WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,319 Commits 50 Branches 749 Tags 906 MiB
Commit Graph

27319 Commits

Author SHA1 Message Date
desrosj d5e5bd0671 Updating the About page for WordPress 4.0.30 
Built from https://develop.svn.wordpress.org/branches/4.0@47688


git-svn-id: http://core.svn.wordpress.org/branches/4.0@47465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:17:13 +00:00
desrosj a941556b2e WordPress 4.0.30 
Built from https://develop.svn.wordpress.org/branches/4.0@47680


git-svn-id: http://core.svn.wordpress.org/branches/4.0@47457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:03:58 +00:00
whyisjake 7baf7d5b6a User: Invalidate `user_activation_key` on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.0 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.0@47659


git-svn-id: http://core.svn.wordpress.org/branches/4.0@47436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:54:14 +00:00
Sergey Biryukov 5e48e39d47 WordPress 4.0.29 
Built from https://develop.svn.wordpress.org/branches/4.0@46933


git-svn-id: http://core.svn.wordpress.org/branches/4.0@46733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:34:14 +00:00
Sergey Biryukov 473123ae0b Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.0 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.0@46908


git-svn-id: http://core.svn.wordpress.org/branches/4.0@46708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:38:14 +00:00
desrosj 143bfc02d6 WordPress 4.0.28. 
Built from https://develop.svn.wordpress.org/branches/4.0@46520


git-svn-id: http://core.svn.wordpress.org/branches/4.0@46317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:17:14 +00:00
whyisjake 8a02054f7e Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@46502


git-svn-id: http://core.svn.wordpress.org/branches/4.0@46299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:20:15 +00:00
desrosj d6d162d67c WordPress 4.0.27. 
Built from https://develop.svn.wordpress.org/branches/4.0@46034


git-svn-id: http://core.svn.wordpress.org/branches/4.0@45846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:02:42 +00:00
desrosj 371474fb28 Fix for URL sanitization in `wp_kses_bad_protocol_once()`. 
Merges [45997] to the 4.0 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.0@46015


git-svn-id: http://core.svn.wordpress.org/branches/4.0@45826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:43:04 +00:00
Sergey Biryukov 72bc032631 Improve URL validation in `wp_validate_redirect()`. 
Merges [45971] to the 4.0 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.0@45985


git-svn-id: http://core.svn.wordpress.org/branches/4.0@45796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:16:13 +00:00
whyisjake 0bbd6c270b Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.0 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.0@45963


git-svn-id: http://core.svn.wordpress.org/branches/4.0@45774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:46:14 +00:00
Sergey Biryukov 701d78e235 Escape the output in `wp_ajax_upload_attachment()`. 
Merges [45936] to the 4.0 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.0@45960


git-svn-id: http://core.svn.wordpress.org/branches/4.0@45771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:42:14 +00:00
John Blackbourn 442e49eb39 Build/Test tools: Fix the Travis CI build for the 4.0 branch. 
Among other fixes, this backports [29860], [29869], [29954], [30160], [30530].

Fixes #46646

Built from https://develop.svn.wordpress.org/branches/4.0@45013


git-svn-id: http://core.svn.wordpress.org/branches/4.0@44822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-26 00:46:20 +00:00
Gary Pendergast b91cab4db7 WordPress 4.0.26 
Built from https://develop.svn.wordpress.org/branches/4.0@44886


git-svn-id: http://core.svn.wordpress.org/branches/4.0@44717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:56:17 +00:00
Sergey Biryukov 33938f5991 Comments: Improve comment content filtering. 
Merges [44842] to the 4.0 branch.
Built from https://develop.svn.wordpress.org/branches/4.0@44854


git-svn-id: http://core.svn.wordpress.org/branches/4.0@44686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:49:14 +00:00
Jeremy Felt 0ac92b3c2e Bump 4.0 branch to version 4.0.25. 
Built from https://develop.svn.wordpress.org/branches/4.0@44087


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:16:07 +00:00
Gary Pendergast 837af88a27 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@44070


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:57:13 +00:00
Peter Wilson c19efc0288 Multisite: Validate activation links. 
Merges [44048] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44069


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:56:13 +00:00
iandunn 4b02fb050d KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.0` branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44044


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:19:13 +00:00
Peter Wilson 82c3aff4a6 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44037


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:01:13 +00:00
Gary Pendergast a887beaab6 KSES: Conditionally remove the `<form>` element from `$allowedposttags`. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@44015


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:55:15 +00:00
Jeremy Felt 4bf1e12be7 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44009


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:43:14 +00:00
Aaron Campbell e0669df10b Bump 4.0 branch to version 4.0.24 
Built from https://develop.svn.wordpress.org/branches/4.0@43416


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:13:59 +00:00
John Blackbourn 5d0d03c979 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@43402


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:11:16 +00:00
Aaron Campbell 47734f66c8 Bump 4.0 branch to version 4.0.23 
Built from https://develop.svn.wordpress.org/branches/4.0@42942


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:32:10 +00:00
Dominik Schilling b7ad4d7fe4 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42926


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:11:09 +00:00
Dominik Schilling dd263fc53e Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42904


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:34:12 +00:00
Sergey Biryukov 5a8e43f8cd General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.0 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.0@42561


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:30:13 +00:00
Dion Hulse 31b12793ea Bump the 4.0 branch to 4.0.22. 
Built from https://develop.svn.wordpress.org/branches/4.0@42503


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:46:19 +00:00
Dion Hulse d6fc54f0f0 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.0 branch.
Fixes #42720 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@42486


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:14:22 +00:00
Dion Hulse c5ccc7cdfa Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.0 branch.
Fixes #42963 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@42474


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:58:39 +00:00
John Blackbourn dcff9fb48a Bump 4.0 branch to version 4.0.21. 
Built from https://develop.svn.wordpress.org/branches/4.0@42325


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:03:19 +00:00
John Blackbourn 80aef7ba67 Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability. 
Merges [42261] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42303


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:40:35 +00:00
John Blackbourn a44ccc633f Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42302


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:40:18 +00:00
John Blackbourn 5532a29f59 Hardening: Add escaping to the language attributes used on `html` elements. 
Merges [42259] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42301


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:39:05 +00:00
John Blackbourn c2be27457f Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 
Merges [42258] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42300


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:38:47 +00:00
Dion Hulse 6105b0dedb WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.0 branch.
Fixes #42431 and #42401 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@42238


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:14:18 +00:00
John Blackbourn 0c9b121594 General: Remove the version number from the readme file in the 4.0 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/4.0@42096


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 18:02:19 +00:00
Gary Pendergast a9c82ac560 Bump 4.0 branch to version 4.0.20. 
Built from https://develop.svn.wordpress.org/branches/4.0@42077


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:44:19 +00:00
Gary Pendergast 907fe8136e Database: Restore numbered placeholders in `wpdb::prepare()`. 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.0 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.0@42065


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:55:20 +00:00
Dominik Schilling 03aec8b402 Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41531


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:39:43 +00:00
Aaron Campbell 42af396f21 Bump 4.0 branch to version 4.0.19. 
Built from https://develop.svn.wordpress.org/branches/4.0@41518


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:10:20 +00:00
Aaron Campbell f10a53cf41 Database: Hardening to bring `wpdb::prepare()` inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41505


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:42:19 +00:00
Aaron Campbell a133648403 Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`. 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41492


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:26:35 +00:00
Aaron Campbell f80bd53e4b Database: Hardening for `wpdb::prepare()` 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41479


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:04:19 +00:00
John Blackbourn d29f744559 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41466


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:44:37 +00:00
John Blackbourn 9f5d4f74be General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41434] with changes to the 4.0 branch.

See #13377

Built from https://develop.svn.wordpress.org/branches/4.0@41447


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 13:42:20 +00:00
Dominik Schilling 4c6018f7ea TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41443


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 12:45:12 +00:00
Dominik Schilling ed1fb81c47 Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41425


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41258 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:15:17 +00:00
Dominik Schilling 5fc965b084 Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog. 
Merge of [41393] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41408


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:20:09 +00:00