WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-24 15:45:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Jeremy Felt 27e29666a8 Multisite: Handle redirect to a user's subdomain properly during login 
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.

When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.

In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.

Fixes #30598.

Built from https://develop.svn.wordpress.org/trunk@36867


git-svn-id: http://core.svn.wordpress.org/trunk@36834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-06 03:06:29 +00:00
..
certificates
HTTP API: Certificate bundle: Attempt to move a certificate lower in the file to allow older OpenSSL versions to parse it & communicate with WordPress.org securely again.
2016-02-18 08:21:28 +00:00
css
TinyMCE:
2016-03-05 22:01:27 +00:00
customize
Customize: Eliminate unnecessary WP_Customize_Site_Logo_Control in favor of re-using WP_Customize_Image_Control.
2016-03-04 23:47:26 +00:00
fonts
ID3
images
Embeds: Load the default site icon from the wp-includes directory.
2016-02-23 16:55:27 +00:00
js
Customize: Fix image cropping when doing live preview of theme switches.
2016-03-06 01:45:27 +00:00
pomo
Merge the changes to GlotPress's POMO from upstream to WordPress's copy.
2015-11-20 04:34:25 +00:00
random_compat
Update Random_Compat to the latest version (1.1.6).
2016-01-30 00:57:28 +00:00
rest-api
REST API: Use WP_REST_Request::from_url() when embedding.
2016-02-24 04:20:25 +00:00
SimplePie
Feeds: add CEST to $timezone in SimplePie_Parse_Date.
2015-10-20 05:57:24 +00:00
Text
Fix the @author doc param encoding in Text/Diff/Engine/string so the file is recognized as UTF-8, not ISO-8859-1.
2015-10-24 22:45:25 +00:00
theme-compat
Embeds: Introduce embed templates into the template hierarchy via theme-compat.
2016-02-24 20:57:26 +00:00
widgets
Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets.
2016-02-23 01:02:26 +00:00
admin-bar.php
Docs: Fix two incorrect notations of the $show_admin_bar global to specify a boolean type, not WP_Admin_Bar.
2016-02-20 21:27:26 +00:00
atomlib.php
author-template.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
bookmark-template.php
bookmark.php
Docs: Add a missing notation for the $bookmark_id parameter in the DocBlock for clean_bookmark_cache().
2015-12-18 23:01:28 +00:00
cache.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
canonical.php
Canonical: Generate the correct canonical url for paged posts/pages when they're used as the page_on_front.
2016-01-09 07:33:27 +00:00
capabilities.php
Docs: Add a note to the DocBlock for current_user_can() to explain that it will always return true for super admins, unless specifically denied.
2016-02-07 01:27:26 +00:00
category-template.php
Taxonomy: Correct the accetped types for the taxonomy element in the arguments passed to wp_dropdown_categories().
2016-01-13 20:16:29 +00:00
category.php
Docs: Document the $args parameter for get_categories() as a hash notation.
2016-02-04 14:50:26 +00:00
class-feed.php
Docs: Add missing @param and @return notations to the DocBlock for WP_Feed_Cache_Transient::save().
2016-02-26 09:27:26 +00:00
class-http.php
HTTP API: Add the missing 1xx HTTP response codes as constants of the WP_Http class, and add tests to ensure all available response codes are covered.
2016-02-28 01:46:26 +00:00
class-IXR.php
XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client.
2015-12-31 04:06:26 +00:00
class-json.php
The the Docs: Fix the the dittography
2015-12-06 21:23:25 +00:00
class-oembed.php
Remove RDIO from oEmbed providers
2015-12-18 18:16:27 +00:00
class-phpass.php
Remove closing PHP tag from wp-includes/class-phpass.php.
2015-10-06 23:45:25 +00:00
class-phpmailer.php
Upgrade PHPMailer from 5.2.10 to 5.2.14.
2015-12-24 01:59:26 +00:00
class-pop3.php
Docs: Put "it's" in its place (again).
2015-09-16 12:46:28 +00:00
class-simplepie.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-smtp.php
Upgrade PHPMailer from 5.2.10 to 5.2.14.
2015-12-24 01:59:26 +00:00
class-snoopy.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-walker-category-dropdown.php
Docs: Document the $id parameter for Walker_CategoryDropdown::start_el(), which is implemented by Walker but unused in the subclass method.
2015-12-14 17:47:30 +00:00
class-walker-category.php
Add current-cat-ancestor class to ancestor items in wp_list_categories().
2015-12-18 18:38:25 +00:00
class-walker-comment.php
Docs: Document the $id parameter for Walker_Comment::start_el(), which is implemented by Walker but unused in the subclass method.
2015-12-14 17:50:26 +00:00
class-walker-page-dropdown.php
Docs: Add missing property and method summaries in DocBlocks for Walker_PageDropdown.
2015-12-16 16:36:28 +00:00
class-walker-page.php
Docs: Move the hook doc for the the_title filter in Walker_Page::start_el() to directly precede the apply_filters() line.
2016-01-05 16:35:26 +00:00
class-wp-admin-bar.php
Docs: Improve the DocBlock summary and add a missing initial @since version for WP_Admin_Bar::add_node().
2016-03-03 15:58:27 +00:00
class-wp-ajax-response.php
class-wp-comment-query.php
Docs: Standardize the changelog entry for the new $author_url argument, introduced in [36224].
2016-03-03 16:02:27 +00:00
class-wp-comment.php
Comments: Correct description of comment_author property in WP_Comment class.
2016-01-17 15:00:27 +00:00
class-wp-customize-control.php
Customize: Allow controls to be registered without any associated settings.
2016-02-24 18:28:28 +00:00
class-wp-customize-manager.php
Customize: Eliminate unnecessary WP_Customize_Site_Logo_Control in favor of re-using WP_Customize_Image_Control.
2016-03-04 23:47:26 +00:00
class-wp-customize-nav-menus.php
Docs: Improve DocBlock syntax for WP_Customize_Nav_Menus::customize_dynamic_partial_args(), introduced in [36586].
2016-03-03 16:07:26 +00:00
class-wp-customize-panel.php
Customizer: Merge two translator comments.
2016-03-02 23:10:26 +00:00
class-wp-customize-section.php
Customize: move WP_Customize_Section subclasses to wp-includes/customize, they load in the exact same place.
2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php
Docs: Use markdown instead of HTML for code formatting.
2016-02-23 19:18:27 +00:00
class-wp-customize-widgets.php
Docs: Improve syntax and correct documentation throughout a variety of methods in WP_Customize_Widgets.
2016-03-04 02:02:26 +00:00
class-wp-editor.php
TinyMCE textpattern:
2016-02-28 19:00:27 +00:00
class-wp-embed.php
Embeds: Remove the allow_insecure_embeds filter.
2015-11-19 05:02:27 +00:00
class-wp-error.php
class-wp-http-cookie.php
Docs: object != class
2015-09-26 07:04:28 +00:00
class-wp-http-curl.php
Docs: Miscellaneous docblock corrections.
2015-12-23 06:31:27 +00:00
class-wp-http-encoding.php
Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748].
2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php
Docs: Update the hook doc summary for the wp_http_ixr_client_headers filter, introduced in [34164].
2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:35:27 +00:00
class-wp-http-response.php
HTTP/REST API: move WP_HTTP_Response to wp-includes/ with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically.
2015-10-08 19:27:28 +00:00
class-wp-http-streams.php
Docs: Add missing parameter documentation for the $args parameter in the DocBlock for WP_Http_Streams::test().
2015-12-14 23:54:26 +00:00
class-wp-image-editor-gd.php
Media: add a new image size, medium_large. Bumps db version to add new options.
2015-10-31 20:50:25 +00:00
class-wp-image-editor-imagick.php
Docs: Improve DocBlock syntax and add a missing @return notation for WP_Image_Editor_Imagick::strip_meta(), introduced in [36700].
2016-03-04 17:37:27 +00:00
class-wp-image-editor.php
Media: Reduce default image compression quality to '82'.
2016-02-22 22:19:26 +00:00
class-wp-meta-query.php
Docs: Correctly document parameters in the hook doc for the get_meta_sql filter as individual parameters rather than an array.
2016-02-26 17:10:26 +00:00
class-wp-metadata-lazyloader.php
More performance improvements to metadata lazyloading.
2016-02-17 22:58:26 +00:00
class-wp-network.php
Docs: Fix type documentation for WP_Network properties.
2016-01-18 02:59:27 +00:00
class-wp-oembed-controller.php
oEmbed: Drop the trailing slash from the namespace.
2015-11-17 11:27:29 +00:00
class-wp-post.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-rewrite.php
Embeds: Allow embedding static front pages and pages having a child page with an embed slug.
2016-01-15 07:56:26 +00:00
class-wp-role.php
Docs: Clarify documentation for WP_Role::has_cap() to more clearing indicate that the method checks for capabilities against the role rather than the user.
2015-12-14 20:05:27 +00:00
class-wp-roles.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:35:27 +00:00
class-wp-site.php
Docs: Make some minor improvements to inline docs for WP_Site, introduced in [36393].
2016-02-07 02:13:26 +00:00
class-wp-tax-query.php
Correct some @param doc names in the WP_Tax_Query and WP_User_Query classes.
2015-12-14 02:50:27 +00:00
class-wp-term.php
Docs: Various docblock corrections.
2016-01-10 01:26:25 +00:00
class-wp-theme.php
Docs: Fix two typos in return descriptions for WP_Theme private usort() methods.
2016-02-26 17:23:26 +00:00
class-wp-user-query.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
class-wp-user.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:51:26 +00:00
class-wp-walker.php
Avoid a PHP notice when trying to access the post_parent property of hierarchical post type nav menu items.
2015-12-12 01:06:29 +00:00
class-wp-widget-factory.php
Docs: The Widgets subpackage is plural.
2015-09-22 13:48:25 +00:00
class-wp-widget.php
Introduce a $parent_class parameter for _deprecated_constructor().
2016-02-16 23:20:26 +00:00
class-wp-xmlrpc-server.php
Comments: In wp_xmlrpc_server::pingback_ping():
2016-02-24 00:55:26 +00:00
class-wp.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
class.wp-dependencies.php
Docs: Improve inline docs for WP_Dependencies, WP_Styles, and WP_Scripts.
2016-02-27 20:34:29 +00:00
class.wp-scripts.php
Docs: Improve inline docs for WP_Dependencies, WP_Styles, and WP_Scripts.
2016-02-27 20:34:29 +00:00
class.wp-styles.php
Docs: Improve inline docs for WP_Dependencies, WP_Styles, and WP_Scripts.
2016-02-27 20:34:29 +00:00
comment-template.php
I18N: Move the aria-label text in comment_form() to a separate string for easier translation.
2016-03-01 02:14:25 +00:00
comment.php
Comments: Pass comment data to the comment_post filter.
2016-02-24 00:49:26 +00:00
compat.php
Docs: Fix one line of the DocBlock for the JsonSerializable compat interface to use a tab instead of spaces.
2016-02-07 01:18:27 +00:00
cron.php
Docs: Adjust formatting for an added-parameter changelog entry in the hook doc for the cron_request filter.
2016-01-14 17:30:28 +00:00
date.php
Docs: Remove some more dittography.
2015-12-06 21:50:25 +00:00
default-constants.php
Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the https scheme. A more comprehensive approach will be taken in 4.5.
2015-12-22 13:02:29 +00:00
default-filters.php
Authentication: Allow users to log in using their email address.
2016-02-22 23:15:27 +00:00
default-widgets.php
Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes.
2015-09-22 13:36:25 +00:00
deprecated.php
Docs: Improve a variety of DocBlocks in wp-includes/deprecated.php.
2016-02-28 19:32:25 +00:00
embed-template.php
Docs: Update the @deprecated tag comment for wp-includes/embed-template.php to reference the correct file path following [36693].
2016-02-27 21:22:25 +00:00
embed.php
Embeds: Use a more accessible way to initially hide the iframe.
2016-02-25 10:23:27 +00:00
feed-atom-comments.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-atom.php
Feeds: <comments> is optional in RSS2, so don't include it when comments aren't present or open. Same for <wfw:commentRss> and <slash:comments>
2015-11-04 17:47:25 +00:00
feed-rdf.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rss2-comments.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rss2.php
Feeds: <comments> is optional in RSS2, so don't include it when comments aren't present or open. Same for <wfw:commentRss> and <slash:comments>
2015-11-04 17:47:25 +00:00
feed-rss.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed.php
Docs: @param fixes for a variety of docblocks.
2016-01-09 01:45:26 +00:00
formatting.php
Emoji: Clean up the emoji browser support tests.
2016-03-03 05:17:26 +00:00
functions.php
Docs: Correct $number type in number_format_i18n().
2016-02-23 18:44:26 +00:00
functions.wp-scripts.php
Docs: Improve inline docs for WP_Dependencies, WP_Styles, and WP_Scripts.
2016-02-27 20:34:29 +00:00
functions.wp-styles.php
Docs: Improve inline docs for WP_Dependencies, WP_Styles, and WP_Scripts.
2016-02-27 20:34:29 +00:00
general-template.php
Customize: Site logos are custom logos.
2016-03-03 19:56:26 +00:00
http.php
HTTP: 0.1.2.3 is not a valid IP.
2016-02-02 12:55:29 +00:00
kses.php
Docs: Use the correct parameter name in the DocBlock for wp_kses_post_deep(), introduced in [36429].
2016-02-07 00:18:26 +00:00
l10n.php
Docs: Correct _n_noop() and _nx_noop() descriptions to use third-person singular verbs.
2016-02-28 20:43:26 +00:00
link-template.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
load.php
Don't display errors during Ajax requests.
2016-02-18 16:43:27 +00:00
locale.php
Docs: Add a missing summary to the DocBlock for WP_Locale::rtl_src_admin_notice().
2015-12-16 18:08:26 +00:00
media-template.php
Accessibility: add missing alt attributes to a gaggle of <img>s.
2015-11-07 16:12:27 +00:00
media.php
Replace wp_upload_dir() with the new wp_get_upload_dir() in all cases where a file is not being uploaded. Deprecate _wp_upload_dir_baseurl(), and replace it with wp_get_upload_dir().
2016-02-18 00:24:27 +00:00
meta.php
More performance improvements to metadata lazyloading.
2016-02-17 22:58:26 +00:00
ms-blogs.php
Networks and sites: Replace "blog" usage with "site" in docs.
2016-01-28 03:35:27 +00:00
ms-default-constants.php
I18N: Remove <code> tags from translatable string in wp-admin/network/site-new.php.
2016-02-29 03:17:26 +00:00
ms-default-filters.php
Move new user notification emails to add_action() callbacks.
2015-09-16 22:19:24 +00:00
ms-deprecated.php
Docs: Add some missing @param notations to various DocBlocks in wp-includes/ms-deprecated.php.
2016-02-26 09:16:26 +00:00
ms-files.php
ms-functions.php
Docs: Improve documentation for the update_welcome_user_email() filter, introduced in [26538].
2016-03-03 09:12:27 +00:00
ms-load.php
I18N: Move translatable Codex URLs to separate strings in wp-includes/ms-load.php.
2015-11-18 17:42:26 +00:00
ms-settings.php
Multisite: Introduce the WP_Site class.
2016-01-25 21:51:26 +00:00
nav-menu-template.php
Menus: Bring back line break between menu items.
2015-12-24 00:21:27 +00:00
nav-menu.php
Ensure Description is respected in post type archive menu items.
2016-03-05 22:57:26 +00:00
option.php
Clarify return types in get_option() documentation.
2016-01-09 03:12:26 +00:00
pluggable-deprecated.php
Users: Introduce _wp_get_current_user() for improved backward compatibility.
2016-02-23 22:26:28 +00:00
pluggable.php
Docs: Correct filter reference in pre_get_avatar filter description.
2016-03-02 03:41:28 +00:00
plugin.php
Docs: Fix indentation in add_filter() example.
2016-01-25 18:58:27 +00:00
post-formats.php
foreach is a statement, not a function.
2015-08-25 20:28:22 +00:00
post-template.php
Customize: Site logos are custom logos.
2016-03-03 19:56:26 +00:00
post-thumbnail-template.php
Docs: Adjust documentation for the $size parameter in the_post_thumbnail_url() to clarify the required order of width and height values when passing an array.
2015-10-12 17:00:26 +00:00
post.php
Docs: Use the correct variable name for the $post_ID parameter in the DocBlock for wp_add_trashed_suffix_to_post_name_for_trashed_posts().
2016-02-26 09:25:26 +00:00
query.php
Revert r36696
2016-02-24 22:12:25 +00:00
registration-functions.php
registration.php
rest-api.php
OPTIONS requests to REST API should return Allow header.
2016-03-03 09:55:26 +00:00
revision.php
Revisions: Clean up _wp_post_revision_fields():
2016-02-24 00:44:59 +00:00
rewrite.php
Rewrite Rules: Ensure url_to_postid() operates as expected when it's used in the context of another site within a Multisite network that uses mixed URL schemes.
2016-02-28 02:13:25 +00:00
rss-functions.php
rss.php
foreach is a statement, not a function.
2015-08-25 20:28:22 +00:00
script-loader.php
TinyMCE, inline link:
2016-03-02 20:06:26 +00:00
session.php
Docs: @param fixes for a variety of docblocks.
2016-01-09 01:45:26 +00:00
shortcodes.php
Shortcodes: = is a reserved character in shortcode names, mark it as such.
2015-12-26 04:46:28 +00:00
taxonomy.php
Docs: Improve the description of the get_object_taxonomies() function. Uncertainty has no place in documentation.
2016-02-25 21:25:25 +00:00
template-loader.php
Embeds: Introduce embed templates into the template hierarchy via theme-compat.
2016-02-24 20:57:26 +00:00
template.php
Embeds: Introduce embed templates into the template hierarchy via theme-compat.
2016-02-24 20:57:26 +00:00
theme.php
Themes: Use the attachment ID as the key in get_uploaded_header_images().
2016-02-16 22:12:27 +00:00
update.php
Updates: Pass locales of all available languages to the themes/plugins update API.
2016-02-23 16:17:26 +00:00
user.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
vars.php
Uploads: Remove an unnecessary static var from wp_is_mobile() to allow its direct and indirect use within unit tests. The static `$is_m
2016-03-03 03:25:26 +00:00
version.php
Multisite: Handle redirect to a user's subdomain properly during login
2016-03-06 03:06:29 +00:00
widgets.php
Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
2016-02-25 12:53:27 +00:00
wlwmanifest.xml
wp-db.php
Docs: Remove an errant period following the @access tag in the DocBlock for wpdb::close(), mistakenly introduced in [36493].
2016-03-04 00:03:27 +00:00
wp-diff.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00