WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
whyisjake bb6d812c70 User: Invalidate `user_activation_key` on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.4 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.4@47653


git-svn-id: http://core.svn.wordpress.org/branches/4.4@47430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2020-04-29 16:39:23 +00:00
..
ID3 Update getID3 to 1.9.9 2015-06-28 00:17:25 +00:00
SimplePie Feeds: add `CEST` to `$timezone` in `SimplePie_Parse_Date`. 2015-10-20 05:57:24 +00:00
Text Fix the `@author` doc param encoding in `Text/Diff/Engine/string` so the file is recognized as UTF-8, not ISO-8859-1. 2015-10-24 22:45:25 +00:00
certificates HTTP: Partially revert [34283] which removed the 1024bit certificates from our trust store. 2015-12-14 05:25:26 +00:00
css Media: Reset box-sizing for input elements in the entire media modal. 2015-11-18 23:36:28 +00:00
customize Customize: Ensure that "Change" button appears when there are only 2 themes. 2015-12-23 01:51:22 +00:00
fonts Dashicons: Fix font ID in SVG file. 2015-07-23 10:03:24 +00:00
images Embeds: Revert [35083], as the PNG files ended up not being used in [35466]. 2015-10-31 04:42:25 +00:00
js Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
pomo Merge the changes to GlotPress's POMO from upstream to WordPress's copy. 2015-11-20 04:34:25 +00:00
random_compat Random_Compat: The version included with 4.4 only supports the PHP 5.2+ namespace version of libsodium, don't attempt to use it with PHP 5.2 or old libsodium versions. 2016-01-11 04:38:28 +00:00
rest-api REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves. 2015-12-04 23:36:25 +00:00
theme-compat Don't use `<a>` in translatable strings in `theme-compat/sidebar.php`. 2015-10-30 10:40:26 +00:00
widgets Widgets: Remove extra quotes from widget title in `WP_Widget_RSS`, accidentally added in [33814]. 2015-12-23 02:00:23 +00:00
admin-bar.php Do not pass FALSE as second parameter in variable class_exists() checks 2015-11-30 04:15:27 +00:00
atomlib.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
author-template.php Remove `<code>` tag from translatable string in `the_author()`. 2015-11-05 23:38:27 +00:00
bookmark-template.php Sanitize the class passed to `wp_list_bookmarks()` and allow passing an array. 2015-06-22 20:55:28 +00:00
bookmark.php After [35718], update the location of some files in `This filter is documented in` docs. 2015-11-22 03:51:28 +00:00
cache.php User: Invalidate `user_activation_key` on password update. 2020-04-29 16:39:23 +00:00
canonical.php Canonical: introduce `strip_fragment_from_url()` and use when comparing URLs in `redirect_canonical()`. 2015-12-04 23:11:26 +00:00
capabilities.php When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it. 2015-11-29 02:27:18 +00:00
category-template.php Ensure that `wp_list_categories()` supports comma-separated lists for 'exclude' and 'exclude_tree'. 2015-12-18 18:14:21 +00:00
category.php Simplify the include graph after work to split out classes. 2015-11-20 07:24:30 +00:00
class-IXR.php XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client. 2015-12-31 04:07:22 +00:00
class-feed.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-http.php Docs: Syntax fixes for deprecating `WP_Http::parse_url()`. 2015-10-23 15:43:24 +00:00
class-json.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-oembed.php General: Backport PHP 7.1 fixes to the 4.4 branch to avoid fatal errors and warnings. 2017-07-24 22:27:31 +00:00
class-phpass.php Remove closing PHP tag from `wp-includes/class-phpass.php`. 2015-10-06 23:45:25 +00:00
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 05:24:00 +00:00
class-pop3.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-simplepie.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 05:24:00 +00:00
class-snoopy.php Snoopy: use escapeshellarg instead of escapeshellcmd 2016-03-30 14:03:28 +00:00
class-walker-category-dropdown.php Docs: Clarify the file header for wp-includes/class-walker-category-dropdown.php, introduced in [34110]. 2015-09-22 14:03:25 +00:00
class-walker-category.php Taxonomy: in `wp_list_categories()`, add an arg: `separator`, to allow the overriding of `<br/>`. 2015-10-13 17:02:25 +00:00
class-walker-comment.php Docs: some `@global object` vernaculars should be converted to the actual object type. 2015-10-10 15:45:25 +00:00
class-walker-page-dropdown.php Docs: Clarify the file header subpackage for wp-includes/class-walker-page-dropdown.php, introduced in [34109]. 2015-09-22 13:58:24 +00:00
class-walker-page.php Docs: Actually, the subpackage for `Walker_Page` should be Template. 2015-09-22 15:09:24 +00:00
class-wp-admin-bar.php Docs: Add missing file headers to two Toolbar API files: wp-includes/admin-bar.php and wp-includes/class-wp-admin-bar.php. 2015-10-14 17:27:25 +00:00
class-wp-ajax-response.php `WP_Ajax_Response` has one property only, `$responses`. It was public until [28508], when it became `private` in name only. Is it worth 4 magic methods to pretend that this property is `private`? It is not. 2015-01-11 00:13:23 +00:00
class-wp-comment-query.php Comments: Respect all post-related filters in `WP_Comment_Query`. 2016-01-20 08:02:26 +00:00
class-wp-comment.php Prevent extra db queries in `WP_Comment::get_children()`. 2015-10-01 03:58:23 +00:00
class-wp-customize-control.php Customize: move `WP_Customize_Control` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:57:25 +00:00
class-wp-customize-manager.php Customize: Ensure valid themes in the preview. 2017-09-19 11:52:37 +00:00
class-wp-customize-nav-menus.php Customizer: Use correct context and translator comments for menu location strings. 2015-11-20 17:46:25 +00:00
class-wp-customize-panel.php Customize: move `WP_Customize_Panel` subclass to `wp-includes/customize`, it loads in the exact same place. 2015-10-24 18:25:24 +00:00
class-wp-customize-section.php Customize: move `WP_Customize_Section` subclasses to `wp-includes/customize`, they load in the exact same place. 2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked. 2015-11-21 02:52:27 +00:00
class-wp-customize-widgets.php Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked. 2015-11-21 02:52:27 +00:00
class-wp-editor.php Correct the parameter type for the `$stylesheet` parameter in the `mce_css` filter documentation. 2015-11-18 17:07:37 +00:00
class-wp-embed.php Embeds: Remove the `allow_insecure_embeds` filter. 2015-11-19 05:02:27 +00:00
class-wp-error.php Use `void` instead of `null` where appropriate when pipe-delimiting `@return` types. If a `@return` only contains `void`, remove it. 2015-05-24 05:40:25 +00:00
class-wp-http-cookie.php Docs: object != class 2015-09-26 07:04:28 +00:00
class-wp-http-curl.php Don't set `CURLOPT_CAINFO` when `sslverify` is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled. 2015-09-27 21:37:24 +00:00
class-wp-http-encoding.php Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748]. 2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php Docs: Update the hook doc summary for the `wp_http_ixr_client_headers` filter, introduced in [34164]. 2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php Docs: Add a missing file header to wp-includes/class-wp-http-proxy.php, introduced in [33748]. 2015-09-03 03:30:21 +00:00
class-wp-http-response.php HTTP/REST API: move `WP_HTTP_Response` to `wp-includes/` with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically. 2015-10-08 19:27:28 +00:00
class-wp-http-streams.php Docs: object != class 2015-09-26 07:04:28 +00:00
class-wp-image-editor-gd.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor-imagick.php Media: add a new image size, `medium_large`. Bumps db version to add new options. 2015-10-31 20:50:25 +00:00
class-wp-image-editor.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-meta-query.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-network.php Multisite: Clarify documentation for `WP_Network::get_by_path()`. 2015-11-08 02:25:25 +00:00
class-wp-oembed-controller.php oEmbed: Drop the trailing slash from the namespace. 2015-11-17 11:27:29 +00:00
class-wp-post.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-rewrite.php Docs: Add a couple of strategically-placed spaces in `WP_Rewrite`. 2015-10-08 22:07:24 +00:00
class-wp-role.php Docs: The Users subpackage is plural. 2015-09-22 13:46:25 +00:00
class-wp-roles.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-tax-query.php Docs: Add a file header to wp-includes/class-wp-tax-query.php, introduced in [33760]. 2015-09-22 13:16:30 +00:00
class-wp-term.php Make `get_term()` behave more consistently in the context of shared terms. 2015-11-05 16:45:25 +00:00
class-wp-theme.php Themes: Fix markup for theme name fallbacks. 2017-01-11 11:10:35 +00:00
class-wp-user-query.php Correct documentation for 'fields' param of `WP_User_Query`. 2015-11-16 19:04:55 +00:00
class-wp-user.php Docs: Move an inline comment that was preventing the hook docs for the `user_has_cap` filter from being parsed. 2015-11-10 06:45:25 +00:00
class-wp-walker.php Avoid a PHP notice when trying to access the `post_parent` property of hierarchical post type nav menu items. 2015-12-21 03:53:25 +00:00
class-wp-widget-factory.php Docs: The Widgets subpackage is plural. 2015-09-22 13:48:25 +00:00
class-wp-widget.php Widgets: when getting settings, and none exist, set them to empty to avoid extraneous database queries on subsequent requests. 2015-10-13 01:13:24 +00:00
class-wp-xmlrpc-server.php Adjust post meta checks 2017-05-16 08:51:31 +00:00
class-wp.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
class.wp-dependencies.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
class.wp-scripts.php Scripts: in `WP_Scripts::set_group()`, the `args` prop of the `_WP_Dependency` instance defaults to `null` - check that it is set before comparing. 2015-10-06 13:54:25 +00:00
class.wp-styles.php Add a missing `$html` parameter variable in the hook docs for the `style_loader_tag` filter. 2015-07-13 21:03:24 +00:00
comment-template.php Comments: Ignore hierarchy in pagination calculation when comment threading is disabled. 2016-01-20 08:32:27 +00:00
comment.php Comments: Improve comment content filtering. 2019-03-12 22:40:20 +00:00
compat.php Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x. 2015-10-09 04:28:24 +00:00
cron.php Cron: In `spawn_cron()`, when using `ALTERNATE_WP_CRON`, return early for any non-`GET`, instead of naively checking `! empty( $_POST )`. 2015-09-26 04:51:26 +00:00
date.php Ensure that `WP_Date_Query` accepts a value of `0` for 'hour'. 2015-10-09 16:33:25 +00:00
default-constants.php Set Twenty Sixteen as the default theme. 2015-11-25 21:52:26 +00:00
default-filters.php Embeds: Improve performance when embedding a post from the current site. 2016-06-21 14:42:29 +00:00
default-widgets.php Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes. 2015-09-22 13:36:25 +00:00
deprecated.php Template: Un-deprecate `wp_title()`. 2015-11-11 23:50:25 +00:00
embed-template.php Embeds: Change attachment metadata condition to prevent a warning in the embeds template. 2016-01-02 03:36:21 +00:00
embed.php oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 2017-09-19 13:51:01 +00:00
feed-atom-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-atom.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed-rdf.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2.php Feeds: `<comments>` is optional in RSS2, so don't include it when comments aren't present or open. Same for `<wfw:commentRss>` and `<slash:comments>` 2015-11-04 17:47:25 +00:00
feed.php Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 2017-11-29 16:29:31 +00:00
formatting.php User: Invalidate `user_activation_key` on password update. 2020-04-29 16:39:23 +00:00
functions.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
functions.wp-scripts.php After [32596] and [32597], ensure that `wp_scripts|styles()` is called to ensure an instance is created of `WP_Scripts|Styles()` before calling `->do_items()`. 2015-06-12 16:54:24 +00:00
functions.wp-styles.php After [32596] and [32597], ensure that `wp_scripts|styles()` is called to ensure an instance is created of `WP_Scripts|Styles()` before calling `->do_items()`. 2015-06-12 16:54:24 +00:00
general-template.php Multisite: Improve messaging for previously activated users. 2018-12-13 00:50:20 +00:00
http.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
kses.php Update `wp_kses_bad_protocol()` to recognize `&colon;` on uri attributes, 2019-12-12 18:44:21 +00:00
l10n.php Revert [34778], continue using `_site_option()` for the current network. 2015-10-07 17:11:25 +00:00
link-template.php Canonical: Output correct canonical links for paged posts when not using pretty permalinks. 2015-12-27 02:12:23 +00:00
load.php Multisite: The `networks` group should be global. 2016-01-11 05:06:27 +00:00
locale.php Revert [35336] and [35337]. 2015-11-18 20:30:25 +00:00
media-template.php Accessibility: add missing `alt` attributes to a gaggle of `<img>`s. 2015-11-07 16:12:27 +00:00
media.php Responsive images: fix the check whether the attachment meta matches the image src to work with http/https and CDNs. 2016-01-02 03:56:22 +00:00
meta.php After [35718], update the location of some files in `This filter is documented in` docs. 2015-11-22 03:51:28 +00:00
ms-blogs.php Multisite: Add the global cache group `networks` to `restore_current_blog()`. 2016-01-27 13:48:27 +00:00
ms-default-constants.php Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
ms-default-filters.php Move new user notification emails to `add_action()` callbacks. 2015-09-16 22:19:24 +00:00
ms-deprecated.php Multisite: Validate activation links. 2018-12-13 01:47:21 +00:00
ms-files.php `if` is a statment, not a function. 2015-06-16 20:01:25 +00:00
ms-functions.php Multisite: Use `wp_rand()` in signup key creation. 2017-01-11 05:34:02 +00:00
ms-load.php I18N: Move translatable Codex URLs to separate strings in `wp-includes/ms-load.php`. 2015-11-18 17:42:26 +00:00
ms-settings.php Use `wp_installing()` instead of `WP_INSTALLING` constant. 2015-10-05 15:06:28 +00:00
nav-menu-template.php Menus: Bring back line break between menu items. 2015-12-24 00:26:22 +00:00
nav-menu.php Don't use `<strong>` in translatable string in `wp-includes/nav-menu.php`. 2015-10-30 08:57:26 +00:00
option.php Rename internal variable in `set_transient()`. 2015-10-29 11:52:28 +00:00
pluggable-deprecated.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00
pluggable.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
plugin.php `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead. 2015-09-25 23:58:25 +00:00
post-formats.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-template.php Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 2019-09-04 16:41:42 +00:00
post-thumbnail-template.php Docs: Adjust documentation for the `$size` parameter in `the_post_thumbnail_url()` to clarify the required order of width and height values when passing an array. 2015-10-12 17:00:26 +00:00
post.php Media: Limit thumbnail file deletions to the same directory as the original file. 2018-07-05 14:57:24 +00:00
query.php User: Invalidate `user_activation_key` on password update. 2020-04-29 16:39:23 +00:00
registration-functions.php
registration.php
rest-api.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
revision.php Docs: Correct description for `_wp_post_revision_fields()` arguments. 2015-10-22 12:17:28 +00:00
rewrite.php Simplify the include graph after work to split out classes. 2015-11-20 07:24:30 +00:00
rss-functions.php
rss.php `foreach` is a statement, not a function. 2015-08-25 20:28:22 +00:00
script-loader.php TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:43:37 +00:00
session.php Fix some internal types that are passed to functions to avoid changing the acceptable types passed as arguments to those functions: 2015-01-16 22:51:21 +00:00
shortcodes.php Shortcodes: `=` is a reserved character in shortcode names, mark it as such. 2015-12-26 04:48:23 +00:00
taxonomy.php Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 2016-03-30 17:17:28 +00:00
template-loader.php Embeds: Add oEmbed provider support. 2015-10-07 10:36:25 +00:00
template.php List the possible values for the dynamic portion of the `{type}_template` hook. 2015-10-28 14:06:27 +00:00
theme.php Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining `CORE_UPGRADE_SKIP_NEW_BUNDLED` as `false`. 2015-11-25 21:45:25 +00:00
update.php Background Updates: Remove the 7am/7pm background update check. 2016-01-06 13:24:33 +00:00
user.php User: Invalidate `user_activation_key` on password update. 2020-04-29 16:39:23 +00:00
vars.php Introduce a new `$is_edge` global for the Microsoft Edge browser. 2015-09-05 22:33:23 +00:00
version.php WordPress 4.4.21 2019-12-12 20:31:20 +00:00
widgets.php Widgets: Revert [34465], as it introduced a regression, making the `$index` argument of `dynamic_sidebar()` case-sensitive. 2016-01-02 03:39:21 +00:00
wlwmanifest.xml
wp-db.php WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 2017-11-27 01:11:03 +00:00
wp-diff.php Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`. 2015-09-20 03:52:25 +00:00