WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Weston Ruter aa9ef96a52 Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 
Ensures that intentional backslashes (e.g. "\o/") can be used in:

* Site title
* Site description
* Nav menu name
* Custom Menu widget title
* Tag Cloud widget title
* Text widget body if can't `unfiltered_html`

The latter three are also fixed on the widgets admin page.

Fixes #35898.

Built from https://develop.svn.wordpress.org/trunk@36622


git-svn-id: http://core.svn.wordpress.org/trunk@36589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2016-02-23 01:02:26 +00:00
..
ID3 Update getID3 to 1.9.9 2015-06-28 00:17:25 +00:00
SimplePie Feeds: add `CEST` to `$timezone` in `SimplePie_Parse_Date`. 2015-10-20 05:57:24 +00:00
Text Fix the `@author` doc param encoding in `Text/Diff/Engine/string` so the file is recognized as UTF-8, not ISO-8859-1. 2015-10-24 22:45:25 +00:00
certificates HTTP API: Certificate bundle: Attempt to move a certificate lower in the file to allow older OpenSSL versions to parse it & communicate with WordPress.org securely again. 2016-02-18 08:21:28 +00:00
css Accessibility: Improve the color contrast ratio for the input placeholders. 2016-02-22 23:29:26 +00:00
customize Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 2016-02-23 01:02:26 +00:00
fonts Dashicons: Fix font ID in SVG file. 2015-07-23 10:03:24 +00:00
images Embeds: Revert [35083], as the PNG files ended up not being used in [35466]. 2015-10-31 04:42:25 +00:00
js JSHint for [36602]. 2016-02-20 22:14:27 +00:00
pomo Merge the changes to GlotPress's POMO from upstream to WordPress's copy. 2015-11-20 04:34:25 +00:00
random_compat Update Random_Compat to the latest version (1.1.6). 2016-01-30 00:57:28 +00:00
rest-api Docs: Add missing @since and @access tags to `get_curies` method and filter from r36533 2016-02-19 23:42:27 +00:00
theme-compat Theme Compat: Replace the custom comment form with `comment_form()` and reduce number of links. 2016-02-20 14:41:27 +00:00
widgets Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 2016-02-23 01:02:26 +00:00
admin-bar.php Docs: Fix two incorrect notations of the `$show_admin_bar` global to specify a boolean type, not `WP_Admin_Bar`. 2016-02-20 21:27:26 +00:00
atomlib.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
author-template.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:51:26 +00:00
bookmark-template.php Sanitize the class passed to `wp_list_bookmarks()` and allow passing an array. 2015-06-22 20:55:28 +00:00
bookmark.php Docs: Add a missing notation for the `$bookmark_id` parameter in the DocBlock for `clean_bookmark_cache()`. 2015-12-18 23:01:28 +00:00
cache.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
canonical.php Canonical: Generate the correct canonical url for paged posts/pages when they're used as the page_on_front. 2016-01-09 07:33:27 +00:00
capabilities.php Docs: Add a note to the DocBlock for `current_user_can()` to explain that it will always return true for super admins, unless specifically denied. 2016-02-07 01:27:26 +00:00
category-template.php Taxonomy: Correct the accetped types for the `taxonomy` element in the arguments passed to `wp_dropdown_categories()`. 2016-01-13 20:16:29 +00:00
category.php Docs: Document the `$args` parameter for `get_categories()` as a hash notation. 2016-02-04 14:50:26 +00:00
class-IXR.php XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client. 2015-12-31 04:06:26 +00:00
class-feed.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-http.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
class-json.php The the Docs: Fix the the dittography 2015-12-06 21:23:25 +00:00
class-oembed.php Remove RDIO from oEmbed providers 2015-12-18 18:16:27 +00:00
class-phpass.php Remove closing PHP tag from `wp-includes/class-phpass.php`. 2015-10-06 23:45:25 +00:00
class-phpmailer.php Upgrade PHPMailer from 5.2.10 to 5.2.14. 2015-12-24 01:59:26 +00:00
class-pop3.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-simplepie.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-smtp.php Upgrade PHPMailer from 5.2.10 to 5.2.14. 2015-12-24 01:59:26 +00:00
class-snoopy.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-walker-category-dropdown.php Docs: Document the `$id` parameter for `Walker_CategoryDropdown::start_el()`, which is implemented by `Walker` but unused in the subclass method. 2015-12-14 17:47:30 +00:00
class-walker-category.php Add `current-cat-ancestor` class to ancestor items in `wp_list_categories()`. 2015-12-18 18:38:25 +00:00
class-walker-comment.php Docs: Document the `$id` parameter for `Walker_Comment::start_el()`, which is implemented by `Walker` but unused in the subclass method. 2015-12-14 17:50:26 +00:00
class-walker-page-dropdown.php Docs: Add missing property and method summaries in DocBlocks for `Walker_PageDropdown`. 2015-12-16 16:36:28 +00:00
class-walker-page.php Docs: Move the hook doc for the `the_title` filter in `Walker_Page::start_el()` to directly precede the `apply_filters()` line. 2016-01-05 16:35:26 +00:00
class-wp-admin-bar.php Toolbar: Allow adding `lang` and `dir` attributes to toolbar items. 2015-12-06 21:37:25 +00:00
class-wp-ajax-response.php `WP_Ajax_Response` has one property only, `$responses`. It was public until [28508], when it became `private` in name only. Is it worth 4 magic methods to pretend that this property is `private`? It is not. 2015-01-11 00:13:23 +00:00
class-wp-comment-query.php Allow comments to be queried by 'any' `post_type` or `post_status`. 2016-02-06 04:51:25 +00:00
class-wp-comment.php Comments: Correct description of `comment_author` property in WP_Comment class. 2016-01-17 15:00:27 +00:00
class-wp-customize-control.php Docs: Hash notate properties and defaults for the benefit of `$args` parameter documentation for `WP_Customize_Control::__construct()`. 2015-12-28 20:10:35 +00:00
class-wp-customize-manager.php Customize: Add selective refresh framework with implementation for widgets and re-implementation for nav menus. 2016-02-19 18:41:28 +00:00
class-wp-customize-nav-menus.php Customize: Prevent PHP notice and JS error caused by widgets and nav menus components if user only has `customize` capability. 2016-02-22 05:31:27 +00:00
class-wp-customize-panel.php Docs: Remove a duplicate `@static` tag from the `WP_Customize_Panel->instance_count` property DocBlock. 2016-02-18 00:14:26 +00:00
class-wp-customize-section.php Customize: move `WP_Customize_Section` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 2016-02-23 01:02:26 +00:00
class-wp-customize-widgets.php Customize: Prevent PHP notice and JS error caused by widgets and nav menus components if user only has `customize` capability. 2016-02-22 05:31:27 +00:00
class-wp-editor.php TinyMCE inline link: 2016-02-06 00:51:27 +00:00
class-wp-embed.php Embeds: Remove the `allow_insecure_embeds` filter. 2015-11-19 05:02:27 +00:00
class-wp-error.php Use `void` instead of `null` where appropriate when pipe-delimiting `@return` types. If a `@return` only contains `void`, remove it. 2015-05-24 05:40:25 +00:00
class-wp-http-cookie.php Docs: object != class 2015-09-26 07:04:28 +00:00
class-wp-http-curl.php Docs: Miscellaneous docblock corrections. 2015-12-23 06:31:27 +00:00
class-wp-http-encoding.php Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748]. 2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php Docs: Update the hook doc summary for the `wp_http_ixr_client_headers` filter, introduced in [34164]. 2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
class-wp-http-response.php HTTP/REST API: move `WP_HTTP_Response` to `wp-includes/` with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically. 2015-10-08 19:27:28 +00:00
class-wp-http-streams.php Docs: Add missing parameter documentation for the `$args` parameter in the DocBlock for `WP_Http_Streams::test()`. 2015-12-14 23:54:26 +00:00
class-wp-image-editor-gd.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor-imagick.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor.php Media: Reduce default image compression quality to '82'. 2016-02-22 22:19:26 +00:00
class-wp-meta-query.php Docs: `WP_Meta_Query` accepts 'EXISTS' or 'NOT EXISTS' for `$compare`. 2016-02-22 03:56:27 +00:00
class-wp-metadata-lazyloader.php More performance improvements to metadata lazyloading. 2016-02-17 22:58:26 +00:00
class-wp-network.php Docs: Fix type documentation for `WP_Network` properties. 2016-01-18 02:59:27 +00:00
class-wp-oembed-controller.php oEmbed: Drop the trailing slash from the namespace. 2015-11-17 11:27:29 +00:00
class-wp-post.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-rewrite.php Embeds: Allow embedding static front pages and pages having a child page with an `embed` slug. 2016-01-15 07:56:26 +00:00
class-wp-role.php Docs: Clarify documentation for `WP_Role::has_cap()` to more clearing indicate that the method checks for capabilities against the role rather than the user. 2015-12-14 20:05:27 +00:00
class-wp-roles.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
class-wp-site.php Docs: Make some minor improvements to inline docs for `WP_Site`, introduced in [36393]. 2016-02-07 02:13:26 +00:00
class-wp-tax-query.php Correct some `@param` doc names in the `WP_Tax_Query` and `WP_User_Query` classes. 2015-12-14 02:50:27 +00:00
class-wp-term.php Docs: Various docblock corrections. 2016-01-10 01:26:25 +00:00
class-wp-theme.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
class-wp-user-query.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:51:26 +00:00
class-wp-user.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:51:26 +00:00
class-wp-walker.php Avoid a PHP notice when trying to access the `post_parent` property of hierarchical post type nav menu items. 2015-12-12 01:06:29 +00:00
class-wp-widget-factory.php Docs: The Widgets subpackage is plural. 2015-09-22 13:48:25 +00:00
class-wp-widget.php Introduce a `$parent_class` parameter for `_deprecated_constructor()`. 2016-02-16 23:20:26 +00:00
class-wp-xmlrpc-server.php XML-RPC: Revert [34681] as it broke date handling. 2016-01-03 19:49:32 +00:00
class-wp.php Introduce `publicly_queryable` taxonomy argument. 2016-02-13 03:51:26 +00:00
class.wp-dependencies.php Script Loader: Fix missing script output when the groups of dependencies are different. 2016-02-20 22:11:25 +00:00
class.wp-scripts.php Script/Style Dependencies: Make sure that inline styles for handles without a source are printed. 2016-02-17 17:11:26 +00:00
class.wp-styles.php Styles: Pass the media attribute as an argument to the `style_loader_tag` filter. 2016-02-19 21:05:26 +00:00
comment-template.php More performance improvements to metadata lazyloading. 2016-02-17 22:58:26 +00:00
comment.php Replace `wp_upload_dir()` with the new `wp_get_upload_dir()` in all cases where a file is not being uploaded. Deprecate `_wp_upload_dir_baseurl()`, and replace it with `wp_get_upload_dir()`. 2016-02-18 00:24:27 +00:00
compat.php Docs: Fix one line of the DocBlock for the `JsonSerializable` compat interface to use a tab instead of spaces. 2016-02-07 01:18:27 +00:00
cron.php Docs: Adjust formatting for an added-parameter changelog entry in the hook doc for the `cron_request` filter. 2016-01-14 17:30:28 +00:00
date.php Docs: Remove some more dittography. 2015-12-06 21:50:25 +00:00
default-constants.php Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the `https` scheme. A more comprehensive approach will be taken in 4.5. 2015-12-22 13:02:29 +00:00
default-filters.php Authentication: Allow users to log in using their email address. 2016-02-22 23:15:27 +00:00
default-widgets.php Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes. 2015-09-22 13:36:25 +00:00
deprecated.php Replace `wp_upload_dir()` with the new `wp_get_upload_dir()` in all cases where a file is not being uploaded. Deprecate `_wp_upload_dir_baseurl()`, and replace it with `wp_get_upload_dir()`. 2016-02-18 00:24:27 +00:00
embed-template.php Embeds: Change attachment metadata condition to prevent a warning in the embeds template. 2015-12-30 22:25:28 +00:00
embed.php Embeds: Allow embedding static front pages and pages having a child page with an `embed` slug. 2016-01-15 07:56:26 +00:00
feed-atom-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-atom.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed-rdf.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
formatting.php Formatting: Avoid a PHP warning when `wptexturize()` is called with a trailing less-than symbol. 2016-02-18 20:31:27 +00:00
functions.php Replace `wp_upload_dir()` with the new `wp_get_upload_dir()` in all cases where a file is not being uploaded. Deprecate `_wp_upload_dir_baseurl()`, and replace it with `wp_get_upload_dir()`. 2016-02-18 00:24:27 +00:00
functions.wp-scripts.php Docs: Miscellaneous docblock code quality tweaks. 2015-12-23 07:53:26 +00:00
functions.wp-styles.php Docs: Miscellaneous docblock code quality tweaks. 2015-12-23 07:53:26 +00:00
general-template.php Template: Update label for the username field in `wp_login_form()` after [36617]. 2016-02-22 23:38:27 +00:00
http.php HTTP: `0.1.2.3` is not a valid IP. 2016-02-02 12:55:29 +00:00
kses.php Docs: Use the correct parameter name in the DocBlock for `wp_kses_post_deep()`, introduced in [36429]. 2016-02-07 00:18:26 +00:00
l10n.php i18n: Prevent `is_textdomain_loaded()` from returning true even if there are no translations for the domain. 2016-02-16 21:15:29 +00:00
link-template.php Docs: Slightly simplify the DocBlock summaries for `home_url()`, `get_home_url()`, `site_url()`, and `get_site_url()`. 2016-02-07 02:06:26 +00:00
load.php Don't display errors during Ajax requests. 2016-02-18 16:43:27 +00:00
locale.php Docs: Add a missing summary to the DocBlock for `WP_Locale::rtl_src_admin_notice()`. 2015-12-16 18:08:26 +00:00
media-template.php Accessibility: add missing `alt` attributes to a gaggle of `<img>`s. 2015-11-07 16:12:27 +00:00
media.php Replace `wp_upload_dir()` with the new `wp_get_upload_dir()` in all cases where a file is not being uploaded. Deprecate `_wp_upload_dir_baseurl()`, and replace it with `wp_get_upload_dir()`. 2016-02-18 00:24:27 +00:00
meta.php More performance improvements to metadata lazyloading. 2016-02-17 22:58:26 +00:00
ms-blogs.php Networks and sites: Replace "blog" usage with "site" in docs. 2016-01-28 03:35:27 +00:00
ms-default-constants.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
ms-default-filters.php Move new user notification emails to `add_action()` callbacks. 2015-09-16 22:19:24 +00:00
ms-deprecated.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
ms-files.php `if` is a statment, not a function. 2015-06-16 20:01:25 +00:00
ms-functions.php Networks and Sites: Clarify the docblock for `get_current_site()` so it's clear that it returns the current network object, not anything to do with the current site. As a further exercise, the reader is invited to fix the nomenclature surrounding blogs, sites, and networks in WordPress. 2016-01-14 00:02:25 +00:00
ms-load.php I18N: Move translatable Codex URLs to separate strings in `wp-includes/ms-load.php`. 2015-11-18 17:42:26 +00:00
ms-settings.php Multisite: Introduce the WP_Site class. 2016-01-25 21:51:26 +00:00
nav-menu-template.php Menus: Bring back line break between menu items. 2015-12-24 00:21:27 +00:00
nav-menu.php Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 2016-02-23 01:02:26 +00:00
option.php Clarify return types in `get_option()` documentation. 2016-01-09 03:12:26 +00:00
pluggable-deprecated.php Users: Deprecate the `get_currentuserinfo()` pluggable function. 2016-01-15 10:16:27 +00:00
pluggable.php Authentication: Allow users to log in using their email address. 2016-02-22 23:15:27 +00:00
plugin.php Docs: Fix indentation in `add_filter()` example. 2016-01-25 18:58:27 +00:00
post-formats.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-template.php Posts: Correctly pass `$post` to `post_password_required()` in `get_the_excerpt()`. 2016-01-16 10:14:28 +00:00
post-thumbnail-template.php Docs: Adjust documentation for the `$size` parameter in `the_post_thumbnail_url()` to clarify the required order of width and height values when passing an array. 2015-10-12 17:00:26 +00:00
post.php Posts: Non-trashed posts should take slug priority over trashed posts. 2016-02-21 21:45:28 +00:00
query.php More performance improvements to metadata lazyloading. 2016-02-17 22:58:26 +00:00
registration-functions.php
registration.php
rest-api.php REST API: Add helper function to get server instance. 2016-02-16 01:12:26 +00:00
revision.php Docs: Add a missing notation for the `$args` parameter in the DocBlock for `wp_get_post_revisions()`. 2015-12-16 23:18:26 +00:00
rewrite.php Embeds: Allow embedding static front pages and pages having a child page with an `embed` slug. 2016-01-15 07:56:26 +00:00
rss-functions.php
rss.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
script-loader.php Script Loader: Don't parse `$src` if the current color scheme isn't registered. 2016-02-19 20:44:26 +00:00
session.php Docs: `@param` fixes for a variety of docblocks. 2016-01-09 01:45:26 +00:00
shortcodes.php Shortcodes: `=` is a reserved character in shortcode names, mark it as such. 2015-12-26 04:46:28 +00:00
taxonomy.php Allow `get_terms()` to fetch terms regardless of taxonomy. 2016-02-22 22:17:26 +00:00
template-loader.php Themes: Show template loading error to users with `switch_themes` cap. 2016-01-18 19:57:26 +00:00
template.php Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times. 2015-12-10 03:06:30 +00:00
theme.php Themes: Use the attachment ID as the key in `get_uploaded_header_images()`. 2016-02-16 22:12:27 +00:00
update.php Updates: Don't perform an API call to WordPress.org for every plugin update displayed. The API has been updated to return this information with the update response. 2016-01-06 07:53:26 +00:00
user.php Authentication: Allow users to log in using their email address. 2016-02-22 23:15:27 +00:00
vars.php Introduce a new `$is_edge` global for the Microsoft Edge browser. 2015-09-05 22:33:23 +00:00
version.php Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets. 2016-02-23 01:02:26 +00:00
widgets.php Widgets: Revert [34465], as it introduced a regression, making the `$index` argument of `dynamic_sidebar()` case-sensitive. 2015-12-31 03:13:26 +00:00
wlwmanifest.xml
wp-db.php Docs: Add an `@access` tag and fix a typo in the DocBlock for `wpdb::close()`. 2016-02-07 02:03:26 +00:00
wp-diff.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00