Commit Graph

14104 Commits

Author SHA1 Message Date
Joe McGill a9c7b92cdb WordPress 4.2.37.
Built from https://develop.svn.wordpress.org/branches/4.2@57416


git-svn-id: http://core.svn.wordpress.org/branches/4.2@56922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 16:07:20 +00:00
Aaron Jorbin c1aaefd143 Grouped Backports to the 4.2 branch.
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.

Merges [57388] and [57389] to the 4.2 branch.

Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.

Built from https://develop.svn.wordpress.org/branches/4.2@57413


git-svn-id: http://core.svn.wordpress.org/branches/4.2@56919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 15:14:20 +00:00
audrasjb 84cde53c6a WordPress 4.2.36.
Built from https://develop.svn.wordpress.org/branches/4.2@56856


git-svn-id: http://core.svn.wordpress.org/branches/4.2@56367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:09:44 +00:00
davidbaumwald 809137df1f Grouped backports to the 4.2 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict ajax handler for media shortcode.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56835], [56836], and [56838] to the 4.1 branch.
Props xknown, jorbin, joehoyle, peterwilsoncc, ehtis, tykoted, antpb.
Built from https://develop.svn.wordpress.org/branches/4.2@56851


git-svn-id: http://core.svn.wordpress.org/branches/4.2@56363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 14:26:21 +00:00
Sergey Biryukov ea65ee36b2 Grouped backports to the 4.2 branch.
- Media: Prevent CSRF setting attachment thumbnails.

Merges [55764] to the 4.2 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.
Built from https://develop.svn.wordpress.org/branches/4.2@55775


git-svn-id: http://core.svn.wordpress.org/branches/4.2@55287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:24:21 +00:00
Peter Wilson b932c64484 I18N: Add new strings to `about.php` for use with end-of-life updates.
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.

Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 4.2 branch.
Fixes #57216.

Built from https://develop.svn.wordpress.org/branches/4.2@55390


git-svn-id: http://core.svn.wordpress.org/branches/4.2@54923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-21 03:16:20 +00:00
Sergey Biryukov 5853676e1f WordPress 4.2.34.
Built from https://develop.svn.wordpress.org/branches/4.2@54582


git-svn-id: http://core.svn.wordpress.org/branches/4.2@54136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 19:46:19 +00:00
Peter Wilson 21a378242f Security: Introduce strings to indicate support status.
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.2 branch.
See #56532.

Built from https://develop.svn.wordpress.org/branches/4.2@54458


git-svn-id: http://core.svn.wordpress.org/branches/4.2@54017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 22:22:21 +00:00
desrosj 6a5ab112fa WordPress 4.2.33.
Built from https://develop.svn.wordpress.org/branches/4.2@54005


git-svn-id: http://core.svn.wordpress.org/branches/4.2@53564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 17:38:09 +00:00
Sergey Biryukov 6f3413a203 Grouped backports to the 4.2 branch.
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.

Merges [53958-53960] to the 4.2 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/4.2@53981


git-svn-id: http://core.svn.wordpress.org/branches/4.2@53540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 15:52:20 +00:00
Sergey Biryukov bf6dcc242c WordPress 4.2.32.
Built from https://develop.svn.wordpress.org/branches/4.2@52891


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 22:19:19 +00:00
desrosj 4159c216ba WordPress 4.2.31.
Built from https://develop.svn.wordpress.org/branches/4.2@52503


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:56:43 +00:00
desrosj be121a35d7 Grouped backports to the 4.2 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 4.2 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.2@52481


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:20:40 +00:00
Peter Wilson 23f87c7bc2 WordPress 4.2.30.
Built from https://develop.svn.wordpress.org/branches/4.2@50884


git-svn-id: http://core.svn.wordpress.org/branches/4.2@50493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:23:18 +00:00
desrosj 4a80453fcf Build/Test Tools: Backport GitHub Action and build improvements to the 4.2 branch.
This backports several build and test tool improvements to the 4.2 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50379,50387,50416,50432,50435,50436,50444,50446,50473,50474,50476,50479,50485,50486,50487,50545,50579,50590] to the 4.2 branch.
See #50401, #51801, #51802, #52548, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/4.2@50642


git-svn-id: http://core.svn.wordpress.org/branches/4.2@50254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 15:50:22 +00:00
desrosj e3353e0860 Build/Test Tools: Support NodeJS 14.x in the 4.2 branch.
This updates the 4.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401).

This change also introduces a `packager-lock.json` file to the branch.

In addition to backporting the package updates that happened after branching 4.2, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [32356-32357,32988,33726,34888,35335,35363,35513,35521,35538-35541,35859,36861-36865,36935,36979,37017,37019-37020,37212,37612,38111,39110,39113,39115-39119,39478,41835,42460,42461,42463,42887,43320,43323,43977,44219,44233,45321,45765,46404,46408-46409,47404,47867,47872-47873,48705,49636,49933,49937,49939,50126,50176,50185] to the 4.2 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.2@50214


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:28:43 +00:00
desrosj c22a2a6998 WordPress 4.2.29.
Built from https://develop.svn.wordpress.org/branches/4.2@49422


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:42:23 +00:00
whyisjake b2b0e0d427 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.2 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.2@49404


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:08:22 +00:00
Sergey Biryukov 0998a57991 Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.2 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.2@48256


git-svn-id: http://core.svn.wordpress.org/branches/4.2@48025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:53:39 +00:00
desrosj 370ecdfd1a WordPress 4.2.28.
Built from https://develop.svn.wordpress.org/branches/4.2@48001


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:39:36 +00:00
whyisjake 426696ba21 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.2@47970


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:53:51 +00:00
desrosj 7fb64672ce Update the About page for WordPress 4.2.27
Built from https://develop.svn.wordpress.org/branches/4.2@47692


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:23:21 +00:00
Sergey Biryukov 00ae10906e WordPress 4.2.26
Built from https://develop.svn.wordpress.org/branches/4.2@46931


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:32:20 +00:00
desrosj 229d71e0f8 WordPress 4.2.25.
Built from https://develop.svn.wordpress.org/branches/4.2@46518


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:15:21 +00:00
desrosj de854c38b5 WordPress 4.2.24.
Built from https://develop.svn.wordpress.org/branches/4.2@46036


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:03:21 +00:00
Sergey Biryukov 9807e138d3 Escape the output in `wp_ajax_upload_attachment()`.
Merges [45936] to the 4.2 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.2@45953


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:39:00 +00:00
Gary Pendergast ebbc9ff12e WordPress 4.2.23
Built from https://develop.svn.wordpress.org/branches/4.2@44882


git-svn-id: http://core.svn.wordpress.org/branches/4.2@44713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:43:20 +00:00
Sergey Biryukov bc4ed1a93e Comments: Improve comment content filtering.
Merges [44842] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@44852


git-svn-id: http://core.svn.wordpress.org/branches/4.2@44684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:42:20 +00:00
Jeremy Felt 3efe9a5fdb Bump 4.2 branch to version 4.2.22.
Built from https://develop.svn.wordpress.org/branches/4.2@44085


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:15:37 +00:00
Gary Pendergast aab268600a Editor: Remove unwanted fields before saving posts.
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.2 branch.


Built from https://develop.svn.wordpress.org/branches/4.2@44066


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:52:19 +00:00
Peter Wilson 303bd241f3 Multisite: Validate activation links.
Merges [44048] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@44065


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:51:37 +00:00
Aaron Campbell 61881c7156 Bump 4.2 branch to version 4.2.21
Built from https://develop.svn.wordpress.org/branches/4.2@43414


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:13:28 +00:00
Aaron Campbell dac39608a3 Bump 4.2 branch to version 4.2.20
Built from https://develop.svn.wordpress.org/branches/4.2@42940


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:31:29 +00:00
Dion Hulse e74c55ff6d Bump the 4.2 branch to 4.2.19.
Built from https://develop.svn.wordpress.org/branches/4.2@42501


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:45:31 +00:00
Dion Hulse 507c958ab6 External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.2 branch.
Fixes #42720 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@42484


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:12:32 +00:00
Dion Hulse 4b860b51ae Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
Props joemcgill, dd32.
Merges [42434] to the 4.2 branch.
Fixes #42963 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@42472


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:57:57 +00:00
John Blackbourn ec85529fb7 Bump 4.2 branch to version 4.2.18.
Built from https://develop.svn.wordpress.org/branches/4.2@42323


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:02:31 +00:00
John Blackbourn f345c93563 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42292


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:25 +00:00
Gary Pendergast eb5a635d04 Bump 4.2 branch to version 4.3.17.
Built from https://develop.svn.wordpress.org/branches/4.2@42075


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:42:30 +00:00
Dominik Schilling 7a5426f3fe Users: Use correct escaping function for URLs.
Merge of [41522] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@41529


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:38:56 +00:00
Dominik Schilling c4fb8dfbf1 Bump 4.2 branch to version 4.2.16.
Built from https://develop.svn.wordpress.org/branches/4.2@41516


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:03:31 +00:00
John Blackbourn a59dfc257f Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@41464


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:43:56 +00:00
John Blackbourn 6ddef3f8ab General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41434] with changes to the 4.2 branch.

See #13377

Built from https://develop.svn.wordpress.org/branches/4.2@41445


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:32:30 +00:00
Dominik Schilling e7865eb9ae Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@41423


git-svn-id: http://core.svn.wordpress.org/branches/4.2@41256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:14:36 +00:00
Aaron Campbell a01117bf0d Bump 4.2 branch to version 4.2.15.
Built from https://develop.svn.wordpress.org/branches/4.2@40753


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:52:23 +00:00
Aaron Campbell 566df4de1a Add nonce for updating file system credentials.
Merges [40723] to 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40729


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:56:24 +00:00
Dominik Schilling 8f47014af6 Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40710


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:19:29 +00:00
Pascal Birchler 5565b98dde Bump 4.2 branch to version 4.2.14.
Built from https://develop.svn.wordpress.org/branches/4.2@40492


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:26:30 +00:00
Pascal Birchler 82c9b36ce7 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40465


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:22:30 +00:00
James Nylen b9a98e7562 Bump 4.2 branch to version 4.2.13.
Built from https://develop.svn.wordpress.org/branches/4.2@40207


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:32:30 +00:00