Commit Graph

15917 Commits

Author SHA1 Message Date
Sergey Biryukov 2a4ac1ce68 Escape the output in `wp_ajax_upload_attachment()`.
Merges [45936] to the 4.6 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.6@45948


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:36:24 +00:00
Gary Pendergast 5db18ede70 WordPress 4.6.14
Built from https://develop.svn.wordpress.org/branches/4.6@44874


git-svn-id: http://core.svn.wordpress.org/branches/4.6@44705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:18:21 +00:00
Sergey Biryukov 1ff333ca3b Comments: Improve comment content filtering.
Merges [44842] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44848


git-svn-id: http://core.svn.wordpress.org/branches/4.6@44680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:37:22 +00:00
Jeremy Felt c046ee1abd Bump 4.6 branch to version 4.6.13.
Built from https://develop.svn.wordpress.org/branches/4.6@44081


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:14:04 +00:00
Gary Pendergast 5a48d3af8b Editor: Remove unwanted fields before saving posts.
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@44058


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:43:21 +00:00
Peter Wilson 41a7a8e581 Multisite: Validate activation links.
Merges [44048] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@44057


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:42:20 +00:00
Aaron Campbell 4f99911c22 Bump 4.6 branch to version 4.6.12
Built from https://develop.svn.wordpress.org/branches/4.6@43410


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:12:07 +00:00
Aaron Campbell 5798a9e9ae Bump 4.6 branch to version 4.6.11
Built from https://develop.svn.wordpress.org/branches/4.6@42936


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:28:04 +00:00
Dion Hulse daf7cc8b30 Bump the 4.6 branch to 4.6.10.
Built from https://develop.svn.wordpress.org/branches/4.6@42497


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:41:36 +00:00
Dion Hulse ce6ffb6d25 External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.6 branch.
Fixes #42720 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@42480


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:06:35 +00:00
Dion Hulse cf61ff994d Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
Props joemcgill, dd32.
Merges [42434] to the 4.6 branch.
Fixes #42963 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@42468


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:55:34 +00:00
John Blackbourn 8b0e75a650 Bump 4.6 branch to version 4.6.9.
Built from https://develop.svn.wordpress.org/branches/4.6@42319


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 18:59:35 +00:00
John Blackbourn 78c7ec883d Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42276


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:21:34 +00:00
Gary Pendergast 9c29274681 Bump 4.6 branch to version 4.6.8.
Built from https://develop.svn.wordpress.org/branches/4.6@42071


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:15:33 +00:00
Dominik Schilling 8dc1cd00a1 Taxonomy/Users: Use correct escaping function for URLs.
Merge of [41522] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@41525


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:28:32 +00:00
Dominik Schilling 8d5d807270 Bump 4.6 branch to version 4.6.7.
Built from https://develop.svn.wordpress.org/branches/4.6@41512


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:59:33 +00:00
John Blackbourn 4733856aee Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@41460


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:39:34 +00:00
Dominik Schilling acd952f9c7 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@41419


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:12:41 +00:00
John Blackbourn f12b16a291 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41413] to the 4.6 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.6@41414


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:22:34 +00:00
Aaron Campbell bacf919c26 Bump 4.7 branch to version 4.6.6.
Built from https://develop.svn.wordpress.org/branches/4.6@40749


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:49:33 +00:00
Aaron Campbell e07088f06e Add nonce for updating file system credentials.
Merges [40723] to 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40725


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:53:33 +00:00
Dominik Schilling f2f9b5e493 Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40706


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:15:34 +00:00
Pascal Birchler 43c3b11cee Bump 4.6 branch to version 4.6.5.
Built from https://develop.svn.wordpress.org/branches/4.6@40488


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:22:35 +00:00
Pascal Birchler 98c13fefb2 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40461


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:07:36 +00:00
James Nylen 299bfe429c Bump 4.6 branch to version 4.6.4.
Built from https://develop.svn.wordpress.org/branches/4.6@40203


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:08:34 +00:00
John Blackbourn 70a97d6789 Press This: Verify intent before fetching in-page resources using Press This.
Props vortfu

Merges [40195] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40197


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:58:33 +00:00
Aaron Campbell b67b8d56d9 Plugins: Add file check to plugin deletions.
Merges [40169] to 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@40171


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:59:34 +00:00
Jeremy Felt fe1162e5f1 Validate video and audio metadata.
Merge of [40148] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40150


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:04:35 +00:00
Aaron Campbell baf66f786a Bump 4.6 branch to version 4.6.3.
Built from https://develop.svn.wordpress.org/branches/4.6@39996


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:16:33 +00:00
Dominik Schilling 88e92019c3 Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39971


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:10:33 +00:00
John Blackbourn df08ef2450 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39970


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:09:35 +00:00
Aaron Campbell 9cbfb359cb Use plural string 'Maintenance and Security Releases' since we have two now
Built from https://develop.svn.wordpress.org/branches/4.6@39847


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 15:31:32 +00:00
Aaron Campbell 74ecd3d1f3 Bump 4.6 branch to version 4.6.2.
Built from https://develop.svn.wordpress.org/branches/4.6@39846


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 15:24:33 +00:00
Dominik Schilling b6f03a6084 Updates: Translate plugin data on the Updates screen.
Merge of [39808] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39821


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:40:06 +00:00
Aaron Campbell ebbfc7179c Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39760] to 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@39762


git-svn-id: http://core.svn.wordpress.org/branches/4.6@39700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:43:35 +00:00
Aaron Campbell 38430b0533 Media: Improved media titles when created from filename.
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38614] to the 4.6 branch.

Props joemcgill.
Fixes #37989.


Built from https://develop.svn.wordpress.org/branches/4.6@38615


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-17 06:27:31 +00:00
Jeremy Felt 1e85e502a0 Bump 4.6 branch to 4.6.1.
Built from https://develop.svn.wordpress.org/branches/4.6@38549


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:57:32 +00:00
Jeremy Felt e860e24b6e Media: Sanitize upload filename.
Merge of [38538] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@38539


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:57:29 +00:00
Pascal Birchler b9f38d1aa8 Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
Merge of [38524] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@38525


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:29:31 +00:00
Jeremy Felt 0c064f4ed8 Editor: fix jumpiness on pressing backspace and delete in the Text editor.
Merge of [38426] to the 4.6 branch.

Props azaozz.
Fixes #37690.

Built from https://develop.svn.wordpress.org/branches/4.6@38487


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 23:13:30 +00:00
Jeremy Felt b39313803a Upgrade/Install: After [37687], fix the number of params passed to the upgrade hooks.
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.

Merge of [38415] to the 4.6 branch.

Props ionutst, gitlost, swissspidy.
Fixes #37731.

Built from https://develop.svn.wordpress.org/branches/4.6@38475


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 18:12:30 +00:00
Dominik Schilling 73d78fbe90 About Page: Add release video and move images to CDN.
Merge of [38267] to the 4.6 branch.

Props JerrySarcastic, rosso99, petya, hugobaeta, RoseAppleMedia.
See #37246.
Built from https://develop.svn.wordpress.org/branches/4.6@38268


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-16 18:02:01 +00:00
Dominik Schilling 9652a4916b About Page: Enhance responsive images.
* Add `srcset` and `sizes` to the mobile image for streamlined updates.
* Modify the order of image candidate strings in each `srcset` to address a bug in iOS8 where the first candidate will always be selected when using `w` descriptors, see #35030.

Merge of [38257] to the 4.6 branch.

Props joemcgill.
See #37246.
Built from https://develop.svn.wordpress.org/branches/4.6@38258


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-13 19:33:31 +00:00
Dominik Schilling 05eb0237ce About Page: Fix punctuation errors in two strings.
Merge of [38248] to the 4.6 branch.

See #37246.
Built from https://develop.svn.wordpress.org/branches/4.6@38249


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-11 20:54:54 +00:00
Dominik Schilling 73f3896134 About Page: Updates for 4.6.
Merge of [38213], [38215], [38234], and [38244] to the 4.6 branch.

Props hugobaeta, Ipstenu, SergeyBiryukov, Presskopp, jeremyfelt, afragen, helen, Clorith, macmanx, DrewAPicture, voldemortensen, jorbin, joemcgill, MattyRob, ocean90.
Fixes #37246.
Built from https://develop.svn.wordpress.org/branches/4.6@38245


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 23:57:30 +00:00
Dominik Schilling 7fec14f382 Upgrader: Rename `class-wp-automatic-upgrader.php` to `class-wp-automatic-updater.php`.
The class is named `WP_Automatic_Updater` not `WP_Automatic_Upgrader` like all the other upgrader classes. 

Introduced in [37409].

Merge of [38242] to the 4.6 branch.

Props DrewAPicture for review.
Fixes #37628.
Built from https://develop.svn.wordpress.org/branches/4.6@38243


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 19:57:30 +00:00
Andrew Ozz ae8722f109 Update/Install error messages: do not escape from the template, escape the error message string before inserting it.
Props swissspidy, ocean90.
Fixes #37623 for 4.6.
Built from https://develop.svn.wordpress.org/branches/4.6@38241


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 19:06:31 +00:00
Drew Jaynes 444cb81b45 Update/Install: Provide basic back-compat styling for the `.update-message` CSS class in the plugins list table.
This change restores only the margin and padding styles for the `.update-message` class when used by plugins in the context of adding arbitrary rows to the list table. The inline-update colors and icon styles were not restored, expressly with a wide variety of plugin use-cases in mind.

Merge of [38237] to the 4.6 branch.

Props ovann86, rahulsprajapati, ocean90, DrewAPicture.
Props helen for review.
Fixes #37504. 

Built from https://develop.svn.wordpress.org/branches/4.6@38238


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 22:49:33 +00:00
Dominik Schilling dd5cb26de2 Media: In `_wp_handle_upload()` use `call_user_func_array()` to call the upload error handler.
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning:  Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.

To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.

Merge of [38235] to the 4.6 branch.

Props jbrinley.
Props jorbin for review.
See #37570.
Built from https://develop.svn.wordpress.org/branches/4.6@38236


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 21:56:30 +00:00
Dominik Schilling 9c0dfce2ac Updates: Add visual feedback when deleting themes/plugins.
This corrects the selector for the delete link in `wp.updates.deletePlugin()` so the text can be changed to 'Deleting…'. `wp.updates.deleteTheme()` already worked on wp-admin/themes.php but not on wp-admin/network/themes.php because the network screen is similar to the plugins list table, this is now fixed too.
The `credential-modal-cancel` handler has been updated to support canceled delete jobs.

Merge of [38227] to the 4.6 branch.

Props swissspidy.
Props jorbin for review.
See #37603.
Built from https://develop.svn.wordpress.org/branches/4.6@38228


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 10:41:36 +00:00