WordPress/wp-admin/includes
whyisjake 9b67830c05 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.7 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.7@49399


git-svn-id: http://core.svn.wordpress.org/branches/4.7@49158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:57:24 +00:00
..
admin-filters.php Plugins: Use `install_plugins_upload` action to print the upload form. 2016-07-31 18:11:29 +00:00
admin.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
ajax-actions.php Escape the output in `wp_ajax_upload_attachment()`. 2019-09-04 16:35:47 +00:00
bookmark.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
class-automatic-upgrader-skin.php Filesystem API: Change the default value for the `$context` parameter of `get_filesystem_method()` and `request_filesystem_credentials()` to an empty string. 2016-07-22 12:10:27 +00:00
class-bulk-plugin-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-bulk-theme-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-bulk-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-core-upgrader.php Docs: Fix typo in a comment in `Core_Upgrader::upgrade()`. 2016-07-08 13:19:30 +00:00
class-file-upload-upgrader.php Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. 2016-09-06 17:26:31 +00:00
class-ftp-pure.php FTP: ensure that there is only one class named `ftp`, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files. 2016-08-26 18:47:29 +00:00
class-ftp-sockets.php FTP: ensure that there is only one class named `ftp`, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files. 2016-08-26 18:47:29 +00:00
class-ftp.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-language-pack-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-language-pack-upgrader.php Upgrade/Install: After [37687], fix the number of params passed to the upgrade hooks. 2016-08-28 10:04:30 +00:00
class-pclzip.php Filesystem API: Ensure memory limit calculations by PclZip are using integers. 2016-07-19 11:55:30 +00:00
class-plugin-installer-skin.php Plugins: style the primary action link in the non-js "Installing Plugin" page. 2016-09-17 16:23:27 +00:00
class-plugin-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-plugin-upgrader.php Updates: Allow background updates to update multiple plugins/themes in the same request. 2016-11-13 09:53:32 +00:00
class-theme-installer-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-theme-upgrader-skin.php Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6 2016-07-09 13:45:33 +00:00
class-theme-upgrader.php Updates: Allow background updates to update multiple plugins/themes in the same request. 2016-11-13 09:53:32 +00:00
class-walker-category-checklist.php Docs: Clarify the file header summary for wp-admin/includes/class-walker-category-checklist.php, introduced in [34241]. 2015-09-22 14:33:48 +00:00
class-walker-nav-menu-checklist.php Docs: `Walker_Nav_Menu_Checklist` and `Walker_Nav_Menu_Edit` are part of the Navigation Menu API, but intended for use in the scope of administration. 2015-10-15 17:26:24 +00:00
class-walker-nav-menu-edit.php Accessibility: Improve the UI controls to move the Menu items. 2016-10-10 16:26:12 +00:00
class-wp-ajax-upgrader-skin.php Upgrade/Install: Make some install/update failures more verbose. 2016-08-04 22:18:30 +00:00
class-wp-automatic-updater.php General: use `get_bloginfo( 'version' )` instead of `global $wp_version` in several locations - excluding those locations which reload `version.php` mid-flight. 2016-08-31 05:49:37 +00:00
class-wp-comments-list-table.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
class-wp-filesystem-base.php Docs: Use 3-digit, x.x.x-style semantic versioning for `_doing_it_wrong()`, `_deprecated_function()`, `_deprecated_argument()`, and `_deprecated_file()` throughout core. 2016-07-06 12:40:29 +00:00
class-wp-filesystem-direct.php Add `@access` docs to `class-wp-filesystem-*` files. 2015-09-10 01:21:24 +00:00
class-wp-filesystem-ftpext.php Filesystem API: Cleanup temporary file when the temporary file couldn't be opened. 2016-07-18 19:43:30 +00:00
class-wp-filesystem-ftpsockets.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-wp-filesystem-ssh2.php Docs: Add missing return descriptions for `WP_Filesystem_SSH2::chown()` and `WP_Filesystem_SSH2::run_command()`. 2016-04-21 02:38:29 +00:00
class-wp-importer.php Multisite: Replace `get_blog_details()` in `WP_Importer::set_blog()` with `get_site()`. 2016-10-19 05:45:31 +00:00
class-wp-internal-pointers.php Docs: Clarify the file header summary for wp-admin/includes/class-wp-internal-pointers.php, introduced in [34241]. 2015-09-22 14:35:25 +00:00
class-wp-links-list-table.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
class-wp-list-table-compat.php List Tables: move `_WP_List_Table_Compat` into its own file. 2016-08-26 22:23:29 +00:00
class-wp-list-table.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
class-wp-media-list-table.php Administration: Better consistency for the Media, Add Plugins, and Add Themes toolbars. 2016-10-14 21:33:28 +00:00
class-wp-ms-sites-list-table.php Multisite: Use `get_network()` and `get_current_network_id()` for current network data. 2016-10-19 04:47:30 +00:00
class-wp-ms-themes-list-table.php Upgrade/Install: Refresh update counts after page load. 2016-10-19 10:27:29 +00:00
class-wp-ms-users-list-table.php Multisite: Use `get_network()` and `get_current_network_id()` for current network data. 2016-10-19 04:47:30 +00:00
class-wp-plugin-install-list-table.php Plugins: Display 'Less Than 10' active installs of a plugin rather than '0+' active installs. 2016-10-05 03:33:29 +00:00
class-wp-plugins-list-table.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:21:48 +00:00
class-wp-post-comments-list-table.php Docs: Add missing file headers to the list table classes and adjust class DocBlocks accordingly. 2015-10-17 15:13:25 +00:00
class-wp-posts-list-table.php Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. 2017-01-26 15:12:34 +00:00
class-wp-press-this.php Press This: Verify intent before fetching in-page resources using Press This. 2017-03-06 13:56:35 +00:00
class-wp-screen.php Multisite: Validate activation links. 2018-12-13 01:39:22 +00:00
class-wp-site-icon.php Site Icon: There is no good reason for `class-wp-site-icon.php` to drop a global instance of itself whenever the file is loaded. The lone use of the `global` instance of `WP_Site_Icon` is in an AJAX action that provides virtually no way to override - the file is loaded immediately before the `global` is used. 2016-08-25 19:09:35 +00:00
class-wp-terms-list-table.php Taxonomy: Introduce more fine grained capabilities for managing taxonomy terms. 2016-09-30 22:40:28 +00:00
class-wp-theme-install-list-table.php Docs: Notate the incoming `$theme` object members for `WP_Theme_Install_List_Table::single_row()` as a proper hash notation. 2016-11-08 20:16:31 +00:00
class-wp-themes-list-table.php Multisite: use `get_current_blog_id()` where applicable, in lieu of plucking the `$blog_id` global from outer space. 2016-08-31 04:55:54 +00:00
class-wp-upgrader-skin.php Filesystem API: Change the default value for the `$context` parameter of `get_filesystem_method()` and `request_filesystem_credentials()` to an empty string. 2016-07-22 12:10:27 +00:00
class-wp-upgrader-skins.php Load: Re-add `class-wp-upgrader-skins.php`, `class-feed.php`, `locale.php`, and `session.php`. 2016-12-03 04:30:34 +00:00
class-wp-upgrader.php Docs: Correct a comment and `@return` entry in `WP_Upgrader::create_lock()`. 2016-09-18 20:16:29 +00:00
class-wp-users-list-table.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
comment.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
continents-cities.php I18N: Update list of continents and cities for the timezone selection. 2016-05-24 23:24:27 +00:00
credits.php I18N: Introduce a user-specific language setting. 2016-10-03 07:04:29 +00:00
dashboard.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
deprecated.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
edit-tag-messages.php Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
export.php Docs: Correct a number of typos/spelling mistakes in inline comments. 2016-10-25 00:38:35 +00:00
file.php Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 2017-09-19 14:38:34 +00:00
image-edit.php I18N: Remove unnecessary `__()` calls in `_rotate_image_resource()` and `_flip_image_resource()`. 2016-11-19 02:30:31 +00:00
image.php Media: Keep PDF previews from overwriting files. 2017-02-27 19:25:34 +00:00
import.php I18N: Introduce a user-specific language setting. 2016-10-03 07:04:29 +00:00
list-table.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
media.php General: WordPress updates 2020-10-29 18:57:24 +00:00
menu.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
meta-boxes.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
misc.php Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility. 2020-07-01 09:51:10 +00:00
ms-admin-filters.php Users: Display the new user email notice in user admin too. 2016-02-07 13:54:25 +00:00
ms-deprecated.php Docs: Use 3-digit, x.x.x-style semantic versioning for `_doing_it_wrong()`, `_deprecated_function()`, `_deprecated_argument()`, and `_deprecated_file()` throughout core. 2016-07-06 12:40:29 +00:00
ms.php General: WordPress updates 2020-10-29 18:57:24 +00:00
nav-menu.php Accessibility: Improve the Menus post type meta boxes pagination links. 2016-10-27 15:23:31 +00:00
network.php I18N: Replace unnecessary context with a translator comment for `%s Sites` string in `network_step1()`. 2016-08-23 00:17:27 +00:00
noop.php Create a new file, `wp-admin/includes/noop.php`, which loads all of the noop functions for `load-script|styles.php` and is only loaded by those files. DRYs in the process. 2015-09-11 05:04:23 +00:00
options.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
plugin-install.php I18N: Move the support forums URL in update-related HTTP API error messages to a separate translatable string that is already used elsewhere. 2016-11-21 01:52:32 +00:00
plugin.php Options: Move register_setting() from wp-admin to wp-includes. 2016-09-30 15:53:29 +00:00
post.php Editor: Remove unwanted fields before saving posts. 2018-12-13 01:41:22 +00:00
revision.php I18N: Correct various instances of incorrect usage of `esc_attr_e()`. 2016-08-28 18:06:30 +00:00
schema.php Only set `fresh_site` during an actual fresh install. 2016-11-01 20:16:31 +00:00
screen.php Screen API: After [37972], ensure that `$box['args']` is an array before trying to access `__widget_basename`. 2016-07-07 16:39:29 +00:00
taxonomy.php Store only term IDs in object term relationships caches. 2016-05-26 04:50:27 +00:00
template.php General: WordPress updates 2020-10-29 18:57:24 +00:00
theme-install.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
theme.php Customize: Prevent links to `customize.php` from being generated which have query vars from `wp_removable_query_args()` present. 2017-03-25 13:35:38 +00:00
translation-install.php I18N: Move the support forums URL in update-related HTTP API error messages to a separate translatable string that is already used elsewhere. 2016-11-21 01:52:32 +00:00
update-core.php External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 2018-01-16 08:05:38 +00:00
update.php I18N: Move the support forums URL in update-related HTTP API error messages to a separate translatable string that is already used elsewhere. 2016-11-21 01:52:32 +00:00
upgrade.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
user.php Users: In `edit_user()` fall back to site's locale instead of `en_US` for invalid user locales. 2016-11-16 20:12:31 +00:00
widgets.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00