WordPress/wp-includes
Rachel Baker 87e7b4455d Comments: Restrict the maximum characters for input fields within the comments template.
Added hardcoded maxlength attributes on the author, author_email, author_url, and comment_field input markup. These can be modified via the comment_form_defaults filter. Added logic in wp_handle_comment_submission() to return a WP_Error when the comment_author, comment_author_url, or comment_content values exceed the max length of their columns. Introduces wp_get_comment_column_max_length() which returns the max column length for a given column name, and is filterable. Unit tests included for the error conditions in wp_handle_comment_submission()

Fixes #10377.

Props westonruter rachelbaker.

Built from https://develop.svn.wordpress.org/trunk@36272


git-svn-id: http://core.svn.wordpress.org/trunk@36239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-13 01:25:26 +00:00
..
ID3
SimplePie Feeds: add `CEST` to `$timezone` in `SimplePie_Parse_Date`. 2015-10-20 05:57:24 +00:00
Text Fix the `@author` doc param encoding in `Text/Diff/Engine/string` so the file is recognized as UTF-8, not ISO-8859-1. 2015-10-24 22:45:25 +00:00
certificates HTTP: Partially revert [34283] which removed the 1024bit certificates from our trust store. 2015-12-14 05:20:28 +00:00
css Media: make the Image Editor usable with a keyboard. 2016-01-08 19:13:26 +00:00
customize Customize: Ensure that "Change" button appears when there are only 2 themes. 2015-12-15 01:21:26 +00:00
fonts
images Embeds: Revert [35083], as the PNG files ended up not being used in [35466]. 2015-10-31 04:42:25 +00:00
js Media: fix undefined error that prevents showing a preview in the media modal when replacing video or audio. 2016-01-09 02:22:26 +00:00
pomo Merge the changes to GlotPress's POMO from upstream to WordPress's copy. 2015-11-20 04:34:25 +00:00
random_compat Update to Random_Compat 1.1.5 to fix an issue with older libSodium modules. 2016-01-08 03:28:28 +00:00
rest-api REST API: Improve formatting of failed validation errors. 2015-12-12 18:23:28 +00:00
theme-compat Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times. 2015-12-10 03:06:30 +00:00
widgets Widgets: Remove extra quotes from widget title in `WP_Widget_RSS`, accidentally added in [33814]. 2015-12-16 22:35:27 +00:00
admin-bar.php Toolbar: In Comments link, replace title attribute containing the number of pending comments with a screen reader text. 2015-12-26 01:40:27 +00:00
atomlib.php
author-template.php Docs: Add missing parameter notations to the DocBlock for `get_author_posts_url()`. 2015-12-17 17:30:43 +00:00
bookmark-template.php
bookmark.php Docs: Add a missing notation for the `$bookmark_id` parameter in the DocBlock for `clean_bookmark_cache()`. 2015-12-18 23:01:28 +00:00
cache.php Docs: Miscellaneous docblock corrections. 2015-12-23 06:31:27 +00:00
canonical.php Canonical: Generate the correct canonical url for paged posts/pages when they're used as the page_on_front. 2016-01-09 07:33:27 +00:00
capabilities.php When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it. 2015-11-29 02:27:18 +00:00
category-template.php Docs: Improve readability of the default arguments of `wp_list_categories()`. 2015-12-31 11:30:27 +00:00
category.php Simplify the include graph after work to split out classes. 2015-11-20 07:24:30 +00:00
class-IXR.php XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client. 2015-12-31 04:06:26 +00:00
class-feed.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-http.php Docs: Miscellaneous docblock code quality tweaks. 2015-12-23 07:53:26 +00:00
class-json.php The the Docs: Fix the the dittography 2015-12-06 21:23:25 +00:00
class-oembed.php Remove RDIO from oEmbed providers 2015-12-18 18:16:27 +00:00
class-phpass.php
class-phpmailer.php Upgrade PHPMailer from 5.2.10 to 5.2.14. 2015-12-24 01:59:26 +00:00
class-pop3.php
class-simplepie.php
class-smtp.php Upgrade PHPMailer from 5.2.10 to 5.2.14. 2015-12-24 01:59:26 +00:00
class-snoopy.php
class-walker-category-dropdown.php Docs: Document the `$id` parameter for `Walker_CategoryDropdown::start_el()`, which is implemented by `Walker` but unused in the subclass method. 2015-12-14 17:47:30 +00:00
class-walker-category.php Add `current-cat-ancestor` class to ancestor items in `wp_list_categories()`. 2015-12-18 18:38:25 +00:00
class-walker-comment.php Docs: Document the `$id` parameter for `Walker_Comment::start_el()`, which is implemented by `Walker` but unused in the subclass method. 2015-12-14 17:50:26 +00:00
class-walker-page-dropdown.php Docs: Add missing property and method summaries in DocBlocks for `Walker_PageDropdown`. 2015-12-16 16:36:28 +00:00
class-walker-page.php Docs: Move the hook doc for the `the_title` filter in `Walker_Page::start_el()` to directly precede the `apply_filters()` line. 2016-01-05 16:35:26 +00:00
class-wp-admin-bar.php Toolbar: Allow adding `lang` and `dir` attributes to toolbar items. 2015-12-06 21:37:25 +00:00
class-wp-ajax-response.php
class-wp-comment-query.php Introduce 'author_url' param to `WP_Comment_Query`. 2016-01-08 21:52:27 +00:00
class-wp-comment.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-wp-customize-control.php Docs: Hash notate properties and defaults for the benefit of `$args` parameter documentation for `WP_Customize_Control::__construct()`. 2015-12-28 20:10:35 +00:00
class-wp-customize-manager.php Customizer: Re-use list of components to eliminate code duplication. 2016-01-11 20:28:28 +00:00
class-wp-customize-nav-menus.php Customizer: Use correct context and translator comments for menu location strings. 2015-11-20 17:46:25 +00:00
class-wp-customize-panel.php Customize: move `WP_Customize_Panel` subclass to `wp-includes/customize`, it loads in the exact same place. 2015-10-24 18:25:24 +00:00
class-wp-customize-section.php Customize: move `WP_Customize_Section` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked. 2015-11-21 02:52:27 +00:00
class-wp-customize-widgets.php The the Docs: Fix the the dittography 2015-12-06 21:23:25 +00:00
class-wp-editor.php Editor: remove the format_for_editor filter from `the_editor_content` after it runs as the next editor instance on the same page may not need it. 2015-12-22 22:39:31 +00:00
class-wp-embed.php Embeds: Remove the `allow_insecure_embeds` filter. 2015-11-19 05:02:27 +00:00
class-wp-error.php
class-wp-http-cookie.php
class-wp-http-curl.php Docs: Miscellaneous docblock corrections. 2015-12-23 06:31:27 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
class-wp-http-response.php
class-wp-http-streams.php Docs: Add missing parameter documentation for the `$args` parameter in the DocBlock for `WP_Http_Streams::test()`. 2015-12-14 23:54:26 +00:00
class-wp-image-editor-gd.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor-imagick.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-wp-meta-query.php
class-wp-network.php Multisite: Clarify documentation for `WP_Network::get_by_path()`. 2015-11-08 02:25:25 +00:00
class-wp-oembed-controller.php oEmbed: Drop the trailing slash from the namespace. 2015-11-17 11:27:29 +00:00
class-wp-post.php
class-wp-rewrite.php After [36254], commit all the necessary files and not just the unit test. 2016-01-10 19:07:26 +00:00
class-wp-role.php Docs: Clarify documentation for `WP_Role::has_cap()` to more clearing indicate that the method checks for capabilities against the role rather than the user. 2015-12-14 20:05:27 +00:00
class-wp-roles.php
class-wp-tax-query.php Correct some `@param` doc names in the `WP_Tax_Query` and `WP_User_Query` classes. 2015-12-14 02:50:27 +00:00
class-wp-term.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-wp-theme.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-wp-user-query.php Correct some `@param` doc names in the `WP_Tax_Query` and `WP_User_Query` classes. 2015-12-14 02:50:27 +00:00
class-wp-user.php Docs: Add variadic markers to the optional `$object_id` parameter notation for `WP_User::has_cap()`. 2015-12-16 05:32:28 +00:00
class-wp-walker.php Avoid a PHP notice when trying to access the `post_parent` property of hierarchical post type nav menu items. 2015-12-12 01:06:29 +00:00
class-wp-widget-factory.php
class-wp-widget.php Docs: Add missing summaries and `@since` versions to DocBlocks for the `_get_display_callback()`, `_get_update_callback()`, and `_get_form_callback()` methods in `WP_Widget`. 2015-12-16 05:39:25 +00:00
class-wp-xmlrpc-server.php XML-RPC: Revert [34681] as it broke date handling. 2016-01-03 19:49:32 +00:00
class-wp.php Query: Add a `WP::remove_query_var()` helper function. 2016-01-05 20:57:28 +00:00
class.wp-dependencies.php
class.wp-scripts.php Docs: Add missing DocBlocks, including summaries and `@since` versions, to the `__construct()` and `init()` methods in `WP_Scripts`. 2015-12-16 17:48:27 +00:00
class.wp-styles.php
comment-template.php Comments: Restrict the maximum characters for input fields within the comments template. 2016-01-13 01:25:26 +00:00
comment.php Comments: Restrict the maximum characters for input fields within the comments template. 2016-01-13 01:25:26 +00:00
compat.php Docs: Add missing DocBlocks for `hash_hmac()` and `_hash_hmac()`. 2015-12-19 05:11:27 +00:00
cron.php Cron: Add the cron lock timestamp to the 'cron_request' filter arguments. 2016-01-08 23:54:26 +00:00
date.php Docs: Remove some more dittography. 2015-12-06 21:50:25 +00:00
default-constants.php Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the `https` scheme. A more comprehensive approach will be taken in 4.5. 2015-12-22 13:02:29 +00:00
default-filters.php Users: Allow to create users without sending an email to the new user. 2015-11-25 22:38:29 +00:00
default-widgets.php
deprecated.php Docs: Correct a funky docblock in `funky_javascript_fix()`. 2015-12-28 17:18:30 +00:00
embed-template.php Embeds: Change attachment metadata condition to prevent a warning in the embeds template. 2015-12-30 22:25:28 +00:00
embed.php Embeds: Don't show embed discovery link on a static front page. 2015-12-22 10:50:31 +00:00
feed-atom-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-atom.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed-rdf.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
formatting.php Emoji: Explictly use `https` as the scheme for emoji fallback images, as they're only served over HTTPS by the CDN anyway. 2016-01-10 01:24:26 +00:00
functions.php Introduce `wp_get_raw_referer()` to retrieve unvalidated referer. 2016-01-12 08:32:28 +00:00
functions.wp-scripts.php Docs: Miscellaneous docblock code quality tweaks. 2015-12-23 07:53:26 +00:00
functions.wp-styles.php Docs: Miscellaneous docblock code quality tweaks. 2015-12-23 07:53:26 +00:00
general-template.php Accessibility: remove the title attribute from the `get_search_form()` HTML5 search field. 2016-01-08 19:01:26 +00:00
http.php Docs: Fix copy/paste error in `wp_remote_retrieve_cookies()` description. 2015-12-18 17:23:29 +00:00
kses.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
l10n.php Docs: Add a missing notation for the `$context` parameter in the DocBlock for `_nx_noop()`. 2015-12-18 23:16:26 +00:00
link-template.php Permalinks: Make `get_post_type_archive_link()` work for the 'post' post type. 2016-01-08 22:01:26 +00:00
load.php Multisite: The `networks` group should be global. 2016-01-11 05:04:26 +00:00
locale.php Docs: Add a missing summary to the DocBlock for `WP_Locale::rtl_src_admin_notice()`. 2015-12-16 18:08:26 +00:00
media-template.php Accessibility: add missing `alt` attributes to a gaggle of `<img>`s. 2015-11-07 16:12:27 +00:00
media.php Media: After [36240], remove some unneeded whitespace. 2016-01-09 14:29:26 +00:00
meta.php After [35718], update the location of some files in `This filter is documented in` docs. 2015-11-22 03:51:28 +00:00
ms-blogs.php Multisite: The `networks` group should be global. 2016-01-11 05:04:26 +00:00
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
ms-files.php
ms-functions.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
ms-load.php I18N: Move translatable Codex URLs to separate strings in `wp-includes/ms-load.php`. 2015-11-18 17:42:26 +00:00
ms-settings.php MS: Populate `public` on empty `$current_blog` during subdomain activation. 2015-12-06 18:24:26 +00:00
nav-menu-template.php Menus: Bring back line break between menu items. 2015-12-24 00:21:27 +00:00
nav-menu.php Nav Menus: Apply the `the_title` filter on original post titles in `wp_setup_nav_menu_item()`. 2016-01-05 16:27:26 +00:00
option.php Clarify return types in `get_option()` documentation. 2016-01-09 03:12:26 +00:00
pluggable-deprecated.php
pluggable.php Login is not a verb, change "login" to "log in". 2016-01-09 21:08:26 +00:00
plugin.php Docs: `@see != @since`. 2015-12-23 07:13:26 +00:00
post-formats.php
post-template.php Themes: Add `singular` to the list of body classes when viewing a single post object. 2015-12-28 17:21:29 +00:00
post-thumbnail-template.php
post.php Docs: Revert [36268] as the global is indeed used, just via the superglobal. 2016-01-12 12:26:27 +00:00
query.php Avoid invalid SQL when building ORDER BY clause using long search strings. 2016-01-10 03:26:26 +00:00
registration-functions.php
registration.php
rest-api.php Docs: Correct `@return` type for `rest_parse_date()`. 2015-12-25 20:41:26 +00:00
revision.php Docs: Add a missing notation for the `$args` parameter in the DocBlock for `wp_get_post_revisions()`. 2015-12-16 23:18:26 +00:00
rewrite.php Rewrite: Add a `remove_rewrite_tag()` helper function. 2016-01-07 09:39:27 +00:00
rss-functions.php
rss.php
script-loader.php Bump the version of MediaElement in script-loader.php to match what we're shipping with. 2015-11-20 03:32:26 +00:00
session.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
shortcodes.php Shortcodes: `=` is a reserved character in shortcode names, mark it as such. 2015-12-26 04:46:28 +00:00
taxonomy.php Don't reset index keys when trimming results of term queries. 2016-01-10 04:06:25 +00:00
template-loader.php Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times. 2015-12-10 03:06:30 +00:00
template.php Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times. 2015-12-10 03:06:30 +00:00
theme.php Docs: Document the default value for the `$validate` parameter in the `validate_current_theme` hook docs. 2015-12-16 20:10:25 +00:00
update.php Updates: Don't perform an API call to WordPress.org for every plugin update displayed. The API has been updated to return this information with the update response. 2016-01-06 07:53:26 +00:00
user.php Login is not a verb, change "login" to "log in". 2016-01-09 21:08:26 +00:00
vars.php
version.php Comments: Restrict the maximum characters for input fields within the comments template. 2016-01-13 01:25:26 +00:00
widgets.php Widgets: Revert [34465], as it introduced a regression, making the `$index` argument of `dynamic_sidebar()` case-sensitive. 2015-12-31 03:13:26 +00:00
wlwmanifest.xml
wp-db.php Don't suppress error messages in database function calls. 2015-12-11 03:40:26 +00:00
wp-diff.php