WordPress/wp-admin/includes
John Blackbourn 9b7814a4a1 Security: Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases.
This allows referrer-restricted content from third parties (such as images and fonts) to continue working in the admin area.

Props aranwer104, qcmiao

Fixes #43285

Merges [42830] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@42831


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-12 10:59:39 +00:00
..
admin-filters.php Security: Add a referrer policy header to the admin and login screens. 2017-10-04 18:25:46 +00:00
admin.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
ajax-actions.php Embeds: Improve consistency of update and refresh logic for oEmbed caching between `oembed_cache` and post meta. 2017-10-24 23:10:48 +00:00
bookmark.php General: Replace `Cheatin’ uh?` with friendlier error messages. 2018-03-09 00:15:42 +00:00
class-automatic-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-bulk-plugin-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-bulk-theme-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-bulk-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-core-upgrader.php I18N: Remove `<code>` tags from translatable strings in `Core_Upgrader`, `Language_Pack_Upgrader`, `Plugin_Upgrader`, `Theme_Upgrader`. 2017-10-18 17:15:47 +00:00
class-file-upload-upgrader.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
class-ftp-pure.php FTP: ensure that there is only one class named `ftp`, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files. 2016-08-26 18:47:29 +00:00
class-ftp-sockets.php FTP: ensure that there is only one class named `ftp`, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files. 2016-08-26 18:47:29 +00:00
class-ftp.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-language-pack-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-language-pack-upgrader.php I18N: Remove `<code>` tags from translatable strings in `Core_Upgrader`, `Language_Pack_Upgrader`, `Plugin_Upgrader`, `Theme_Upgrader`. 2017-10-18 17:15:47 +00:00
class-pclzip.php Filesystem API: Ensure memory limit calculations by PclZip are using integers. 2016-07-19 11:55:30 +00:00
class-plugin-installer-skin.php Retire Press This and extract it to a plugin. First run. 2017-09-24 14:22:54 +00:00
class-plugin-upgrader-skin.php Plugins: Introduce singular capabilities for activating and deactivating individual plugins. 2017-08-22 14:02:44 +00:00
class-plugin-upgrader.php I18N: Remove `<code>` tags from translatable strings in `Core_Upgrader`, `Language_Pack_Upgrader`, `Plugin_Upgrader`, `Theme_Upgrader`. 2017-10-18 17:15:47 +00:00
class-theme-installer-skin.php Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in `top` window. 2017-10-09 16:04:48 +00:00
class-theme-upgrader-skin.php Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in `top` window. 2017-10-09 16:04:48 +00:00
class-theme-upgrader.php I18N: Remove `<strong>` tag from a translatable string in `Theme_Upgrader::install_strings()`. 2017-10-18 17:20:48 +00:00
class-walker-category-checklist.php Docs: Standardise the format used for documenting parameters passed by reference. 2017-10-02 22:14:46 +00:00
class-walker-nav-menu-checklist.php Docs: Standardise the format used for documenting parameters passed by reference. 2017-10-02 22:14:46 +00:00
class-walker-nav-menu-edit.php Docs: Standardise the format used for documenting parameters passed by reference. 2017-10-02 22:14:46 +00:00
class-wp-ajax-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-automatic-updater.php Docs: Add `@since` entry for `WP_Automatic_Updater::after_core_update()`, introduced in [25841]. 2017-10-18 17:48:49 +00:00
class-wp-comments-list-table.php Accessibility: List Tables: use `aria-current` for the views current link. 2017-10-02 19:44:47 +00:00
class-wp-community-events.php Dashboard: Strip ports from IPs to avoid PHP warnings. 2017-10-25 00:07:46 +00:00
class-wp-filesystem-base.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-filesystem-direct.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-filesystem-ftpext.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-filesystem-ftpsockets.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-filesystem-ssh2.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-importer.php Database: Don't quote placeholders in queries going through `$wpdb->prepare()` 2017-09-28 04:32:46 +00:00
class-wp-internal-pointers.php Docs: Clarify the file header summary for wp-admin/includes/class-wp-internal-pointers.php, introduced in [34241]. 2015-09-22 14:35:25 +00:00
class-wp-links-list-table.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-list-table-compat.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-list-table.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-media-list-table.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-ms-sites-list-table.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
class-wp-ms-themes-list-table.php Accessibility: List Tables: use `aria-current` for the views current link. 2017-10-02 19:44:47 +00:00
class-wp-ms-users-list-table.php Users: Display partial names in the user listing tables. 2018-03-08 19:48:39 +00:00
class-wp-plugin-install-list-table.php Plugins: Revert unintended change from [41915]. 2017-10-18 18:01:49 +00:00
class-wp-plugins-list-table.php Plugins: Tweak the plugin icons added in [41695]. 2017-10-04 23:43:46 +00:00
class-wp-post-comments-list-table.php Docs: Add missing file headers to the list table classes and adjust class DocBlocks accordingly. 2015-10-17 15:13:25 +00:00
class-wp-posts-list-table.php Administration: Add `.protected-post-excerpt` class to password-protected post excerpts in the posts list. 2017-10-05 02:50:46 +00:00
class-wp-screen.php Dashboard: Remove "Try Gutenberg" callout. 2017-10-23 20:48:47 +00:00
class-wp-site-icon.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-terms-list-table.php Quick/Bulk Edit: Improve the inline error messages styling. 2017-10-02 21:52:52 +00:00
class-wp-theme-install-list-table.php Accessibility: List Tables: use `aria-current` for the views current link. 2017-10-02 19:44:47 +00:00
class-wp-themes-list-table.php General: Fix various instances of incorrect filter docs and incorrect filter and action parameters. 2017-08-03 15:43:43 +00:00
class-wp-upgrader-skin.php Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
class-wp-upgrader-skins.php Load: Re-add `class-wp-upgrader-skins.php`. 2016-12-03 03:40:41 +00:00
class-wp-upgrader.php Upgrade: Fix updating plugins which include a numeric file/folder names. 2017-11-21 04:16:41 +00:00
class-wp-users-list-table.php Users: Display partial names in the user listing tables. 2018-03-08 19:48:39 +00:00
comment.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
continents-cities.php I18N: Update list of continents and cities for the timezone selection. 2016-05-24 23:24:27 +00:00
credits.php Docs: Standardise the format used for documenting parameters passed by reference. 2017-10-02 22:14:46 +00:00
dashboard.php Customize: Prevent PHP notice on theme-switch dashboard welcome link (and link to themes admin screen) when user cannot `customize`. 2017-11-13 22:45:47 +00:00
deprecated.php Permalinks: Change structure tag button state more reliably. 2017-09-26 08:24:46 +00:00
edit-tag-messages.php Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
export.php Docs: Add missing backtick character in `export_wp()` DocBlock. 2017-06-27 00:58:41 +00:00
file.php General: Replace `Cheatin’ uh?` with friendlier error messages. 2018-03-09 00:15:42 +00:00
image-edit.php Media: Rename several attachment related parameters from `$post_id` to `$attachment_id` for clarity, and improve related 2017-08-22 11:12:44 +00:00
image.php Media: Correctly allow changing PDF thumbnail crop value. 2018-03-09 03:21:40 +00:00
import.php Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate. 2017-09-27 08:00:49 +00:00
list-table.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
media.php Media: Bring consistency to `getimagesize()` error suppression. 2018-01-15 20:02:39 +00:00
menu.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
meta-boxes.php Docs: Correct the `@since` property for the `page_attributes_misc_attributes` action. 2017-11-23 18:03:43 +00:00
misc.php Security: Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases. 2018-03-12 10:59:39 +00:00
ms-admin-filters.php Options, Meta APIs: Require a confirmation link in an email to be clicked when a user attempts to change the network 2017-09-27 14:17:45 +00:00
ms-deprecated.php Docs: Standardize and add missing deprecation notations in DocBlocks for the following functions: 2017-06-22 17:48:45 +00:00
ms.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
nav-menu.php Taxonomy: After [40984], add the `most_used` label for non-hierarchical taxonomies too, and use it on the Menus screen. 2017-10-24 11:23:24 +00:00
network.php Network Admin: After [41923], move the second `<p>` tag to a new line for better readability. 2017-10-18 20:51:48 +00:00
noop.php Docs: Add missing file header to `wp-admin/includes/noop.php`, introduced in [34037]. 2017-01-25 23:10:43 +00:00
options.php Settings: Fix date/time format previewing. 2017-11-09 03:57:36 +00:00
plugin-install.php Plugins: Update review filter links in Details modal. 2018-01-17 07:02:41 +00:00
plugin.php Theme/Plugin Editor: Remove the caching added in [41806] as it causes more problems than it fixes. 2017-11-27 03:00:38 +00:00
post.php Posts, Post Types: Simplify the wording in post locking notice. 2017-10-03 15:11:48 +00:00
revision.php Revisions: correct a timezone display issue. 2017-09-21 23:33:44 +00:00
schema.php Transients: Clear expired transients from the database in a daily cron task. 2017-10-21 13:22:49 +00:00
screen.php Screen API: After [37972], ensure that `$box['args']` is an array before trying to access `__widget_basename`. 2016-07-07 16:39:29 +00:00
taxonomy.php Store only term IDs in object term relationships caches. 2016-05-26 04:50:27 +00:00
template.php Settings: Replace `count()` call with `empty()` in `get_settings_errors()` to prevent PHP 7.2 warnings when `$wp_settings_errors` is `null`. 2017-11-10 22:32:47 +00:00
theme-install.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
theme.php Customize: Correct closing tags in `customize_themes_print_templates()`. 2018-03-08 19:42:39 +00:00
translation-install.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
update-core.php External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 2018-01-16 06:41:51 +00:00
update.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
upgrade.php Multisite: Fix broken update `blog_versions` query after [41661]. 2017-11-21 03:43:40 +00:00
user.php Docs: Remove `&` prefixes from parameter documentation to avoid doc parsing errors. 2017-10-02 22:03:33 +00:00
widgets.php Accessibility: Improve the sidebar toggles in the Widgets screen. 2017-09-27 16:29:44 +00:00