Sergey Biryukov
2a4ac1ce68
Escape the output in `wp_ajax_upload_attachment()`.
...
Merges [45936] to the 4.6 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.6@45948
git-svn-id: http://core.svn.wordpress.org/branches/4.6@45759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:36:24 +00:00
Gary Pendergast
5db18ede70
WordPress 4.6.14
...
Built from https://develop.svn.wordpress.org/branches/4.6@44874
git-svn-id: http://core.svn.wordpress.org/branches/4.6@44705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:18:21 +00:00
Sergey Biryukov
1ff333ca3b
Comments: Improve comment content filtering.
...
Merges [44842] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44848
git-svn-id: http://core.svn.wordpress.org/branches/4.6@44680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:37:22 +00:00
Jeremy Felt
c046ee1abd
Bump 4.6 branch to version 4.6.13.
...
Built from https://develop.svn.wordpress.org/branches/4.6@44081
git-svn-id: http://core.svn.wordpress.org/branches/4.6@43911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:14:04 +00:00
Gary Pendergast
5a48d3af8b
Editor: Remove unwanted fields before saving posts.
...
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44058
git-svn-id: http://core.svn.wordpress.org/branches/4.6@43888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:43:21 +00:00
Peter Wilson
41a7a8e581
Multisite: Validate activation links.
...
Merges [44048] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44057
git-svn-id: http://core.svn.wordpress.org/branches/4.6@43887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:42:20 +00:00
Aaron Campbell
4f99911c22
Bump 4.6 branch to version 4.6.12
...
Built from https://develop.svn.wordpress.org/branches/4.6@43410
git-svn-id: http://core.svn.wordpress.org/branches/4.6@43238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:12:07 +00:00
Aaron Campbell
5798a9e9ae
Bump 4.6 branch to version 4.6.11
...
Built from https://develop.svn.wordpress.org/branches/4.6@42936
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:28:04 +00:00
Dion Hulse
daf7cc8b30
Bump the 4.6 branch to 4.6.10.
...
Built from https://develop.svn.wordpress.org/branches/4.6@42497
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:41:36 +00:00
Dion Hulse
ce6ffb6d25
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
...
Merges [42478] to the 4.6 branch.
Fixes #42720 for 4.6.
Built from https://develop.svn.wordpress.org/branches/4.6@42480
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:06:35 +00:00
Dion Hulse
cf61ff994d
Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
...
Props joemcgill, dd32.
Merges [42434] to the 4.6 branch.
Fixes #42963 for 4.6.
Built from https://develop.svn.wordpress.org/branches/4.6@42468
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:55:34 +00:00
John Blackbourn
8b0e75a650
Bump 4.6 branch to version 4.6.9.
...
Built from https://develop.svn.wordpress.org/branches/4.6@42319
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 18:59:35 +00:00
John Blackbourn
78c7ec883d
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@42276
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:21:34 +00:00
Gary Pendergast
9c29274681
Bump 4.6 branch to version 4.6.8.
...
Built from https://develop.svn.wordpress.org/branches/4.6@42071
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:15:33 +00:00
Dominik Schilling
8dc1cd00a1
Taxonomy/Users: Use correct escaping function for URLs.
...
Merge of [41522] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@41525
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:28:32 +00:00
Dominik Schilling
8d5d807270
Bump 4.6 branch to version 4.6.7.
...
Built from https://develop.svn.wordpress.org/branches/4.6@41512
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:59:33 +00:00
John Blackbourn
4733856aee
Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
...
Merges [41457] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@41460
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:39:34 +00:00
Dominik Schilling
acd952f9c7
Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@41419
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:12:41 +00:00
John Blackbourn
f12b16a291
General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
...
Merges [41413] to the 4.6 branch
See #13377
Built from https://develop.svn.wordpress.org/branches/4.6@41414
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:22:34 +00:00
Aaron Campbell
bacf919c26
Bump 4.7 branch to version 4.6.6.
...
Built from https://develop.svn.wordpress.org/branches/4.6@40749
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:49:33 +00:00
Aaron Campbell
e07088f06e
Add nonce for updating file system credentials.
...
Merges [40723] to 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40725
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:53:33 +00:00
Dominik Schilling
f2f9b5e493
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40706
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:15:34 +00:00
Pascal Birchler
43c3b11cee
Bump 4.6 branch to version 4.6.5.
...
Built from https://develop.svn.wordpress.org/branches/4.6@40488
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:22:35 +00:00
Pascal Birchler
98c13fefb2
Fix broken audio/video functions when sanitizing ID3 data
...
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.
See #40075 , #40085 .
Merges [40400] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40461
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:07:36 +00:00
James Nylen
299bfe429c
Bump 4.6 branch to version 4.6.4.
...
Built from https://develop.svn.wordpress.org/branches/4.6@40203
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:08:34 +00:00
John Blackbourn
70a97d6789
Press This: Verify intent before fetching in-page resources using Press This.
...
Props vortfu
Merges [40195] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40197
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:58:33 +00:00
Aaron Campbell
b67b8d56d9
Plugins: Add file check to plugin deletions.
...
Merges [40169] to 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40171
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:59:34 +00:00
Jeremy Felt
fe1162e5f1
Validate video and audio metadata.
...
Merge of [40148] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@40150
git-svn-id: http://core.svn.wordpress.org/branches/4.6@40089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:04:35 +00:00
Aaron Campbell
baf66f786a
Bump 4.6 branch to version 4.6.3.
...
Built from https://develop.svn.wordpress.org/branches/4.6@39996
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:16:33 +00:00
Dominik Schilling
88e92019c3
Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
...
Merge of [39968] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39971
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:10:33 +00:00
John Blackbourn
df08ef2450
Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
...
Merges [39956] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39970
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:09:35 +00:00
Aaron Campbell
9cbfb359cb
Use plural string 'Maintenance and Security Releases' since we have two now
...
Built from https://develop.svn.wordpress.org/branches/4.6@39847
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 15:31:32 +00:00
Aaron Campbell
74ecd3d1f3
Bump 4.6 branch to version 4.6.2.
...
Built from https://develop.svn.wordpress.org/branches/4.6@39846
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 15:24:33 +00:00
Dominik Schilling
b6f03a6084
Updates: Translate plugin data on the Updates screen.
...
Merge of [39808] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39821
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:40:06 +00:00
Aaron Campbell
ebbfc7179c
Add nonce for widget accessibility mode.
...
Props vortfu.
See #23328 .
Merges [39760] to 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39762
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:43:35 +00:00
Aaron Campbell
38430b0533
Media: Improved media titles when created from filename.
...
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.
Merge of [38614] to the 4.6 branch.
Props joemcgill.
Fixes #37989 .
Built from https://develop.svn.wordpress.org/branches/4.6@38615
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-17 06:27:31 +00:00
Jeremy Felt
1e85e502a0
Bump 4.6 branch to 4.6.1.
...
Built from https://develop.svn.wordpress.org/branches/4.6@38549
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:57:32 +00:00
Jeremy Felt
e860e24b6e
Media: Sanitize upload filename.
...
Merge of [38538] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@38539
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:57:29 +00:00
Pascal Birchler
b9f38d1aa8
Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
...
Merge of [38524] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@38525
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:29:31 +00:00
Jeremy Felt
0c064f4ed8
Editor: fix jumpiness on pressing backspace and delete in the Text editor.
...
Merge of [38426] to the 4.6 branch.
Props azaozz.
Fixes #37690 .
Built from https://develop.svn.wordpress.org/branches/4.6@38487
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 23:13:30 +00:00
Jeremy Felt
b39313803a
Upgrade/Install: After [37687], fix the number of params passed to the upgrade hooks.
...
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.
Merge of [38415] to the 4.6 branch.
Props ionutst, gitlost, swissspidy.
Fixes #37731 .
Built from https://develop.svn.wordpress.org/branches/4.6@38475
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 18:12:30 +00:00
Dominik Schilling
73d78fbe90
About Page: Add release video and move images to CDN.
...
Merge of [38267] to the 4.6 branch.
Props JerrySarcastic, rosso99, petya, hugobaeta, RoseAppleMedia.
See #37246 .
Built from https://develop.svn.wordpress.org/branches/4.6@38268
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-16 18:02:01 +00:00
Dominik Schilling
9652a4916b
About Page: Enhance responsive images.
...
* Add `srcset` and `sizes` to the mobile image for streamlined updates.
* Modify the order of image candidate strings in each `srcset` to address a bug in iOS8 where the first candidate will always be selected when using `w` descriptors, see #35030 .
Merge of [38257] to the 4.6 branch.
Props joemcgill.
See #37246 .
Built from https://develop.svn.wordpress.org/branches/4.6@38258
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-13 19:33:31 +00:00
Dominik Schilling
05eb0237ce
About Page: Fix punctuation errors in two strings.
...
Merge of [38248] to the 4.6 branch.
See #37246 .
Built from https://develop.svn.wordpress.org/branches/4.6@38249
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-11 20:54:54 +00:00
Dominik Schilling
73f3896134
About Page: Updates for 4.6.
...
Merge of [38213], [38215], [38234], and [38244] to the 4.6 branch.
Props hugobaeta, Ipstenu, SergeyBiryukov, Presskopp, jeremyfelt, afragen, helen, Clorith, macmanx, DrewAPicture, voldemortensen, jorbin, joemcgill, MattyRob, ocean90.
Fixes #37246 .
Built from https://develop.svn.wordpress.org/branches/4.6@38245
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 23:57:30 +00:00
Dominik Schilling
7fec14f382
Upgrader: Rename `class-wp-automatic-upgrader.php` to `class-wp-automatic-updater.php`.
...
The class is named `WP_Automatic_Updater` not `WP_Automatic_Upgrader` like all the other upgrader classes.
Introduced in [37409].
Merge of [38242] to the 4.6 branch.
Props DrewAPicture for review.
Fixes #37628 .
Built from https://develop.svn.wordpress.org/branches/4.6@38243
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 19:57:30 +00:00
Andrew Ozz
ae8722f109
Update/Install error messages: do not escape from the template, escape the error message string before inserting it.
...
Props swissspidy, ocean90.
Fixes #37623 for 4.6.
Built from https://develop.svn.wordpress.org/branches/4.6@38241
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-10 19:06:31 +00:00
Drew Jaynes
444cb81b45
Update/Install: Provide basic back-compat styling for the `.update-message` CSS class in the plugins list table.
...
This change restores only the margin and padding styles for the `.update-message` class when used by plugins in the context of adding arbitrary rows to the list table. The inline-update colors and icon styles were not restored, expressly with a wide variety of plugin use-cases in mind.
Merge of [38237] to the 4.6 branch.
Props ovann86, rahulsprajapati, ocean90, DrewAPicture.
Props helen for review.
Fixes #37504 .
Built from https://develop.svn.wordpress.org/branches/4.6@38238
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 22:49:33 +00:00
Dominik Schilling
dd5cb26de2
Media: In `_wp_handle_upload()` use `call_user_func_array()` to call the upload error handler.
...
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning: Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.
To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.
Merge of [38235] to the 4.6 branch.
Props jbrinley.
Props jorbin for review.
See #37570 .
Built from https://develop.svn.wordpress.org/branches/4.6@38236
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 21:56:30 +00:00
Dominik Schilling
9c0dfce2ac
Updates: Add visual feedback when deleting themes/plugins.
...
This corrects the selector for the delete link in `wp.updates.deletePlugin()` so the text can be changed to 'Deleting…'. `wp.updates.deleteTheme()` already worked on wp-admin/themes.php but not on wp-admin/network/themes.php because the network screen is similar to the plugins list table, this is now fixed too.
The `credential-modal-cancel` handler has been updated to support canceled delete jobs.
Merge of [38227] to the 4.6 branch.
Props swissspidy.
Props jorbin for review.
See #37603 .
Built from https://develop.svn.wordpress.org/branches/4.6@38228
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 10:41:36 +00:00