WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
whyisjake 20740afc8f Prevent stored XSS in the block editor. 
Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.


Built from https://develop.svn.wordpress.org/branches/5.3@46900


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2019-12-12 18:14:06 +00:00
..
ID3 External Library: Update getid3 to 1.9.18 2019-09-18 14:54:57 +00:00
IXR Date/Time: Replace all instances of `date()` with `gmdate()`. 2019-05-26 00:12:54 +00:00
Requests External Libraries: Fix PHP 7.4 compatibility issue in the Requests library. 2019-10-06 17:14:02 +00:00
SimplePie External Libraries: Fix PHP 7.4 compatibility issues in the SimplePie library. 2019-09-23 18:17:58 +00:00
Text
blocks Block Editor: Remove experimental Social Links blocks 2019-10-15 15:37:08 +00:00
certificates HTTP: Update the Root Certificate bundle. 2019-09-12 12:04:59 +00:00
css Administration: Standardize form control height and alignment across the admin. 2019-12-09 20:28:04 +00:00
customize Customize: Prevent breaking the customizer when site title contains templating syntax. 2019-10-04 21:59:57 +00:00
fonts
images Build/Test tools: Update grunt-contrib-imagemin and run it 2019-10-05 14:20:59 +00:00
js Fixes in `admin-bar.js`: 2019-12-11 20:23:05 +00:00
pomo Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
random_compat
rest-api Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:09:02 +00:00
sodium_compat Upgrade/Install: Update sodium_compat to v1.12.1. 2019-12-09 16:46:03 +00:00
theme-compat I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
widgets Coding Standards: Fix WPCS issues in `WP_Widget_Links` and `WP_Widget_Pages`. 2019-10-06 15:28:03 +00:00
admin-bar.php Script Loader: Introduce HTML5 support for scripts and styles. 2019-09-18 14:50:56 +00:00
atomlib.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
author-template.php Build/Test Tools: Introduce automated PHP compatibility checking. 2019-09-25 13:47:58 +00:00
blocks.php Prevent stored XSS in the block editor. 2019-12-12 18:14:06 +00:00
bookmark-template.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
bookmark.php Docs: Improve documentation for `get_bookmarks()`. 2019-09-16 19:55:56 +00:00
cache.php
canonical.php Docs: Add missing description for `$wp_query` and `$wp_the_query` globals. 2019-08-04 01:59:56 +00:00
capabilities.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
category-template.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
category.php I18N: Improve translator comments. 2019-09-01 17:13:59 +00:00
class-IXR.php
class-feed.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
class-http.php Docs: Fix and improve inline documentation for the HTTP API. 2019-10-12 18:05:04 +00:00
class-json.php Docs: Add missing `@deprecated` tags. 2019-10-03 14:48:55 +00:00
class-oembed.php Coding Standards: Move `wp-includes/class-oembed.php` to `wp-includes/class-wp-oembed.php`. 2019-07-19 04:32:57 +00:00
class-phpass.php
class-phpmailer.php General: Patch PHMailer for PHP 7.4 compatibility. 2019-10-03 15:45:59 +00:00
class-pop3.php PHP 7.4 compatibility fix / accessing arrays/string using curly brace syntax 2019-08-03 20:21:55 +00:00
class-requests.php External Libraries: Fix PHP 7.4 compatibility issues in the Requests library. 2019-09-23 18:11:59 +00:00
class-simplepie.php
class-smtp.php Mail: Update PHPMailer to 5.2.27. 2019-09-12 14:37:57 +00:00
class-snoopy.php
class-walker-category-dropdown.php
class-walker-category.php Menus: In `Walker_Nav_Menu`, `Walker_Category`, and `Walker_Page`, properly output link attributes having a legitimate "empty" value, for example an HTML data attribute with a value of zero (0). 2019-10-06 15:06:03 +00:00
class-walker-comment.php Docs: Add missing description for `$comment` global. 2019-10-04 22:19:57 +00:00
class-walker-nav-menu.php Menus: In `Walker_Nav_Menu`, `Walker_Category`, and `Walker_Page`, properly output link attributes having a legitimate "empty" value, for example an HTML data attribute with a value of zero (0). 2019-10-06 15:06:03 +00:00
class-walker-page-dropdown.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
class-walker-page.php Menus: In `Walker_Nav_Menu`, `Walker_Category`, and `Walker_Page`, properly output link attributes having a legitimate "empty" value, for example an HTML data attribute with a value of zero (0). 2019-10-06 15:06:03 +00:00
class-wp-admin-bar.php Code Modernisation: Remove redundant calls to `func_get_arg()` in `wp-includes/class-wp-admin-bar.php`. 2019-09-15 11:46:54 +00:00
class-wp-ajax-response.php Coding Standards: Rename `$r` variable used with `wp_parse_args()` to `$parsed_args` for clarity. 2019-07-25 00:48:58 +00:00
class-wp-block-parser.php
class-wp-block-styles-registry.php Docs: Correct `WP_Styles_Registry` documentation. 2019-09-30 15:44:59 +00:00
class-wp-block-type-registry.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
class-wp-block-type.php
class-wp-comment-query.php Code Modernisation: Replace `call_user_func_array()` in various `__call()` methods with dynamic function calls. 2019-09-15 11:53:56 +00:00
class-wp-comment.php
class-wp-customize-control.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
class-wp-customize-manager.php Customize: Ensure that `WP_Customize_Manager::import_theme_starter_content()` properly handles starter content with (nested) arrays as values. 2019-10-15 16:43:01 +00:00
class-wp-customize-nav-menus.php Menus: Replace http with https in placeholders. 2019-09-26 20:32:55 +00:00
class-wp-customize-panel.php Code Modernisation: Replace `call_user_func_array()` in `wp-includes/class-wp-customize-*.php` with direct function calls in combination with the spread operator. 2019-09-15 11:27:55 +00:00
class-wp-customize-section.php Code Modernisation: Replace `call_user_func_array()` in `wp-includes/class-wp-customize-*.php` with direct function calls in combination with the spread operator. 2019-09-15 11:27:55 +00:00
class-wp-customize-setting.php Code Modernisation: Replace `call_user_func_array()` in `wp-includes/class-wp-customize-*.php` with direct function calls in combination with the spread operator. 2019-09-15 11:27:55 +00:00
class-wp-customize-widgets.php Code Modernisation: Replace `call_user_func_array()` in `wp-includes/class-wp-customize-*.php` with direct function calls in combination with the spread operator. 2019-09-15 11:27:55 +00:00
class-wp-date-query.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
class-wp-dependency.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
class-wp-editor.php Docs: Convert 'Block Editor' to lowercase. 2019-10-04 20:12:58 +00:00
class-wp-embed.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class-wp-error.php
class-wp-fatal-error-handler.php Site Health: Add a link to "Debugging in WordPress" support article to fatal PHP error handler's default message. 2019-09-16 17:23:55 +00:00
class-wp-feed-cache-transient.php
class-wp-feed-cache.php
class-wp-hook.php Code Modernisation: Replace `call_user_func_array()` in combination with an empty array in `wp-includes/class-wp-hook.php` with `call_user_func()`. 2019-09-15 11:45:56 +00:00
class-wp-http-cookie.php Docs: Correct `@type` annotation for `WP_HTTP_Cookie::$expires`. 2019-08-05 07:56:56 +00:00
class-wp-http-curl.php Code Modernization: Remove a workaround for `CURLOPT_PROTOCOLS` in `WP_Http_Curl::request()`. 2019-09-20 22:23:58 +00:00
class-wp-http-encoding.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class-wp-http-ixr-client.php
class-wp-http-proxy.php Docs: Docblock corrections and improvements, mostly related to various `pre_*` filters. 2019-09-21 17:41:57 +00:00
class-wp-http-requests-hooks.php Coding Standards: Mark the handful of hook names with uppercase characters or hyphens as ignored. 2019-07-05 01:45:56 +00:00
class-wp-http-requests-response.php Docs: Fix and improve inline documentation for the HTTP API. 2019-10-12 18:05:04 +00:00
class-wp-http-response.php Coding Standards: Fix/ignore the `WordPress.NamingConventions.ValidFunctionName` violations. 2019-07-01 08:01:57 +00:00
class-wp-http-streams.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
class-wp-image-editor-gd.php Docs: Improve and update the description of `multi_resize()` to explain changes and expected use. 2019-08-25 22:21:58 +00:00
class-wp-image-editor-imagick.php Media: Prevent unnecessary whitespace around PDF Thumbnails. 2019-09-23 10:36:57 +00:00
class-wp-image-editor.php Media/Upload: rotate images on upload according to EXIF Orientation. 2019-09-20 18:21:57 +00:00
class-wp-list-util.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class-wp-locale-switcher.php Docs: Add missing description for `$wp_locale` global. 2019-08-04 01:46:55 +00:00
class-wp-locale.php Code Modernization: Remove all code using a `version_compare()` with a PHP version older than PHP 5.6. 2019-09-20 22:02:57 +00:00
class-wp-matchesmapregex.php
class-wp-meta-query.php Query: Expand the list of operators available to `compare_key` in `WP_Meta_Query`. 2019-09-19 15:03:56 +00:00
class-wp-metadata-lazyloader.php
class-wp-network-query.php Multisite: improve `sites_pre_query` and `networks_pre_query` filters, avoiding db queries. 2019-09-12 22:17:55 +00:00
class-wp-network.php Multisite: Improve performance by caching not found lookups for sites and networks. 2019-08-29 12:42:56 +00:00
class-wp-oembed-controller.php Coding Standards: Move `wp-includes/class-oembed.php` to `wp-includes/class-wp-oembed.php`. 2019-07-19 04:32:57 +00:00
class-wp-oembed.php Embeds: Remove CollegeHumor oEmbed provider, as the service does not exist anymore. 2019-11-24 11:03:02 +00:00
class-wp-paused-extensions-storage.php
class-wp-post-type.php REST API: Ensure rest_controller instantiates the post type's declared REST controller class. 2019-10-08 13:43:02 +00:00
class-wp-post.php
class-wp-query.php Query: Remove the static query property. 2019-10-14 15:20:03 +00:00
class-wp-recovery-mode-cookie-service.php Bootstrap/Load: Set expiration of the recovery mode cookie to the same amount of time for which the token in it is valid: a week by default. 2019-06-17 19:17:54 +00:00
class-wp-recovery-mode-email-service.php Site Health: Include simple debug data in fatal error protection email. 2019-09-23 20:27:56 +00:00
class-wp-recovery-mode-key-service.php
class-wp-recovery-mode-link-service.php
class-wp-recovery-mode.php Bootstrap/Load: Return a 403 error code when the recovery mode cookie is invalid or expired, or the exit recovery mode nonce check failed. 2019-06-17 18:37:55 +00:00
class-wp-rewrite.php Code Modernisation: Remove redundant call to `func_get_arg()` in `wp-includes/class-wp-rewrite.php`. 2019-09-15 11:47:54 +00:00
class-wp-role.php
class-wp-roles.php Code Modernisation: Replace `call_user_func_array()` in various `__call()` methods with dynamic function calls. 2019-09-15 11:53:56 +00:00
class-wp-session-tokens.php
class-wp-simplepie-file.php
class-wp-simplepie-sanitize-kses.php
class-wp-site-query.php Multisite: improve `sites_pre_query` and `networks_pre_query` filters, avoiding db queries. 2019-09-12 22:17:55 +00:00
class-wp-site.php Multisite: Improve performance by caching not found lookups for sites and networks. 2019-08-29 12:42:56 +00:00
class-wp-tax-query.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class-wp-taxonomy.php Docs: Add missing description for `$wp` global. 2019-08-04 01:28:55 +00:00
class-wp-term-query.php Taxonomy: Ensure consistency of `hide_empty` in term queries when `taxonomy` is excluded. 2019-08-23 16:05:56 +00:00
class-wp-term.php
class-wp-text-diff-renderer-inline.php
class-wp-text-diff-renderer-table.php Accessibility: Improve the differences between revisions. 2019-08-03 15:46:54 +00:00
class-wp-theme.php Bundled Themes: Make Twenty Twenty the new default theme. 2019-09-23 21:00:58 +00:00
class-wp-user-meta-session-tokens.php
class-wp-user-query.php Docs: Correct accepted values for `search_columns` parameter in `WP_User_Query`. 2019-09-17 15:43:56 +00:00
class-wp-user-request.php Privacy tools: 2019-06-10 23:54:53 +00:00
class-wp-user.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
class-wp-walker.php Docs: Tweak the `@since` note in `Walker::walk()` and `::paged_walk()` for better readability and consistency with other notes. 2019-10-09 04:35:01 +00:00
class-wp-widget-factory.php Code Modernization: Remove workarounds for `spl_object_hash()`. 2019-09-20 22:34:57 +00:00
class-wp-widget.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class-wp-xmlrpc-server.php Date/Time: XML-RPC: Сalculate the proper offset for GMT in `wp.newPost`, `wp.editComment`, `mw.newPost`, `mw.editPost` when `post_date` or `comment_date` is set. 2019-12-09 20:08:06 +00:00
class-wp.php Query: Remove the static query property. 2019-10-14 15:20:03 +00:00
class.wp-dependencies.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
class.wp-scripts.php Script Loader: Add `function_exists()` checks for `is_admin()` and `current_theme_supports()`, to accomodate for using `WP_Dependencies` as a standalone class. 2019-09-24 02:56:57 +00:00
class.wp-styles.php Script Loader: Add `function_exists()` checks for `is_admin()` and `current_theme_supports()`, to accomodate for using `WP_Dependencies` as a standalone class. 2019-09-24 02:56:57 +00:00
comment-template.php Comments: Avoid a PHP notice in `comment_form()` if the `email` field is not set. 2019-12-11 22:16:03 +00:00
comment.php Pings/Trackbacks: Fix processing of posts with pending enclosures. 2019-10-07 21:37:03 +00:00
compat.php Code Modernization: Remove JSON related polyfills. 2019-09-20 20:16:58 +00:00
cron.php Docs: Docblock corrections and improvements, mostly related to various `pre_*` filters. 2019-09-21 17:41:57 +00:00
date.php Coding Standards: Move `wp-includes/date.php` to `wp-includes/class-wp-date-query.php`. 2019-07-25 23:31:56 +00:00
default-constants.php Bundled Themes: Make Twenty Twenty the new default theme. 2019-09-23 21:00:58 +00:00
default-filters.php Prevent stored XSS in the block editor. 2019-12-12 18:14:06 +00:00
default-widgets.php
deprecated.php Build/Test Tools: Introduce automated PHP compatibility checking. 2019-09-25 13:47:58 +00:00
embed-template.php
embed.php Build/Test: Bump devDependencies for WordPress 5.3 2019-10-05 19:49:10 +00:00
error-protection.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
feed-atom-comments.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
feed-atom.php
feed-rdf.php
feed-rss.php
feed-rss2-comments.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
feed-rss2.php
feed.php Date/Time: Remove `mysql2date()` usage in `get_feed_build_date()` to ensure the output includes correct timezone offset. 2019-11-25 10:12:01 +00:00
formatting.php Prevent stored XSS in the block editor. 2019-12-12 18:14:06 +00:00
functions.php Date/Time: When determining whether to decline the month name in `wp_maybe_decline_date()`, take word boundaries into account. 2019-12-09 19:02:04 +00:00
functions.wp-scripts.php Docs: Fix typo in `wp_print_scripts()`' reference to `WP_Scripts::do_item()`. 2019-09-25 22:23:55 +00:00
functions.wp-styles.php
general-template.php Date/Time: Make sure `get_post_time()` keeps UTC time on timezone change. 2019-10-25 13:08:05 +00:00
http.php HTTP API: Protect against hex interpretation. 2019-10-14 15:27:04 +00:00
kses.php Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, 2019-12-12 18:13:03 +00:00
l10n.php Docs: Docblock corrections and improvements, mostly related to various `pre_*` filters. 2019-09-21 17:41:57 +00:00
link-template.php Date/Time: Make `get_permalink()` more resilient against PHP timezone changes. 2019-11-28 13:57:02 +00:00
load.php Bootstrap/Load: Reorganize the initialization flow so that the check for PHP and MySQL requirements could run as early as possible. 2019-09-19 12:02:58 +00:00
locale.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
media-template.php Accessibility: Add an `aria-current` attribute to the Media Library switch links. 2019-11-25 10:23:03 +00:00
media.php Media: Avoid a PHP notice in `image_downsize()` when trying to replace a non-image URL with a rendered image from its meta. 2019-11-25 10:09:01 +00:00
meta.php REST API: Issue warning if array meta is registered without item schema. 2019-09-19 14:36:55 +00:00
ms-blogs.php Multisite/Sites: Add links to filter websites by status. 2019-09-23 17:35:59 +00:00
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php Coding Standards: Fix WPCS issues in `wp-includes/ms-deprecated.php`. 2019-10-07 15:18:03 +00:00
ms-files.php
ms-functions.php Docs: Remove obsolete comment in `wpmu_signup_blog_notification()` and `wpmu_signup_user_notification()`. 2019-10-01 00:46:57 +00:00
ms-load.php Docs: Docblock corrections and improvements, mostly related to various `pre_*` filters. 2019-09-21 17:41:57 +00:00
ms-network.php
ms-settings.php
ms-site.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
nav-menu-template.php Code Modernisation: Replace `call_user_func_array()` in `wp-includes/nav-menu-template.php` with a dynamic function call. 2019-09-15 11:31:57 +00:00
nav-menu.php Correct the version number specified in [46102]. 2019-09-13 18:55:56 +00:00
option.php Options, Meta APIs: Avoid a race condition causing the first of two subsequent requests updating different options at the same time to lose changes. 2019-11-25 13:46:12 +00:00
pluggable-deprecated.php
pluggable.php Administration: Ensure that admin referer nonce is valid. 2019-10-14 15:40:04 +00:00
plugin.php Plugins: Restore backward compatibility for PHP4-style passing of `array( &$this )` as action argument to `do_action()`. 2019-10-22 00:11:03 +00:00
post-formats.php Docs: Add missing description for `$wp_rewrite` global. 2019-08-04 01:19:56 +00:00
post-template.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
post-thumbnail-template.php Docs: Add missing description for `$wp_query` and `$wp_the_query` globals. 2019-08-04 01:59:56 +00:00
post.php Media: Similarly to `wp_get_original_image_path()` add `wp_get_original_image_url()` to always retrieve the URL to the original uploaded image. 2019-10-15 19:12:02 +00:00
query.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
registration-functions.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
registration.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
rest-api.php REST API: Allow for multiple Vary: Origin headers in GET responses. 2019-10-15 15:47:03 +00:00
revision.php Coding Standards: Fix all `WordPress.CodeAnalysis.AssignmentInCondition` issues. 2019-07-05 03:14:56 +00:00
rewrite.php Docs: Add missing description for `$wp` global. 2019-08-04 01:28:55 +00:00
rss-functions.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
rss.php
script-loader.php Coding Standards: Fix WPCS and JSHint issues in [46872]. 2019-12-10 01:38:02 +00:00
session.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
shortcodes.php Shortcodes: Revert [46369] for now to allow more time to investigate and prepare for backward compatibility changes. 2019-10-15 19:36:02 +00:00
spl-autoload-compat.php Code Modernisation: Remove the SPL autoloader polyfill. 2019-07-15 05:11:56 +00:00
taxonomy.php Docs: Miscellaneous inline docs corrections and improvements. 2019-10-07 19:08:06 +00:00
template-loader.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`. 2019-07-02 23:42:58 +00:00
template.php Docs: Add missing description for `$comment` global. 2019-10-04 22:19:57 +00:00
theme.php Themes: Convert core-provided starter content to block content. 2019-10-10 19:07:05 +00:00
update.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
user.php Accessibility: Login and Registration: Improve the invalid username and invalid email messages. 2019-10-07 11:54:05 +00:00
vars.php General: First pass at replacing Codex URLs with a corresponding HelpHub or DevHub article. 2019-07-25 22:45:57 +00:00
version.php Prevent stored XSS in the block editor. 2019-12-12 18:14:06 +00:00
widgets.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
wlwmanifest.xml
wp-db.php Docs: Add a `@since` note about new parameters with the spread operator added to function signatures. 2019-10-09 04:28:02 +00:00
wp-diff.php