to version 3.9.20.
Built from https://develop.svn.wordpress.org/branches/3.9@41519


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:13:15 +00:00
John Blackbourn f5db1e4375 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@41467


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:45:15 +00:00
John Blackbourn d46699267b General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41434] with changes to the 3.9 branch.

See #13377

Built from https://develop.svn.wordpress.org/branches/3.9@41449


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:44:15 +00:00
Dominik Schilling 0237d2915a Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@41426


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:15:31 +00:00
Aaron Campbell 66aaaa6aa8 Bump 3.9 branch to version 3.9.19.
Built from https://develop.svn.wordpress.org/branches/3.9@40756


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:53:55 +00:00
Aaron Campbell 700dd168fd Add nonce for updating file system credentials.
Merges [40723] to 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40732


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:57:32 +00:00
Dominik Schilling 9febffc6f7 Customize: Ignore invalid customization sessions.
Merge of [40704] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40713


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:21:15 +00:00
Pascal Birchler 063e974bd7 Bump 3.9 branch to version 3.9.18.
Built from https://develop.svn.wordpress.org/branches/3.9@40495


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:28:15 +00:00
Pascal Birchler a05429ecd1 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40468


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:34:16 +00:00
James Nylen f2ef35f4a9 Bump 3.9 branch to version 3.9.17.
Built from https://develop.svn.wordpress.org/branches/3.9@40210


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:42:15 +00:00
Aaron Campbell fcec9ed6ff Plugins: Add file check to plugin deletions.
Merges [40169] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@40178


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:05:15 +00:00
Jeremy Felt ca488f141f Validate video and audio metadata.
Merge of [40148] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40157


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:12:16 +00:00
Aaron Campbell 946d349b71 Bump 3.9 branch to version 3.9.16.
Built from https://develop.svn.wordpress.org/branches/3.9@40004


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:29:15 +00:00
John Blackbourn 6e66a60c3c Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39987


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:20:15 +00:00
Dominik Schilling a81be45d5d Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39979


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:14:58 +00:00
Aaron Campbell ec5bf14855 Bump 3.9 branch to version 3.9.15.
Built from https://develop.svn.wordpress.org/branches/3.9@39868


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:59:32 +00:00
Dominik Schilling 95c2ed6e0d Updates: Translate plugin data on the Updates screen.
Merge of [39808] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39828


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:43:22 +00:00
Aaron Campbell 1db0b6e251 Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39765] to 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39769


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:52:15 +00:00
Joe McGill 57383c5143 Media: Improved media titles when created from filename.
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 3.9 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/3.9@39717


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:01:57 +00:00
Jeremy Felt ca27550a35 Bump 3.9 branch to 3.9.14.
Built from https://develop.svn.wordpress.org/branches/3.9@38556


git-svn-id: http://core.svn.wordpress.org/branches/3.9@38499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 15:02:18 +00:00
Jeremy Felt cc80d2c131 Media: Sanitize upload filename.
Merge of [38538] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@38546


git-svn-id: http://core.svn.wordpress.org/branches/3.9@38489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:00:34 +00:00
Pascal Birchler 391fa0940c Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
Merge of [38524] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@38532


git-svn-id: http://core.svn.wordpress.org/branches/3.9@38473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 18:03:16 +00:00
Boone Gorges 41276a8b92 Bump 3.9 branch to 3.9.13.
Built from https://develop.svn.wordpress.org/branches/3.9@37834


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:44:14 +00:00
Nikolay Bachiyski 9858249ed9 Admin: escape URL-encoded permalinks
Merge of [37801] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37820


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:58:32 +00:00
Rachel Baker 5d8157a774 Revisions: Change the capability needed to view revision diffs to `edit_post`.
Merge of [37779] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37803


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:48:15 +00:00
Boone Gorges e3098a4983 Taxonomy: More specific cap check when processing category data on post save.
Ports [37691] to the 3.9 branch.

Props dlh.
Fixes #36379.
Built from https://develop.svn.wordpress.org/branches/3.9@37784


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:23:58 +00:00
Dominik Schilling 3c90ea60d9 Customize: Make sure that preview and return URLs are URLs.
Merge of [37527] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37777


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:21:50 +00:00
Dominik Schilling 7f38e9a815 Bump 3.9 branch to 3.9.12.
Built from https://develop.svn.wordpress.org/branches/3.9@37390


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:15:30 +00:00
Jeremy Felt 594a9e14e7 Multisite: Improve escaping in network settings.
Merge of [37124] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37130


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 16:06:14 +00:00
Dominik Schilling ba70965edc Multisite: Validate new email address confirmations.
Merge of [37103] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37109


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:51:15 +00:00
Dominik Schilling ea26079cde Bump 3.9 branch to 3.9.11.
Built from https://develop.svn.wordpress.org/branches/3.9@36460


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:30:14 +00:00
Dominik Schilling 97a834aaab Bump 3.9 branch to 3.9.10.
Built from https://develop.svn.wordpress.org/branches/3.9@36201


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:51:14 +00:00
Helen Hou-Sandí 831baf7b04 Bump 3.9 branch to 3.9.9.
Built from https://develop.svn.wordpress.org/branches/3.9@34185


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 14:29:45 +00:00
Dominik Schilling fdc6949e64 XMLRPC: Don't allow private posts to be sticky.
Merge of [33325], [33612], and [34135] to the 3.9 branch.

See #20662.
Built from https://develop.svn.wordpress.org/branches/3.9@34155


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 23:02:14 +00:00
Nikolay Bachiyski 0c61562bf5 List tables: escape user e-mails
Merges [34133] for 3.9 branch

Built from https://develop.svn.wordpress.org/branches/3.9@34141


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:44:14 +00:00
Dominik Schilling fc3a293811 Bump 3.9 branch to version 3.9.8.
Built from https://develop.svn.wordpress.org/branches/3.9@33570


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 11:40:14 +00:00
Dominik Schilling 8417706532 Heartbeat: Ensure post locks are released.
Merge of [33542] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@33546


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-04 04:56:06 +00:00
Gary Pendergast 9641009151 Bump 3.9 branch to version 3.9.7.
Built from https://develop.svn.wordpress.org/branches/3.9@33398


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 11:08:13 +00:00
Gary Pendergast c5eb54f359 Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.
Merge of [33357] to the 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@33377


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 04:12:14 +00:00
Dominik Schilling 98037bb876 3.9.6 version bumps.
Built from https://develop.svn.wordpress.org/branches/3.9@32437


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 23:30:15 +00:00
Michael Adams d4608a9fe5 Upgrade: `$wpdb->get_col_length()` sanity check: bail on unexpected return value.
Merges [32429] for the 3.9 branch.

See #32165.

Built from https://develop.svn.wordpress.org/branches/3.9@32433


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 23:14:15 +00:00
Michael Adams 464ce8a75f Upgrade: Ensure unintelligible DB schemas don't result in content loss.
Merge of [32417] to the 3.9 branch.

See #32165.

Props ocean90.

Built from https://develop.svn.wordpress.org/branches/3.9@32421


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:53:15 +00:00
Aaron Jorbin 96890b155a Remove debugging comments from [32408]
Built from https://develop.svn.wordpress.org/branches/3.9@32409


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:30:15 +00:00
Aaron Jorbin fbb0252a46 When upgrading WordPress remove genericons example.html files
[32385] for 3.9 branch

Props @dd32, @boonebgorges, @johnjamesjacoby, @drewapicture, @jorbin



Built from https://develop.svn.wordpress.org/branches/3.9@32408


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:20:14 +00:00
Michael Adams 1c86df8bbf WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
Merge of [32364] to the 3.9 branch.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.

Built from https://develop.svn.wordpress.org/branches/3.9@32389


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:12:16 +00:00
Michael Adams 10be03b2d7 3.9:
- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
- When upgrading, remove any suspicious comments.

Built from https://develop.svn.wordpress.org/branches/3.9@32316


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 18:30:15 +00:00
Helen Hou-Sandí 67a0654bcb The 3.9 branch is now 3.9.5.
Built from https://develop.svn.wordpress.org/branches/3.9@32284


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 21:35:52 +00:00