WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Scott Taylor 382d455235 WP oEmbed: Improve height attribute sanitization 
Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2015-10-31 20:39:25 +00:00
..
ID3
SimplePie Feeds: add `CEST` to `$timezone` in `SimplePie_Parse_Date`. 2015-10-20 05:57:24 +00:00
Text Fix the `@author` doc param encoding in `Text/Diff/Engine/string` so the file is recognized as UTF-8, not ISO-8859-1. 2015-10-24 22:45:25 +00:00
certificates HTTP: Update the Root Certificate bundle. 2015-09-18 08:43:26 +00:00
css Embeds: Add fallbacks for IE7-9. 2015-10-31 04:38:25 +00:00
customize Customizer: Remove the no more used `add-menu-item-loading` spinner. 2015-10-26 13:59:26 +00:00
fonts Dashicons: Fix font ID in SVG file. 2015-07-23 10:03:24 +00:00
images Embeds: Revert [35083], as the PNG files ended up not being used in [35466]. 2015-10-31 04:42:25 +00:00
js WP oEmbed: Improve height attribute sanitization 2015-10-31 20:39:25 +00:00
pomo Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
random_compat Update Random_Compat to master. 2015-10-28 01:12:24 +00:00
rest-api REST API: remove the `@internal` annotation from `rest_api_default_filters()`. 2015-10-31 20:08:25 +00:00
theme-compat Don't use `<a>` in translatable strings in `theme-compat/sidebar.php`. 2015-10-30 10:40:26 +00:00
widgets Widgets: revert [34376] and [34386] as pertains to the Categories widget supporting custom taxonomies. 2015-10-20 04:57:25 +00:00
admin-bar.php Docs: Add missing file headers to two Toolbar API files: wp-includes/admin-bar.php and wp-includes/class-wp-admin-bar.php. 2015-10-14 17:27:25 +00:00
atomlib.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
author-template.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
bookmark-template.php
bookmark.php After [33843], update the location of some files in `This filter is documented in` docs 2015-09-08 22:17:26 +00:00
cache.php Filesystem: Following the introduction of the `KB|MB|GB|TB_IN_BYTES` constants in [35286], use them in various places in core. 2015-10-21 14:03:25 +00:00
canonical.php Don't force comment pagination. 2015-10-21 16:26:42 +00:00
capabilities-functions.php Revert [34778], continue using `_site_option()` for the current network. 2015-10-07 17:11:25 +00:00
capabilities.php Docs: The Users subpackage is plural. 2015-09-22 13:46:25 +00:00
category-functions.php Taxonomy: Improve deprecated argument strings for the 'link' type in `get_categories()` and `wp_dropdown_categories()`. 2015-10-18 15:35:24 +00:00
category-template.php In `wp_list_categories()`, rewrite a long condition for clarity. 2015-10-20 16:13:26 +00:00
category.php Docs: Clarify the file header for wp-includes/category.php. 2015-09-22 14:20:24 +00:00
class-IXR.php Update variable naming after [35279]. 2015-10-23 02:01:25 +00:00
class-feed.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-http.php Docs: Syntax fixes for deprecating `WP_Http::parse_url()`. 2015-10-23 15:43:24 +00:00
class-json.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-oembed.php oEmbed: add Reddit Comments as a provider 2015-10-22 18:17:24 +00:00
class-phpass.php Remove closing PHP tag from `wp-includes/class-phpass.php`. 2015-10-06 23:45:25 +00:00
class-phpmailer.php Remove debug cruft from [33124]. 2015-07-09 07:56:24 +00:00
class-pop3.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-simplepie.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-smtp.php Update PHPMailer to 5.2.10 from 5.2.7. 2015-07-08 17:16:25 +00:00
class-snoopy.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-walker-category-dropdown.php Docs: Clarify the file header for wp-includes/class-walker-category-dropdown.php, introduced in [34110]. 2015-09-22 14:03:25 +00:00
class-walker-category.php Taxonomy: in `wp_list_categories()`, add an arg: `separator`, to allow the overriding of `<br/>`. 2015-10-13 17:02:25 +00:00
class-walker-comment.php Docs: some `@global object` vernaculars should be converted to the actual object type. 2015-10-10 15:45:25 +00:00
class-walker-page-dropdown.php Docs: Clarify the file header subpackage for wp-includes/class-walker-page-dropdown.php, introduced in [34109]. 2015-09-22 13:58:24 +00:00
class-walker-page.php Docs: Actually, the subpackage for `Walker_Page` should be Template. 2015-09-22 15:09:24 +00:00
class-wp-admin-bar.php Docs: Add missing file headers to two Toolbar API files: wp-includes/admin-bar.php and wp-includes/class-wp-admin-bar.php. 2015-10-14 17:27:25 +00:00
class-wp-ajax-response.php
class-wp-comment-query.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-comment.php Prevent extra db queries in `WP_Comment::get_children()`. 2015-10-01 03:58:23 +00:00
class-wp-customize-control.php Customize: move `WP_Customize_Control` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:57:25 +00:00
class-wp-customize-manager.php Customizer: remove the `title` attribute from the Preview html element while loading. 2015-10-25 15:14:26 +00:00
class-wp-customize-nav-menus.php Customizer: Use the plural label for available menu item types. 2015-09-24 09:16:25 +00:00
class-wp-customize-panel.php Customize: move `WP_Customize_Panel` subclass to `wp-includes/customize`, it loads in the exact same place. 2015-10-24 18:25:24 +00:00
class-wp-customize-section.php Customize: move `WP_Customize_Section` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php Customize: move `WP_Customize_Setting` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:11:24 +00:00
class-wp-customize-widgets.php Docs: Change variable name in `WP_Customize_Widgets::filter_customize_dynamic_setting_args()` DocBlock to match the actual variable. 2015-10-24 14:42:26 +00:00
class-wp-editor.php Embeds: Rename TinyMCE `wpoembed` plugin to `wpembed`. 2015-10-26 14:50:26 +00:00
class-wp-embed.php Embeds: Add oEmbed provider support. 2015-10-07 10:36:25 +00:00
class-wp-error.php
class-wp-http-cookie.php Docs: object != class 2015-09-26 07:04:28 +00:00
class-wp-http-curl.php Don't set `CURLOPT_CAINFO` when `sslverify` is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled. 2015-09-27 21:37:24 +00:00
class-wp-http-encoding.php Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748]. 2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php Docs: Update the hook doc summary for the `wp_http_ixr_client_headers` filter, introduced in [34164]. 2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php Docs: Add a missing file header to wp-includes/class-wp-http-proxy.php, introduced in [33748]. 2015-09-03 03:30:21 +00:00
class-wp-http-response.php HTTP/REST API: move `WP_HTTP_Response` to `wp-includes/` with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically. 2015-10-08 19:27:28 +00:00
class-wp-http-streams.php Docs: object != class 2015-09-26 07:04:28 +00:00
class-wp-image-editor-gd.php Docs: Re-clarify the `$sizes[ $size ]` section of the hash notations for `WP_Image_Editor_GD::multi_resize()` and `WP_Image_Editor_Imagick::multi_resize()` as not fully-optional. 2015-10-12 16:34:23 +00:00
class-wp-image-editor-imagick.php Docs: Re-clarify the `$sizes[ $size ]` section of the hash notations for `WP_Image_Editor_GD::multi_resize()` and `WP_Image_Editor_Imagick::multi_resize()` as not fully-optional. 2015-10-12 16:34:23 +00:00
class-wp-image-editor.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-meta-query.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-network.php Multisite: Remove the strictness for `$using_paths` in `WP_Network::get_by_path()`. 2015-10-15 22:07:24 +00:00
class-wp-oembed-controller.php Embeds: Fix typo in `oembed_request_post_id` filter DocBlock. 2015-10-31 15:38:25 +00:00
class-wp-post.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-rewrite.php Docs: Add a couple of strategically-placed spaces in `WP_Rewrite`. 2015-10-08 22:07:24 +00:00
class-wp-role.php Docs: The Users subpackage is plural. 2015-09-22 13:46:25 +00:00
class-wp-roles.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-tax-query.php Docs: Add a file header to wp-includes/class-wp-tax-query.php, introduced in [33760]. 2015-09-22 13:16:30 +00:00
class-wp-term.php Don't store `data` as a property on `WP_Term` objects. 2015-10-19 03:12:24 +00:00
class-wp-theme.php Template: Make it possible to both ''add'' and ''remove'' items from the page templates list using the `theme_page_templates` filter. 2015-10-09 21:51:25 +00:00
class-wp-user-query.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-user.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-walker.php Docs: Add missing parameter and return descriptions for `Walker::get_number_of_root_elements()`. 2015-09-14 15:33:27 +00:00
class-wp-widget-factory.php Docs: The Widgets subpackage is plural. 2015-09-22 13:48:25 +00:00
class-wp-widget.php Widgets: when getting settings, and none exist, set them to empty to avoid extraneous database queries on subsequent requests. 2015-10-13 01:13:24 +00:00
class-wp-xmlrpc-server.php XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call. 2015-10-23 04:46:24 +00:00
class-wp.php Embeds: Who put this REST API infrastructure in my WordPress? 2015-10-29 22:51:24 +00:00
class.wp-dependencies.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
class.wp-scripts.php Scripts: in `WP_Scripts::set_group()`, the `args` prop of the `_WP_Dependency` instance defaults to `null` - check that it is set before comparing. 2015-10-06 13:54:25 +00:00
class.wp-styles.php Add a missing `$html` parameter variable in the hook docs for the `style_loader_tag` filter. 2015-07-13 21:03:24 +00:00
comment-functions.php Comments: don't auto-close comments on draft posts. 2015-10-31 20:13:24 +00:00
comment-template.php Don't force comment pagination. 2015-10-21 16:26:42 +00:00
comment.php Docs: The Comment API is singular. 2015-09-22 13:44:25 +00:00
compat.php Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x. 2015-10-09 04:28:24 +00:00
cron.php Cron: In `spawn_cron()`, when using `ALTERNATE_WP_CRON`, return early for any non-`GET`, instead of naively checking `! empty( $_POST )`. 2015-09-26 04:51:26 +00:00
date.php Ensure that `WP_Date_Query` accepts a value of `0` for 'hour'. 2015-10-09 16:33:25 +00:00
default-constants.php Docs: Correction: `MONTH_IN_SECONDS` was added in 4.4.0. 2015-10-20 07:35:26 +00:00
default-filters.php Embeds: Add fallbacks for IE7-9. 2015-10-31 04:38:25 +00:00
default-widgets.php Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes. 2015-09-22 13:36:25 +00:00
deprecated.php Filesystem: Following the introduction of the `KB|MB|GB|TB_IN_BYTES` constants in [35286], use them in various places in core. 2015-10-21 14:03:25 +00:00
embed-functions.php WP oEmbed: Improve height attribute sanitization 2015-10-31 20:39:25 +00:00
embed-template.php Embeds: In `get_post_embed_html()`, move the optional `$post` argument after the required `$width` and `$height`. 2015-10-31 15:51:25 +00:00
feed-atom-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-atom.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rdf.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed.php Use correct placeholders for translator comments added in [35303]. 2015-10-24 18:50:24 +00:00
formatting.php Use `wp_parse_url()` in `esc_url()` to avoid parsing bugs in < PHP 5.4.7. 2015-10-23 05:57:24 +00:00
functions.php Add `wp-post-new-reload` to the list of removable query vars so it doesn't persist in the URL. 2015-10-30 18:06:34 +00:00
functions.wp-scripts.php
functions.wp-styles.php
general-template.php Editor: After [33927], make sure `user_can_richedit()` returns true for Microsoft Edge. 2015-10-24 18:13:24 +00:00
http-functions.php WP_HTTP: Promote the `WP_HTTP::parse_url()` method to a more generic `wp_parse_url()` function. 2015-10-23 05:54:25 +00:00
http.php After [34953], unbreak WordPress. 2015-10-08 19:29:25 +00:00
kses.php KSES: have you ever heard of the `<bdo>` HTML tag? Same. http://www.w3schools.com/tags/tag_bdo.asp 2015-10-13 17:18:25 +00:00
l10n.php Revert [34778], continue using `_site_option()` for the current network. 2015-10-07 17:11:25 +00:00
link-template.php Docs: Update the default scheme for `get_rest_url()` from 'json' to 'rest'. 2015-10-19 22:39:25 +00:00
load.php Move `wp_installing()` to load.php. 2015-10-07 03:02:23 +00:00
locale.php In `WP_Locale::init()`, replace space as a thousands separator with a non-breaking space. 2015-10-23 11:51:28 +00:00
media-template.php Media: Restore proper conditional statement broken after [35427]. 2015-10-30 22:06:24 +00:00
media.php Responsive images: few more inline docs fixes. 2015-10-30 23:36:25 +00:00
meta-functions.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
meta.php Docs: Clarify the file header summary for wp-includes/meta.php, the top-level file for the core Meta API. 2015-09-22 13:30:24 +00:00
ms-blogs.php Ensure that the scheme used in the URL returned by `get_blogaddress_by_id()` always reflects the blog's URL, instead of using `http`. 2015-10-30 02:02:24 +00:00
ms-default-constants.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
ms-default-filters.php Move new user notification emails to `add_action()` callbacks. 2015-09-16 22:19:24 +00:00
ms-deprecated.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
ms-files.php
ms-functions.php Filesystem: Following the introduction of the `KB|MB|GB|TB_IN_BYTES` constants in [35286], use them in various places in core. 2015-10-21 14:03:25 +00:00
ms-load.php Don't use `<a>` in translatable string in `wp-includes/ms-load.php`. 2015-10-30 09:16:25 +00:00
ms-settings.php Use `wp_installing()` instead of `WP_INSTALLING` constant. 2015-10-05 15:06:28 +00:00
nav-menu-template.php Nav Menus: show custom post type Archive item at the top of the `View All` tab for the post type on the legacy Nav Menu screen. 2015-10-24 17:46:25 +00:00
nav-menu.php Don't use `<strong>` in translatable string in `wp-includes/nav-menu.php`. 2015-10-30 08:57:26 +00:00
option.php Rename internal variable in `set_transient()`. 2015-10-29 11:52:28 +00:00
pluggable-deprecated.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
pluggable.php Mail: in `wp_notify_postauthor()` and `wp_notify_moderator()`, ensure that special chars aren't HTML-encoded in the email message body. 2015-10-28 18:03:24 +00:00
plugin.php `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead. 2015-09-25 23:58:25 +00:00
post-formats.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-functions.php Don't specify an `offset` default in `get_posts()`. 2015-10-28 18:18:24 +00:00
post-template.php Docs: After [35399], correct `$class` parameter type and description for `post_class` filter. 2015-10-26 15:12:24 +00:00
post-thumbnail-template.php Docs: Adjust documentation for the `$size` parameter in `the_post_thumbnail_url()` to clarify the required order of width and height values when passing an array. 2015-10-12 17:00:26 +00:00
post.php Docs: Clarify the file header summary for wp-includes/post.php, the top-level file for the Post API. 2015-09-22 13:13:26 +00:00
query.php Query: Introduce the `content_pagination` filter, which makes it possible to manipulate how post content is split into "pages" in `WP_Query::setup_postdata()`. 2015-10-20 06:33:27 +00:00
registration-functions.php
registration.php
rest-api.php After [34953], unbreak WordPress. 2015-10-08 19:29:25 +00:00
revision.php Docs: Correct description for `_wp_post_revision_fields()` arguments. 2015-10-22 12:17:28 +00:00
rewrite-constants.php Docs: Clarify the file header summary for wp-includes/rewrite-constants.php, introduced in [33751]. 2015-09-04 01:52:24 +00:00
rewrite-functions.php In `WP::parse_request()` and `url_to_postid()`, don't skip objects that have a post status with `'exclude_from_search' => false`, e.g. `inherit`. 2015-10-15 17:53:24 +00:00
rewrite.php Rewrite: move `WP_Rewrite` into its own file. `rewrite.php` loads the new files, so this is 100% BC if someone is loading `rewrite.php` directly. New files created using `svn cp`. 2015-08-26 04:42:20 +00:00
rss-functions.php
rss.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
script-loader.php Embeds: Add fallbacks for IE7-9. 2015-10-31 04:38:25 +00:00
session.php
shortcodes.php Shortcodes: Tweak the error messages added in [34745]. 2015-10-29 10:32:26 +00:00
taxonomy-functions.php After [34891] and [35376], add new labels to changelog entries. 2015-10-23 16:54:24 +00:00
taxonomy.php Introduce `WP_Term`. 2015-10-10 01:59:29 +00:00
template-loader.php Embeds: Add oEmbed provider support. 2015-10-07 10:36:25 +00:00
template.php List the possible values for the dynamic portion of the `{type}_template` hook. 2015-10-28 14:06:27 +00:00
theme.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
update.php Use `wp_installing()` instead of `WP_INSTALLING` constant. 2015-10-05 15:06:28 +00:00
user-functions.php Users: when calling `wp_insert_user()` with an valid user ID, return `WP_Error` instead of arbitrarily updating user meta. 2015-10-20 05:28:24 +00:00
user.php Docs: The User API is singular. 2015-09-22 13:03:24 +00:00
vars.php Introduce a new `$is_edge` global for the Microsoft Edge browser. 2015-09-05 22:33:23 +00:00
version.php WP oEmbed: Improve height attribute sanitization 2015-10-31 20:39:25 +00:00
widget-functions.php Widgets: When using `the_widget()`, the `$before_widget` argument only receives the widget class if using the default sidebar arguments. Run `sprintf` after parsing the args to fix this. 2015-10-13 01:49:48 +00:00
widgets.php Docs: Clarify the file header summary for wp-includes/widgets.php, the top-level file for the core Widgets API. 2015-09-03 03:14:20 +00:00
wlwmanifest.xml
wp-db.php Add `wp_load_translations_early()` to `wpdb::check_connection()`. 2015-10-08 17:11:24 +00:00
wp-diff.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00