WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-28 02:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
23,885 Commits 50 Branches 750 Tags
Commit Graph

23885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey Biryukov
9d7aaaaad1 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 3.7 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/3.7@48261


git-svn-id: http://core.svn.wordpress.org/branches/3.7@48030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:55:20 +00:00
desrosj
84bcdaf9de WordPress 3.7.34 
Built from https://develop.svn.wordpress.org/branches/3.7@48006


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:40:45 +00:00
Sergey Biryukov
cdd8c9c40e Themes: Ensure a broken theme name is returned properly. 
Follow-up to [47962] for the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@47976


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:55:46 +00:00
whyisjake
8533fe0873 General: Backport several commits for release. 
Embeds: Ensure that the title attribute is set correctly on embeds.
    Editor: Prevent HTML decoding on by setting the proper editor context.
    Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
    Themes: Ensure a broken theme name is returned properly.
    Administration: Add a new filter to extend set-screen-option. 
Merges [47947-47951] to the 3.7 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/3.7@47962


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:16:18 +00:00
desrosj
3b9adfa744 Updating the about page for WordPress 3.7.33 
Built from https://develop.svn.wordpress.org/branches/3.7@47685


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:11:08 +00:00
desrosj
96810af9f6 WordPress 3.7.33 
Built from https://develop.svn.wordpress.org/branches/3.7@47683


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:04:29 +00:00
whyisjake
efb4cbc21a User: Invalidate user_activation_key on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 3.7 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/3.7@47662


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:59:08 +00:00
Sergey Biryukov
f27b277f7a Build/Test Tools: Fix the Travis CI build for the 3.7 branch. 
Among other fixes, this backports [26087], [26091], [26095], [26252], [26307], [26318], [26512], [26705], [26871], [26909-26910], [26940], [27086], [27168], [28799], [28873], [28943], [28961], [28964], [28966-28967], [29120], [29251], [29503], [29860], [29869], [29954], [30001], [30282], [30285], [30289-30291], [30513-30514], [30516-30521], [30524], [30526], [30529-30530], [31253-31254], [31257-31259], [31622], [40241], [40255], [40257], [40259], [40269], [40271], [40446], [40449], [40457], [40604], [40538], [40833], [41082], [41303], [41306], [44993].

See #49485.
Built from https://develop.svn.wordpress.org/branches/3.7@47343


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-02-22 12:06:09 +00:00
Sergey Biryukov
803b9ff032 Posts, Post Types: Ensure edit_post() promotes an auto-draft to draft. 
This fixes a regression in 3.7 branch introduced in [44076].

Follow-up to [28073].

Merges [47334] to the 3.7 branch.
See #49485.
Built from https://develop.svn.wordpress.org/branches/3.7@47335


git-svn-id: http://core.svn.wordpress.org/branches/3.7@47125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-02-20 22:11:08 +00:00
Sergey Biryukov
c676ebc1f6 WordPress 3.7.32 
Built from https://develop.svn.wordpress.org/branches/3.7@46936


git-svn-id: http://core.svn.wordpress.org/branches/3.7@46736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:36:08 +00:00
Sergey Biryukov
5784f79cbb Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 3.7 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/3.7@46903


git-svn-id: http://core.svn.wordpress.org/branches/3.7@46703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:27:08 +00:00
desrosj
11bef9c529 WordPress 3.7.31. 
Built from https://develop.svn.wordpress.org/branches/3.7@46523


git-svn-id: http://core.svn.wordpress.org/branches/3.7@46320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:21:07 +00:00
whyisjake
88dbf8b593 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@46505


git-svn-id: http://core.svn.wordpress.org/branches/3.7@46302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:32:09 +00:00
desrosj
c8b76218dd WordPress 3.7.30. 
Built from https://develop.svn.wordpress.org/branches/3.7@46031


git-svn-id: http://core.svn.wordpress.org/branches/3.7@45843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:51:40 +00:00
desrosj
96a812ec6d Fix for URL sanitization in wp_kses_bad_protocol_once(). 
Merges [45997] to the 3.7 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/3.7@46023


git-svn-id: http://core.svn.wordpress.org/branches/3.7@45834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:46:55 +00:00
Sergey Biryukov
5d6dd8aa78 Improve URL validation in wp_validate_redirect(). 
Merges [45971] to the 3.7 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/3.7@45988


git-svn-id: http://core.svn.wordpress.org/branches/3.7@45799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:19:08 +00:00
Sergey Biryukov
d4b0390117 Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 3.7 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/3.7@45970


git-svn-id: http://core.svn.wordpress.org/branches/3.7@45781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:50:08 +00:00
whyisjake
b7f612eb71 Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 3.7  branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/3.7@45969


git-svn-id: http://core.svn.wordpress.org/branches/3.7@45780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:48:52 +00:00
Gary Pendergast
c03ffe42a1 WordPress 3.7.29 
Built from https://develop.svn.wordpress.org/branches/3.7@44892


git-svn-id: http://core.svn.wordpress.org/branches/3.7@44723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 03:14:08 +00:00
Sergey Biryukov
d2398ee562 Comments: Improve comment content filtering. 
Merges [44842] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@44857


git-svn-id: http://core.svn.wordpress.org/branches/3.7@44689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:52:08 +00:00
Jeremy Felt
093a17d3c8 Bump 3.7 branch to version 3.7.28 
Built from https://develop.svn.wordpress.org/branches/3.7@44090


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:17:18 +00:00
Gary Pendergast
e51c9b1ce2 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@44076


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:05:08 +00:00
Peter Wilson
e06de9c2e5 Multisite: Validate activation links. 
Merges [44048] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@44075


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:03:08 +00:00
iandunn
a2d1cee61d KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `3.7` branch.

Built from https://develop.svn.wordpress.org/branches/3.7@44049


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:27:08 +00:00
Peter Wilson
81fb9c10a2 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@44040


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:14:07 +00:00
Gary Pendergast
c36f3a8be3 KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@44019


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:06:07 +00:00
Jeremy Felt
a1d2eb2c85 Media: Improve verification of MIME file types. 
Merges [43988] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@44012


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:50:09 +00:00
Aaron Campbell
216ea4f2d0 Bump 3.7 branch to version 3.7.27 
Built from https://develop.svn.wordpress.org/branches/3.7@43419


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:14:30 +00:00
John Blackbourn
32bf48628e Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@43405


git-svn-id: http://core.svn.wordpress.org/branches/3.7@43233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:19:09 +00:00
Aaron Campbell
71f5f5fe6a Bump 3.7 branch to version 3.7.26 
Built from https://develop.svn.wordpress.org/branches/3.7@42945


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:32:43 +00:00
Dominik Schilling
505af40a68 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42929


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:11:43 +00:00
Dominik Schilling
4cad77d676 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42907


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:34:47 +00:00
Sergey Biryukov
e3c8323406 General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 3.7 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/3.7@42564


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:30:48 +00:00
Dion Hulse
ae9bfeddd3 Bump the 3.7 branch to 3.7.25. 
Built from https://develop.svn.wordpress.org/branches/3.7@42506


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:47:35 +00:00
Dion Hulse
b572e86a4a External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 3.7 branch.
Fixes #42720 for 3.7.

Built from https://develop.svn.wordpress.org/branches/3.7@42489


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:16:11 +00:00
Dion Hulse
f1b5da36be Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 3.7 branch.
Fixes #42963 for 3.7.

Built from https://develop.svn.wordpress.org/branches/3.7@42477


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:59:35 +00:00
John Blackbourn
8698e8339a Bump 3.7 branch to version 3.7.24. 
Built from https://develop.svn.wordpress.org/branches/3.7@42328


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:06:09 +00:00
John Blackbourn
9f7b91d4bc Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42315


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:53:09 +00:00
John Blackbourn
d7915c3e73 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42314


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:52:10 +00:00
John Blackbourn
149cdb0766 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42313


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:50:09 +00:00
John Blackbourn
82f8529ad5 Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@42312


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:49:10 +00:00
Dion Hulse
94278eddb6 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 3.7 branch.
Fixes #42431 and #42401 for 3.7.

Built from https://develop.svn.wordpress.org/branches/3.7@42241


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:15:10 +00:00
John Blackbourn
009b1b4257 General: Remove the version number from the readme file in the 3.7 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/3.7@42099


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 18:06:09 +00:00
Gary Pendergast
2fd667487f Bump 3.7 branch to version 3.7.23. 
Built from https://develop.svn.wordpress.org/branches/3.7@42080


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:47:10 +00:00
Gary Pendergast
083e886cf7 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 3.7 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/3.7@42068


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:02:10 +00:00
Dominik Schilling
99d97c76b0 Users: Use correct escaping function for URLs. 
Merge of [41522] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@41534


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:40:34 +00:00
Aaron Campbell
67bf4cd7e1 Bump 3.7 branch to version 3.7.22. 
Built from https://develop.svn.wordpress.org/branches/3.7@41521


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:14:20 +00:00
Aaron Campbell
7b03bfc16f Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41508


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:46:09 +00:00
Aaron Campbell
0a541104e3 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41495


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:30:22 +00:00
Aaron Campbell
029d279155 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41482


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:06:09 +00:00