WordPress/wp-includes
Sergey Biryukov 526dfa8b12 KSES: Add `object-position` to the list of safe CSS properties.
This resolves an issue with the Cover block, where the `object-position` property is removed from the content when a non-admin user saves the post, leading to block recovery loop.

Props Mamaduka, aristath.
Fixes #52961.
Built from https://develop.svn.wordpress.org/trunk@50634


git-svn-id: http://core.svn.wordpress.org/trunk@50246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 12:41:09 +00:00
..
ID3 Code Modernization: Only call `libxml_disable_entity_loader()` in PHP < 8. 2020-11-17 01:00:08 +00:00
IXR XML-RPC: Emit an appropriate HTTP status code when an error is returned in response to an XML-RPC request. 2020-12-21 20:23:02 +00:00
PHPMailer External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0. 2021-03-31 21:30:03 +00:00
Requests External Libraries: Disable deserialization in Requests_Utility_FilteredIterator 2020-10-29 18:00:08 +00:00
SimplePie External Libraries: Update the SimplePie library to version 1.5.6. 2020-10-16 17:20:07 +00:00
Text Code Modernization: Use `instanceof` instead of a comparison with `get_class()`. 2020-10-18 17:33:07 +00:00
assets External Libraries: Update Clipboard.js library to version `2.0.8`. 2021-03-18 15:54:18 +00:00
block-patterns Editor: Don't unnecessarily split a translatable string in block templates. 2020-12-01 17:03:04 +00:00
block-supports Block Editor: Fix color support for dynamic blocks 2021-03-03 23:31:04 +00:00
blocks Editor: Update @wordpress npm packages 2021-03-01 08:25:27 +00:00
certificates
css Accessibility: Administration: Use a darker gray color for various admin UI items. 2021-03-24 16:41:07 +00:00
customize Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
fonts
images
js External Libraries: Update the path to `polyfill-library` files in Webpack. 2021-03-30 14:49:04 +00:00
pomo Docs: Various docblock improvements. 2020-12-10 23:59:03 +00:00
random_compat
rest-api Coding Standards: Remove some extra whitespace in `get_item_schema`. 2021-04-01 15:54:04 +00:00
sitemaps Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
sodium_compat Upgrade/Install: Update sodium_compat to v1.14.0. 2020-12-03 17:41:07 +00:00
theme-compat
widgets Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
admin-bar.php Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
atomlib.php Feeds: Fix "Only variables should be passed by reference" PHP notice in `atomlib.php`. 2020-10-17 15:45:06 +00:00
author-template.php Docs: Document parameters that accept an array of integers using typed array notation. 2020-11-19 18:24:09 +00:00
block-patterns.php
blocks.php Docs: Correct DocBlock formatting for `register_block_style_handle()`. 2021-03-13 11:15:04 +00:00
bookmark-template.php Docs: Clarify that the `$class` argument of `wp_list_bookmarks()` can accept an array. 2020-11-24 12:29:07 +00:00
bookmark.php Coding Standards: Use strict comparison for return type checks in a few functions: 2021-03-21 12:41:04 +00:00
cache-compat.php
cache.php Docs: Upgrade more parameters in docblocks to used typed array notation. 2020-11-24 21:27:05 +00:00
canonical.php Canonical: Prevent ID enumeration of private post slugs. 2021-02-02 00:40:01 +00:00
capabilities.php Roles/Caps: Return same result from `current_user_can` and `user_can()`. 2021-03-04 00:14:04 +00:00
category-template.php Docs: Correct default value for the `number` argument of `wp_tag_cloud()`. 2021-01-24 14:07:57 +00:00
category.php
class-IXR.php
class-feed.php
class-http.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-json.php Coding Standards: Pass an empty string instead of `null` as the `$replacement` parameter to `_deprecated_file()`. 2020-11-12 11:17:07 +00:00
class-oembed.php
class-phpass.php
class-phpmailer.php
class-pop3.php
class-requests.php
class-simplepie.php External Libraries: Update the SimplePie library to version 1.5.6. 2020-10-16 17:20:07 +00:00
class-smtp.php Mail: Make sure the `SMTP` class is only required once if a plugin requires `wp-includes/class-smtp.php` directly. 2021-01-26 13:45:57 +00:00
class-snoopy.php
class-walker-category-dropdown.php Docs: Fix and upgrade various `object` docblock notations. 2020-10-17 16:05:09 +00:00
class-walker-category.php Docs: Fix and upgrade various `object` docblock notations. 2020-10-17 16:05:09 +00:00
class-walker-comment.php Comments: Revert the introduction of the opt-in comment approval notification feature. 2021-02-17 13:08:05 +00:00
class-walker-nav-menu.php General: Remove `noreferrer` from `wp_targeted_link_rel()` and other uses. 2020-10-19 23:39:04 +00:00
class-walker-page-dropdown.php
class-walker-page.php
class-wp-admin-bar.php Docs: Improve description for `WP_Admin_Bar::add_group()`. 2020-08-19 02:46:04 +00:00
class-wp-ajax-response.php
class-wp-application-passwords.php Docs: Update documentation for `WP_Application_Passwords::application_name_exists_for_user()` per the documentation standards. 2021-01-28 13:10:57 +00:00
class-wp-block-list.php
class-wp-block-parser.php Editor: Update @wordpress npm packages 2021-02-02 05:17:13 +00:00
class-wp-block-pattern-categories-registry.php Docs: Synchronize `$category_name` description in `WP_Block_Pattern_Categories_Registry` methods. 2021-03-13 11:17:03 +00:00
class-wp-block-patterns-registry.php Docs: Synchronize `$category_name` description in `WP_Block_Pattern_Categories_Registry` methods. 2021-03-13 11:17:03 +00:00
class-wp-block-styles-registry.php Docs: Standardise the type name for booleans and integers. 2020-10-10 20:02:05 +00:00
class-wp-block-supports.php Editor: Update @wordpress npm packages 2021-01-28 02:04:13 +00:00
class-wp-block-type-registry.php Docs: Improve documentation for `WP_Block_Type` properties. 2021-02-23 19:18:02 +00:00
class-wp-block-type.php Docs: Add missing `@since` tags for `item_link` and `item_link_description` post type and taxonomy labels. 2021-03-13 10:25:06 +00:00
class-wp-block.php Editor: Introduce a dynamic filter for the content of a single block: 2021-02-01 18:06:03 +00:00
class-wp-comment-query.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-comment.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-customize-control.php Docs: Miscellaneous docblock fixes. 2020-10-17 14:54:05 +00:00
class-wp-customize-manager.php Robots: Introduce Robots API. 2021-01-21 01:37:00 +00:00
class-wp-customize-nav-menus.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
class-wp-customize-panel.php
class-wp-customize-section.php
class-wp-customize-setting.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-customize-widgets.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
class-wp-date-query.php Docs: Document parameters that accept an array of integers using typed array notation. 2020-11-19 18:24:09 +00:00
class-wp-dependency.php
class-wp-editor.php I18N: Merge duplicate "Column" strings, remove unnecessary context. 2020-11-09 11:17:07 +00:00
class-wp-embed.php
class-wp-error.php General: Docblock improvements for the `WP_Error` class. 2020-10-09 22:30:04 +00:00
class-wp-fatal-error-handler.php Site Health: Link to the support article on troubleshooting in "There has been a critical error" message. 2021-02-09 16:59:04 +00:00
class-wp-feed-cache-transient.php
class-wp-feed-cache.php Feeds: Register transient feed cache handler using the recommended method for SimplePie 1.3 or later. 2020-11-12 14:36:10 +00:00
class-wp-hook.php Docs: In various `@return` tags, list the expected type first, instead of `false` or `WP_Error`. 2021-01-04 17:18:04 +00:00
class-wp-http-cookie.php
class-wp-http-curl.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
class-wp-http-encoding.php Docs: In various `@return` tags, list the expected type first, instead of `false`. 2021-01-15 20:08:07 +00:00
class-wp-http-ixr-client.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-http-proxy.php
class-wp-http-requests-hooks.php Docs: Add missing `@since` tags. 2020-11-19 17:54:05 +00:00
class-wp-http-requests-response.php
class-wp-http-response.php
class-wp-http-streams.php Docs: Various docblock corrections and improvements. 2020-11-14 16:35:06 +00:00
class-wp-image-editor-gd.php Media: Avoid suppressing errors when using `getimagesize()`. 2021-02-02 16:53:04 +00:00
class-wp-image-editor-imagick.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-image-editor.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-list-util.php
class-wp-locale-switcher.php I18N: Revert [49236] for now to investigate alternative implementations. 2020-11-12 14:43:09 +00:00
class-wp-locale.php Docs: Update the URL for PHP date formats table in translator comments. 2020-09-18 10:37:08 +00:00
class-wp-matchesmapregex.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
class-wp-meta-query.php Query: Consistently include a space in parentheses in `WP_Meta_Query::get_sql_for_clause()`. 2021-03-25 12:39:07 +00:00
class-wp-metadata-lazyloader.php Docs: Various docblock corrections particularly relating to boolean types. 2021-01-03 21:57:09 +00:00
class-wp-network-query.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-network.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-object-cache.php Docs: Various docblock corrections relating to parameter types. 2020-11-24 21:22:04 +00:00
class-wp-oembed-controller.php Docs: Corrections and improvements to inline docs relating to the REST API. 2020-11-16 11:04:12 +00:00
class-wp-oembed.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
class-wp-paused-extensions-storage.php
class-wp-post-type.php Docs: Various docblock improvements. 2020-12-10 23:59:03 +00:00
class-wp-post.php Docs: Docblock corrections relating to `WP_Post` objects. 2020-11-09 15:15:08 +00:00
class-wp-query.php Query: Consistently include a space in parentheses in `WP_Meta_Query::get_sql_for_clause()`. 2021-03-25 12:39:07 +00:00
class-wp-recovery-mode-cookie-service.php Docs: Consistently use third-person singular verbs for various filter descriptions, per the documentation standards. 2020-08-11 00:34:08 +00:00
class-wp-recovery-mode-email-service.php Docs: In various `@return` tags, list the expected type first, instead of `false` or `WP_Error`. 2021-01-04 17:18:04 +00:00
class-wp-recovery-mode-key-service.php
class-wp-recovery-mode-link-service.php Docs: Document the usage of `$pagenow` global in a few functions. 2021-02-22 19:18:12 +00:00
class-wp-recovery-mode.php Docs: Consistently use third-person singular verbs for various filter descriptions, per the documentation standards. 2020-08-11 00:34:08 +00:00
class-wp-rewrite.php Docs: Clarify and standardise on terminology used for rewrite rule endpoint masks. 2020-11-19 16:15:08 +00:00
class-wp-role.php
class-wp-roles.php
class-wp-session-tokens.php Code Modernization: Remove `final` keyword from private methods. 2020-08-12 15:05:08 +00:00
class-wp-simplepie-file.php Feed: Replace `join()` with `implode()` for safety. 2020-12-16 14:05:07 +00:00
class-wp-simplepie-sanitize-kses.php Docs: Standardise the type name for booleans and integers. 2020-10-10 20:02:05 +00:00
class-wp-site-query.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-site.php Docs: Various docblock corrections and improvements. 2021-02-20 17:10:11 +00:00
class-wp-tax-query.php
class-wp-taxonomy.php Taxonomy: Reorder some `WP_Taxonomy` properties for consistency. 2021-02-01 11:55:00 +00:00
class-wp-term-query.php Docs: Fix indentation for `wp_term_query->construct` method parameters. 2021-03-29 21:35:07 +00:00
class-wp-term.php Docs: Various docblock corrections. 2020-12-10 23:53:07 +00:00
class-wp-text-diff-renderer-inline.php
class-wp-text-diff-renderer-table.php Revisions: Generate correct number of columns in wp_text_diff. 2021-01-27 21:53:58 +00:00
class-wp-theme.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
class-wp-user-meta-session-tokens.php
class-wp-user-query.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-user-request.php
class-wp-user.php Roles/Caps: Return same result from `current_user_can` and `user_can()`. 2021-03-04 00:14:04 +00:00
class-wp-walker.php Docs: Fix typo in a comment in `Walker::display_element()`. 2020-11-05 18:46:10 +00:00
class-wp-widget-factory.php
class-wp-widget.php Plugins: Replace usage of `$this` in action and filter parameter docblocks with more appropriate variable names. 2021-01-08 14:30:14 +00:00
class-wp-xmlrpc-server.php XML-RPC: Pass an empty array to the `xmlrpc_call` action in methods that have no arguments. 2021-03-05 11:03:06 +00:00
class-wp.php Comments: Extend the duration of the window within which unapproved comments are visible by their author. 2021-02-09 16:57:04 +00:00
class.wp-dependencies.php
class.wp-scripts.php Script Loader: Prevent `wp_localize_script()` warnings. 2021-02-22 23:23:07 +00:00
class.wp-styles.php Docs: Use correct variable in the `style_loader_tag` filter DocBlock. 2021-02-27 17:59:03 +00:00
comment-template.php Docs: Corrections and improvements to types used in various docblocks. 2021-01-05 17:16:11 +00:00
comment.php Coding Standards: Use strict comparison for return type checks in a few functions: 2021-03-21 12:41:04 +00:00
compat.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
cron.php Cron API: Add a missing `$wp_error` parameter to the `pre_reschedule_event` filter. 2021-02-20 12:11:03 +00:00
date.php
default-constants.php Bundled Themes: Make Twenty Twenty-One the default theme. 2020-10-20 02:04:07 +00:00
default-filters.php Editor: Consolidate enqueueing block editor assets in `wp-includes/default-filters.php`. 2021-04-01 11:46:09 +00:00
default-widgets.php
deprecated.php Media: Avoid suppressing errors when using `getimagesize()`. 2021-02-02 16:53:04 +00:00
embed-template.php
embed.php Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
error-protection.php Docs: Add more information about how to use filters that run before WordPress initialises. 2020-11-03 17:36:09 +00:00
feed-atom-comments.php
feed-atom.php Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
feed-rdf.php
feed-rss.php
feed-rss2-comments.php
feed-rss2.php
feed.php Feeds: Register transient feed cache handler using the recommended method for SimplePie 1.3 or later. 2020-11-12 14:36:10 +00:00
formatting.php Docs: Correct description for `wp_slash()` and `wp_unslash()`. 2021-01-17 16:38:06 +00:00
functions.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
functions.wp-scripts.php Script Loader: Explicitly declare the `$pagenow` global in `wp_deregister_script()`. 2021-02-20 09:56:04 +00:00
functions.wp-styles.php
general-template.php Docs: Fix description for `$htmlhint` argument in code editor settings. 2021-03-25 20:00:05 +00:00
http.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
https-detection.php Security, Site Health: Do not store HTTPS request error messages in an option. 2021-03-02 15:08:09 +00:00
https-migration.php Security, Site Health: Make migrating a site to HTTPS a one-click interaction. 2021-02-02 00:10:01 +00:00
kses.php KSES: Add `object-position` to the list of safe CSS properties. 2021-04-02 12:41:09 +00:00
l10n.php Docs: In various `@return` tags, list the expected type first, instead of `false`. 2021-01-15 20:08:07 +00:00
link-template.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
load.php Docs: Document the usage of `$pagenow` global in a few functions. 2021-02-22 19:18:12 +00:00
locale.php
media-template.php Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
media.php Media: Conditionally pass 2nd parameter to `getimagesize()`. 2021-03-26 00:09:04 +00:00
meta.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
ms-blogs.php Docs: Fix and upgrade various `object` docblock notations. 2020-10-17 16:05:09 +00:00
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php Docs: Document parameters that accept an array of integers using typed array notation. 2020-11-19 18:24:09 +00:00
ms-files.php
ms-functions.php Docs: Corrections and improvements to types used in various docblocks. 2021-01-05 17:16:11 +00:00
ms-load.php Docs: Further corrections and promotions for docblocks relating to `object` types. 2020-10-18 20:53:08 +00:00
ms-network.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
ms-settings.php
ms-site.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
nav-menu-template.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
nav-menu.php Coding Standards: Use strict comparison for return type checks in a few functions: 2021-03-21 12:41:04 +00:00
option.php Docs: Miscellaneous docblock corrections and improvements. 2021-01-07 14:17:11 +00:00
pluggable-deprecated.php
pluggable.php Revisions: Generate correct number of columns in wp_text_diff. 2021-01-27 21:53:58 +00:00
plugin.php Docs: In various `@return` tags, list the expected type first, instead of `false` or `WP_Error`. 2021-01-04 17:18:04 +00:00
post-formats.php Docs: Upgrade more parameters in docblocks to used typed array notation. 2020-11-24 21:27:05 +00:00
post-template.php Posts, Post Types: Rename the new post parent conditional tag functions for clarity. 2021-02-20 17:45:04 +00:00
post-thumbnail-template.php Docs: Clarify the `@return` value for `wp_get_attachment_image_url()` and `get_the_post_thumbnail_url()`. 2021-02-08 14:14:08 +00:00
post.php Docs: Document the `import_id` parameter of `wp_insert_post()`. 2021-03-31 13:05:06 +00:00
query.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
registration-functions.php Coding Standards: Pass an empty string instead of `null` as the `$replacement` parameter to `_deprecated_file()`. 2020-11-12 11:17:07 +00:00
registration.php Coding Standards: Pass an empty string instead of `null` as the `$replacement` parameter to `_deprecated_file()`. 2020-11-12 11:17:07 +00:00
rest-api.php REST API: Correct error code for the maxItems keyword. 2021-03-01 16:32:08 +00:00
revision.php Coding Standards: Use strict comparison for return type checks in a few functions: 2021-03-21 12:41:04 +00:00
rewrite.php Docs: Clarify and standardise on terminology used for rewrite rule endpoint masks. 2020-11-19 16:15:08 +00:00
robots-template.php Robots: Remove contradictory directive check in `wp_robots()`. 2021-03-23 23:02:05 +00:00
rss-functions.php Feeds: Add an early exit when calling RSS functions directly. 2020-11-16 22:52:05 +00:00
rss.php Docs: In various `@return` tags, list the expected type first, instead of `false` or `WP_Error`. 2021-01-04 17:18:04 +00:00
script-loader.php Editor: Consolidate enqueueing block editor assets in `wp-includes/default-filters.php`. 2021-04-01 11:46:09 +00:00
session.php
shortcodes.php Docs: In various `@return` tags, list the expected type first, instead of `false`. 2021-01-15 20:08:07 +00:00
sitemaps.php Sitemaps: Prevent incorrect redirection of paged sitemap requests. 2020-08-27 01:30:04 +00:00
spl-autoload-compat.php Coding Standards: Pass an empty string instead of `null` as the `$replacement` parameter to `_deprecated_file()`. 2020-11-12 11:17:07 +00:00
taxonomy.php Taxonomy: Use a consistent check for the `$rewrite['hierarchical']` parameter. 2021-03-23 13:55:03 +00:00
template-loader.php
template.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
theme.php Docs: Various docblock corrections and improvements. 2021-02-20 17:10:11 +00:00
update.php Upgrade/Install: Allow WordPress sites to opt-in to development releases. 2021-01-30 10:34:02 +00:00
user.php Login and Registration: Restore the "Error:" prefix for the "Unknown username" message. 2021-03-26 12:14:07 +00:00
vars.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
version.php KSES: Add `object-position` to the list of safe CSS properties. 2021-04-02 12:41:09 +00:00
widgets.php Docs: Correct the type of `$widget_id` argument in `is_active_widget()`. 2021-02-17 11:48:12 +00:00
wlwmanifest.xml
wp-db.php Docs: Miscellaneous docblock corrections and improvements. 2021-01-07 14:17:11 +00:00
wp-diff.php