Commit Graph

12 Commits

Author SHA1 Message Date
davidbaumwald d4c02d548e Grouped backports to the 5.6 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.

Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.6 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.6@56882


git-svn-id: http://core.svn.wordpress.org/branches/5.6@56393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:28:44 +00:00
desrosj cad4a1a3d7 External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
Props xknown, peterwilsoncc, desrosj, dd32, whyisjake.
Merges [49373] to trunk.
Built from https://develop.svn.wordpress.org/trunk@49382


git-svn-id: http://core.svn.wordpress.org/trunk@49141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:00:08 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Aaron Jorbin 0ea646a185 External Libraries: Fix PHP 7.4 compatibility issue in the Requests library.
Moves https://github.com/rmccue/Requests/pull/370 into WordPress.

Previous [46258].

See #47746.

Built from https://develop.svn.wordpress.org/trunk@46416


git-svn-id: http://core.svn.wordpress.org/trunk@46214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-06 17:14:02 +00:00
desrosj 2d29e22e56 External Libraries: Fix PHP 7.4 compatibility issues in the Requests library.
See: https://github.com/rmccue/Requests/compare/v1.7.0...3470169

Props jrf, jorbin, desrosj.
See #47746.
Built from https://develop.svn.wordpress.org/trunk@46258


git-svn-id: http://core.svn.wordpress.org/trunk@46070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-23 18:11:59 +00:00
Dion Hulse d317fa487f HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.
Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the `Host:` header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

Built from https://develop.svn.wordpress.org/trunk@38727


git-svn-id: http://core.svn.wordpress.org/trunk@38670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-05 03:24:37 +00:00
Dion Hulse 1dd3ed4bd5 Requests: Update to Requests master (fb5b517) which corrects a logic inversion in the cURL transport checks.
Previously if a host had only disabled one of `curl_init()` or `curl_exec()` it wouldn't get detected correctly by Requests, which caused cURL warnings for users on an affecte dhost.

Fixes #37700 for trunk.

Built from https://develop.svn.wordpress.org/trunk@38274


git-svn-id: http://core.svn.wordpress.org/trunk@38215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-18 03:48:31 +00:00
Dion Hulse 2d860ae3d6 Requests: Merge handling for custom HTTP methods.
This merges the latest changes to Requests from upstream to add support for custom HTTP methods.
See 1b5ffd8501

Props Ipstenu, ocean90.
Fixes #37503 for trunk.

Built from https://develop.svn.wordpress.org/trunk@38191


git-svn-id: http://core.svn.wordpress.org/trunk@38132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-04 07:14:31 +00:00
Ryan McCue b8b7a00889 HTTP API: Update Requests.
This introduces a minimum value of 1 second for timeouts passed to cURL.

Internally, cURL uses alarm() for interrupts, which accepts a second-resolution timeout. Any values lower than 1 second are instantly failed rather than being rounded upwards. While this makes the experience worse for those using asynchronous DNS lookups, there's no way to detect which DNS resolver is being used from PHP.

See #33055, #8923.

Built from https://develop.svn.wordpress.org/trunk@37694


git-svn-id: http://core.svn.wordpress.org/trunk@37660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 05:30:28 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Ryan McCue 1e40ba291e HTTP API: Fix compatibility with cURL <7.22
Ensure connections are closed after usage to fix an issue with WP.com URLs used in the tests.

Resynched from GitHub at 95518ce.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37430


git-svn-id: http://core.svn.wordpress.org/trunk@37396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 11:15:29 +00:00
Ryan McCue 37f6e6813a HTTP API: Replace internals with Requests library.
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00