John Blackbourn
ce44be8623
Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability.
...
Merges [42261] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@42275
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:20:35 +00:00
John Blackbourn
6ad95824d6
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
...
Merges [42260] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@42274
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:19:34 +00:00
John Blackbourn
e951da4039
Hardening: Add escaping to the language attributes used on `html` elements.
...
Merges [42259] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@42273
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:18:35 +00:00
John Blackbourn
547fd42bfe
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@42272
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:17:35 +00:00
John Blackbourn
7b76bf79e7
Users: Correct the value of the `lang` attribute in the admin area.
...
This corrects the value when the user's language is set to `English (United States)` but the site language is not.
Props ocean90, afercia
See #42242
Merges [42220] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@42263
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:06:34 +00:00
Dion Hulse
2bb8ddb13f
WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined.
...
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.7 branch.
Fixes #42431 and #42401 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@42231
git-svn-id: http://core.svn.wordpress.org/branches/4.7@42060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:08:36 +00:00
John Blackbourn
ccc801963c
General: Remove the version number from the readme file in the 4.7 branch.
...
See #42386
Built from https://develop.svn.wordpress.org/branches/4.7@42100
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 18:06:45 +00:00
Gary Pendergast
b14e1b3d42
Bump 4.7 branch to version 4.7.7.
...
Built from https://develop.svn.wordpress.org/branches/4.7@42070
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:13:33 +00:00
Gary Pendergast
cf1f0311c8
Database: Restore numbered placeholders in `wpdb::prepare()`.
...
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.7 branch.
See #41925 .
Built from https://develop.svn.wordpress.org/branches/4.7@42058
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:34:34 +00:00
Dominik Schilling
0a70974b31
Taxonomy/Users: Use correct escaping function for URLs.
...
Merge of [41522] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41524
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:21:35 +00:00
Dominik Schilling
f920f99c1c
Bump 4.7 branch to version 4.7.6.
...
Built from https://develop.svn.wordpress.org/branches/4.7@41511
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:56:36 +00:00
Dominik Schilling
ec72da84f3
Bump 4.7 branch to version 4.7.3.
...
Built from https://develop.svn.wordpress.org/branches/4.7@41510
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:51:32 +00:00
Aaron Campbell
727aa4586a
Database: Hardening to bring `wpdb::prepare()` inline with documentation.
...
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41498
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:12:33 +00:00
Aaron Campbell
8e19eed411
Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`.
...
While `wpdb::prepare()` does not support null values (see #12819 ) they still appear in the wild like in the WordPress Importer and other plugins.
Merges [41483] to 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41485
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:20:06 +00:00
Aaron Campbell
5b685405be
Database: Hardening for `wpdb::prepare()`
...
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41472
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:59:36 +00:00
John Blackbourn
2915a1c876
Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
...
Merges [41457] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41459
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:38:34 +00:00
Aaron Campbell
2a7026d88f
oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
...
Merges [41448] to 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41451
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:48:35 +00:00
Dominik Schilling
af0877f0db
TinyMCE: Improve the previews for shortcodes.
...
Merge of [41395] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41436
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:42:05 +00:00
Dominik Schilling
c259dff63c
Customize: Ensure valid themes in the preview.
...
Merge of [41397] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41430
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:51:06 +00:00
Dominik Schilling
a0af012ed0
Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41418
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:12:08 +00:00
John Blackbourn
7c8fbd2966
General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
...
Merges [41412] to the 4.7 branch
See #13377
Built from https://develop.svn.wordpress.org/branches/4.7@41413
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:21:48 +00:00
Dominik Schilling
1e45c3e2fe
Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog.
...
Merge of [41393] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41401
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:16:08 +00:00
John Blackbourn
fae164a240
Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.7 branch build.
...
This removes the PHP 7.0, 5.5, 5.4, 5.3, and nightly jobs.
Fixes #41707
Built from https://develop.svn.wordpress.org/branches/4.7@41307
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 21:41:32 +00:00
John Blackbourn
f8663be50e
Build/Test Tools: Remove ancient UT ticket handling for the 4.7 branch.
...
See #40533
Merges [40523] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41305
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 19:59:36 +00:00
John Blackbourn
9cc990bb3e
Build/Test tools: Use the latest in the 4.x and 6.x branches of PHPUnit when running tests on Travis for the 4.7 branch.
...
See #41472
Merges [41294] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41296
git-svn-id: http://core.svn.wordpress.org/branches/4.7@41136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 17:11:09 +00:00
John Blackbourn
b98a29c182
Build: Switch PHP 5.2 and 5.3 to Travis' Ubuntu `precise` image
...
Starting today, Travis will begin switching the default image to `trusty`, which does not support PHP 5.2 or 5.3.
This is not a full fix, because Travis will be dropping `precise` support entirely in September (https://github.com/travis-ci/travis-ci/issues/8072 ). However, it buys us some time until then.
See #41292
Merges [41072] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41074
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-18 13:06:34 +00:00
John Blackbourn
61af9be9c6
Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised.
...
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.
See #39822
Merges [40872] and [40873] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40876
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-05 10:42:38 +00:00
Konstantin Obenland
7783f8a29b
Import Twenty Sixteen for the 4.7 branch.
...
See #36497 .
Built from https://develop.svn.wordpress.org/branches/4.7@40855
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-30 22:57:36 +00:00
John Blackbourn
1802c0b26d
Build/Test Tools: Add a missing class to the PHPUnit 6 back compat.
...
See #39822
Merges [40853] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40854
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-30 22:08:35 +00:00
Aaron Campbell
819af82764
Post-4.7.5 version bump for 4.7 branch.
...
Built from https://develop.svn.wordpress.org/branches/4.7@40770
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 23:01:32 +00:00
Aaron Campbell
9fad803761
Bump 4.7 branch to version 4.7.5.
...
Built from https://develop.svn.wordpress.org/branches/4.7@40748
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:48:33 +00:00
Pascal Birchler
314556b55c
Media: Simplify upload error message construction.
...
Merges [40736] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40737
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:00:35 +00:00
Pascal Birchler
79988bff38
REST API: JS Client - Enable connecting to multiple endpoints.
...
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of
connected endpoints is stored in `wp.api.endpoints`.
Props lucasstark.
Fixes #39683 .
Merges [40364] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40735
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 16:35:33 +00:00
Aaron Campbell
a86f61290e
Add nonce for updating file system credentials.
...
Merges [40723] to 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40724
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:51:35 +00:00
Weston Ruter
58075bfc88
Customize: Fix phpunit tests after [40704] due to logic inversion error.
...
Merge of [40716] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40717
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:37:35 +00:00
Dominik Schilling
2d7fa9d0dc
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40705
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:14:35 +00:00
Pascal Birchler
0f3180de02
Adjust post meta checks
...
Merges [40692] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40693
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:48:34 +00:00
Pascal Birchler
8ef530d469
Improve redirect handling
...
Merges[40689] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40690
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:40:36 +00:00
Pascal Birchler
031cbb0548
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40678
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:17:34 +00:00
Dion Hulse
22f5836c8c
Bump Akismet external to 3.3.2
...
See #40002
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-12 04:08:46 +00:00
Aaron Jorbin
d2a0e52c43
Build/Test: Post Travis results to Slack from WordPress/wordpress-develop
...
Backports [40604] to 4.7
Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.
Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.
Fixes #40712 .
Built from https://develop.svn.wordpress.org/branches/4.7@40616
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 00:31:33 +00:00
Dion Hulse
7b810872a1
Bump Akismet external to 3.3.1
...
See #40002
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-02 23:36:14 +00:00
John Blackbourn
799bdcec00
Build/Test Tools: Backport various recent changes to the 4.7 branch.
...
* Add support for PHPUnit 6+.
* Add Composer files to the cache on Travis.
* Remove HHVM from the test infrastructure on Travis.
Merges [40536], [40538], [40539], and [40546] to the 4.7 branch.
See #40539
Fixes #39822 , #40548
Built from https://develop.svn.wordpress.org/branches/4.7@40547
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-24 00:38:35 +00:00
Boone Gorges
820070e588
Restore support for taxonomy 'args' override when querying object terms.
...
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.
The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.
Ports [40513] to the 4.7 branch.
Props danielbachhuber.
Fixes #40496 .
Built from https://develop.svn.wordpress.org/branches/4.7@40514
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-21 19:18:36 +00:00
Dion Hulse
0516c67beb
List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again.
...
Unprop afercia.
Merges [40268] to the 4.7 branch.
Fixes #40056 .
Built from https://develop.svn.wordpress.org/branches/4.7@40512
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-21 07:36:37 +00:00
Pascal Birchler
75de3e9c44
Post-4.7.4 version bump for 4.7 branch.
...
Built from https://develop.svn.wordpress.org/branches/4.7@40509
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 18:54:36 +00:00
Pascal Birchler
8cf8ada93d
Bump 4.7 branch to version 4.7.4.
...
Built from https://develop.svn.wordpress.org/branches/4.7@40487
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:21:36 +00:00
Andrew Ozz
84387613b6
TinyMCE: Fix cursor position after updating a wpview node. Fix hiding the inline toolbar on editor blur.
...
Props iseulde, azaozz.
Merges [40481] to the 4.7 branch.
Fixes #40480 .
Built from https://develop.svn.wordpress.org/branches/4.7@40482
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-19 22:18:36 +00:00
Pascal Birchler
9e791361e1
Bump 4.7 branch to 4.7.4-RC1.
...
Built from https://develop.svn.wordpress.org/branches/4.7@40475
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-18 17:06:37 +00:00
Pascal Birchler
8e0e34aa23
4.7.4-RC
...
Built from https://develop.svn.wordpress.org/branches/4.7@40474
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-18 15:52:36 +00:00