Commit Graph

23744 Commits

Author SHA1 Message Date
Gary Pendergast f51aa3949c Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.7 branch.
Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/branches/3.7@32206


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:44:10 +00:00
Gary Pendergast 03874af5c9 In Multisite, prevent plugins from unintentionally switching sites. Merge of [32173] to the 3.7 branch.
Props mdawaffe, pento.


Built from https://develop.svn.wordpress.org/branches/3.7@32202


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 13:28:10 +00:00
Gary Pendergast c3a4c7463c Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 3.7 branch.
Props azaozz.


Built from https://develop.svn.wordpress.org/branches/3.7@32196


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:58:10 +00:00
Gary Pendergast 888d60a151 Clean up some edge cases in `sanitize_sql_orderby()`. Merge of [32164] to the 3.7 branch.
Props vortfu, dd32.


Built from https://develop.svn.wordpress.org/branches/3.7@32192


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 12:41:09 +00:00
Gary Pendergast 5236e251a3 Merge the query sanity checks from #21212 to the 3.7 branch.
Props pento, nacin, mdawaffe, DrewAPicture.


Built from https://develop.svn.wordpress.org/branches/3.7@32188


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 11:52:10 +00:00
Gary Pendergast 3d8bbda3e4 3.7: Bump package.json, readme.html and license.txt.
Built from https://develop.svn.wordpress.org/branches/3.7@32160


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:53:09 +00:00
Gary Pendergast a05b1eca46 The 3.7 branch is now 3.7.6-alpha.
Built from https://develop.svn.wordpress.org/branches/3.7@32159


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:49:09 +00:00
Andrew Nacin f5f28b9b1b 3.7.5 version bumps.
Built from https://develop.svn.wordpress.org/branches/3.7@30472


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:26:10 +00:00
Andrew Nacin 3762c63026 Prevent high resource usage when hashing large passwords. props mdawaffe, pento
Merges [30466] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30470


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:08:09 +00:00
Andrew Nacin 1e3fb4d13c Validate image data.
Merges [30458] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30465


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 16:00:09 +00:00
Andrew Nacin 0c8039be21 Anchor texturize to shortcodes to improve regex efficiency.
Merges [30452] to the 3.7 branch.

props miqrogroove.
see #29557 for segfault issues.

Built from https://develop.svn.wordpress.org/branches/3.7@30456


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:40:09 +00:00
Andrew Nacin 1e0faa77d3 Better validation of the URL used in core HTTP requests.
Merges [30443] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30447


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:03:08 +00:00
Andrew Nacin 3d16a38fc4 Press This: Ensure the error message is printed. props johnbillion
Merges [30438] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30442


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:00:18 +00:00
Andrew Nacin c2b7538b1c Invalidate password keys when a user's email changes.
Merges [30430] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30434


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:43:09 +00:00
Andrew Nacin eeb9290b3b Fix typo in style filter. props miqrogroove
Merges [30425] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30429


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:17:09 +00:00
Andrew Nacin 61d9bd544b Form validation for password resets.
Merges [30417] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30421


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:25:19 +00:00
Andrew Nacin 7e1c039ed1 Use hash_equals() for old md5 hashes.
Merges [30412] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@30416


git-svn-id: http://core.svn.wordpress.org/branches/3.7@30411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 12:06:10 +00:00
Andrew Nacin a318c79670 Password resets: Use network_site_url() for form actions.
Merges [29631] to the 3.7 branch.

props mdawaffe.
fixes #29156.

Built from https://develop.svn.wordpress.org/branches/3.7@29640


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 03:06:11 +00:00
Andrew Nacin e4da99ec10 3.7.4
Built from https://develop.svn.wordpress.org/branches/3.7@29413


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 18:27:35 +00:00
Andrew Nacin 635a071eda Use delimiters when building nonce hashes. Part two of [29388].
Built from https://develop.svn.wordpress.org/branches/3.7@29410


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:59:09 +00:00
Andrew Nacin 69d28f882f Ignore entities in XML-RPC requests.
Merges [29404] to the 3.7 branch.

props mdawaffe, nacin.

Built from https://develop.svn.wordpress.org/branches/3.7@29407


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 17:51:19 +00:00
Andrew Nacin 8b02ba1d76 Escape late in get_avatar().
Merges [29397] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29400


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:51:32 +00:00
Andrew Nacin b9739cae41 Don't pass around the password reset key.
Merges [29327] and [29381] to the 3.7 branch.

props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/branches/3.7@29396


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 06:40:11 +00:00
Andrew Nacin 746e87cf0a Disable external entities in ID3.
Merges [29378] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29392


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:58:19 +00:00
Andrew Nacin 2312c77dc5 Constant time for wp_verify_nonce().
Merges [29384] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29388


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:45:10 +00:00
Andrew Nacin 110becdc03 3.7.4-alpha
Built from https://develop.svn.wordpress.org/branches/3.7@29387


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:44:11 +00:00
Andrew Nacin d2044c3bb5 3.7.3
Built from https://develop.svn.wordpress.org/branches/3.7@28119


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-14 19:06:10 +00:00
Andrew Nacin 7331bf3e98 Avoid stomping of bulk postdata inside the bulk_edit_posts() loop.
Merges [28113] to the 3.7 branch.

Reverts [27992] which did not fix it for authors and comment/ping status.

props dd32, DrewAPicture.
fixes #27792.

Built from https://develop.svn.wordpress.org/branches/3.7@28115


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-14 08:13:10 +00:00
Andrew Nacin 1ea4ff28ce 3.7.3-RC1
Built from https://develop.svn.wordpress.org/branches/3.7@28078


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 17:30:09 +00:00
Andrew Nacin 9c1b1dd073 Recover auto-drafts lost via Quick Draft.
Merges [28075] from the 3.8 to the 3.7 branch. See [28074].

fixes #27734.

Built from https://develop.svn.wordpress.org/branches/3.7@28077


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 17:29:10 +00:00
Andrew Nacin 1f7cf009b3 Ensure edit_post() promotes an auto-draft to draft. Fixes Quick Draft.
Merges [28073] from the 3.8 branch to the 3.7 branch.

props dd32.
see #27734.

Built from https://develop.svn.wordpress.org/branches/3.7@28074


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-11 04:38:11 +00:00
Andrew Nacin 1dd3b9212e 3.7.2
Built from https://develop.svn.wordpress.org/branches/3.7@28056


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:13:10 +00:00
Andrew Nacin e17e1d22e6 Bump Akismet external in the 3.7 branch to 2.6.0.
git-svn-id: http://core.svn.wordpress.org/branches/3.7@27886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:10:19 +00:00
Andrew Nacin 4932c36533 Harden HMAC verification. props duck_. [28053] for 3.7.
Built from https://develop.svn.wordpress.org/branches/3.7@28055


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:08:10 +00:00
Andrew Nacin ab7e094de3 3.7.2-RC1
Built from https://develop.svn.wordpress.org/branches/3.7@27993


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 19:40:11 +00:00
Andrew Nacin e5ba4e75cb Avoid stomping of bulk postdata inside the bulk_edit_posts() loop.
Merges [27990] to the 3.7 branch.

props kovshenin.
see [27964], see #27452.

Built from https://develop.svn.wordpress.org/branches/3.7@27992


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 19:36:21 +00:00
Andrew Nacin c322ca97ad Better checks for contributors when saving posts.
Merges [27976] from the 3.8 branch to the 3.7 branch.

props dd32, kovshenin, plocha.
fixes #27452.

Built from https://develop.svn.wordpress.org/branches/3.7@27977


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-06 22:17:10 +00:00
Dion Hulse 1d299753ff Background Updates: Fix a PHP Warning caused by a Upgrader instance being passed into the Theme & Plugin $extra_stats parameter.
Background Updates: Fix two variable typos in r27905

Merges [27906],	[27928]	to the 3.7 branch.
Fixes #27633.

Built from https://develop.svn.wordpress.org/branches/3.7@27930


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-03 05:47:09 +00:00
Andrew Nacin d5744d72dc Background Updates: Record plugin & theme update statistics like we do for core updates.
Pass plugin/theme update objects into the Background updater for consistency with core & translations.

Merges [27905] to the 3.7 branch.

props dd32.
fixes #27633.

Built from https://develop.svn.wordpress.org/branches/3.7@27924


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-03 04:03:09 +00:00
Andrew Nacin 3ec57fa3e0 Update Plupload Silverlight binary to 1.5.8 in the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@27921


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-03 03:38:09 +00:00
Andrew Nacin dc382aeae2 Remove links_recently_updated_time (hardening).
Merges [27917] from the 3.8 branch to 3.7 branch.

see #27649.

Built from https://develop.svn.wordpress.org/branches/3.7@27919


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-03 03:23:10 +00:00
Andrew Nacin 52f5555eca Prefix the notoptions cache key in the multisite site-options group with $wpdb->siteid to avoid collisions.
Merges [26304] (and [26305]) from 3.8 to the 3.7 branch.

props wonderboymusic.
fixes #25883.

Built from https://develop.svn.wordpress.org/branches/3.7@27888


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 04:07:09 +00:00
Andrew Nacin 3d8c17a9c8 Fix a regression in wp_mkdir_p() where the $mode of the parent folder is not correctly applied to all created paths.
Merges [26449] and [26927] from 3.8.x to the 3.7 branch.

props dd32.
fixes #25822.

Built from https://develop.svn.wordpress.org/branches/3.7@27887


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 04:02:10 +00:00
Andrew Nacin 7a01e960b5 Cron: Fix a case where a cache inconsistency can cause wp_clear_scheduled_hook() to enter an infinite loop.
Merges [26782] from 3.8 to the 3.7 branch.

props dd32.
fixes #25773.

Built from https://develop.svn.wordpress.org/branches/3.7@27886


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 03:40:10 +00:00
Andrew Nacin 8d9c69ffc4 Core Updates: Fix a case where options (db_version specifically) can end up with stale values in the cache after a update is performed.
Merges [26448] and [26734] from 3.8 to the 3.7 branch.

props dd32.
fixes #26173.

Built from https://develop.svn.wordpress.org/branches/3.7@27885


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 03:36:10 +00:00
Andrew Nacin 62f4a5b223 Updates: When a failed Background Update occurs, only show the failed update nag if the user hasn't yet updated if it was an early abort.
Merges [26186] from 3.8 to the 3.7 branch.

props SergeyBiryukov.
fixes #25887.

Built from https://develop.svn.wordpress.org/branches/3.7@27884


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 03:31:09 +00:00
Andrew Nacin 4aa0ca0aab Core Upgrader success statistics: Pass the version of WordPress we're upgrading from, as well as the version being upgraded to.
Merges [26016] and [26017] from 3.8 to the 3.7 branch.

fixes #25772.

Built from https://develop.svn.wordpress.org/branches/3.7@27883


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 03:29:10 +00:00
Andrew Nacin 8930937bf0 When checking filesystem permissions for core updates, only check the permissions of the files which we need to alter.
Merges [26014] from 3.8 to the 3.7 branch.

fixes #25771.

Built from https://develop.svn.wordpress.org/branches/3.7@27882


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 03:09:10 +00:00
Andrew Nacin fe261114bd Background Updates: Fix a PHP fatal error which could be encountered on some systems when using FTP.
Merges [26148] from 3.8 to the 3.7 branch.

props dd32.
fixes #25817.

Built from https://develop.svn.wordpress.org/branches/3.7@27881


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-01 02:58:10 +00:00
Andrew Nacin 2486cbe932 Forward pingback IP during pingback verification.
Merges [27872] to the 3.7 branch.

props tellyworth, nacin.
fixes #27613.

Built from https://develop.svn.wordpress.org/branches/3.7@27878


git-svn-id: http://core.svn.wordpress.org/branches/3.7@27709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-31 21:36:11 +00:00