WordPress/wp-admin
John Blackbourn d8e9c02011 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42304


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:40:50 +00:00
..
css Simplify the admin menu notification selector so color schemes don't get stomped. 2014-04-24 22:08:15 +00:00
images Convert the post lock icon to a dashicon. 2014-03-04 06:53:14 +00:00
includes Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 2017-09-19 14:45:15 +00:00
js Customize: Ignore invalid customization sessions. 2017-05-16 12:21:15 +00:00
maint Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
network Multisite: Improve escaping in network settings. 2016-03-30 16:06:14 +00:00
user Add missing Dashicons classes to User Admin menu. 2014-05-07 20:11:15 +00:00
about.php Bump 3.9 branch to version 3.9.21. 2017-10-31 13:45:15 +00:00
admin-ajax.php Theme Installer: Revert to proxying through PHP for WordPress.org API requests. 2014-04-15 01:16:14 +00:00
admin-footer.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
admin-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
admin-header.php Correct misleading verbiage in 'print' hook docs. 2014-03-25 08:05:15 +00:00
admin-post.php Spell out duplicate hook locations. 2013-10-24 22:59:20 +00:00
admin.php Inline documentation for hooks in wp-admin/network/upgrade.php. 2014-01-07 04:23:11 +00:00
async-upload.php Fix typo in hook description for `async_upload_{$type}`. 2014-04-05 14:12:16 +00:00
comment.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
credits.php Use the same string on the about, credits, and freedoms screens. 2014-05-08 17:01:16 +00:00
custom-background.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
custom-header.php Custom header: Avoid warnings in the process_default_headers() method. 2014-05-06 05:25:16 +00:00
customize.php Customize: Make sure that preview and return URLs are URLs. 2016-06-21 14:21:50 +00:00
edit-comments.php Comments: Update border color and help text. 2014-03-27 05:08:14 +00:00
edit-form-advanced.php Don't show featured images for image attachments. Remove abstractions for now. 2014-04-08 17:40:28 +00:00
edit-form-comment.php Use a consistent format for translator comments. 2014-02-28 08:09:13 +00:00
edit-link-form.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
edit-tag-form.php Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712. 2014-01-24 19:06:15 +00:00
edit-tags.php Popular tags' edit links should respect the current post type. Adds unit test. 2014-03-25 18:40:15 +00:00
edit.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
export.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
freedoms.php Use the same string on the about, credits, and freedoms screens. 2014-05-08 17:01:16 +00:00
import.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
index.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
install-helper.php Remove all `@package` and `@subpackage` PHPDoc tags not at the file- or class-levels in core. 2014-02-25 17:14:14 +00:00
install.php Install: Allow an installation to go through with a custom user table with the username 'admin'. 2014-03-28 19:00:15 +00:00
link-add.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
link-manager.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
link-parse-opml.php Remove all `@package` and `@subpackage` PHPDoc tags not at the file- or class-levels in core. 2014-02-25 17:14:14 +00:00
link.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
load-scripts.php Unique load array in load-scripts and load-styles. 2013-07-29 17:57:04 +00:00
load-styles.php Force UTF-8 in load-styles.php, like we do in load-scripts.php. 2014-02-25 01:28:15 +00:00
media-new.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
media-upload.php Inline documentation for hooks in wp-admin/media-upload.php. 2014-01-08 04:00:11 +00:00
media.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
menu-header.php Admin Menu: Use `.dashicons-before` as default $img_class. 2014-03-05 23:22:15 +00:00
menu.php Introduce a `.dashicons-before` CSS class. 2014-03-05 20:04:14 +00:00
moderation.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-admin.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-delete-site.php Always decode special characters for email subjects. 2014-03-28 02:44:15 +00:00
ms-edit.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-options.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-sites.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-themes.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-upgrade-network.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-users.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
my-sites.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
nav-menus.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
network.php Combine two strings, using placeholders for filenames and avoiding HTML. see #27057. 2014-03-19 05:27:14 +00:00
options-discussion.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
options-general.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-head.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
options-media.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-permalink.php Permalink Settings: Don't show "update your .htaccess now" if nothing needs to change. 2014-03-15 04:35:16 +00:00
options-reading.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-writing.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
options.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:44:15 +00:00
plugin-install.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:44:15 +00:00
post-new.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
post.php Heartbeat: Ensure post locks are released. 2015-08-04 04:56:06 +00:00
press-this.php Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 2017-01-26 14:14:58 +00:00
profile.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
revision.php Revisions: Change the capability needed to view revision diffs to `edit_post`. 2016-06-21 14:48:15 +00:00
setup-config.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:44:15 +00:00
theme-install.php Theme Installer: Revert to proxying through PHP for WordPress.org API requests. 2014-04-15 01:16:14 +00:00
themes.php Themes: Hide 'Add New' with no JS. see #27055. 2014-04-03 23:06:16 +00:00
tools.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:43:22 +00:00
update.php Theme Installer: Revert to proxying through PHP for WordPress.org API requests. 2014-04-15 01:16:14 +00:00
upgrade-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
upgrade.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
upload.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
user-edit.php Users: Use correct escaping function for URLs. 2017-09-19 21:40:14 +00:00
user-new.php Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 2017-11-29 16:40:50 +00:00
users.php Indicate that the user deletion process affects all content attributed to a given user, not just posts. props seanchayes. fixes #26709. 2014-03-05 19:20:14 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:52:15 +00:00