Jeremy Felt
a1d2eb2c85
Media: Improve verification of MIME file types.
...
Merges [43988] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@44012
git-svn-id: http://core.svn.wordpress.org/branches/3.7@43842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:50:09 +00:00
John Blackbourn
32bf48628e
Media: Limit thumbnail file deletions to the same directory as the original file.
...
Merges [43393] into the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@43405
git-svn-id: http://core.svn.wordpress.org/branches/3.7@43233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:19:09 +00:00
John Blackbourn
9f7b91d4bc
Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability.
...
Merges [42261] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@42315
git-svn-id: http://core.svn.wordpress.org/branches/3.7@42144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:53:09 +00:00
Joe McGill
8d4f4a9a05
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39861
git-svn-id: http://core.svn.wordpress.org/branches/3.7@39798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:46:22 +00:00
Joe McGill
e6de513be6
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@39842
git-svn-id: http://core.svn.wordpress.org/branches/3.7@39780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:21:09 +00:00
Andrew Nacin
3d8c17a9c8
Fix a regression in wp_mkdir_p() where the $mode of the parent folder is not correctly applied to all created paths.
...
Merges [26449] and [26927] from 3.8.x to the 3.7 branch.
props dd32.
fixes #25822 .
Built from https://develop.svn.wordpress.org/branches/3.7@27887
git-svn-id: http://core.svn.wordpress.org/branches/3.7@27718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 04:02:10 +00:00
Andrew Nacin
8f0f48e3f9
Avoid a notice in is_main_network() when called in single site. see #25030 .
...
Built from https://develop.svn.wordpress.org/trunk@25827
git-svn-id: http://core.svn.wordpress.org/trunk@25739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-17 05:17:08 +00:00
Sergey Biryukov
336c737727
Correct phpdoc for wp_check_filetype_and_ext(). props dimadin. fixes #25513 .
...
Built from https://develop.svn.wordpress.org/trunk@25713
git-svn-id: http://core.svn.wordpress.org/trunk@25626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 15:34:10 +00:00
Andrew Nacin
d7fc6d5d49
Order search results by relevance, rather than by date.
...
The ordering logic is as follows:
* Full sentence matches in post titles.
* All search terms in post titles.
* Any search terms in post titles.
* Full sentence matches in post content.
Each section and any remaining posts are then sorted by date.
Introduces some filters:
* wp_search_stopwords, to filter stop words ignored in WHERE.
* posts_search_orderby, to filter the ORDER BY when ordering search results.
props azaozz, wonderboymusic.
fixes #7394 .
Built from https://develop.svn.wordpress.org/trunk@25632
git-svn-id: http://core.svn.wordpress.org/trunk@25549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-27 17:34:09 +00:00
Dominik Schilling
32aff2db8a
Add 'image' type/extensions to wp_ext2type() and make it case insensitive. props xparham. fixes #25176 .
...
Built from https://develop.svn.wordpress.org/trunk@25437
git-svn-id: http://core.svn.wordpress.org/trunk@25359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-14 14:34:09 +00:00
Dion Hulse
bbd3312389
Account for Windows and CLI instances in wp_guess_url(). Props SergeyBiryukov. See #25317
...
Built from https://develop.svn.wordpress.org/trunk@25436
git-svn-id: http://core.svn.wordpress.org/trunk@25358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-14 03:43:10 +00:00
Andrew Nacin
4542e678d2
Return false from wp_get_original_referer() if it is called before wp_validate_redirect() is defined.
...
see #25294 .
Built from https://develop.svn.wordpress.org/trunk@25400
git-svn-id: http://core.svn.wordpress.org/trunk@25331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 13:36:09 +00:00
Andrew Nacin
46611d4282
Return false from wp_get_referer() if it is called before wp_validate_redirect() is defined.
...
see #25294 .
Built from https://develop.svn.wordpress.org/trunk@25399
git-svn-id: http://core.svn.wordpress.org/trunk@25330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 13:33:09 +00:00
Dion Hulse
641d3b2560
Fix wp_guess_url() to work in every scenario I could find, allows us to use it to determine the correct path to the WordPress Site URL before installation for install.php and setup-config.php redirects. Fixes #24480 Fixes #16884
...
Built from https://develop.svn.wordpress.org/trunk@25396
git-svn-id: http://core.svn.wordpress.org/trunk@25327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 06:57:09 +00:00
Helen Hou-Sandí
8359c66176
Indicate that the fall-through in `is_serialized()` is deliberate. fixes #24023 .
...
Built from https://develop.svn.wordpress.org/trunk@25371
git-svn-id: http://core.svn.wordpress.org/trunk@25321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 03:41:09 +00:00
Dion Hulse
ca008522f3
Add a set of helpers to turn the behaviour of mbstring.func_overload off when needed. Fixes #25259
...
Built from https://develop.svn.wordpress.org/trunk@25346
git-svn-id: http://core.svn.wordpress.org/trunk@25308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-11 07:23:08 +00:00
Andrew Nacin
1536779aaf
Avoid error in ms-files.php after [25317].
...
Built from https://develop.svn.wordpress.org/trunk@25344
git-svn-id: http://core.svn.wordpress.org/trunk@25306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-11 04:49:10 +00:00
Andrew Nacin
89c57124da
Improve clarity and speed of [25320].
...
Built from https://develop.svn.wordpress.org/trunk@25338
git-svn-id: http://core.svn.wordpress.org/trunk@25300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-11 03:23:08 +00:00
Scott Taylor
02757de9d8
Remove dead code in `add_query_arg()`.
...
Props hakre, c3mdigital.
Fixes #16942 .
Built from https://develop.svn.wordpress.org/trunk@25333
git-svn-id: http://core.svn.wordpress.org/trunk@25295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 23:38:09 +00:00
Andrew Nacin
a461a25d76
Loose validation for is_serialized() in maybe_serialize().
...
Built from https://develop.svn.wordpress.org/trunk@25320
git-svn-id: http://core.svn.wordpress.org/trunk@25282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:10:09 +00:00
Andrew Nacin
cf3fddde96
Validate referrers to prevent off-domain redirects.
...
Built from https://develop.svn.wordpress.org/trunk@25318
git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:07:10 +00:00
Andrew Nacin
c8a7b53c65
Tighten allowed upload file types.
...
Built from https://develop.svn.wordpress.org/trunk@25317
git-svn-id: http://core.svn.wordpress.org/trunk@25279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:04:09 +00:00
Scott Taylor
a563a5b2fa
Replace the ancient `phpfreaks.com` RegEx to extract urls to ping with a more robust matcher. URLs with commas and things like `&` were not being pinged. The new matcher even works for most IDN URLs. Adds unit tests.
...
Fixes #9064 .
Built from https://develop.svn.wordpress.org/trunk@25313
git-svn-id: http://core.svn.wordpress.org/trunk@25275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 03:18:08 +00:00
Andrew Nacin
6a1ac52330
Be less verbose when erroring out in do_feed() for an invalid feed template. fixes #24874 .
...
Built from https://develop.svn.wordpress.org/trunk@25190
git-svn-id: http://core.svn.wordpress.org/trunk@25162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-30 23:37:11 +00:00
Andrew Nacin
1fbc03a388
The main site of a secondary network should not use the original wp-content/uploads upload path.
...
props jeremyfelt.
fixes #25030 .
Built from https://develop.svn.wordpress.org/trunk@25148
git-svn-id: http://core.svn.wordpress.org/trunk@25127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-28 03:36:09 +00:00
Andrew Nacin
4d6d80a14f
Introduce is_main_network().
...
By default, a network ID of 1 is assumed to be the main network.
Otherwise, it is the first network listed in the wp_site table.
If PRIMARY_NETWORK_ID is defined, it is considered main network.
props jeremyfelt.
see #25030 .
Built from https://develop.svn.wordpress.org/trunk@25147
git-svn-id: http://core.svn.wordpress.org/trunk@25126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-28 03:35:08 +00:00
Sergey Biryukov
c7de681a26
Add description for _wp_timezone_choice_usort_callback(). props neoxx. fixes #25125 .
...
Built from https://develop.svn.wordpress.org/trunk@25101
git-svn-id: http://core.svn.wordpress.org/trunk@25083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 13:57:08 +00:00
Dion Hulse
5eb1c81924
Make use of the recursive option in mkdir() in wp_mkdir_p(). Avoids a bunch of silenced PHP Notices being logged. Fixes #23196
...
Built from https://develop.svn.wordpress.org/trunk@25047
git-svn-id: http://core.svn.wordpress.org/trunk@25034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-17 03:09:11 +00:00
Andrew Nacin
1065f55586
Add a function to return an empty string, for filters. props wpsmith, trepmal. fixes #20357 .
...
Built from https://develop.svn.wordpress.org/trunk@25037
git-svn-id: http://core.svn.wordpress.org/trunk@25024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-16 20:02:08 +00:00
Ryan Boren
acc0aec2b0
Silence is_dir() to avoud warning when upload_tmp_dir is outside open_basedir.
...
Props dpash
fixes #24704
git-svn-id: http://core.svn.wordpress.org/trunk@24995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 17:39:33 +00:00
Andrew Nacin
21a1fe8d4b
Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
...
fixes #24646 .
git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Michael Adams
ec6f40342a
Allow HTTPS URL enclosures.
...
Props markjaquith with a patch that predates all WordCamps.
Fixes #2875 .
git-svn-id: http://core.svn.wordpress.org/trunk@24810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-28 19:07:43 +00:00
Andrew Nacin
a70604d441
Add iWork formats to valid upload filetypes. key, numbers, pages. props barry, fixes #24621 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-23 15:29:26 +00:00
Ryan Boren
cbf77c6523
Fire wp_auth_check_load() from admin_enqueue_scripts instead of admin_init so that it can access the current screen object.
...
Black list the update and upgrade screens.
Allow plugins to white/black list screens via the wp_auth_check_load filter.
Props nacin
see #23295
git-svn-id: http://core.svn.wordpress.org/trunk@24738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-18 19:06:35 +00:00
Peter Westwood
b58e828475
Fall back to non-translated strings in _deprecated_*() if the translation function doesn't exist. This may be the case in sunrise, for example.
...
Fixes #24778 props SergeyBiryukov.
git-svn-id: http://core.svn.wordpress.org/trunk@24723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-17 21:04:50 +00:00
Andrew Ozz
b96efc779a
Logged out warnings:
...
- Replace the Close button with an always visible "X" icon in the top/right corner.
- Check if the user is still logged in every 3 min. by default.
- Add 'wp_auth_check_interval' filter so the interval can be set from PHP.
See #23295 .
git-svn-id: http://core.svn.wordpress.org/trunk@24695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-12 23:32:32 +00:00
Andrew Nacin
740d141e1d
Support IIS 8 and above.
...
props hurtige for initial patch.
fixes #23533 .
git-svn-id: http://core.svn.wordpress.org/trunk@24594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:27:06 +00:00
Ryan Boren
419fea1a16
Normalize the UTF-8 and ISO-8859-1 charset strings stored in blog_charset to make them friendlier with PHP functions that accept a charset such as htmlspecialchars().
...
fixes #23688
git-svn-id: http://core.svn.wordpress.org/trunk@24510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-25 19:03:17 +00:00
Andrew Nacin
96ee267343
Better validation of the URL used in core HTTP requests.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Andrew Nacin
7addff9967
Use correct variable order in add_query_arg(). This had mostly just filled error logs; it also broke some obscure URL situations. see #23284 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-19 08:33:10 +00:00
Andrew Nacin
bb1234c4be
Fall back to non-translated strings in _doing_it_wrong() if the translation function doesn't exist. This may be the case in sunrise, for example.
...
props SergeyBiryukov.
fixes #23555 .
for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@24439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-19 08:11:59 +00:00
Andrew Ozz
b1009b33c4
Logged out warnings: fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN && ! FORCE_SSL_ADMIN. See #23295
...
git-svn-id: http://core.svn.wordpress.org/trunk@24266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-15 22:09:54 +00:00
Sergey Biryukov
74638ccb5a
Fix typos in phpdoc. props TheLastCicada. fixes #24302 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-10 01:39:30 +00:00
Andrew Ozz
19c3b4bfdc
Logged out warnings:
...
- Don't use <base> tag to set target="_blank". It can break form submission. Instead, set target only on links with JS.
- Fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN == true.
- Properly show/hide the "Close" button when the dialog is shown multiple times.
See #23295
git-svn-id: http://core.svn.wordpress.org/trunk@24208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 22:45:58 +00:00
Mark Jaquith
0a49442e35
Multiple improvements to image post format insertion and display.
...
* get_tag_regex() altered based on Unit Tests.
* Changes to post-formats.js to provide size and link context during image selection.
* Captions are now output in the_post_format_image() when present.
* The meta value for url is respected for the image post format when the HTML in the image meta doesn't include a link
props wonderboymusic. fixes #23965 , #23964 . see #24147 , #24046 .
git-svn-id: http://core.svn.wordpress.org/trunk@24066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 22:11:42 +00:00
Andrew Ozz
bcb9eef7cd
Logged out warnings: fix phpdoc, props ocean90, see #23295
...
git-svn-id: http://core.svn.wordpress.org/trunk@23922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-05 23:28:40 +00:00
Andrew Ozz
04c5aefbea
Logged out warnings: add fallback text dialog for:
...
- The login page has "X-Frame-Options: DENY" header.
- Cross-domain when displaying on the front-end on multisite with domain mapping.
- The site forces ssl login but not ssl admin.
Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295 .
git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 08:43:11 +00:00
Ryan Boren
9f44cb4038
Remove old phpdoc that incorrectly marks wp_timezone_choice() as temporary.
...
Props danielbachhuber
fixes #23804
git-svn-id: http://core.svn.wordpress.org/trunk@23738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 13:35:34 +00:00
Mark Jaquith
53d12e91bc
Introduce [audio] and [video] shortcodes, and use MediaElement.js to play them.
...
props wonderboymusic. see #23282 .
git-svn-id: http://core.svn.wordpress.org/trunk@23729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-16 05:25:44 +00:00
Andrew Nacin
af53edb696
Revert [23411] until encoding differences are worked out. see #20771 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 06:57:56 +00:00