Commit Graph

23758 Commits

Author SHA1 Message Date
Michael Adams a021bbe537 Upgrade: Ensure unintelligible DB schemas don't result in content loss.
Merge of [32417] to the 3.7 branch.

See #32165.

Props ocean90.

Built from https://develop.svn.wordpress.org/branches/3.7@32423


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:53:34 +00:00
John Blackbourn a8bf70c382 WPDB: Allow queries to reference tables in the dbname.tablename format, and allow table names to contain any valid character, rather than just ASCII.
Merge of [32368] to the 3.7 branch.

Props pento, willstedt for the initial patch.

See #32090.

Built from https://develop.svn.wordpress.org/branches/3.7@32416


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:14:10 +00:00
Aaron Jorbin f702a97f8c When upgrading WordPress remove genericons example.html files
[32385] for 3.7 branch

Props @dd32, @boonebgorges, @johnjamesjacoby, @drewapicture, @jorbin


Built from https://develop.svn.wordpress.org/branches/3.7@32411


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:50:09 +00:00
Dominik Schilling 8cb1387688 WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.
Merges [32374] to the 3.7 branch.

props pento.
fixes #32104.
Built from https://develop.svn.wordpress.org/branches/3.7@32407


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:08:09 +00:00
Helen Hou-Sandí 0697563967 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
Merges [32375] to the 3.7 branch.

props pento.
fixes #32204.

Built from https://develop.svn.wordpress.org/branches/3.7@32400


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:44:19 +00:00
Michael Adams 15a2afed1e Upgrade: Fix typo in [32391]/3.7.
See #32165.

Built from https://develop.svn.wordpress.org/branches/3.7@32395


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:41:09 +00:00
Michael Adams 18fcca2916 WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
Merge of [32364] to the 3.7 branch.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.

Built from https://develop.svn.wordpress.org/branches/3.7@32391


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:17:09 +00:00
Michael Adams cd63ed5102 3.7:
- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
- When upgrading, remove any suspicious comments.

Built from https://develop.svn.wordpress.org/branches/3.7@32318


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 18:35:09 +00:00
Gary Pendergast 82c855cce0 3.7 branch is now 3.7.8.
Built from https://develop.svn.wordpress.org/branches/3.7@32305


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 14:13:09 +00:00
Helen Hou-Sandí 23f7dc02fe The 3.7 branch is now 3.7.7.
Built from https://develop.svn.wordpress.org/branches/3.7@32286


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 21:36:10 +00:00
Gary Pendergast 2e7a66f15f WPDB: When sanity checking a string by sending it to MySQL for conversion checks, the incorrect data structure was being returned from wpdb::strip_invalid_text(), causing all write queries to fail for some character sets when the query contained non-ASCII characters.
Merge of [32261] to the 3.7 branch.

See #32051.


Built from https://develop.svn.wordpress.org/branches/3.7@32275


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 11:56:10 +00:00
Gary Pendergast 8490921af3 WPDB: When deciding if a query needs extra sanity checking based on collation, return early when we can. Merges [32232] and [32233] to the 3.7 branch.
See #32029.


Built from https://develop.svn.wordpress.org/branches/3.7@32241


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 07:06:10 +00:00
Gary Pendergast 4935ef466c Bump 3.7 branch 3.7.6.
Built from https://develop.svn.wordpress.org/branches/3.7@32213


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 17:33:09 +00:00
Gary Pendergast 964a43089d 3.7: Update about.php.
Built from https://develop.svn.wordpress.org/branches/3.7@32212


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 17:32:10 +00:00
Gary Pendergast f51aa3949c Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.7 branch.
Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/branches/3.7@32206


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:44:10 +00:00
Gary Pendergast 03874af5c9 In Multisite, prevent plugins from unintentionally switching sites. Merge of [32173] to the 3.7 branch.
Props mdawaffe, pento.


Built from https://develop.svn.wordpress.org/branches/3.7@32202


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:28:10 +00:00
Gary Pendergast c3a4c7463c Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 3.7 branch.
Props azaozz.


Built from https://develop.svn.wordpress.org/branches/3.7@32196


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:58:10 +00:00
Gary Pendergast 888d60a151 Clean up some edge cases in `sanitize_sql_orderby()`. Merge of [32164] to the 3.7 branch.
Props vortfu, dd32.


Built from https://develop.svn.wordpress.org/branches/3.7@32192


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:41:09 +00:00
Gary Pendergast 5236e251a3 Merge the query sanity checks from #21212 to the 3.7 branch.
Props pento, nacin, mdawaffe, DrewAPicture.


Built from https://develop.svn.wordpress.org/branches/3.7@32188


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 11:52:10 +00:00
Gary Pendergast 3d8bbda3e4 3.7: Bump package.json, readme.html and license.txt.
Built from https://develop.svn.wordpress.org/branches/3.7@32160


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:53:09 +00:00
Gary Pendergast a05b1eca46 The 3.7 branch is now 3.7.6-alpha.
Built from https://develop.svn.wordpress.org/branches/3.7@32159


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:49:09 +00:00
Andrew Nacin f5f28b9b1b 3.7.5 version bumps.
Built from https://develop.svn.wordpress.org/branches/3.7@30472


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:26:10 +00:00
Andrew Nacin 3762c63026 Prevent high resource usage when hashing large passwords. props mdawaffe, pento
Merges [30466] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30470


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:08:09 +00:00
Andrew Nacin 1e3fb4d13c Validate image data.
Merges [30458] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30465


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:00:09 +00:00
Andrew Nacin 0c8039be21 Anchor texturize to shortcodes to improve regex efficiency.
Merges [30452] to the 3.7 branch.

props miqrogroove.
see #29557 for segfault issues.

Built from https://develop.svn.wordpress.org/branches/3.7@30456


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:40:09 +00:00
Andrew Nacin 1e0faa77d3 Better validation of the URL used in core HTTP requests.
Merges [30443] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30447


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:03:08 +00:00
Andrew Nacin 3d16a38fc4 Press This: Ensure the error message is printed. props johnbillion
Merges [30438] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30442


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:00:18 +00:00
Andrew Nacin c2b7538b1c Invalidate password keys when a user's email changes.
Merges [30430] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30434


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:43:09 +00:00
Andrew Nacin eeb9290b3b Fix typo in style filter. props miqrogroove
Merges [30425] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30429


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:17:09 +00:00
Andrew Nacin 61d9bd544b Form validation for password resets.
Merges [30417] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30421


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:25:19 +00:00
Andrew Nacin 7e1c039ed1 Use hash_equals() for old md5 hashes.
Merges [30412] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30416


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:06:10 +00:00
Andrew Nacin a318c79670 Password resets: Use network_site_url() for form actions.
Merges [29631] to the 3.7 branch.

props mdawaffe.
fixes #29156.

Built from https://develop.svn.wordpress.org/branches/3.7@29640


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 03:06:11 +00:00
Andrew Nacin e4da99ec10 3.7.4
Built from https://develop.svn.wordpress.org/branches/3.7@29413


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 18:27:35 +00:00
Andrew Nacin 635a071eda Use delimiters when building nonce hashes. Part two of [29388].
Built from https://develop.svn.wordpress.org/branches/3.7@29410


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:59:09 +00:00
Andrew Nacin 69d28f882f Ignore entities in XML-RPC requests.
Merges [29404] to the 3.7 branch.

props mdawaffe, nacin.

Built from https://develop.svn.wordpress.org/branches/3.7@29407


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:51:19 +00:00
Andrew Nacin 8b02ba1d76 Escape late in get_avatar().
Merges [29397] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29400


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:51:32 +00:00
Andrew Nacin b9739cae41 Don't pass around the password reset key.
Merges [29327] and [29381] to the 3.7 branch.

props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/branches/3.7@29396


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 06:40:11 +00:00
Andrew Nacin 746e87cf0a Disable external entities in ID3.
Merges [29378] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29392


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:58:19 +00:00
Andrew Nacin 2312c77dc5 Constant time for wp_verify_nonce().
Merges [29384] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29388


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:45:10 +00:00
Andrew Nacin 110becdc03 3.7.4-alpha
Built from https://develop.svn.wordpress.org/branches/3.7@29387


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:44:11 +00:00
Andrew Nacin d2044c3bb5 3.7.3
Built from https://develop.svn.wordpress.org/branches/3.7@28119


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-14 19:06:10 +00:00
Andrew Nacin 7331bf3e98 Avoid stomping of bulk postdata inside the bulk_edit_posts() loop.
Merges [28113] to the 3.7 branch.

Reverts [27992] which did not fix it for authors and comment/ping status.

props dd32, DrewAPicture.
fixes #27792.

Built from https://develop.svn.wordpress.org/branches/3.7@28115


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-14 08:13:10 +00:00
Andrew Nacin 1ea4ff28ce 3.7.3-RC1
Built from https://develop.svn.wordpress.org/branches/3.7@28078


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 17:30:09 +00:00
Andrew Nacin 9c1b1dd073 Recover auto-drafts lost via Quick Draft.
Merges [28075] from the 3.8 to the 3.7 branch. See [28074].

fixes #27734.

Built from https://develop.svn.wordpress.org/branches/3.7@28077


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 17:29:10 +00:00
Andrew Nacin 1f7cf009b3 Ensure edit_post() promotes an auto-draft to draft. Fixes Quick Draft.
Merges [28073] from the 3.8 branch to the 3.7 branch.

props dd32.
see #27734.

Built from https://develop.svn.wordpress.org/branches/3.7@28074


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 04:38:11 +00:00
Andrew Nacin 1dd3b9212e 3.7.2
Built from https://develop.svn.wordpress.org/branches/3.7@28056


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:13:10 +00:00
Andrew Nacin e17e1d22e6 Bump Akismet external in the 3.7 branch to 2.6.0.
git-svn-id: http://core.svn.wordpress.org/branches/3.7@27886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:10:19 +00:00
Andrew Nacin 4932c36533 Harden HMAC verification. props duck_. [28053] for 3.7.
Built from https://develop.svn.wordpress.org/branches/3.7@28055


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:08:10 +00:00
Andrew Nacin ab7e094de3 3.7.2-RC1
Built from https://develop.svn.wordpress.org/branches/3.7@27993


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 19:40:11 +00:00
Andrew Nacin e5ba4e75cb Avoid stomping of bulk postdata inside the bulk_edit_posts() loop.
Merges [27990] to the 3.7 branch.

props kovshenin.
see [27964], see #27452.

Built from https://develop.svn.wordpress.org/branches/3.7@27992


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 19:36:21 +00:00