WordPress/wp-admin
John Blackbourn c2be27457f Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42300


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:38:47 +00:00
..
css Undo changes to the 4.0 branch caused by clean-css 2.2.8 (branch) versus 2.2.16 (trunk). 2014-11-20 17:41:01 +00:00
images Convert the post lock icon to a dashicon. 2014-03-04 06:53:14 +00:00
includes Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 2017-09-19 14:44:37 +00:00
js Customize: Ignore invalid customization sessions. 2017-05-16 12:20:43 +00:00
maint Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb 2014-06-29 14:10:15 +00:00
network Multisite: Improve escaping in network settings. 2016-03-30 16:05:36 +00:00
user Add missing Dashicons classes to User Admin menu. 2014-05-06 07:58:15 +00:00
about.php Bump 4.0 branch to version 4.0.20. 2017-10-31 13:44:19 +00:00
admin-ajax.php Add a new AJAX action: `parse-media-shortcode`. This async call will replace JS rendering of audio/video/playlist shortcodes. 2014-07-15 22:08:14 +00:00
admin-footer.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
admin-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
admin-header.php Customizer: Add meta capability `customize` which is mapped to `edit_theme_options`. 2014-07-14 19:01:16 +00:00
admin-post.php Because the `WP_ADMIN` constant name can be bound in multiple files, all instances should check `! defined` first. `wp-admin/admin.php` already has this check. 2014-05-18 20:42:16 +00:00
admin.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
async-upload.php Media Upload: Improve styling of error messages. 2014-08-02 14:14:19 +00:00
comment.php `hackificator` bails on this file because of mixed quote styles on some HTML attributes. 2014-05-18 21:47:14 +00:00
credits.php Add 'Release Lead' string to credits. see #29494. 2014-09-03 23:19:18 +00:00
custom-background.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
custom-header.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
customize.php Customize: Ignore invalid customization sessions. 2017-05-16 12:20:43 +00:00
edit-comments.php Comments: Update border color and help text. 2014-03-27 05:08:14 +00:00
edit-form-advanced.php Restore 'insert-media-button' as an ID attribute for the first instance of media_buttons(). Remove IDs for subsequent instances. 2014-09-02 09:08:16 +00:00
edit-form-comment.php `hackificator` doesn't like mixed quote styles in some generated HTML. The switch from single to double allows these files to be parsed. 2014-05-19 01:59:15 +00:00
edit-link-form.php In `edit-link-form.php`, `hackificator` bails because there is a `</form>` with no open `<form>`. It exists, but is needlessly constructed with PHP. It always returns a `<form>`, only the `id` and `name` are different. The dynamic piece just returns the ID now. 2014-05-18 22:07:15 +00:00
edit-tag-form.php Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712. 2014-01-24 19:06:15 +00:00
edit-tags.php Remove unreachable `break` statements in `wp-admin/edit-tags.php`. `break` is unnecessary after `die`, `exit`, and `wp_die`. 2014-05-06 14:52:16 +00:00
edit.php `edit.php?post_type=attachment` should redirect to `upload.php`. Without the redirect, the user is presented with an empty list table. There are probably other issues to address overall, but this accomplishes what the ticket wants. 2014-06-10 18:48:15 +00:00
export.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
freedoms.php Sync tagline from about page with credits and freedoms. 2014-08-28 17:53:18 +00:00
import.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
index.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
install-helper.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
install.php i18n: Skip language chooser for localized packages. 2014-09-04 14:39:15 +00:00
link-add.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
link-manager.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
link-parse-opml.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
link.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
load-scripts.php Inline docs syntax fixes following [28978]. 2014-07-07 16:42:16 +00:00
load-styles.php Simplify the setup-config.php UI flow and load process. 2014-07-03 19:57:14 +00:00
media-new.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
media-upload.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
media.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
menu-header.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
menu.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
moderation.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-admin.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-delete-site.php Always decode special characters for email subjects. 2014-03-28 02:44:15 +00:00
ms-edit.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-options.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-sites.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-themes.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-upgrade-network.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-users.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
my-sites.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
nav-menus.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
network.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
options-discussion.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
options-general.php Allow language specified by the WPLANG constant (but not installed) to be chosen. 2014-09-03 08:03:16 +00:00
options-head.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
options-media.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-permalink.php Permalink Settings: Don't show "update your .htaccess now" if nothing needs to change. 2014-03-15 04:35:16 +00:00
options-reading.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-writing.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
options.php Language packs: No WPLANG anymore. 2014-08-26 19:59:16 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:42:20 +00:00
plugin-install.php Plugin search: Wrap results in a form to fix pagination's `paged` input field. 2014-11-06 07:01:34 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:42:20 +00:00
post-new.php When adding a post of a post type whose menu item is in a submenu, highlight the correct menu item. props mordauk, markjaquith. fixes #24137. 2014-07-25 15:26:18 +00:00
post.php Heartbeat: Ensure post locks are released. 2015-08-04 04:55:53 +00:00
press-this.php Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 2017-01-26 14:14:44 +00:00
profile.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
revision.php Revisions: Change the capability needed to view revision diffs to `edit_post`. 2016-06-21 14:47:17 +00:00
setup-config.php i18n: Skip language chooser for localized packages. 2014-09-04 14:39:15 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:42:20 +00:00
theme-install.php Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters. 2014-08-27 01:32:18 +00:00
themes.php Make filter bar CSS less verbose and redundant. 2014-08-25 15:58:15 +00:00
tools.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:43:08 +00:00
update.php Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters. 2014-08-27 01:32:18 +00:00
upgrade-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
upgrade.php Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb 2014-06-29 14:10:15 +00:00
upload.php Make sure we're on the media grid page before calling wp.media(). 2014-11-06 08:08:35 +00:00
user-edit.php Users: Use correct escaping function for URLs. 2017-09-19 21:39:43 +00:00
user-new.php Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 2017-11-29 16:38:47 +00:00
users.php Pinking shears. 2014-09-04 15:23:16 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:51:19 +00:00