WordPress/wp-includes
Boone Gorges 7560f446f9 Use field-specific sanitization in `WP_Tax_Query::transform_query()`.
When terms are entered into the database, term fields are sanitized with
`sanitize_term_field()`. To ensure that the `SELECT ... WHERE` queries in
`WP_Tax_Query::transform_query()` are not broken by overzealous sanitization,
`sanitize_term_field()` should be used in that case as well. This fixes a bug
where a tax_query using 'field=name' would fail if the 'terms' parameter
contained characters (like spaces) that were improperly removed by
`sanitize_title_for_query()`.

Fixes #27810.
Built from https://develop.svn.wordpress.org/trunk@31346


git-svn-id: http://core.svn.wordpress.org/trunk@31327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-06 02:02:23 +00:00
..
ID3 Update getID3 library to 1.9.8. 2014-09-11 19:07:17 +00:00
SimplePie
Text
certificates WP_HTTP: Revert r30491 which updated the bundled root certificates. There's a report that this is breaking under certain PHP/OpenSSL versions (which we've encountered before), and we're safer with a slighty out of date CA bundle than breaking HTTPS communication on affected sites. 2014-12-07 03:13:22 +00:00
css Media: Prevent filter selects from jiggling when the spinner shows. 2015-01-16 03:00:23 +00:00
fonts Dashicons: Update to the latest files. 2014-12-09 19:34:23 +00:00
images TwentyFifteen: 2014-11-25 06:12:22 +00:00
js MCE views: Always refresh the view after updating a gallery. 2015-02-05 20:12:22 +00:00
pomo Add missing `@param`s to `src/wp-includes/pomo` files. 2014-11-30 21:41:22 +00:00
theme-compat Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
admin-bar.php Customizer: Use deep-link for Widgets in toolbar on front-end. 2015-01-13 07:45:22 +00:00
atomlib.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
author-template.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
bookmark-template.php Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented. 2014-11-24 04:42:22 +00:00
bookmark.php The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words. 2015-01-08 07:05:25 +00:00
cache.php Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded. 2015-01-10 06:54:23 +00:00
canonical.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
capabilities.php [31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`. 2015-01-16 18:37:24 +00:00
category-template.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
category.php Add inline `@see` tags to the docs for the `get_categories_taxonomy` hook. 2014-11-17 17:37:23 +00:00
class-IXR.php XML-RPC: Send 405 Method Not Allowed for GET requests. 2014-12-30 20:41:23 +00:00
class-feed.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
class-http.php HTTP API: Fix an issue where the `limit_response_size` parameter wasn't working properly with large documents and the cURL transport. 2015-01-29 03:58:23 +00:00
class-json.php
class-oembed.php In `WP_oEmbed`, only allow `__call()` to run against a whitelist of methods, `$compat_methods`. 2015-01-11 22:27:23 +00:00
class-phpass.php Prevent high resource usage when hashing large passwords. props mdawaffe, pento 2014-11-20 16:03:24 +00:00
class-phpmailer.php Update PHPMailer to 5.2.7 from 5.2.4. 2014-03-03 20:25:14 +00:00
class-pop3.php
class-simplepie.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-smtp.php PHPMailer: Merge upstream commit (PR274). 2014-09-29 10:28:17 +00:00
class-snoopy.php
class-wp-admin-bar.php In `wp-includes/class-wp-admin-bar.php`, `break` is unreachabled after `return`. 2014-05-06 18:29:15 +00:00
class-wp-ajax-response.php `WP_Ajax_Response` has one property only, `$responses`. It was public until [28508], when it became `private` in name only. Is it worth 4 magic methods to pretend that this property is `private`? It is not. 2015-01-11 00:13:23 +00:00
class-wp-customize-control.php Overriding methods should do more than simply call the same method in the super class. 2015-01-08 21:20:22 +00:00
class-wp-customize-manager.php Ensure that `WP_Customize_Setting::value()` returns default value for setting if not dirty. 2015-02-03 10:15:21 +00:00
class-wp-customize-panel.php Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded. 2015-01-10 06:54:23 +00:00
class-wp-customize-section.php Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded. 2015-01-10 06:54:23 +00:00
class-wp-customize-setting.php Ensure that `WP_Customize_Setting::value()` returns default value for setting if not dirty. 2015-02-03 10:15:21 +00:00
class-wp-customize-widgets.php Customizer: Fix form tag replacement in WP_Customize_Widgets::get_widget_control() after [31200]. 2015-01-17 13:11:23 +00:00
class-wp-editor.php TinyMCE: add breaking out of blockquotes by pressing Enter twice. Togging blockquote on|off with the button and the shortcut is unchanged. Props avryl, fixes #23110. 2015-01-16 23:36:22 +00:00
class-wp-embed.php Don't force newlines around URLs in WP_Embed::autoembed(). 2015-01-07 07:51:22 +00:00
class-wp-error.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
class-wp-http-ixr-client.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
class-wp-image-editor-gd.php Preserve alpha transparency when rotating a PNG while GD is the active image editor. 2015-01-03 22:02:24 +00:00
class-wp-image-editor-imagick.php Fix some `@param` docs that have chars too close them. 2015-01-10 06:57:22 +00:00
class-wp-image-editor.php Fix some `@param` docs that have chars too close them. 2015-01-10 06:57:22 +00:00
class-wp-theme.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
class-wp-walker.php `Walker::$has_children` should be public for backward compatibility. 2015-01-11 01:56:22 +00:00
class-wp-xmlrpc-server.php Fix a typo in [30138]. 2015-01-25 09:48:21 +00:00
class-wp.php [31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`. 2015-01-16 18:37:24 +00:00
class.wp-dependencies.php Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented. 2014-11-24 04:58:22 +00:00
class.wp-scripts.php Add support for IE conditional comments for WP_Scripts to match the functionality of WP_Styles, including unit tests. Props filosofo, aaroncampbell, ethitter, georgestephanis, valendesigns. Fixes #16024. 2015-01-17 01:37:22 +00:00
class.wp-styles.php Ensure that inline styles attached to conditional stylesheets are also conditional. 2015-01-03 04:10:21 +00:00
comment-template.php In `comment_form()`, add the HTML5 `required` attribute next to `aria-required` in fields that utilize it. 2015-01-16 15:56:23 +00:00
comment.php Comments: When a comment fails to insert, remove invalid characters from the email and URL fields, too. 2015-01-21 23:18:22 +00:00
compat.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
cron.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
date.php Clarify inline documentation for `WP_Date_Query` to better explain the relationship between an individual clause's 'compare' argument and various integer-based date arguments. 2015-02-05 06:17:21 +00:00
default-constants.php Remove obsolete inline comment. 2015-01-06 01:57:22 +00:00
default-filters.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
default-widgets.php Add `'widget_nav_menu_args'` filter for Custom Menu widget arguments. 2015-02-03 02:56:23 +00:00
deprecated.php `@param` cleanup: 2015-01-16 19:03:23 +00:00
feed-atom-comments.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-atom.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-rdf.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed-rss.php Revert r25824:25875 from the core.svn.wordpress.org repository. 2013-10-25 02:29:52 +00:00
feed-rss2-comments.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed-rss2.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
formatting.php Texturize: Add "em" as a cockney term, so that "'em" is texturized with an apostrophe, instead of an open quote. 2015-01-20 18:44:26 +00:00
functions.php `@param` cleanup: 2015-01-16 19:03:23 +00:00
functions.wp-scripts.php Add support for IE conditional comments for WP_Scripts to match the functionality of WP_Styles, including unit tests. Props filosofo, aaroncampbell, ethitter, georgestephanis, valendesigns. Fixes #16024. 2015-01-17 01:37:22 +00:00
functions.wp-styles.php Make `_wp_scripts_maybe_doing_it_wrong( $function )` "private". 2015-01-16 02:42:22 +00:00
general-template.php Add a changelog entry for the new parameter added in [31228]. 2015-01-17 17:31:23 +00:00
http.php Improve various `@param` docs. 2014-11-30 23:24:25 +00:00
kses.php Add `<s>` to `$allowedtags` in KSES. 2015-01-16 16:07:23 +00:00
l10n.php The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words. 2015-01-08 07:05:25 +00:00
link-template.php In `get_adjacent_post()`, return private post if the current user has the capacity to read it. 2015-01-30 02:20:23 +00:00
load.php Use `PHP_SAPI` constant instead of `php_sapi_name()` in `iis7_supports_permalinks()`, `wp_fix_server_vars()`, and `wp_redirect()`. 2015-01-10 04:59:22 +00:00
locale.php Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded. 2015-01-10 06:54:23 +00:00
media-template.php Support chromeless Vimeo via MEjs: 2014-12-31 20:41:24 +00:00
media.php Add changelog entries to the `post_gallery` and `post_playlist` hook docs for the `$instance` variable that was added in [31304]. 2015-01-31 00:33:22 +00:00
meta.php Modify `meta_query orderby syntax to use array keys as clause "handles". 2015-02-05 19:38:23 +00:00
ms-blogs.php Don't overcheck the expected return from `get_blog_details()` in `get_blogaddress_by_id()` 2015-01-14 05:33:25 +00:00
ms-default-constants.php After [29200], switch back to using `static` vars instead of adding 2 `global`s, as per Sergey. 2014-07-19 23:14:15 +00:00
ms-default-filters.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
ms-deprecated.php [31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`. 2015-01-16 18:37:24 +00:00
ms-files.php
ms-functions.php Fix an inaccurate summary and description in the DocBlock for `wpmu_validate_user_signup()`. 2015-01-29 11:46:22 +00:00
ms-load.php For clarity, initialize some arrays that previously were only assigned via short circuit in loops. 2014-12-20 22:47:22 +00:00
ms-settings.php Move ms-load.php and ms-default-constants.php inclusion back to ms-settings.php to avoid breaking WP-CLI. 2014-06-30 23:50:15 +00:00
nav-menu-template.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
nav-menu.php The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words. 2015-01-08 07:05:25 +00:00
option.php Allow $autoload in add_option() to receive false. 2015-01-25 07:51:23 +00:00
pluggable-deprecated.php Improve the `@param` docs for `src/wp-includes/pluggable*`. 2014-11-30 22:19:25 +00:00
pluggable.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
plugin.php The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words. 2015-01-08 07:05:25 +00:00
post-formats.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
post-template.php Introduce `'value_field'` parameter to `wp_dropdown_pages()`. 2015-02-05 19:04:23 +00:00
post-thumbnail-template.php A couple more tweaks to the post-thumbnail-template.php description. 2015-01-04 23:10:21 +00:00
post.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
query.php Modify `meta_query orderby syntax to use array keys as clause "handles". 2015-02-05 19:38:23 +00:00
registration-functions.php
registration.php
revision.php Improve various `@param` docs. 2014-11-30 22:56:25 +00:00
rewrite.php Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded. 2015-01-10 06:54:23 +00:00
rss-functions.php
rss.php Fill in the `@param` types for the args for functions missing them in `wp-admin/includes/deprecated.php` (pour one out). 2014-11-03 06:08:22 +00:00
script-loader.php Shiny Updates: Add ajax-y updates to the plugin list page, and ajax-y updates and installs to the plugin card page. 2015-02-05 04:19:23 +00:00
session.php Fix some internal types that are passed to functions to avoid changing the acceptable types passed as arguments to those functions: 2015-01-16 22:51:21 +00:00
shortcodes.php Remove a stray period introduced in [31242]. 2015-01-19 08:47:24 +00:00
taxonomy.php Use field-specific sanitization in `WP_Tax_Query::transform_query()`. 2015-02-06 02:02:23 +00:00
template-loader.php Add jshintrc to qunit. 2013-10-30 14:39:10 +00:00
template.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
theme.php Introduce has_header_image() to check whether a header image is set. 2015-01-17 06:34:23 +00:00
update.php There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case). 2015-01-12 16:40:23 +00:00
user.php In wp_update_user(), make sure $userdata['ID'] is set before using it. 2015-01-22 14:46:23 +00:00
vars.php Update the wp-inclues/vars.php file header to include Nginx as a recognized web server. 2014-01-10 18:15:13 +00:00
version.php Use field-specific sanitization in `WP_Tax_Query::transform_query()`. 2015-02-06 02:02:23 +00:00
widgets.php In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning. 2015-01-16 01:06:24 +00:00
wlwmanifest.xml The Pinking Shears stir from their slumber, awakened by what may seem, to those 2013-12-11 19:49:11 +00:00
wp-db.php Add missing descriptions to the `$blogid` and `$siteid` property DocBlocks in the `wpdb` class. 2015-01-29 11:35:22 +00:00
wp-diff.php Add a missing description for the `$_diff_threshold` property in the `WP_Text_Diff_Renderer_Table` class. 2015-01-29 11:36:22 +00:00