WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-16 19:46:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Dion Hulse a579aad05b XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call. 
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.

Props dd32, johnbillion.
Fixes #34336

Built from https://develop.svn.wordpress.org/trunk@35366


git-svn-id: http://core.svn.wordpress.org/trunk@35331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:46:24 +00:00
..
certificates
HTTP: Update the Root Certificate bundle.
2015-09-18 08:43:26 +00:00
css
RIP #21759b, the old WordPress Blue.
2015-10-21 18:36:28 +00:00
fonts
ID3
images
oEmbed: add fallback icons (not used yet) for older browsers.
2015-10-12 21:17:25 +00:00
js
TinyMCE:
2015-10-21 20:38:26 +00:00
pomo
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
random_compat
Update to Random_Compat 1.0.9.
2015-10-23 04:22:26 +00:00
rest-api
REST API: don't load wp-admin/includes/admin.php on every request.
2015-10-22 16:29:28 +00:00
SimplePie
Feeds: add CEST to $timezone in SimplePie_Parse_Date.
2015-10-20 05:57:24 +00:00
Text
theme-compat
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
widgets
Widgets: revert [34376] and [34386] as pertains to the Categories widget supporting custom taxonomies.
2015-10-20 04:57:25 +00:00
admin-bar.php
Docs: Add missing file headers to two Toolbar API files: wp-includes/admin-bar.php and wp-includes/class-wp-admin-bar.php.
2015-10-14 17:27:25 +00:00
atomlib.php
author-template.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
bookmark-template.php
bookmark.php
cache.php
Filesystem: Following the introduction of the KB|MB|GB|TB_IN_BYTES constants in [35286], use them in various places in core.
2015-10-21 14:03:25 +00:00
canonical.php
Don't force comment pagination.
2015-10-21 16:26:42 +00:00
capabilities-functions.php
Revert [34778], continue using _site_option() for the current network.
2015-10-07 17:11:25 +00:00
capabilities.php
Docs: The Users subpackage is plural.
2015-09-22 13:46:25 +00:00
category-functions.php
Taxonomy: Improve deprecated argument strings for the 'link' type in get_categories() and wp_dropdown_categories().
2015-10-18 15:35:24 +00:00
category-template.php
In wp_list_categories(), rewrite a long condition for clarity.
2015-10-20 16:13:26 +00:00
category.php
Docs: Clarify the file header for wp-includes/category.php.
2015-09-22 14:20:24 +00:00
class-feed.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-http.php
Docs: object != class
2015-09-26 07:04:28 +00:00
class-IXR.php
Update variable naming after [35279].
2015-10-23 02:01:25 +00:00
class-json.php
Docs: Put "it's" in its place (again).
2015-09-16 12:46:28 +00:00
class-oembed.php
oEmbed: add Reddit Comments as a provider
2015-10-22 18:17:24 +00:00
class-phpass.php
Remove closing PHP tag from wp-includes/class-phpass.php.
2015-10-06 23:45:25 +00:00
class-phpmailer.php
class-pop3.php
Docs: Put "it's" in its place (again).
2015-09-16 12:46:28 +00:00
class-simplepie.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-smtp.php
class-snoopy.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
class-walker-category-dropdown.php
Docs: Clarify the file header for wp-includes/class-walker-category-dropdown.php, introduced in [34110].
2015-09-22 14:03:25 +00:00
class-walker-category.php
Taxonomy: in wp_list_categories(), add an arg: separator, to allow the overriding of <br/>.
2015-10-13 17:02:25 +00:00
class-walker-comment.php
Docs: some @global object vernaculars should be converted to the actual object type.
2015-10-10 15:45:25 +00:00
class-walker-page-dropdown.php
Docs: Clarify the file header subpackage for wp-includes/class-walker-page-dropdown.php, introduced in [34109].
2015-09-22 13:58:24 +00:00
class-walker-page.php
Docs: Actually, the subpackage for Walker_Page should be Template.
2015-09-22 15:09:24 +00:00
class-wp-admin-bar.php
Docs: Add missing file headers to two Toolbar API files: wp-includes/admin-bar.php and wp-includes/class-wp-admin-bar.php.
2015-10-14 17:27:25 +00:00
class-wp-ajax-response.php
class-wp-comment-query.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-comment.php
Prevent extra db queries in WP_Comment::get_children().
2015-10-01 03:58:23 +00:00
class-wp-customize-control.php
Customizer: Make the widgets "Reorder" and "Add a Widget" buttons... buttons.
2015-10-20 20:15:26 +00:00
class-wp-customize-manager.php
Customizer: Introduce customize_loaded_components filter to allow core components to be disabled.
2015-10-20 22:16:25 +00:00
class-wp-customize-nav-menus.php
Customizer: Use the plural label for available menu item types.
2015-09-24 09:16:25 +00:00
class-wp-customize-panel.php
Customize: Remove redundant aria-label attributes.
2015-09-13 06:16:26 +00:00
class-wp-customize-section.php
Merge two strings for expanding accordion and Customizer sections.
2015-10-17 00:28:25 +00:00
class-wp-customize-setting.php
Customizer: Prevent nav_menu_item settings from becoming dirty when their controls are set up.
2015-10-20 22:45:29 +00:00
class-wp-customize-widgets.php
Customizer: Make the widgets "Reorder" and "Add a Widget" buttons... buttons.
2015-10-20 20:15:26 +00:00
class-wp-editor.php
TinyMCE: add lang attribute
2015-10-16 10:11:27 +00:00
class-wp-embed.php
Embeds: Add oEmbed provider support.
2015-10-07 10:36:25 +00:00
class-wp-error.php
class-wp-http-cookie.php
Docs: object != class
2015-09-26 07:04:28 +00:00
class-wp-http-curl.php
Don't set CURLOPT_CAINFO when sslverify is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled.
2015-09-27 21:37:24 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
Docs: Update the hook doc summary for the wp_http_ixr_client_headers filter, introduced in [34164].
2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php
class-wp-http-response.php
HTTP/REST API: move WP_HTTP_Response to wp-includes/ with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically.
2015-10-08 19:27:28 +00:00
class-wp-http-streams.php
Docs: object != class
2015-09-26 07:04:28 +00:00
class-wp-image-editor-gd.php
Docs: Re-clarify the $sizes[ $size ] section of the hash notations for WP_Image_Editor_GD::multi_resize() and WP_Image_Editor_Imagick::multi_resize() as not fully-optional.
2015-10-12 16:34:23 +00:00
class-wp-image-editor-imagick.php
Docs: Re-clarify the $sizes[ $size ] section of the hash notations for WP_Image_Editor_GD::multi_resize() and WP_Image_Editor_Imagick::multi_resize() as not fully-optional.
2015-10-12 16:34:23 +00:00
class-wp-image-editor.php
class-wp-meta-query.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-network.php
Multisite: Remove the strictness for $using_paths in WP_Network::get_by_path().
2015-10-15 22:07:24 +00:00
class-wp-oembed-controller.php
oEmbed: if SimpleXMLElement does not exist, return an HTTP Error 501 Not implemented response.
2015-10-22 16:38:26 +00:00
class-wp-post.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-rewrite.php
Docs: Add a couple of strategically-placed spaces in WP_Rewrite.
2015-10-08 22:07:24 +00:00
class-wp-role.php
Docs: The Users subpackage is plural.
2015-09-22 13:46:25 +00:00
class-wp-roles.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-tax-query.php
Docs: Add a file header to wp-includes/class-wp-tax-query.php, introduced in [33760].
2015-09-22 13:16:30 +00:00
class-wp-term.php
Don't store data as a property on WP_Term objects.
2015-10-19 03:12:24 +00:00
class-wp-theme.php
Template: Make it possible to both ''add'' and ''remove'' items from the page templates list using the theme_page_templates filter.
2015-10-09 21:51:25 +00:00
class-wp-user-query.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-user.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
class-wp-walker.php
Docs: Add missing parameter and return descriptions for Walker::get_number_of_root_elements().
2015-09-14 15:33:27 +00:00
class-wp-widget-factory.php
Docs: The Widgets subpackage is plural.
2015-09-22 13:48:25 +00:00
class-wp-widget.php
Widgets: when getting settings, and none exist, set them to empty to avoid extraneous database queries on subsequent requests.
2015-10-13 01:13:24 +00:00
class-wp-xmlrpc-server.php
XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call.
2015-10-23 04:46:24 +00:00
class-wp.php
Prevent non-public taxonomies from registering aquery var.
2015-10-21 16:54:24 +00:00
class.wp-dependencies.php
class.wp-scripts.php
Scripts: in WP_Scripts::set_group(), the args prop of the _WP_Dependency instance defaults to null - check that it is set before comparing.
2015-10-06 13:54:25 +00:00
class.wp-styles.php
comment-functions.php
Comments: Introduce two new filters, notify_moderator and notify_post_author, both of which make it possible to selectively override site notification email settings for new comments.
2015-10-21 18:35:31 +00:00
comment-template.php
Don't force comment pagination.
2015-10-21 16:26:42 +00:00
comment.php
Docs: The Comment API is singular.
2015-09-22 13:44:25 +00:00
compat.php
Use PHP7's random_int() CSPRNG functionality in wp_rand() with a fallback to the random_compat library for PHP 5.x.
2015-10-09 04:28:24 +00:00
cron.php
Cron: In spawn_cron(), when using ALTERNATE_WP_CRON, return early for any non-GET, instead of naively checking ! empty( $_POST ).
2015-09-26 04:51:26 +00:00
date.php
Ensure that WP_Date_Query accepts a value of 0 for 'hour'.
2015-10-09 16:33:25 +00:00
default-constants.php
Docs: Correction: MONTH_IN_SECONDS was added in 4.4.0.
2015-10-20 07:35:26 +00:00
default-filters.php
Don't force comment pagination.
2015-10-21 16:26:42 +00:00
default-widgets.php
Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes.
2015-09-22 13:36:25 +00:00
deprecated.php
Filesystem: Following the introduction of the KB|MB|GB|TB_IN_BYTES constants in [35286], use them in various places in core.
2015-10-21 14:03:25 +00:00
embed-functions.php
oEmbed: if SimpleXMLElement does not exist, return an HTTP Error 501 Not implemented response.
2015-10-22 16:38:26 +00:00
embed-template.php
Tests: Use updated filter names and oembed title for UT sanity.
2015-10-20 17:05:25 +00:00
feed-atom-comments.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-atom.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rdf.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rss2-comments.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rss2.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed-rss.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
feed.php
Docs: Add translator comments for two _deprecated_argument() calls added to get_wp_title_rss() and wp_title_rss() in [35294].
2015-10-20 19:20:25 +00:00
formatting.php
Formatting: move url_shorten() from wp-admin/includes/misc.php to wp-includes/formatting.php for more global access.
2015-10-21 03:48:24 +00:00
functions.php
wp_die(): Update colors and button styling.
2015-10-21 15:23:26 +00:00
functions.wp-scripts.php
functions.wp-styles.php
general-template.php
Docs: Add documentation in the form of a hash notation for default arguments accepted by wp_login_form().
2015-10-21 15:38:26 +00:00
http-functions.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
http.php
After [34953], unbreak WordPress.
2015-10-08 19:29:25 +00:00
kses.php
KSES: have you ever heard of the <bdo> HTML tag? Same. http://www.w3schools.com/tags/tag_bdo.asp
2015-10-13 17:18:25 +00:00
l10n.php
Revert [34778], continue using _site_option() for the current network.
2015-10-07 17:11:25 +00:00
link-template.php
Docs: Update the default scheme for get_rest_url() from 'json' to 'rest'.
2015-10-19 22:39:25 +00:00
load.php
Move wp_installing() to load.php.
2015-10-07 03:02:23 +00:00
locale.php
WP Locale: Add a start_of_week property to store the start of the week per locale.
2015-10-21 17:28:29 +00:00
media-template.php
TinyMCE:
2015-10-21 20:38:26 +00:00
media.php
Responsive Images: limit the size of images included in srcset attributes. Introduce max_srcset_image_width filter to adjust the limit.
2015-10-22 19:31:25 +00:00
meta-functions.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
meta.php
Docs: Clarify the file header summary for wp-includes/meta.php, the top-level file for the core Meta API.
2015-09-22 13:30:24 +00:00
ms-blogs.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
ms-default-constants.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
ms-default-filters.php
Move new user notification emails to add_action() callbacks.
2015-09-16 22:19:24 +00:00
ms-deprecated.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
ms-files.php
ms-functions.php
Filesystem: Following the introduction of the KB|MB|GB|TB_IN_BYTES constants in [35286], use them in various places in core.
2015-10-21 14:03:25 +00:00
ms-load.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
ms-settings.php
Use wp_installing() instead of WP_INSTALLING constant.
2015-10-05 15:06:28 +00:00
nav-menu-template.php
Add a nav_menu_item_title filter for filtering nav menu item titles.
2015-09-28 18:41:26 +00:00
nav-menu.php
Introduce the wp_add_nav_menu_item action, fired immediately after a new nav menu item has been added.
2015-10-02 06:46:24 +00:00
option.php
Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
2015-10-14 23:44:25 +00:00
pluggable-deprecated.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00
pluggable.php
Update to Random_Compat 1.0.9.
2015-10-23 04:22:26 +00:00
plugin.php
callback is not a valid type in PHP, PSR-5, or phpDocumentor. callable should be used instead.
2015-09-25 23:58:25 +00:00
post-formats.php
post-functions.php
Docs: Improve the hook doc for the get_post_status filter, introduced in [35233].
2015-10-17 14:24:25 +00:00
post-template.php
Docs: Normalize spacing in the wp_get_attachment_link hook doc following [35065].
2015-10-12 16:44:24 +00:00
post-thumbnail-template.php
Docs: Adjust documentation for the $size parameter in the_post_thumbnail_url() to clarify the required order of width and height values when passing an array.
2015-10-12 17:00:26 +00:00
post.php
Docs: Clarify the file header summary for wp-includes/post.php, the top-level file for the Post API.
2015-09-22 13:13:26 +00:00
query.php
Query: Introduce the content_pagination filter, which makes it possible to manipulate how post content is split into "pages" in WP_Query::setup_postdata().
2015-10-20 06:33:27 +00:00
registration-functions.php
registration.php
rest-api.php
After [34953], unbreak WordPress.
2015-10-08 19:29:25 +00:00
revision.php
Docs: Correct description for _wp_post_revision_fields() arguments.
2015-10-22 12:17:28 +00:00
rewrite-constants.php
rewrite-functions.php
In WP::parse_request() and url_to_postid(), don't skip objects that have a post status with 'exclude_from_search' => false, e.g. inherit.
2015-10-15 17:53:24 +00:00
rewrite.php
rss-functions.php
rss.php
script-loader.php
List Tables: revert the majority of [34467]. This was almost universally abhorred (the JS that disabled the bulk dropdowns).
2015-10-20 04:29:24 +00:00
session.php
shortcodes.php
Abstract the shortcode attribute parsing regex into its own function, update the JavaScript counterpart, and introduce a test to ensure they do not diverge again.
2015-10-08 03:12:24 +00:00
taxonomy-functions.php
Prevent non-public taxonomies from registering aquery var.
2015-10-21 16:54:24 +00:00
taxonomy.php
Introduce WP_Term.
2015-10-10 01:59:29 +00:00
template-loader.php
Embeds: Add oEmbed provider support.
2015-10-07 10:36:25 +00:00
template.php
Docs: some @global object vernaculars should be converted to the actual object type.
2015-10-10 15:45:25 +00:00
theme.php
Themes: Improve document title output.
2015-10-20 16:21:25 +00:00
update.php
Use wp_installing() instead of WP_INSTALLING constant.
2015-10-05 15:06:28 +00:00
user-functions.php
Users: when calling wp_insert_user() with an valid user ID, return WP_Error instead of arbitrarily updating user meta.
2015-10-20 05:28:24 +00:00
user.php
Docs: The User API is singular.
2015-09-22 13:03:24 +00:00
vars.php
version.php
4.4-beta1
2015-10-22 21:45:25 +00:00
widget-functions.php
Widgets: When using the_widget(), the $before_widget argument only receives the widget class if using the default sidebar arguments. Run sprintf after parsing the args to fix this.
2015-10-13 01:49:48 +00:00
widgets.php
wlwmanifest.xml
wp-db.php
Add wp_load_translations_early() to wpdb::check_connection().
2015-10-08 17:11:24 +00:00
wp-diff.php
Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
2015-09-20 03:52:25 +00:00