WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Sergey Biryukov 7b4f9a5118 Improve URL validation in `wp_validate_redirect()`. 
Merges [45971] to the 4.8 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.8@45976


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2019-09-04 17:11:21 +00:00
..
ID3
IXR XML-RPC: Fix truncated warning message added in [38883]. 2016-10-29 21:32:33 +00:00
Requests HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. 2016-10-05 03:24:37 +00:00
SimplePie
Text
certificates
css Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised. 2017-06-05 10:41:22 +00:00
customize Docs: Improve phpdoc for `WP_Customize_Manager`, `WP_Customize_Control`, `WP_Customize_Setting`, and `WP_Customize_Selective_Refresh`. 2017-05-19 20:25:41 +00:00
fonts
images
js External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 2018-01-16 08:02:34 +00:00
pomo General: Correctly detect trailing newline when prepending. 2016-12-13 02:48:41 +00:00
random_compat
rest-api REST API: Add a filter to allow modifying the response *after* embedded data is added. 2017-07-19 20:12:38 +00:00
theme-compat
widgets Widgets: Prevent visual Text widget from decoding encoded HTML. 2017-09-19 07:44:32 +00:00
admin-bar.php Users: Update name in toolbar when changing user display name. 2017-05-12 20:06:42 +00:00
atomlib.php General: Remove most uses of create_function() 2016-12-13 01:49:39 +00:00
author-template.php Themes: Fix incorrect annotation for `__clear_multi_author_cache()` function. 2017-03-25 15:47:42 +00:00
bookmark-template.php
bookmark.php General: Use interpolation instead of concatenation for all dynamic hook names. 2016-12-14 04:18:42 +00:00
cache.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
canonical.php Revert [40256] for now as some tests are failing in some environments. 2017-05-12 22:50:41 +00:00
capabilities.php Upgrade/Install: After [40394], rename `wp_disallow_file_mods()` to `wp_is_file_mod_allowed()`. 2017-05-11 19:24:41 +00:00
category-template.php Widgets: Remove the title attributes used in the Tag cloud widget. 2017-05-22 20:24:41 +00:00
category.php I18N: Merge similar strings in `_deprecated_argument()` calls. 2017-01-29 11:50:41 +00:00
class-IXR.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-feed.php Load: Re-add `class-feed.php`. 2016-12-03 03:30:42 +00:00
class-http.php Improve redirect handling 2017-05-16 08:38:42 +00:00
class-json.php
class-oembed.php Embeds: Update oEmbed endpoint URL for VideoPress. 2017-07-10 23:20:33 +00:00
class-phpass.php
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 01:23:41 +00:00
class-pop3.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-requests.php HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. 2016-10-05 03:24:37 +00:00
class-simplepie.php
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 01:23:41 +00:00
class-snoopy.php
class-walker-category-dropdown.php
class-walker-category.php
class-walker-comment.php I18N: Add translator comments for strings in `wp-includes/class-walker-comment.php`. 2016-08-23 23:33:28 +00:00
class-walker-nav-menu.php Menus: Prevent empty class attribute following [40537]. 2017-05-14 03:38:48 +00:00
class-walker-page-dropdown.php
class-walker-page.php Menus: Introduce `page_menu_link_attributes` filter in `Walker_Page::start_el()` for the HTML attributes applied to a page menu item's anchor element. 2017-05-01 23:32:42 +00:00
class-wp-admin-bar.php Accessibility: Revert [38984] as it needs to be better communicated to plugin authors. 2016-11-05 16:28:33 +00:00
class-wp-ajax-response.php AJAX: add a new function, `wp_doing_ajax()`, which can replace... (wait for it...) `DOING_AJAX` checks via the constant. 2016-08-23 14:33:30 +00:00
class-wp-comment-query.php Comments: Clean up unused code after [38446]. 2016-12-07 15:52:44 +00:00
class-wp-comment.php Revert to pre-4.7 behavior for fetching object instances by id. 2017-01-26 16:53:41 +00:00
class-wp-customize-control.php Docs: Improve phpdoc for `WP_Customize_Manager`, `WP_Customize_Control`, `WP_Customize_Setting`, and `WP_Customize_Selective_Refresh`. 2017-05-19 20:25:41 +00:00
class-wp-customize-manager.php Customize: Ensure valid themes in the preview. 2017-09-19 11:50:31 +00:00
class-wp-customize-nav-menus.php Customize: Always enqueue `customize-preview` stylesheet in the customizer preview to style selective refresh and visual edit shortcuts. 2017-01-26 03:47:41 +00:00
class-wp-customize-panel.php Customize: Auto-expand a widget area section when expanding the Widgets panel if there is only one registered sidebar and it is active. 2017-04-07 19:27:40 +00:00
class-wp-customize-section.php Customize: Introduce custom CSS for extending theme styles. 2016-10-19 18:15:31 +00:00
class-wp-customize-setting.php Docs: Improve phpdoc for `WP_Customize_Manager`, `WP_Customize_Control`, `WP_Customize_Setting`, and `WP_Customize_Selective_Refresh`. 2017-05-19 20:25:41 +00:00
class-wp-customize-widgets.php Widgets: Add Custom HTML widget. 2017-07-14 07:41:33 +00:00
class-wp-dependency.php Script Loader: move `_WP_Dependency` into its own file. 2016-08-26 18:06:39 +00:00
class-wp-editor.php TinyMCE: respect the `Disable the visual editor when writing` user setting and don't output the TinyMCE components when using `wp_enqueue_editor()`. 2017-07-18 01:55:32 +00:00
class-wp-embed.php Embed: `wp-settings.php` loads `class-wp-embed.php`, which currently produces side effects. Move the `global` instantiation to `wp-settings.php`. `WP_Embed` is then in a file by itself. 2016-08-26 09:53:28 +00:00
class-wp-error.php Load: move `is_wp_error()` to `load.php` so that `WP_Error` is in a file by itself. 2016-08-26 09:58:28 +00:00
class-wp-feed-cache-transient.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', `WP_SimplePie_File` and `WP_SimplePie_Sanitize_KSES` into their own files via `svn cp`. If we move forard with autoloading, `class-feed.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem. `class-feed.php` is an interesting name: there is no `Feed` or `WP_Feed` class. 2016-08-25 18:18:39 +00:00
class-wp-feed-cache.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', `WP_SimplePie_File` and `WP_SimplePie_Sanitize_KSES` into their own files via `svn cp`. If we move forard with autoloading, `class-feed.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem. `class-feed.php` is an interesting name: there is no `Feed` or `WP_Feed` class. 2016-08-25 18:18:39 +00:00
class-wp-hook.php Plugins: Add a `current_priority()` method to `WP_Hook`. 2016-12-02 07:10:43 +00:00
class-wp-http-cookie.php HTTP API: Normalize cookies before passing them to Requests. 2016-07-27 15:32:27 +00:00
class-wp-http-curl.php
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
class-wp-http-requests-hooks.php HTTP API: Restore backwards compatibility with the `http_api_curl` filter - it expects that the handle parameter is passed as a reference, however [39212] missed that. 2017-02-17 05:06:44 +00:00
class-wp-http-requests-response.php HTTP: Document that the return value of `wp_remote_retrieve_headers()` changed from a simple array to an object which implements ArrayAccess. 2016-10-05 03:51:28 +00:00
class-wp-http-response.php HTTP: in `WP_HTTP_Response`, the `@param` declarations for `$status` and `$headers` were swapped. Let us correct this. 2016-08-22 21:28:27 +00:00
class-wp-http-streams.php
class-wp-image-editor-gd.php
class-wp-image-editor-imagick.php Media: After [40123], Feature check `setImageOrientation`. 2017-02-27 04:22:51 +00:00
class-wp-image-editor.php Media: when calling `pathinfo()`, also pass a `PATHINFO_*` constant to avoid array notices for unset keys. 2016-08-20 23:36:28 +00:00
class-wp-list-util.php General: Introduce a `wp_list_sort()` helper function, v2. 2016-10-25 21:26:32 +00:00
class-wp-locale-switcher.php I18N: Add an additional caching layer for `_load_textdomain_just_in_time()`. 2016-11-21 16:07:33 +00:00
class-wp-locale.php Docs: Correct `@access` entries for `WP_Locale::init()` and `WP_Locale::register_globals()`. 2017-01-06 22:11:16 +00:00
class-wp-matchesmapregex.php Load: move `WP_MatchesMapRegex` into its own file. 2016-08-26 18:11:39 +00:00
class-wp-meta-query.php General: Restore usage of `$wpdb`, instead of `$this->db`. 2016-10-10 06:38:31 +00:00
class-wp-metadata-lazyloader.php
class-wp-network-query.php Cache API: introduce wp_cache_get_last_changed to improve DRY 2016-10-21 02:54:34 +00:00
class-wp-network.php Multisite: Use `WP_Network_Query` in `WP_Network::get_by_path()`. 2017-02-22 10:42:45 +00:00
class-wp-oembed-controller.php REST API: Ensure `maxwidth` and `maxheight` params are forwarded to oEmbed provider in proxy requests. 2017-07-14 16:19:31 +00:00
class-wp-post-type.php Posts, Post Types: Add missing REST API properties to `WP_Post_Type` class. 2017-03-18 15:17:45 +00:00
class-wp-post.php Revert to pre-4.7 behavior for fetching object instances by id. 2017-01-26 16:53:41 +00:00
class-wp-query.php Docs: Update the description of `is_singular()` and `WP_Query::is_singular()` to be parsed correctly by developer.wordpress.org. 2017-02-23 10:30:43 +00:00
class-wp-rewrite.php Make sure rewrite rules are not written until `wp_loaded` has fired 2016-10-07 19:44:28 +00:00
class-wp-role.php
class-wp-roles.php Roles: Fix a PHP error introduced in [39082]. 2016-11-02 05:55:30 +00:00
class-wp-session-tokens.php Docs: Add missing `session_token_manager` duplicate hook reference in `wp-includes/class-wp-session-tokens.php`. 2017-01-04 13:22:42 +00:00
class-wp-simplepie-file.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', `WP_SimplePie_File` and `WP_SimplePie_Sanitize_KSES` into their own files via `svn cp`. If we move forard with autoloading, `class-feed.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem. `class-feed.php` is an interesting name: there is no `Feed` or `WP_Feed` class. 2016-08-25 18:18:39 +00:00
class-wp-simplepie-sanitize-kses.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', `WP_SimplePie_File` and `WP_SimplePie_Sanitize_KSES` into their own files via `svn cp`. If we move forard with autoloading, `class-feed.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem. `class-feed.php` is an interesting name: there is no `Feed` or `WP_Feed` class. 2016-08-25 18:18:39 +00:00
class-wp-site-query.php Multisite: Add `lang_id` support to `WP_Site_Query`. 2017-03-27 19:48:52 +00:00
class-wp-site.php Multisite: After [37918] add support for retrieving custom site properties set by the `site_details` filter. 2017-04-19 18:52:44 +00:00
class-wp-tax-query.php Don't double-escape `terms` payload in `WP_Tax_Query::transform_query()`. 2017-01-02 19:40:19 +00:00
class-wp-taxonomy.php Taxonomy: Add missing REST API properties to `WP_Taxonomy` class. 2017-03-18 15:25:43 +00:00
class-wp-term-query.php Improve querying for terms with falsey names and slugs. 2017-03-16 02:04:43 +00:00
class-wp-term.php Revert to pre-4.7 behavior for fetching object instances by id. 2017-01-26 16:53:41 +00:00
class-wp-text-diff-renderer-inline.php Diff: move `WP_Text_Diff_Renderer_inline` (behold that lowercase "i") and `WP_Text_Diff_Renderer_Table` into their own files via `svn cp`. 2016-08-25 17:37:30 +00:00
class-wp-text-diff-renderer-table.php Diff: move `WP_Text_Diff_Renderer_inline` (behold that lowercase "i") and `WP_Text_Diff_Renderer_Table` into their own files via `svn cp`. 2016-08-25 17:37:30 +00:00
class-wp-theme.php Themes: Add filter for excluding directories from being scanned for template files. 2017-03-18 03:54:41 +00:00
class-wp-user-meta-session-tokens.php Session: move `WP_Session_Tokens` and `WP_User_Meta_Session_Tokens` into their own files via `svn cp`. If we move forard with autoloading, `session.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem. 2016-08-25 17:44:31 +00:00
class-wp-user-query.php User Query: Cast `$user_total` as an `int`. 2017-01-16 23:24:45 +00:00
class-wp-user.php Docs: Correct `@access` entry for `WP_User::filter` property. 2017-01-06 22:09:55 +00:00
class-wp-walker.php Docs: Add missing `@since` entry for `Walker::unset_children()`. 2017-01-06 22:14:00 +00:00
class-wp-widget-factory.php
class-wp-widget.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-wp-xmlrpc-server.php Adjust post meta checks 2017-05-16 08:46:42 +00:00
class-wp.php Multisite: Validate activation links. 2018-12-13 01:35:21 +00:00
class.wp-dependencies.php Script Loader: move `_WP_Dependency` into its own file. 2016-08-26 18:06:39 +00:00
class.wp-scripts.php
class.wp-styles.php
comment-template.php Comments: Correct the $post_id parameter passed to the 'comments_open' and 'pings_open' filters. 2017-05-14 03:50:42 +00:00
comment.php Comments: Improve comment content filtering. 2019-03-12 22:35:20 +00:00
compat.php Docs: Replace some more HTTP links with HTTPS. 2016-08-10 16:10:31 +00:00
cron.php Cron: clarify descriptions for Cron API functions. 2016-08-26 09:22:30 +00:00
date.php Docs: Add missing `@since` and `@access` tags for `WP_Date_Query::is_first_order_clause()`. 2017-01-04 13:26:43 +00:00
default-constants.php Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the `siteurl` network option. 2017-03-23 19:01:42 +00:00
default-filters.php Widgets: Replace adding `balanceTags` on `widget_custom_html_content` filter in favor of just applying `widget_text` filters in Custom HTML widget. 2017-07-18 22:19:36 +00:00
default-widgets.php Widgets: Rename Text widget's `legacy` mode to non-`visual` mode, restore boolean `filter` prop, and improve compatibility for `widget_text` filters applied in Custom HTML widget. 2017-07-24 22:54:34 +00:00
deprecated.php Docs: Make `@deprecated` entry for `wp_kses_js_entities()`, deprecated in [38785], consistent with other entries. 2017-01-10 22:09:42 +00:00
embed-template.php
embed.php oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 2017-09-19 13:47:33 +00:00
feed-atom-comments.php Feeds: Do not translate the `lastBuildDate` field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-atom.php Feeds: Do not translate the `lastBuildDate` field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-rdf.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed-rss.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed-rss2-comments.php Feeds: Do not translate the `lastBuildDate` field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-rss2.php Feeds: Replace the RSS2 `lastBuildDate` date field with the `r` date specifier. 2016-12-16 06:42:40 +00:00
feed.php Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 2017-11-29 16:15:34 +00:00
formatting.php Formatting: Improve `rel="nofollow"` handling in comments. 2019-03-12 22:21:23 +00:00
functions.php Media: Improve verification of MIME file types. 2018-12-12 23:04:22 +00:00
functions.wp-scripts.php Customize: Implement customized state persistence with changesets. 2016-10-18 20:05:31 +00:00
functions.wp-styles.php Script Loader: Correct default value for `$src` in `wp_enqueue_script()` and `wp_enqueue_style()`. 2016-09-04 04:09:28 +00:00
general-template.php Multisite: Improve messaging for previously activated users. 2018-12-13 00:37:22 +00:00
http.php HTTP: Don't treat `localhost` as same host by default. 2018-04-03 15:36:15 +00:00
kses.php KSES: Make the URI attributes DRY. 2018-12-13 00:33:20 +00:00
l10n.php I18N: Remove an extra slash between `.mo` file path and name in `load_muplugin_textdomain()`. 2017-04-01 14:26:40 +00:00
link-template.php Docs: Misc corrections and additions to inline documentation. 2016-12-27 09:28:40 +00:00
load.php Upgrade/Install: After [40638], make sure `wp_is_file_mod_allowed()` actually returns the right value. 2017-05-11 19:54:43 +00:00
locale.php Load: No-op `locale.php` 2016-12-03 04:16:38 +00:00
media-template.php Widgets: Introduce media widgets for images, audio, and video with extensible base for additional media widgets in the future. 2017-05-11 21:11:44 +00:00
media.php Media: Restrict appending `loop` parameter to Vimeo URLs specifically and not all external URLs in Video widget (via shortcode). 2017-07-14 17:34:32 +00:00
meta.php Meta: Simplify the delete all meta query in `delete_metadata()`. 2018-04-03 15:40:32 +00:00
ms-blogs.php Multisite: Correct documentation for site status change hooks. 2017-03-30 04:36:43 +00:00
ms-default-constants.php Multisite: Use `get_network()` and `get_current_network_id()` for current network data. 2016-10-19 04:47:30 +00:00
ms-default-filters.php Multisite: Fix filter hooks for the updating network count functions. 2017-05-09 17:15:43 +00:00
ms-deprecated.php Multisite: Validate activation links. 2018-12-13 01:35:21 +00:00
ms-files.php Multsite: Flush output buffer after `readfile()` in `ms-files.php`. 2016-09-27 20:05:28 +00:00
ms-functions.php Multisite: Adjust site count of the correct network after having created a new site. 2017-05-10 23:22:42 +00:00
ms-load.php Multisite: Replace `get_blog_details()` in inline documentation. 2016-10-26 03:39:29 +00:00
ms-settings.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
nav-menu-template.php Customizer: Fix an issue with menu classes in the customizer preview. 2017-05-12 20:35:43 +00:00
nav-menu.php Customize: Keep alive auto-drafts created for page/post stubs when parent changeset is updated, and delete when changeset is garbage-collected. 2017-05-16 05:37:44 +00:00
option.php Options/Meta: Document valid types for registration. 2017-05-10 06:10:43 +00:00
pluggable-deprecated.php
pluggable.php Improve URL validation in `wp_validate_redirect()`. 2019-09-04 17:11:21 +00:00
plugin.php Bootstrap: Use `dirname()` when loading `class-wp-hook.php` from `plugin.php`. 2016-09-12 01:50:30 +00:00
post-formats.php
post-template.php Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 2019-09-04 16:36:45 +00:00
post-thumbnail-template.php
post.php Media: Limit thumbnail file deletions to the same directory as the original file. 2018-07-05 14:48:23 +00:00
query.php Docs: Update the description of `is_singular()` and `WP_Query::is_singular()` to be parsed correctly by developer.wordpress.org. 2017-02-23 10:30:43 +00:00
registration-functions.php
registration.php
rest-api.php REST API: Always add `index.php` to the REST URL when pretty permalinks are disabled. 2017-07-25 00:54:36 +00:00
revision.php Docs: Improve the documentation for parameters which accept `OBJECT`, `ARRAY_A`, and `ARRAY_N` as parameters. 2016-11-09 23:00:32 +00:00
rewrite.php
rss-functions.php
rss.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
script-loader.php TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:41:32 +00:00
session.php Load: Re-add `session.php`. 2016-12-03 03:51:41 +00:00
shortcodes.php Shortcodes: Clarify the docs for `pre_do_shortcode_tag` and `do_shortcode_tag`. 2017-01-03 04:00:18 +00:00
taxonomy.php Taxonomy: Avoid duplicates when querying for terms in taxonomies registered with `$args` parameter. 2017-07-13 13:43:33 +00:00
template-loader.php Themes: Remove `paged.php` from the theme template hierarchy. 2016-10-07 21:03:31 +00:00
template.php Themes: Add template type and template candidates as parameters to the `{$type}_template` filter. 2017-02-12 21:25:42 +00:00
theme.php Customize: Update Text widget starter content to utilize visual mode. 2017-07-24 23:27:36 +00:00
update.php Cron API: Add a new `wp_doing_cron()` helper function. 2017-05-06 14:30:40 +00:00
user.php Users: Ensure user counts remain accurate if users are added to or removed from the `users` table without corresponding `usermeta` entries being added or removed. 2017-04-30 13:03:41 +00:00
vars.php Docs: Add and correct `@since` docs for a variety of functions and methods. 2016-12-27 09:21:44 +00:00
version.php WordPress 4.8.9 2019-03-13 01:05:20 +00:00
widgets.php Widgets: Add Custom HTML widget. 2017-07-14 07:41:33 +00:00
wlwmanifest.xml
wp-db.php WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 2017-11-27 01:07:34 +00:00
wp-diff.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00