Commit Graph

34116 Commits

Author SHA1 Message Date
Pascal Birchler 8ce7f49c8d Whitelist post arguments in XML-RPC
Merges [40677] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40680


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:20:31 +00:00
Pascal Birchler 26c585efa7 Bump 4.5 branch to version 4.5.8.
Built from https://develop.svn.wordpress.org/branches/4.5@40489


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:23:33 +00:00
Pascal Birchler 4e293bfa45 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40462


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:14:34 +00:00
James Nylen 5d48102386 Bump 4.5 branch to version 4.5.7.
Built from https://develop.svn.wordpress.org/branches/4.5@40204


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:18:31 +00:00
John Blackbourn 806d303a20 Press This: Verify intent before fetching in-page resources using Press This.
Props vortfu

Merges [40195] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40198


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:59:30 +00:00
Aaron Campbell a9f9235d88 Strip control characters before validating redirect.
Merges [40183] to 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40186


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:42:04 +00:00
Aaron Campbell 10a2dd32cf Plugins: Add file check to plugin deletions.
Merges [40169] to 4.5 branch.


Built from https://develop.svn.wordpress.org/branches/4.5@40172


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:00:33 +00:00
Dominik Schilling 4c805032cb Embeds: URL encode YouTube video IDs for broader compatibility.
Merge of [40160] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40163


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:05 +00:00
Jeremy Felt d3d39735ce Validate video and audio metadata.
Merge of [40148] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40151


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:05:33 +00:00
Aaron Campbell 5697303ab4 Bump 4.5 branch to version 4.5.6.
Built from https://develop.svn.wordpress.org/branches/4.5@39998


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:21:32 +00:00
John Blackbourn 864dc6eb0d Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39977


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:14:26 +00:00
Dominik Schilling 4bc646125d Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@39972


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:11:03 +00:00
Dominik Schilling aa2ad2c3dd Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@39958


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:50:32 +00:00
Aaron Campbell 438fd7f3bb Bump 4.5 branch to version 4.5.5.
Built from https://develop.svn.wordpress.org/branches/4.5@39862


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:55:29 +00:00
Joe McGill a1d67608bf Media: Fix exif_imagetype check in wp_get_image_mime
This is a follow up to [39831].

Merges [39850] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39853


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:40:32 +00:00
Joe McGill a8dcdd4fd5 Media: Improve image filetype checking.
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39834


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:15:31 +00:00
Dominik Schilling 85deec68b8 Updates: Translate plugin data on the Updates screen.
Merge of [39808] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@39822


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:40:38 +00:00
Dominik Schilling c1684e38b0 Themes: Fix markup for theme name fallbacks.
Merge of [39807] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@39811


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:10:05 +00:00
Jeremy Felt 13d318d196 Multisite: Use `wp_rand()` in signup key creation.
Merges [39795] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39798


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:33:32 +00:00
Dion Hulse 440b7b387f Update PHPMailer to 5.2.22.
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.5 branch.
Fixes #37210 for 4.5.

Built from https://develop.svn.wordpress.org/branches/4.5@39786


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:23:31 +00:00
Jeremy Felt 2996d445f2 Mail: Disable wp-mail.php when `mailserver_url` is mail.example.com.
Merges [39772] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39775


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:17:05 +00:00
Aaron Campbell 1bed90114d Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39760] to 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@39763


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:44:31 +00:00
Dion Hulse f991d9356c Mail: Upgrade PHPMailer to 5.2.21.
Merges [39645] to the 4.5 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.5@39723


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:04:36 +00:00
Joe McGill da1c938fe9 Media: Improved media titles when created from filename.
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 4.5 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/4.5@39711


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 21:59:35 +00:00
Dion Hulse 3b209fe208 General: Update copyright year to 2017 in license.txt.
Props Nikschavan.
Merges [39659] to the 4.5 branch.
Fixes #39433.

Built from https://develop.svn.wordpress.org/branches/4.5@39699


git-svn-id: http://core.svn.wordpress.org/branches/4.5@39639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:39:11 +00:00
Jeremy Felt 34ea4c35f4 Bump 4.5 branch to 4.5.4.
Built from https://develop.svn.wordpress.org/branches/4.5@38550


git-svn-id: http://core.svn.wordpress.org/branches/4.5@38493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:58:31 +00:00
Jeremy Felt ff1790b8e8 Media: Sanitize upload filename.
Merge of [38538] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@38540


git-svn-id: http://core.svn.wordpress.org/branches/4.5@38483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:57:58 +00:00
Pascal Birchler b7bb8822d7 Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
Merge of [38524] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@38526


git-svn-id: http://core.svn.wordpress.org/branches/4.5@38467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:34:33 +00:00
Dominik Schilling c1e4d25350 The 4.5 branch is now 4.5.4-alpha.
Built from https://develop.svn.wordpress.org/branches/4.5@38000


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 12:07:32 +00:00
Boone Gorges bf6eb0bc86 Fix About changelog for 4.5.3.
Built from https://develop.svn.wordpress.org/branches/4.5@37828


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:16:28 +00:00
Boone Gorges 5843d8201a 4.5.3 fixes 17 bugs, not 16.
Built from https://develop.svn.wordpress.org/branches/4.5@37827


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 15:56:28 +00:00
Boone Gorges b15f7577d3 Bump 4.5 branch to 4.5.3.
Built from https://develop.svn.wordpress.org/branches/4.5@37826


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 15:53:29 +00:00
Pascal Birchler 47e67b7d33 Media: Fix rendering of incorrect toolbar in the Edit view.
This switches event binding in `wp.media.controller.EditImage` to use `on`
instead of `listenTo` to restore rendering of the correct toolbar when the
`toolbar:render:edit-image` event fires. The existing listeners broke
when we upgraded Backbone in [36546].

Merge of [37678] to the 4.5 branch.

Props adamsilverstein.
Fixes #36861.
Built from https://develop.svn.wordpress.org/branches/4.5@37813


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:55:30 +00:00
Joe McGill b747172c20 Media: Improve handling of extensionless filenames.
Merge of [37756] to the 4.5 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.5@37809


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:52:06 +00:00
Nikolay Bachiyski df44f6cbc4 Admin: escape URL-encoded permalinks
Merge of [37801] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@37806


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:50:03 +00:00
Pascal Birchler 63325a253e Media: Restore keyboard navigation of the media grid.
This changes the binding of event listeners in the Attachments Browser
to use `on` instead of `listenTo` for the `attachment:keydown:arrow` and
`attachment:details:shift-tab` events. The existing listeners broke
when we upgraded Backbone in [36546].

Merge of [37755] to the 4.5 branch.

Props adamsilverstein.
Fixes #36900.
Built from https://develop.svn.wordpress.org/branches/4.5@37804


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:49:28 +00:00
Rachel Baker 01fbbebff4 Revisions: Change the capability needed to view revision diffs to `edit_post`.
Merge of [37779] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@37791


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:27:33 +00:00
Nikolay Bachiyski 97bcc889a7 Admin: Escape attachment name in case it contains special characters
Merge of [37774] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@37783


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:23:45 +00:00
Dominik Schilling 45dc424bc1 Customize: Make sure that preview and return URLs are URLs.
Merge of [37527] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@37768


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:16:56 +00:00
Boone Gorges 4113f3fb69 Taxonomy: More specific cap check when processing category data on post save.
Ports [37691] to the 4.5 branch.

 Props dlh.
 Fixes #36379.
 Please enter the commit message for your changes. Lines starting
Built from https://develop.svn.wordpress.org/branches/4.5@37759


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:11:55 +00:00
Jeremy Felt c75e86705a Admin: Allow for the consistent filtering of `auth_redirect_scheme`
Merge of [37651] to the 4.5 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.5@37757


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:10:30 +00:00
Pascal Birchler f5fdf443eb Menus: Support nested array variables in POST data when saving menus.
[36510] allowed larger menus to be created in the Edit Menu screen by JSON-encoding the entire form into a single input field. However, it did not correctly handle nested arrays.

This introduces a new `_wp_expand_nav_menu_post_data()` helper function to handle this POST data which uses `array_replace_recursive()` internally. Since the latter is only available on PHP 5.3+, we add a compatibility function to ensure PHP 5.2 support.

Merge of [37748] and [37750] to the 4.5 branch.

Props ericlewis, neverything, swissspidy.
Fixes #36590. See #14134.
Built from https://develop.svn.wordpress.org/branches/4.5@37754


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-20 19:50:30 +00:00
Aaron Jorbin 9b7c749c86 Output node and npm versions on travis.
In order to make local debugging of travis easier, output the npm and node versions when travis runs.

[37730] for 4.5.

see #37116. 

Built from https://develop.svn.wordpress.org/branches/4.5@37733


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 17:32:28 +00:00
Pascal Birchler e05facfc58 Embeds: Enforce a valid post ID when embedding a post from the current site.
Otherwise `wp_filter_pre_oembed_result()` could erroneously return the HTML of the current post instead of the intended result.

Merge of [37729] to the 4.5 branch.

Props kraftbj.
See #36767.
Built from https://develop.svn.wordpress.org/branches/4.5@37732


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 17:30:55 +00:00
Dominik Schilling c3a292dc76 Customize: Separate preview and actions in the site icon control.
Reverts [37456] to allow users to remove/change a site icon even if the attachment has corrupt/missing data about sizes.

Merge of [37724] to the 4.5 branch.

See #36749.
Built from https://develop.svn.wordpress.org/branches/4.5@37725


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 09:53:28 +00:00
Pascal Birchler e09e36af80 Fix tests after [37709].
Avoids using `assertNotFalse()` which is only available in PHPUnit 4.0 and above.

See [37708], [37710].
See #36767.
Built from https://develop.svn.wordpress.org/branches/4.5@37711


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-15 12:24:28 +00:00
Pascal Birchler ddfbf0cbe4 Embeds: Improve performance when embedding a post of the current site.
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Merge of [37708] to the 4.5 branch.

Fixes #36767.
Built from https://develop.svn.wordpress.org/branches/4.5@37709


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-15 11:32:29 +00:00
Dominik Schilling caf7ab7df5 Database: `dbDelta()` will no longer try to downgrade the size of `TEXT` and `BLOB` columns.
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.

On the subsequent upgrade, after the `utf8mb4` upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their original size, so let's do that.

Merge of [37525] to the 4.5 branch.

Props pento.
See #36748.


Built from https://develop.svn.wordpress.org/branches/4.5@37606


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-01 12:59:28 +00:00
Dominik Schilling d04d7ae710 TinyMCE: Fix inline toolbar positioning.
Introduced in [37000].
See 2fb8aa48e9.
See 5734a8d880.

Merge of [37559] to the 4.5 branch.

Props iseulde.
Fixes #36876.
Built from https://develop.svn.wordpress.org/branches/4.5@37605


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-01 12:32:27 +00:00
Dominik Schilling 71b97108db External Libraries: Update jQuery Migrate to 1.4.1.
http://blog.jquery.com/2016/05/19/jquery-migrate-1-4-1-released-and-the-path-to-jquery-3-0/

Unquoted selectors for attribute selectors should function once again (and output a warning so that plugins and themes using them can update).

Merge of [37472] to the 4.5 branch.

Props jorbin.
Fixes #36892.
Built from https://develop.svn.wordpress.org/branches/4.5@37604


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-01 12:25:31 +00:00