WordPress/wp-includes
John Blackbourn a44ccc633f Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42302


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:40:18 +00:00
..
ID3 Disable external entities in ID3. 2014-08-05 19:14:18 +00:00
SimplePie SimplePie: Fix use of DOMElement as array. 2013-09-11 04:02:10 +00:00
Text
certificates WP_HTTP: Update the Root Certificate bundle used for SSL communication by WP_HTTP. 2014-02-27 02:33:14 +00:00
css Backport the PHPUnit test fixes from [31622] to the 4.0 branch. 2015-04-19 07:43:42 +00:00
fonts Dashicons: Update to the latest dashicons files. 2014-08-17 15:01:16 +00:00
images Edit Image modal: 2014-03-27 22:41:14 +00:00
js TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:45:12 +00:00
pomo Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
theme-compat Eliminate use of `extract()` in `wp-includes/theme-compat/comments-popup.php`. 2014-05-13 04:40:16 +00:00
admin-bar.php Restore the post type's view_item label for preview links that don't submit the changes. 2014-09-03 11:33:16 +00:00
atomlib.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
author-template.php Convert documentation of default arguments in `wp_list_authors()` to the hash-notation style. 2014-06-29 22:34:14 +00:00
bookmark-template.php Add indentation for the hash notation missed in [29108]. 2014-07-11 22:59:16 +00:00
bookmark.php Convert default arguments documentation for `get_bookmarks()` into a hash notation. 2014-07-11 23:03:13 +00:00
cache.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
canonical.php Revert [28610] in order to avoid infinite redirect loops on reverse proxies which proxy from HTTPS to HTTP. 2014-11-06 07:16:39 +00:00
capabilities.php Capabilities: Fall back to the `edit_posts` capability for orphaned comments. 2015-09-09 06:10:38 +00:00
category-template.php Additional @return clarifications for get_the_terms(), get_the_tag_list(), and get_the_term_list(). 2014-08-12 23:48:16 +00:00
category.php Deprecate get_all_category_ids(). Suggest get_terms() as a replacement. 2014-06-05 16:25:14 +00:00
class-IXR.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-feed.php Add access modifiers to methods/members in `WP_Feed_Cache`, `WP_SimplePie_File`, and `WP_Feed_Cache_Transient`. 2014-05-19 05:27:15 +00:00
class-http.php Avoid PHP notices when checking for local requests in in WP_Http. 2014-09-02 02:06:17 +00:00
class-json.php
class-oembed.php Switch the Polldaddy oEmbed endpoint to HTTPS as it now redirects there. See #28507. 2014-08-13 00:17:16 +00:00
class-phpass.php Prevent high resource usage when hashing large passwords. props mdawaffe, pento 2014-11-20 16:05:39 +00:00
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 05:26:18 +00:00
class-pop3.php
class-simplepie.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 05:26:18 +00:00
class-snoopy.php Snoopy: use escapeshellarg instead of escapeshellcmd 2016-03-30 14:11:17 +00:00
class-wp-admin-bar.php In `wp-includes/class-wp-admin-bar.php`, `break` is unreachabled after `return`. 2014-05-06 18:29:15 +00:00
class-wp-ajax-response.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
class-wp-customize-control.php Link to apps.wordpress.org instead of wordpress.org/mobile. 2014-09-04 14:22:15 +00:00
class-wp-customize-manager.php Customize: Ignore invalid customization sessions. 2017-05-16 12:20:43 +00:00
class-wp-customize-panel.php Customizer panels: use a single back button for all panels. 2014-08-25 23:05:15 +00:00
class-wp-customize-section.php Customizer: Increase default priority for a section to 160. 2014-08-15 19:36:16 +00:00
class-wp-customize-setting.php Correct the documentation for the customize_save_* action. 2014-08-15 19:49:15 +00:00
class-wp-customize-widgets.php Customizer: Use `hash_equals()` for widgets. 2015-08-04 04:53:08 +00:00
class-wp-editor.php Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 4.0 branch. 2015-04-20 12:49:33 +00:00
class-wp-embed.php Backport r33469 and r33470 to 4.0. 2015-07-31 01:44:36 +00:00
class-wp-error.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
class-wp-http-ixr-client.php Add access modifiers to methods/members in `WP_HTTP_IXR_Client`. 2014-05-19 05:51:15 +00:00
class-wp-image-editor-gd.php Revert [28640] as per @DH-Shredder. 2014-08-01 18:43:16 +00:00
class-wp-image-editor-imagick.php Add `->get_quality()` method to `WP_Image_Editor` class. 2014-06-28 03:50:15 +00:00
class-wp-image-editor.php Add `->get_quality()` method to `WP_Image_Editor` class. 2014-06-28 03:50:15 +00:00
class-wp-theme.php Themes: Fix markup for theme name fallbacks. 2017-01-11 11:12:39 +00:00
class-wp-walker.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-wp-xmlrpc-server.php Adjust post meta checks 2017-05-16 08:53:37 +00:00
class-wp.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
class.wp-dependencies.php `WP_Dependencies->recurse_deps()`: tuck the recursion into `elseif` so the `foreach` doesn't break on the first item. 2014-07-20 00:34:15 +00:00
class.wp-scripts.php `WP_Scripts->in_default_dir()` should use the `WPINC` constant 2014-06-29 22:23:15 +00:00
class.wp-styles.php Add missing access modifiers to methods in `WP_Scripts` and `WP_Styles`. 2014-05-19 06:17:14 +00:00
comment-template.php Correct a few `@param` docs for `$walker`. 2014-07-24 22:25:16 +00:00
comment.php Correct references to post-template.php in the inline docs. 2014-08-12 01:09:17 +00:00
compat.php WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion. 2015-05-06 19:09:39 +00:00
cron.php Avoid an undefined index notice in wp_reschedule_event(). 2014-08-01 20:57:16 +00:00
date.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
default-constants.php Revert [28563]. See #18298. 2014-07-09 18:07:16 +00:00
default-filters.php Allow for custom authentication handlers for all requests. 2014-03-09 15:23:15 +00:00
default-widgets.php Nav menus: Consistent titles in widgets. 2015-08-03 20:58:37 +00:00
deprecated.php `LIKE` escape sanity: 2014-06-10 00:30:15 +00:00
feed-atom-comments.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-atom.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-rdf.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-rss.php Revert r25824:25875 from the core.svn.wordpress.org repository. 2013-10-25 02:29:52 +00:00
feed-rss2-comments.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-rss2.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed.php Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 2017-11-29 16:40:18 +00:00
formatting.php Media: Improve handling of extensionless filenames. 2016-06-21 14:58:18 +00:00
functions.php Media: Fix exif_imagetype check in wp_get_image_mime 2017-01-11 16:44:41 +00:00
functions.wp-scripts.php Revert [28840]; wp_localize_script() must be called on a registered handle. 2014-09-02 19:35:16 +00:00
functions.wp-styles.php Inline documentation for hooks in wp-includes/functions.wp-styles.php. 2013-10-27 17:59:09 +00:00
general-template.php Hardening: Add escaping to the language attributes used on `html` elements. 2017-11-29 16:39:05 +00:00
http.php HTTP: Improve detection of valid IP addresses. 2016-03-30 15:52:49 +00:00
kses.php Shortcodes: Improve the reliablity of shortcodes inside HTML tags. 2015-07-23 04:50:37 +00:00
l10n.php Language packs: No WPLANG anymore. 2014-08-26 19:59:16 +00:00
link-template.php In get_adjacent_post(), $excluded_terms should check term_id rather than term_taxonomy_id. 2014-11-20 10:59:35 +00:00
load.php Send nocache_headers() on installation screens and when redirecting to them. 2014-08-25 17:40:16 +00:00
locale.php Better description for WP_Locale::_strings_for_pot(). props dimadin. fixes #25937. 2013-11-13 14:01:09 +00:00
media-template.php Don't display Edit links for attachments user cannot edit. 2014-11-20 11:07:36 +00:00
media.php Embeds: URL encode YouTube video IDs for broader compatibility. 2017-03-06 12:08:43 +00:00
meta.php Meta Query: Revert [28659] (and [28665]) due to regressions. 2014-08-27 20:23:16 +00:00
ms-blogs.php Simplify the code for calling refresh_blog_details() whenever 'blogname', 'siteurl', or 'post_count' option is updated. 2014-09-02 07:30:16 +00:00
ms-default-constants.php After [29200], switch back to using `static` vars instead of adding 2 `global`s, as per Sergey. 2014-07-19 23:14:15 +00:00
ms-default-filters.php Simplify the code for calling refresh_blog_details() whenever 'blogname', 'siteurl', or 'post_count' option is updated. 2014-09-02 07:30:16 +00:00
ms-deprecated.php Theme compat: Move <head profile> to <link>. 2014-03-25 17:22:15 +00:00
ms-files.php
ms-functions.php Multisite: Use `wp_rand()` in signup key creation. 2017-01-11 05:36:18 +00:00
ms-load.php Replace all uses of `like_escape()` with `$wpdb->esc_like()`. 2014-06-10 00:44:15 +00:00
ms-settings.php Move ms-load.php and ms-default-constants.php inclusion back to ms-settings.php to avoid breaking WP-CLI. 2014-06-30 23:50:15 +00:00
nav-menu-template.php Correct a few `@param` docs for `$walker`. 2014-07-24 22:25:16 +00:00
nav-menu.php `return false` in `has_nav_menu()` if the `$location` does not exist in the `$_wp_registered_nav_menus` global. 2014-06-26 00:57:15 +00:00
option.php Fix the `wp-settings-*` cookies used in getUserSetting()/setUserSetting(). They should be set without `COOKIE_DOMAIN` to work properly for sub-domains. Fixes #29095. 2014-08-13 02:47:16 +00:00
pluggable-deprecated.php Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc. 2014-03-03 02:34:27 +00:00
pluggable.php Strip control characters before validating redirect. 2017-03-06 13:45:44 +00:00
plugin.php Unit tests for has_filter() not resetting the array pointer. 2014-09-02 06:50:15 +00:00
post-formats.php Allow has_post_format() to be used to check for any format. 2013-11-24 13:45:10 +00:00
post-template.php Admin: Escape attachment name in case it contains special characters 2016-06-21 14:27:49 +00:00
post-thumbnail-template.php Revert [27166]. 2014-03-26 18:43:14 +00:00
post.php Database: Restore numbered placeholders in `wpdb::prepare()`. 2017-10-31 12:55:20 +00:00
query.php Query: Ensure that queries work correctly with post type names with special characters. 2017-01-26 13:52:45 +00:00
registration-functions.php
registration.php
revision.php Remove backticks on `$post` variables in some short parameter descriptions. 2014-07-03 19:28:14 +00:00
rewrite.php `WP_Query` was only missing one access modifier. 2014-05-19 17:41:13 +00:00
rss-functions.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
rss.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
script-loader.php TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:45:12 +00:00
session.php Add safeguards for when ext/hash is not compiled with PHP. 2014-09-23 18:14:39 +00:00
shortcodes.php Shortcodes: don't allow unclosed HTML elements in attributes 2015-09-14 22:49:17 +00:00
taxonomy.php Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 2016-03-30 17:36:16 +00:00
template-loader.php Add jshintrc to qunit. 2013-10-30 14:39:10 +00:00
template.php Revert [28563]. See #18298. 2014-07-09 18:07:16 +00:00
theme.php Themes: Fix some broken links in the legacy theme preview. 2015-08-04 04:57:43 +00:00
update.php Background Updates: Remove the 7am/7pm background update check. 2016-01-06 13:24:33 +00:00
user.php Invalidate password keys when a user's email changes. 2014-11-20 13:40:53 +00:00
vars.php Update the wp-inclues/vars.php file header to include Nginx as a recognized web server. 2014-01-10 18:15:13 +00:00
version.php Bump 4.0 branch to version 4.0.20. 2017-10-31 13:44:19 +00:00
widgets.php Fix a typo in the PHPDoc for `wp_register_sidebar_widget()`. 2014-07-23 17:21:18 +00:00
wlwmanifest.xml The Pinking Shears stir from their slumber, awakened by what may seem, to those 2013-12-11 19:49:11 +00:00
wp-db.php WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 2017-11-27 01:14:18 +00:00
wp-diff.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00