Commit Graph

36196 Commits

Author SHA1 Message Date
Dominik Schilling f920f99c1c Bump 4.7 branch to version 4.7.6.
Built from https://develop.svn.wordpress.org/branches/4.7@41511


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:56:36 +00:00
Dominik Schilling ec72da84f3 Bump 4.7 branch to version 4.7.3.
Built from https://develop.svn.wordpress.org/branches/4.7@41510


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:51:32 +00:00
Aaron Campbell 727aa4586a Database: Hardening to bring `wpdb::prepare()` inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41498


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:12:33 +00:00
Aaron Campbell 8e19eed411 Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`.
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41485


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:20:06 +00:00
Aaron Campbell 5b685405be Database: Hardening for `wpdb::prepare()`
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41472


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:59:36 +00:00
John Blackbourn 2915a1c876 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41459


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:38:34 +00:00
Aaron Campbell 2a7026d88f oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
Merges [41448] to 4.7 branch.



Built from https://develop.svn.wordpress.org/branches/4.7@41451


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:48:35 +00:00
Dominik Schilling af0877f0db TinyMCE: Improve the previews for shortcodes.
Merge of [41395] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41436


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:42:05 +00:00
Dominik Schilling c259dff63c Customize: Ensure valid themes in the preview.
Merge of [41397] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41430


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:51:06 +00:00
Dominik Schilling a0af012ed0 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41418


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:12:08 +00:00
John Blackbourn 7c8fbd2966 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41412] to the 4.7 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.7@41413


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:21:48 +00:00
Dominik Schilling 1e45c3e2fe Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog.
Merge of [41393] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41401


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:16:08 +00:00
John Blackbourn fae164a240 Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.7 branch build.
This removes the PHP 7.0, 5.5, 5.4, 5.3, and nightly jobs.

Fixes #41707

Built from https://develop.svn.wordpress.org/branches/4.7@41307


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 21:41:32 +00:00
John Blackbourn f8663be50e Build/Test Tools: Remove ancient UT ticket handling for the 4.7 branch.
See #40533

Merges [40523] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41305


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 19:59:36 +00:00
John Blackbourn 9cc990bb3e Build/Test tools: Use the latest in the 4.x and 6.x branches of PHPUnit when running tests on Travis for the 4.7 branch.
See #41472

Merges [41294] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41296


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 17:11:09 +00:00
John Blackbourn b98a29c182 Build: Switch PHP 5.2 and 5.3 to Travis' Ubuntu `precise` image
Starting today, Travis will begin switching the default image to `trusty`, which does not support PHP 5.2 or 5.3.

This is not a full fix, because Travis will be dropping `precise` support entirely in September (https://github.com/travis-ci/travis-ci/issues/8072).  However, it buys us some time until then.

See #41292

Merges [41072] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41074


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-18 13:06:34 +00:00
John Blackbourn 61af9be9c6 Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised.
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.

See #39822

Merges [40872] and [40873] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40876


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-05 10:42:38 +00:00
Konstantin Obenland 7783f8a29b Import Twenty Sixteen for the 4.7 branch.
See #36497.

Built from https://develop.svn.wordpress.org/branches/4.7@40855


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-30 22:57:36 +00:00
John Blackbourn 1802c0b26d Build/Test Tools: Add a missing class to the PHPUnit 6 back compat.
See #39822

Merges [40853] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40854


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-30 22:08:35 +00:00
Aaron Campbell 819af82764 Post-4.7.5 version bump for 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40770


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 23:01:32 +00:00
Aaron Campbell 9fad803761 Bump 4.7 branch to version 4.7.5.
Built from https://develop.svn.wordpress.org/branches/4.7@40748


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:48:33 +00:00
Pascal Birchler 314556b55c Media: Simplify upload error message construction.
Merges [40736] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40737


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:00:35 +00:00
Pascal Birchler 79988bff38 REST API: JS Client - Enable connecting to multiple endpoints.
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of 
connected endpoints is stored in `wp.api.endpoints`.

Props lucasstark.
Fixes #39683.

Merges [40364] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40735


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 16:35:33 +00:00
Aaron Campbell a86f61290e Add nonce for updating file system credentials.
Merges [40723] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40724


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:51:35 +00:00
Weston Ruter 58075bfc88 Customize: Fix phpunit tests after [40704] due to logic inversion error.
Merge of [40716] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40717


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:37:35 +00:00
Dominik Schilling 2d7fa9d0dc Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40705


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:14:35 +00:00
Pascal Birchler 0f3180de02 Adjust post meta checks
Merges [40692] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40693


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:48:34 +00:00
Pascal Birchler 8ef530d469 Improve redirect handling
Merges[40689] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40690


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:40:36 +00:00
Pascal Birchler 031cbb0548 Whitelist post arguments in XML-RPC
Merges [40677] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40678


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:17:34 +00:00
Dion Hulse 22f5836c8c Bump Akismet external to 3.3.2
See #40002


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-12 04:08:46 +00:00
Aaron Jorbin d2a0e52c43 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop
Backports [40604] to 4.7

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

Fixes #40712.

Built from https://develop.svn.wordpress.org/branches/4.7@40616


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 00:31:33 +00:00
Dion Hulse 7b810872a1 Bump Akismet external to 3.3.1
See #40002


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-02 23:36:14 +00:00
John Blackbourn 799bdcec00 Build/Test Tools: Backport various recent changes to the 4.7 branch.
* Add support for PHPUnit 6+.
* Add Composer files to the cache on Travis.
* Remove HHVM from the test infrastructure on Travis.

Merges [40536], [40538], [40539], and [40546] to the 4.7 branch.

See #40539
Fixes #39822, #40548

Built from https://develop.svn.wordpress.org/branches/4.7@40547


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-24 00:38:35 +00:00
Boone Gorges 820070e588 Restore support for taxonomy 'args' override when querying object terms.
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.

The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.

Ports [40513] to the 4.7 branch.

Props danielbachhuber.
Fixes #40496.

Built from https://develop.svn.wordpress.org/branches/4.7@40514


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-21 19:18:36 +00:00
Dion Hulse 0516c67beb List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again.
Unprop afercia.
Merges [40268] to the 4.7 branch.
Fixes #40056.

Built from https://develop.svn.wordpress.org/branches/4.7@40512


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-21 07:36:37 +00:00
Pascal Birchler 75de3e9c44 Post-4.7.4 version bump for 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40509


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 18:54:36 +00:00
Pascal Birchler 8cf8ada93d Bump 4.7 branch to version 4.7.4.
Built from https://develop.svn.wordpress.org/branches/4.7@40487


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:21:36 +00:00
Andrew Ozz 84387613b6 TinyMCE: Fix cursor position after updating a wpview node. Fix hiding the inline toolbar on editor blur.
Props iseulde, azaozz.

Merges [40481] to the 4.7 branch.
Fixes #40480.

Built from https://develop.svn.wordpress.org/branches/4.7@40482


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-19 22:18:36 +00:00
Pascal Birchler 9e791361e1 Bump 4.7 branch to 4.7.4-RC1.
Built from https://develop.svn.wordpress.org/branches/4.7@40475


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-18 17:06:37 +00:00
Pascal Birchler 8e0e34aa23 4.7.4-RC
Built from https://develop.svn.wordpress.org/branches/4.7@40474


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-18 15:52:36 +00:00
Pascal Birchler 717e993b7c Twenty Seventeen: Bump version and update the changelog.
Updates changelog to link to Codex pages, like other default themes.

Props swissspidy, davidakennedy.
Fixes #40461.

Merges [40472] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40473


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-18 09:22:37 +00:00
Pascal Birchler d9681fd881 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40460


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:00:35 +00:00
Pascal Birchler a785107bf4 Twenty Seventeen: Correct heading hierarchy for posts on the front page.
When the posts page is on the front page or within a front page section, the heading hierarchy for the individual post titles needs to be adjusted accordingly.

Props joedolson, celloexpressions, davidakennedy.
Fixes #40264.

Merges [40458] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40459


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 10:24:38 +00:00
John Blackbourn 97572ef88b Build/Test tools: Reverse the order in which the Travis jobs run.
As a general rule, this means the fastest test jobs now run first because each subsequent version of PHP is faster than the previous. When a committer is patiently waiting for a Travis build to complete, they are at least more likely to see unexpected failures earlier than they otherwise would.

In addition, this updates the JavaScript test job to run on PHP 7.1.

Props netweb

See #39705

Merges [40434] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40435


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-15 17:44:37 +00:00
Pascal Birchler 50867ef8b8 Media: Ensure Crop Image is always visible.
Previously, the crop button in the media modal after uploading header images or similar was hidden and the task could not be completed.

Props karinedo, sagarprajapati, Cybr, mayurk.
Fixes #40152.

Merges [40428] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40429


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-14 09:34:35 +00:00
Pascal Birchler aaf7176230 REST API: Allow fetching multiple terms at once via the slug parameter.
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).

Props wonderboymusic, MatheusGimenez, curdin.
Fixes #40027.

Merges [40376] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40427


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-14 08:54:35 +00:00
Pascal Birchler 981dc8e4c2 REST API: Allow fetching multiple users at once via the `slug` parameter.
This matches similar changes previously made for posts (#38579) and terms (#40027).

Props curdin, MatheusGimenez.
Fixes #40213.

Merges [40378] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40426


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-14 08:47:34 +00:00
Pascal Birchler fd65a37c76 Media: Add filters to allow overriding slow media queries.
There are a couple of queries that do a full table scan of attachment posts to support features of the media library. Pending a more complete solution, allow overriding these queries via filters.

Props sboisvert, jnylen0.
See #31071.

Merges [40382] and [40421] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40425


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-14 08:40:37 +00:00
Pascal Birchler 3623849a05 Customize: Verify availability of `history.replaceState` (in IE9) before attempting to populate `changeset_uuid` parameter.
Props westonruter, timmydcrawford for testing.
Amends [39686].
See #39227.
Fixes #40405.

Merges[40405] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40420


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-13 12:32:35 +00:00
Andrew Ozz 1830ea20c4 Update TinyMCE to 4.5.6. Has many improvements and bug fixes. Changelog: https://github.com/tinymce/tinymce/blob/4.5.x/changelog.txt.
Merges [40398] to the 4.7 branch.

Props programmin, eclev91 and boldwater for finding and reporting this.
Fixes #40305.

Built from https://develop.svn.wordpress.org/branches/4.7@40419


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-13 01:52:38 +00:00