WordPress/wp-admin
John Blackbourn f345c93563 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42292


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:25 +00:00
..
css Shortcodes: Improve the reliablity of shortcodes inside HTML tags. 2015-07-22 05:44:27 +00:00
images Update more instances of default admin blues and grays. 2015-04-05 21:20:27 +00:00
includes Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 2017-09-19 14:43:56 +00:00
js Add nonce for updating file system credentials. 2017-05-16 14:56:24 +00:00
maint Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb 2014-06-29 14:10:15 +00:00
network Multisite: Improve escaping in network settings. 2016-03-30 16:02:49 +00:00
user Ensure the requires for the admin bootstrap are documented in all wp-admin/user/ files. 2014-11-04 16:32:22 +00:00
about.php Bump 4.2 branch to version 4.3.17. 2017-10-31 13:42:30 +00:00
admin-ajax.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
admin-footer.php Accessibility: Add landmark roles to WordPress admin areas. 2015-04-01 13:17:27 +00:00
admin-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
admin-header.php Accessibility: Add landmark roles to WordPress admin areas. 2015-04-01 13:17:27 +00:00
admin-post.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
admin.php Avoid confusion by clarifying an inline comment on logic for performing multisite upgrades. 2015-01-29 11:53:21 +00:00
async-upload.php Prevent IE9 and lower displaying the download file dialogue when attempting to upload using the `html4` Plupload handler. 2015-02-12 01:15:29 +00:00
comment.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
credits.php About page: Finalize media for 4.2. 2015-04-23 15:43:25 +00:00
custom-background.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
custom-header.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
customize.php Customize: Ignore invalid customization sessions. 2017-05-16 12:19:29 +00:00
edit-comments.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
edit-form-advanced.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
edit-form-comment.php Remove ambiguity in the time display format in core, switches to using 24hr notation where am/pm isn't specified. 2015-03-23 02:14:27 +00:00
edit-link-form.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
edit-tag-form.php Admin notices: Make (most) core notices dismissible. 2015-04-01 22:06:28 +00:00
edit-tags.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
edit.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
export.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
freedoms.php About page updates. 2015-04-15 00:38:27 +00:00
import.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
index.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
install-helper.php Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 2014-11-24 05:47:23 +00:00
install.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
link-add.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
link-manager.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
link-parse-opml.php Remove unnecessary `echo()`, add translator comment. 2015-04-02 19:01:27 +00:00
link.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
load-scripts.php When outputting JS with a `Content-Type` header: 2015-01-03 02:57:21 +00:00
load-styles.php Simplify the setup-config.php UI flow and load process. 2014-07-03 19:57:14 +00:00
media-new.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
media-upload.php Remove an extra indent from most of media-new.php. 2015-02-03 07:47:22 +00:00
media.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
menu-header.php Accessibility: Add landmark roles to WordPress admin areas. 2015-04-01 13:17:27 +00:00
menu.php Introduce delete_site meta capability. 2015-03-08 02:10:30 +00:00
moderation.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-admin.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-delete-site.php Introduce delete_site meta capability. 2015-03-08 02:10:30 +00:00
ms-edit.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-options.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-sites.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-themes.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-upgrade-network.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
ms-users.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
my-sites.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
nav-menus.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
network.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options-discussion.php Force default avatar for HiDPI avatars on Discussion Settings. 2015-04-14 18:09:26 +00:00
options-general.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options-head.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
options-media.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options-permalink.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options-reading.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options-writing.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
options.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:32:30 +00:00
plugin-install.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:32:30 +00:00
post-new.php Admin globals: 2015-01-10 05:29:22 +00:00
post.php Heartbeat: Ensure post locks are released. 2015-08-04 04:54:59 +00:00
press-this.php PressThis v2, first run. Props michael-arestad, stephdau, marcelomazza, DrewAPicture, iseulde, afercia, kraftbj, rachelbaker, AramZS, dd32. See #31373. 2015-02-25 01:50:26 +00:00
profile.php Don't rely on include_path to include files. 2013-09-25 00:18:11 +00:00
revision.php Revisions: Change the capability needed to view revision diffs to `edit_post`. 2016-06-21 14:44:29 +00:00
setup-config.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:32:30 +00:00
theme-install.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
themes.php Correctly escape theme version numbers when displaying them. 2015-04-20 06:27:25 +00:00
tools.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:42:26 +00:00
update.php Accessibility improvements for Themes screen: fix keyboard events and callbacks for the Search field, increase trigger timeout a bit, improve Esc. key handling. 2015-04-03 02:32:28 +00:00
upgrade-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
upgrade.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
upload.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
user-edit.php Users: Use correct escaping function for URLs. 2017-09-19 21:38:56 +00:00
user-new.php Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 2017-11-29 16:33:25 +00:00
users.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:49:32 +00:00