Commit Graph

40528 Commits

Author SHA1 Message Date
Sergey Biryukov 9ebaa9d522 Date/Time: Remove incomplete and redundant test for `get_post_time()` added in [46580].
There is no functional difference between `gmt_offset` and `timezone_string` timezone modes for the issue.

See #48384.
Built from https://develop.svn.wordpress.org/trunk@46583


git-svn-id: http://core.svn.wordpress.org/trunk@46380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 15:11:04 +00:00
desrosj a922509f96 Trunk is now 5.4 alpha.
Built from https://develop.svn.wordpress.org/trunk@46582


git-svn-id: http://core.svn.wordpress.org/trunk@46379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 14:24:04 +00:00
Sergey Biryukov 75c183c248 Date/Time: Make sure `get_post_time()` keeps UTC time on timezone change.
Add `$source` parameter to `get_post_datetime()` to instantiate from local or UTC time in database.

Props Rarst, david.binda.
Reviewed by azaozz, SergeyBiryukov.
Fixes #48384.
Built from https://develop.svn.wordpress.org/trunk@46580


git-svn-id: http://core.svn.wordpress.org/trunk@46377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 13:08:05 +00:00
Sergey Biryukov 7e11e9d732 Posts, Post Types: Remove unintended change from [46578].
See #48384.
Built from https://develop.svn.wordpress.org/trunk@46579


git-svn-id: http://core.svn.wordpress.org/trunk@46376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 12:54:03 +00:00
Sergey Biryukov 0b83bffd45 Date/Time: Correct the logic in `WP_Posts_List_Table::column_date()` and `WP_Media_List_Table::column_date()` to check for a valid post timestamp.
Props Rarst.
Reviewed by azaozz, SergeyBiryukov.
See #48384.
Built from https://develop.svn.wordpress.org/trunk@46578


git-svn-id: http://core.svn.wordpress.org/trunk@46375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 12:51:03 +00:00
Sergey Biryukov 8410526528 Date/Time: Make sure `date_i18n()` correctly handles zero timestamp after [45901].
Props soulseekah, gravityview, Rarst.
Reviewed by azaozz, SergeyBiryukov.
Fixes #28636.
Built from https://develop.svn.wordpress.org/trunk@46577


git-svn-id: http://core.svn.wordpress.org/trunk@46374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 11:05:07 +00:00
desrosj 5e18c8320b Build/Test Tools: Update the `https-proxy-agent` dependency.
Fixes #48428.
Built from https://develop.svn.wordpress.org/trunk@46576


git-svn-id: http://core.svn.wordpress.org/trunk@46373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-25 00:24:05 +00:00
Andrea Fercia 5b85aa1936 Accessibility: Restore the primary buttons original background color for alternate color schemes after [46241].
Props david.binda, audrasjb, azaozz.
See #34904.
Fixes #48396.

Built from https://develop.svn.wordpress.org/trunk@46575


git-svn-id: http://core.svn.wordpress.org/trunk@46372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-23 20:57:05 +00:00
desrosj cc73b9a1be Post WordPress 5.3 RC2 version bump.
Built from https://develop.svn.wordpress.org/trunk@46574


git-svn-id: http://core.svn.wordpress.org/trunk@46371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 20:11:05 +00:00
desrosj ca5925d6dc WordPress 5.3 RC2.
Built from https://develop.svn.wordpress.org/trunk@46573


git-svn-id: http://core.svn.wordpress.org/trunk@46370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 19:44:06 +00:00
desrosj 27994975f9 Help/About: Update the 5.3 About page for RC2.
This includes numerous improvements:

- Removes the jazzer name.
- Ensures `WordPress` is translatable for consistency with other occurrences in Core.
- Changes all instances of `Block Editor` to `block editor` to match the spelling best practices.
- Updates the PHP 7.4 compatibility section with more suitable text.
- Introduction in `credits.php`, `freedoms.php`, and `privacy.php` have been updated to be consistent with the About page.
- Fixes the `aria-current` attribute in tab navigation.

Reviewed by SergeyBiryukov, desrosj.
Props SergeyBiryukov, audrasjb, desrosj, ryelle, afercia.
See #47708.
Built from https://develop.svn.wordpress.org/trunk@46572


git-svn-id: http://core.svn.wordpress.org/trunk@46369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 19:19:07 +00:00
desrosj 16e5753b48 Bundled Themes: Update Twenty Twenty.
This brings `trunk`’s version of Twenty Twenty in-sync with GitHub.

For a complete list of changes since [46551], see bc89c51...4549fd9.

Reviewed by SergeyBiryukov, desrosj, ianbelanger.
Props anlino, ianbelanger, poena, williampatton, nielslange, acosmin, intimez, itowhid06, decrecementofeliz, aristath, westonruter, mukesh27, jorgefilipecosta, karmatosed.
Fixes #48386.
Built from https://develop.svn.wordpress.org/trunk@46571


git-svn-id: http://core.svn.wordpress.org/trunk@46368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 18:27:08 +00:00
Sergey Biryukov 0609e04266 Administration: Relax the default value check for the `$position` argument added to `add_submenu_page()` and related functions in [46197].
Due to a confusion with `add_menu_page()`, which takes the `$icon_url` parameter, while `add_submenu_page()` does not, some plugins were passing in a string instead of integer as `$position`, causing backward compatibility issues.

A `_doing_it_wrong()` message is now added to alert developers of the wrong parameter type.

Props david.binda, desrosj, 123host, dennis_f, MattyRob.
Reviewed by desrosj.
Fixes #48249.
Built from https://develop.svn.wordpress.org/trunk@46570


git-svn-id: http://core.svn.wordpress.org/trunk@46367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 17:52:04 +00:00
Sergey Biryukov 4e06f0ad40 Date/Time: Make sure `wp_date()` does not unnecessarily escape localized numbers, but keeps localized slashes.
Props Rarst, tmatsuur, remcotolsma, peterwilsoncc.
Reviewed by peterwilsoncc.
Fixes #48319.
Built from https://develop.svn.wordpress.org/trunk@46569


git-svn-id: http://core.svn.wordpress.org/trunk@46366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 17:31:08 +00:00
Sergey Biryukov ff65cfcacf Plugins: Restore backward compatibility for PHP4-style passing of `array( &$this )` as action argument to `do_action()`.
This is a follow-up to [46149] to avoid unnecessary breakage in case of using the old notation.

Props david.binda, jrf.
Reviewed by azaozz.
Fixes #48312.
Built from https://develop.svn.wordpress.org/trunk@46568


git-svn-id: http://core.svn.wordpress.org/trunk@46365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-22 00:11:03 +00:00
Andrew Ozz b37a2b5c3b Media: After [46237] add the same fix to the `.button-group` on the "Insert form URL" screen in the media modal.
Props afercia, sabernhardt.
FIxes #48087.
Built from https://develop.svn.wordpress.org/trunk@46567


git-svn-id: http://core.svn.wordpress.org/trunk@46364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 23:23:04 +00:00
Andrew Ozz 5013b45775 Upload: Expand error codes to include all 5xx HTTP errors when retrying to create image sub-sizes. Some servers may be configured to set HTTP 508 or 504, or possibly other `5` errors.
Porps mikeschroder, azaozz.
Fixes #48379.
Built from https://develop.svn.wordpress.org/trunk@46566


git-svn-id: http://core.svn.wordpress.org/trunk@46363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 22:44:03 +00:00
Andrew Ozz e1560cd1e0 Media/Upload: When the users upload big images and WordPress creates a scaled image to use as the largest size, append `scaled-` to the file names of the scaled images to make them easier to recognize.
Props kraftbj, azaozz.
Fixes #48304.
Built from https://develop.svn.wordpress.org/trunk@46565


git-svn-id: http://core.svn.wordpress.org/trunk@46362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 21:43:04 +00:00
Sergey Biryukov 654c413990 Comments: Add `rel="nofollow ugc"` attribute when converting plain URLs to `<a>` tags in comments via `make_clickable()`.
Introduce `make_clickable_rel` filter for the `rel` value that is added to URL matches converted to links.

This is a follow-up to [46349], which added the `rel="nofollow ugc"` attribute to existing `<a>` tags in comments via `wp_rel_ugc()`.

UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props blogginglife, SergeyBiryukov.
Reviewed by desrosj, audrasjb.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46564


git-svn-id: http://core.svn.wordpress.org/trunk@46361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 20:41:04 +00:00
K. Adam White cfec48cc31 REST API: Cast empty meta values to correct scalar types in REST response.
Introducing complex meta value handling in [45807] unintentionally removed value casting for empty scalar meta values.

Props TimothyBlynJacobs, chrisvanpatten, rmccue, kadamwhite.
Fixes #48363.


Built from https://develop.svn.wordpress.org/trunk@46563


git-svn-id: http://core.svn.wordpress.org/trunk@46360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 19:10:06 +00:00
youknowriad 21bf3bf8dd Block Editor: Update Packages that include WP 5.3 RC2 fixes.
Updated packages:
 - @wordpress/api-fetch@3.6.3
 - @wordpress/block-directory@1.0.3
 - @wordpress/block-editor@3.2.3
 - @wordpress/block-library@2.9.3
 - @wordpress/core-data@2.7.3
 - @wordpress/data-controls@1.3.3
 - @wordpress/e2e-test-utils@2.4.3
 - @wordpress/e2e-tests@1.7.3
 - @wordpress/edit-post@3.8.3
 - @wordpress/editor@9.7.3
 - @wordpress/format-library@1.9.3
 - @wordpress/list-reusable-blocks@1.8.3
 - @wordpress/media-utils@1.2.3
 - @wordpress/server-side-render@1.3.3
 - @wordpress/url@2.8.2

Props gziolo.
Fixes #48381.

Built from https://develop.svn.wordpress.org/trunk@46562


git-svn-id: http://core.svn.wordpress.org/trunk@46359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 14:02:07 +00:00
John Blackbourn 67104bb3f4 Administration: Revert changes to the admin menu styles for long line lengths.
This reverts [46555], [46453], and [46332].

See #42201

Built from https://develop.svn.wordpress.org/trunk@46561


git-svn-id: http://core.svn.wordpress.org/trunk@46358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-17 18:38:03 +00:00
desrosj 1d6bd71ce4 Upgrade/Install: Use a unique error code when an update fails due to the PHP JSON extension missing.
This allows update failures caused when the native PHP JSON extension is missing to be distinguished from updates that fail because the site does not meet the minimum PHP requirements.

Follow up of [46455].

Reviewed by desrosj, jorbin, johnbillion.
Fixes #47699.
Built from https://develop.svn.wordpress.org/trunk@46560


git-svn-id: http://core.svn.wordpress.org/trunk@46357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-16 21:03:02 +00:00
Andrea Fercia 44de60e8da Script Loader: Partially revert [46550] as it brought in unrelated CSS changes.
[46550] was meant to revert [46440] but it also merged some unrelated CSS changes.

See #47069.

Built from https://develop.svn.wordpress.org/trunk@46559


git-svn-id: http://core.svn.wordpress.org/trunk@46356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-16 17:49:03 +00:00
Sergey Biryukov 76fe29b746 Post WordPress 5.3 RC1 version bump
Built from https://develop.svn.wordpress.org/trunk@46558


git-svn-id: http://core.svn.wordpress.org/trunk@46355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 21:14:01 +00:00
Sergey Biryukov 05cbe81439 WordPress 5.3 RC1
Built from https://develop.svn.wordpress.org/trunk@46557


git-svn-id: http://core.svn.wordpress.org/trunk@46354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 20:50:05 +00:00
John Blackbourn 2ab1e4dcd8 Help/About: Let's tell the world about 5.3.
Props karmatosed, melchoyce, pierlo, ryelle, afercia, audrasjb, davidbaumwald

Thanks to everyone who provided feedback for this page for 5.3.

See #47708

Built from https://develop.svn.wordpress.org/trunk@46556


git-svn-id: http://core.svn.wordpress.org/trunk@46353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 20:42:03 +00:00
John Blackbourn 7cdb93a374 Administration: Fix the appearance of update bubbles in submenus and when the admin menu is collapsed.
Props afercia, amolv, sabernhardt

Fixes #42201, #48294

Built from https://develop.svn.wordpress.org/trunk@46555


git-svn-id: http://core.svn.wordpress.org/trunk@46352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 19:39:01 +00:00
Sergey Biryukov b052bca67e Shortcodes: Revert [46369] for now to allow more time to investigate and prepare for backward compatibility changes.
Also reverts follow-up changes in [46370] and [46465].

See #47863.
Built from https://develop.svn.wordpress.org/trunk@46554


git-svn-id: http://core.svn.wordpress.org/trunk@46351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 19:36:02 +00:00
Andrew Ozz f7968ccb92 Media: Similarly to `wp_get_original_image_path()` add `wp_get_original_image_url()` to always retrieve the URL to the original uploaded image.
Props kraftbj.
Fixes #48302.
Built from https://develop.svn.wordpress.org/trunk@46553


git-svn-id: http://core.svn.wordpress.org/trunk@46350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 19:12:02 +00:00
Sergey Biryukov 93e28555ae Build/Test Tools: Move PHP 7.4 to the top of the list for consistency.
See #48232.
Built from https://develop.svn.wordpress.org/trunk@46552


git-svn-id: http://core.svn.wordpress.org/trunk@46349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 18:53:02 +00:00
desrosj 908961974e Bundled Themes: Update Twenty Twenty.
This brings `trunk`’s version of Twenty Twenty in-sync with GitHub.

For a complete list of changes since [46445], see 7246fd6...bc89c51.

Props anlino, ianbelanger, poena, williampatton, nielslange, acosmin, netweb, joyously, mahesh901122, josephscott, byalextran, amolv, Clorith.
See #48110.
Built from https://develop.svn.wordpress.org/trunk@46551


git-svn-id: http://core.svn.wordpress.org/trunk@46348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 18:47:02 +00:00
Andrea Fercia 02810533c4 Accessibility: Script Loader: Remove jQuery as dependency of `admin-bar` after [46440].
A better approach needs to be explored, as there are valid concerns for potential conflicts between different jQuery versions added by themes or plugins.

See #47069.

Built from https://develop.svn.wordpress.org/trunk@46550


git-svn-id: http://core.svn.wordpress.org/trunk@46347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 17:23:04 +00:00
Andrea Fercia d5bfc553b9 Accessibility: Media: Improve the Media Modal spinner position after [46418].
Fixes #47138.

Built from https://develop.svn.wordpress.org/trunk@46549


git-svn-id: http://core.svn.wordpress.org/trunk@46346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 16:47:02 +00:00
Sergey Biryukov 71e8fedf6c Customize: Ensure that `WP_Customize_Manager::import_theme_starter_content()` properly handles starter content with (nested) arrays as values.
Previously, searching for symbol references to replace with post or attachment IDs in array values resulted in a PHP warning.

Props timph, JarretC, SergeyBiryukov.
Fixes #45484.
Built from https://develop.svn.wordpress.org/trunk@46548


git-svn-id: http://core.svn.wordpress.org/trunk@46345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 16:43:01 +00:00
Aaron Jorbin 52dee3c19b Build/Test: Remove PHP 7.4 from allowed failures
PHP7.4 is supported in WordPress 5.3. 🐘 🎉

Fixes: #48232.


Built from https://develop.svn.wordpress.org/trunk@46547


git-svn-id: http://core.svn.wordpress.org/trunk@46344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 16:38:03 +00:00
jorgefilipecosta 16571b1bfb Block Editor: Update the WordPress Packages to the ones used in the Gutenberg 6.8 release.
Updated packages:
@wordpress/a11y@2.5.1
@wordpress/annotations@1.7.2
@wordpress/api-fetch@3.6.2
@wordpress/autop@2.5.1
@wordpress/babel-preset-default@4.6.2
@wordpress/blob@2.5.1
@wordpress/block-directory@1.0.2
@wordpress/block-editor@3.2.2
@wordpress/block-library@2.9.2
@wordpress/block-serialization-default-parser@3.4.1
@wordpress/block-serialization-spec-parser@3.3.1
@wordpress/blocks@6.7.2
@wordpress/components@8.3.2
@wordpress/compose@3.7.2
@wordpress/core-data@2.7.2
@wordpress/data-controls@1.3.2
@wordpress/data@4.9.2
@wordpress/deprecated@2.6.1
@wordpress/dom-ready@2.5.1
@wordpress/dom@2.5.2
@wordpress/e2e-test-utils@2.4.2
@wordpress/e2e-tests@1.7.2
@wordpress/edit-post@3.8.2
@wordpress/editor@9.7.2
@wordpress/element@2.8.2
@wordpress/escape-html@1.5.1
@wordpress/format-library@1.9.2
@wordpress/is-shallow-equal@1.6.1
@wordpress/keycodes@2.6.2
@wordpress/list-reusable-blocks@1.8.2
@wordpress/media-utils@1.2.2
@wordpress/notices@1.8.2
@wordpress/nux@3.7.2
@wordpress/plugins@2.7.2
@wordpress/priority-queue@1.3.1
@wordpress/redux-routine@3.6.2
@wordpress/rich-text@3.7.2
@wordpress/scripts@5.1.0
@wordpress/server-side-render@1.3.2
@wordpress/url@2.8.1
@wordpress/viewport@2.8.2
@wordpress/wordcount@2.6.2

Props gziolo, youknowriad.
Fixes: #48310
Built from https://develop.svn.wordpress.org/trunk@46546


git-svn-id: http://core.svn.wordpress.org/trunk@46343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 16:17:12 +00:00
whyisjake 6c3a387d77 REST API: Allow for multiple Vary: Origin headers in GET responses.
Simple fix, we pass `false` as the second parameter to the header function.

This is something that we added downstream of the 5.2.4 release, but we missed in 5.2/trunk.

Fixes #48309.
Props xknown, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46544


git-svn-id: http://core.svn.wordpress.org/trunk@46341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 15:47:03 +00:00
gziolo aca0d9968f Block Editor: Remove experimental Social Links blocks
We decided to mark Social Links block as an experimental feature in Gutenberg. In effect, we are moving all related code from WordPress 5.3 release.

Props youknowriad.

Fixes #48263.


Built from https://develop.svn.wordpress.org/trunk@46543


git-svn-id: http://core.svn.wordpress.org/trunk@46340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 15:37:08 +00:00
Aaron Jorbin 1740246d2b Build/Test tools use Trunk revision 2170172 of importer
Update Travis configuration to temporarily use trunk for the importer in order for PHP 7.4 tests to pass. When the new version is released, this will be updated to point to that tag.

See: #48231


Built from https://develop.svn.wordpress.org/trunk@46542


git-svn-id: http://core.svn.wordpress.org/trunk@46339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 14:42:04 +00:00
Andrew Ozz 1940cf7d54 Media: Do not store error messages in the image meta. The initial idea was to (be able to) display these errors in the UI but it wasn't implemented as these errors are mostly helpful for low-level bedugging.
Fixes #40439.
Built from https://develop.svn.wordpress.org/trunk@46507


git-svn-id: http://core.svn.wordpress.org/trunk@46304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:05:01 +00:00
Andrew Ozz 49686be2ab Uploads: Retry to post-process images after HTTP 500 and HTTP 502 errors.
Props mikeschroder, azaozz.
Fixes #47872.
Built from https://develop.svn.wordpress.org/trunk@46506


git-svn-id: http://core.svn.wordpress.org/trunk@46303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:56:06 +00:00
Andrea Fercia 135bebc55b Accessibility: Media: Improve the text of the Media Modal actions toggle button displayed in the responsive view.
See #47149.

Built from https://develop.svn.wordpress.org/trunk@46489


git-svn-id: http://core.svn.wordpress.org/trunk@46287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:03:04 +00:00
Andrea Fercia c1d4bf2080 Accessibility: Media: Improve the new Media Modal headings text.
See #47610.

Built from https://develop.svn.wordpress.org/trunk@46488


git-svn-id: http://core.svn.wordpress.org/trunk@46286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:58:04 +00:00
whyisjake 72130f11d0 Administration: Ensure that admin referer nonce is valid.
Fix for a testing regression.

Props desrosj.

Built from https://develop.svn.wordpress.org/trunk@46485


git-svn-id: http://core.svn.wordpress.org/trunk@46283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:15:06 +00:00
whyisjake 89468bfb89 REST API: Ensure that we don't generate warnings from sending extra headers after headers have been sent.
Fixes issues stemming from [46478].


Built from https://develop.svn.wordpress.org/trunk@46483


git-svn-id: http://core.svn.wordpress.org/trunk@46281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:25:04 +00:00
whyisjake b224c251ad REST API: Send a Vary: Origin header on GET requests.
Add this header on all GET requests to prevent cached requests.

Props darthhexx, davidbinda, nickdaugherty, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46478


git-svn-id: http://core.svn.wordpress.org/trunk@46276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:43:04 +00:00
whyisjake b183fd1cca Administration: Ensure that admin referer nonce is valid.
Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Props vortfu, xknown, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46477


git-svn-id: http://core.svn.wordpress.org/trunk@46275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:40:04 +00:00
whyisjake 2524ba3aec Filesystem API: Prevent directory travelersals when creating new folders.
Reject file paths that contain sub-directory paths.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46476


git-svn-id: http://core.svn.wordpress.org/trunk@46274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:31:04 +00:00
whyisjake 608d39faed HTTP API: Protect against hex interpretation.
Return earlier from wp_http_validate_url().

Props: iandunn, xknown, voldemortensen, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46475


git-svn-id: http://core.svn.wordpress.org/trunk@46273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:27:04 +00:00