WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-03-05 12:59:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Sergey Biryukov 22450a0f8b Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.5 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.5@46913


git-svn-id: http://core.svn.wordpress.org/branches/4.5@46713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:45:22 +00:00
..
certificates
HTTP API: Certificate bundle: Attempt to move a certificate lower in the file to allow older OpenSSL versions to parse it & communicate with WordPress.org securely again.
2016-02-18 08:21:28 +00:00
css
TinyMCE, inline link: Make styles for the autocomplete results available on front end.
2016-04-11 15:12:29 +00:00
customize
Customize: Separate preview and actions in the site icon control.
2016-06-16 09:53:28 +00:00
fonts
Dashicons: Fix incorrect ID in SVG version of font.
2016-03-18 20:43:26 +00:00
ID3
images
Embeds: Load the default site icon from the wp-includes directory.
2016-02-23 16:55:27 +00:00
js
jQuery: Backport the patch from jQuery 3.4.0.
2019-09-04 21:48:52 +00:00
pomo
random_compat
Update Random_Compat from 1.1.6 to 1.2.1.
2016-03-08 17:15:27 +00:00
rest-api
REST API: Deliver parameters unadulterated instead of slashed.
2016-04-06 21:02:28 +00:00
SimplePie
Text
theme-compat
Embeds: Change attachment metadata condition to prevent a warning in the embeds template.
2016-05-17 20:38:32 +00:00
widgets
Customize: Require opt-in for selective refresh of widgets.
2016-03-21 21:59:29 +00:00
admin-bar.php
Add grunt prerelease task
2016-03-10 05:37:27 +00:00
atomlib.php
author-template.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
bookmark-template.php
bookmark.php
Docs: Add a missing notation for the $bookmark_id parameter in the DocBlock for clean_bookmark_cache().
2015-12-18 23:01:28 +00:00
cache.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
canonical.php
Canonical: Generate the correct canonical url for paged posts/pages when they're used as the page_on_front.
2016-01-09 07:33:27 +00:00
capabilities.php
Docs: Add a note to the DocBlock for current_user_can() to explain that it will always return true for super admins, unless specifically denied.
2016-02-07 01:27:26 +00:00
category-template.php
Taxonomy: Correct the accetped types for the taxonomy element in the arguments passed to wp_dropdown_categories().
2016-01-13 20:16:29 +00:00
category.php
Improve error handling in get_categories().
2016-03-14 13:53:28 +00:00
class-feed.php
Docs: Add missing @param and @return notations to the DocBlock for WP_Feed_Cache_Transient::save().
2016-02-26 09:27:26 +00:00
class-http.php
HTTP API: Add the missing 1xx HTTP response codes as constants of the WP_Http class, and add tests to ensure all available response codes are covered.
2016-02-28 01:46:26 +00:00
class-IXR.php
XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client.
2015-12-31 04:06:26 +00:00
class-json.php
The the Docs: Fix the the dittography
2015-12-06 21:23:25 +00:00
class-oembed.php
General: Backport PHP 7.1 fixes to the 4.5 branch to avoid fatal errors and warnings.
2017-07-24 22:25:32 +00:00
class-phpass.php
class-phpmailer.php
Update PHPMailer to 5.2.22.
2017-01-11 05:23:31 +00:00
class-pop3.php
class-simplepie.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-smtp.php
Update PHPMailer to 5.2.22.
2017-01-11 05:23:31 +00:00
class-snoopy.php
Snoopy: use escapeshellarg instead of escapeshellcmd
2016-03-30 13:58:28 +00:00
class-walker-category-dropdown.php
Docs: Improve inline documentation in property and method DocBlocks for Walker_CategoryDropdown.
2016-03-22 17:22:29 +00:00
class-walker-category.php
Docs: Mark optional parameters in Walker_Category methods as such.
2016-03-22 17:30:26 +00:00
class-walker-comment.php
Docs: Normalize Walker_Comment method parameter docs spacing following [37051].
2016-03-22 17:46:27 +00:00
class-walker-page-dropdown.php
Docs: The page object type in use in Walker_PageDropdown is WP_Post.
2016-03-22 17:53:27 +00:00
class-walker-page.php
Docs: Mark optional method parameters as such in Walker_Page.
2016-03-22 18:07:27 +00:00
class-wp-admin-bar.php
Docs: Improve the DocBlock summary and add a missing initial @since version for WP_Admin_Bar::add_node().
2016-03-03 15:58:27 +00:00
class-wp-ajax-response.php
Docs: Document default WP_Ajax_Response::add() arguments as a hash notation.
2016-03-18 11:59:27 +00:00
class-wp-comment-query.php
Docs: Standardize the changelog entry for the new $author_url argument, introduced in [36224].
2016-03-03 16:02:27 +00:00
class-wp-comment.php
Comments: Correct description of comment_author property in WP_Comment class.
2016-01-17 15:00:27 +00:00
class-wp-customize-control.php
Customize: Allow controls to be registered without any associated settings.
2016-02-24 18:28:28 +00:00
class-wp-customize-manager.php
Customize: Ensure valid themes in the preview.
2017-09-19 11:52:08 +00:00
class-wp-customize-nav-menus.php
Customize: Require opt-in for selective refresh of widgets.
2016-03-21 21:59:29 +00:00
class-wp-customize-panel.php
Customizer: Merge two translator comments.
2016-03-02 23:10:26 +00:00
class-wp-customize-section.php
class-wp-customize-setting.php
Customize: Harden assignment of Customizer settings transports for selective refreshable widgets
2016-04-07 20:59:29 +00:00
class-wp-customize-widgets.php
Customize: Handle filtering sidebars_widgets when the underlying option is non-existent.
2016-05-17 20:34:30 +00:00
class-wp-editor.php
Accessibility: improvements for the Editor wpLink modal form fields.
2016-04-05 22:24:27 +00:00
class-wp-embed.php
Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
2016-03-12 12:39:27 +00:00
class-wp-error.php
class-wp-http-cookie.php
class-wp-http-curl.php
Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
2016-03-12 12:39:27 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:35:27 +00:00
class-wp-http-response.php
class-wp-http-streams.php
Docs: Add missing parameter documentation for the $args parameter in the DocBlock for WP_Http_Streams::test().
2015-12-14 23:54:26 +00:00
class-wp-image-editor-gd.php
class-wp-image-editor-imagick.php
Media: Resolve fatal error on resize with ImageMagick < 6.4.6
2016-04-19 20:46:30 +00:00
class-wp-image-editor.php
Media: Reduce default image compression quality to '82'.
2016-02-22 22:19:26 +00:00
class-wp-meta-query.php
Docs: Correctly document parameters in the hook doc for the get_meta_sql filter as individual parameters rather than an array.
2016-02-26 17:10:26 +00:00
class-wp-metadata-lazyloader.php
Docs: Standardize file header summary for wp-includes/class-wp-metadata-lazyloader.php.
2016-03-09 16:59:27 +00:00
class-wp-network.php
Docs: Fix type documentation for WP_Network properties.
2016-01-18 02:59:27 +00:00
class-wp-oembed-controller.php
class-wp-post.php
class-wp-rewrite.php
Rewrite Rules: Allow rewrite rules to work in nested WordPress installations on IIS.
2016-03-10 20:01:28 +00:00
class-wp-role.php
Docs: Clarify documentation for WP_Role::has_cap() to more clearing indicate that the method checks for capabilities against the role rather than the user.
2015-12-14 20:05:27 +00:00
class-wp-roles.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:35:27 +00:00
class-wp-site.php
Docs: Make some minor improvements to inline docs for WP_Site, introduced in [36393].
2016-02-07 02:13:26 +00:00
class-wp-tax-query.php
Correct some @param doc names in the WP_Tax_Query and WP_User_Query classes.
2015-12-14 02:50:27 +00:00
class-wp-term.php
Docs: Various docblock corrections.
2016-01-10 01:26:25 +00:00
class-wp-theme.php
Themes: Fix markup for theme name fallbacks.
2017-01-11 11:10:05 +00:00
class-wp-user-query.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
class-wp-user.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
class-wp-walker.php
Avoid a PHP notice when trying to access the post_parent property of hierarchical post type nav menu items.
2015-12-12 01:06:29 +00:00
class-wp-widget-factory.php
Docs: Use third-person singular verbs for method summaries in WP_Widget_Factory.
2016-03-23 04:51:26 +00:00
class-wp-widget.php
Docs: Improve inline documentation syntax throughout WP_Widget.
2016-03-23 05:32:27 +00:00
class-wp-xmlrpc-server.php
Adjust post meta checks
2017-05-16 08:50:31 +00:00
class-wp.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
class.wp-dependencies.php
Docs: Re-add a @param that went missing in [36993].
2016-03-14 22:39:26 +00:00
class.wp-scripts.php
Ensure consistent dependency order when using wp_add_inline_script()
2016-04-10 03:33:26 +00:00
class.wp-styles.php
Dependencies: Improve group processing of script dependencies.
2016-03-06 19:50:27 +00:00
comment-template.php
Add grunt prerelease task
2016-03-10 05:37:27 +00:00
comment.php
Comments: Improve comment content filtering.
2019-03-12 22:38:19 +00:00
compat.php
Docs: Fix one line of the DocBlock for the JsonSerializable compat interface to use a tab instead of spaces.
2016-02-07 01:18:27 +00:00
cron.php
Docs: Adjust formatting for an added-parameter changelog entry in the hook doc for the cron_request filter.
2016-01-14 17:30:28 +00:00
date.php
Docs: Remove some more dittography.
2015-12-06 21:50:25 +00:00
default-constants.php
Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the https scheme. A more comprehensive approach will be taken in 4.5.
2015-12-22 13:02:29 +00:00
default-filters.php
Embeds: Improve performance when embedding a post of the current site.
2016-06-15 11:32:29 +00:00
default-widgets.php
deprecated.php
Docs: Ignore _wp_upload_dir_baseurl() from parsing for the Code Reference.
2016-03-30 15:29:26 +00:00
embed-template.php
Docs: Update the @deprecated tag comment for wp-includes/embed-template.php to reference the correct file path following [36693].
2016-02-27 21:22:25 +00:00
embed.php
oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
2017-09-19 13:50:32 +00:00
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss2-comments.php
feed-rss2.php
feed-rss.php
feed.php
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
2017-11-29 16:27:01 +00:00
formatting.php
Improve handling the existing rel attribute in wp_rel_nofollow_callback().
2019-09-04 17:54:21 +00:00
functions.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
functions.wp-scripts.php
Docs: Improvements and corrections for the $ver parameter of the dependencies API functions.
2016-03-14 22:37:26 +00:00
functions.wp-styles.php
Docs: Improvements and corrections for the $ver parameter of the dependencies API functions.
2016-03-14 22:37:26 +00:00
general-template.php
Multisite: Improve messaging for previously activated users.
2018-12-13 00:47:20 +00:00
http.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
kses.php
Update wp_kses_bad_protocol() to recognize &colon; on uri attributes,
2019-12-12 18:45:22 +00:00
l10n.php
Docs: Correct _n_noop() and _nx_noop() descriptions to use third-person singular verbs.
2016-02-28 20:43:26 +00:00
link-template.php
Docs: Improve the usefulness of the DocBlock summary for get_edit_term_link().
2016-03-10 17:48:26 +00:00
load.php
Bootstrap/Load: Silence ini_set() in wp_debug_mode().
2016-05-17 20:31:29 +00:00
locale.php
Docs: Add a missing summary to the DocBlock for WP_Locale::rtl_src_admin_notice().
2015-12-16 18:08:26 +00:00
media-template.php
media.php
Responsive Images: the src of the image has to be first in the srcset, because of a bug in iOS8. Update the unit tests to reflect the changes.
2016-03-18 19:45:26 +00:00
meta.php
Meta: Simplify the delete all meta query in delete_metadata().
2018-04-03 15:43:03 +00:00
ms-blogs.php
Docs: Update param/return types for WP_Site in ms-blogs.php
2016-03-09 07:42:26 +00:00
ms-default-constants.php
I18N: Remove <code> tags from translatable string in wp-admin/network/site-new.php.
2016-02-29 03:17:26 +00:00
ms-default-filters.php
ms-deprecated.php
Multisite: Validate activation links.
2018-12-13 01:44:20 +00:00
ms-files.php
ms-functions.php
Multisite: Use wp_rand() in signup key creation.
2017-01-11 05:33:32 +00:00
ms-load.php
ms-settings.php
Multisite: Introduce the WP_Site class.
2016-01-25 21:51:26 +00:00
nav-menu-template.php
Menus: Bring back line break between menu items.
2015-12-24 00:21:27 +00:00
nav-menu.php
Menus: Avoid a notice when outputting a description for an existing archive menu item for a post type that doesn't.
2016-03-08 18:25:26 +00:00
option.php
Clarify return types in get_option() documentation.
2016-01-09 03:12:26 +00:00
pluggable-deprecated.php
Users: Introduce _wp_get_current_user() for improved backward compatibility.
2016-02-23 22:26:28 +00:00
pluggable.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
plugin.php
Docs: Fix indentation in add_filter() example.
2016-01-25 18:58:27 +00:00
post-formats.php
post-template.php
Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
2019-09-04 16:41:21 +00:00
post-thumbnail-template.php
post.php
Media: Limit thumbnail file deletions to the same directory as the original file.
2018-07-05 14:55:23 +00:00
query.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
registration-functions.php
registration.php
rest-api.php
Backporting several bug fixes.
2019-10-14 19:07:24 +00:00
revision.php
Revisions: Clean up _wp_post_revision_fields():
2016-02-24 00:44:59 +00:00
rewrite.php
Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
2016-03-12 12:39:27 +00:00
rss-functions.php
rss.php
script-loader.php
TinyMCE: Improve the previews for shortcodes.
2017-09-19 12:43:08 +00:00
session.php
Docs: @param fixes for a variety of docblocks.
2016-01-09 01:45:26 +00:00
shortcodes.php
Shortcodes: = is a reserved character in shortcode names, mark it as such.
2015-12-26 04:46:28 +00:00
taxonomy.php
Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
2016-03-30 17:13:28 +00:00
template-loader.php
Embeds: Add support for embeds in the theme template hierarchy.
2016-03-07 19:33:26 +00:00
template.php
Docs: Correct a typo in the DocBlock summary for get_embed_template(), introduced in [36963].
2016-03-10 22:45:26 +00:00
theme.php
Prevent PHP Warnings when using Custom Logo with no params
2016-03-30 02:22:26 +00:00
update.php
Docs: Add a couple of spaces before hook docs for filters introduced in 4.5.
2016-03-16 16:15:28 +00:00
user.php
General: Backport PHP 7.1 fixes to the 4.5 branch to avoid fatal errors and warnings.
2017-07-24 22:25:32 +00:00
vars.php
Uploads: Remove an unnecessary static var from wp_is_mobile() to allow its direct and indirect use within unit tests. The static `$is_m
2016-03-03 03:25:26 +00:00
version.php
WordPress 4.5.19.
2019-10-14 20:11:21 +00:00
widgets.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
wlwmanifest.xml
wp-db.php
WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined.
2017-11-27 01:10:32 +00:00
wp-diff.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00