WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-03-04 12:29:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Sergey Biryukov d9e1193af0 Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.1 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.1@46909


git-svn-id: http://core.svn.wordpress.org/branches/4.1@46709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:40:17 +00:00
..
certificates
WP_HTTP: Revert r30491 which updated the bundled root certificates. There's a report that this is breaking under certain PHP/OpenSSL versions (which we've encountered before), and we're safer with a slighty out of date CA bundle than breaking HTTPS communication on affected sites.
2014-12-07 03:13:22 +00:00
css
Revert [31198] from the 4.1 branch, as it is an incomplete fix that introduces more problems than the tiny issue it was attempting to solve.
2015-02-17 14:11:25 +00:00
fonts
Dashicons: Update to the latest files.
2014-12-09 19:34:23 +00:00
ID3
images
TwentyFifteen:
2014-11-25 06:12:22 +00:00
js
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
2018-01-16 08:13:27 +00:00
pomo
Add missing @params to src/wp-includes/pomo files.
2014-11-30 21:41:22 +00:00
SimplePie
Text
theme-compat
Improve various hook and filter docs so they are correctly parsed for the code reference.
2014-12-06 21:32:24 +00:00
admin-bar.php
Consistently handle an empty site title in Site and My Sites toolbar menus.
2014-11-28 08:13:24 +00:00
atomlib.php
author-template.php
Remove redundant and erroneous @uses tag from most core inline documentation.
2014-10-30 01:05:24 +00:00
bookmark-template.php
Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented.
2014-11-24 04:42:22 +00:00
bookmark.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
cache.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
canonical.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
capabilities.php
Capabilities: Fall back to the edit_posts capability for orphaned comments.
2015-09-09 06:06:23 +00:00
category-template.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
category.php
Add inline @see tags to the docs for the get_categories_taxonomy hook.
2014-11-17 17:37:23 +00:00
class-feed.php
class-http.php
Fix a typo in the DocBlock for WP_Http_Curl::$bytes_written_total introduced in [29968].
2014-12-07 05:16:24 +00:00
class-IXR.php
Add missing documentation for the xmlrpc_element_limit hook in wp-includes/class-IXR.php.
2014-12-05 03:28:22 +00:00
class-json.php
class-oembed.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
class-phpass.php
Prevent high resource usage when hashing large passwords. props mdawaffe, pento
2014-11-20 16:03:24 +00:00
class-phpmailer.php
Update PHPMailer to 5.2.22.
2017-01-11 05:25:51 +00:00
class-pop3.php
class-simplepie.php
class-smtp.php
Update PHPMailer to 5.2.22.
2017-01-11 05:25:51 +00:00
class-snoopy.php
Snoopy: use escapeshellarg instead of escapeshellcmd
2016-03-30 14:10:23 +00:00
class-wp-admin-bar.php
class-wp-ajax-response.php
class-wp-customize-control.php
Customizer: Improve IE 8 compatibility.
2015-02-10 01:41:24 +00:00
class-wp-customize-manager.php
Customize: Ignore invalid customization sessions.
2017-05-16 12:20:25 +00:00
class-wp-customize-panel.php
Customizer: Add panel/section type as CSS class to the HTML container.
2014-12-02 22:16:23 +00:00
class-wp-customize-section.php
Customizer: Add panel/section type as CSS class to the HTML container.
2014-12-02 22:16:23 +00:00
class-wp-customize-setting.php
Ensure that WP_Customize_Setting::value() returns default value for setting if not dirty.
2015-02-11 06:25:23 +00:00
class-wp-customize-widgets.php
Customizer: Use hash_equals() for widgets.
2015-08-04 04:52:35 +00:00
class-wp-editor.php
Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 4.1 branch.
2015-04-20 05:53:23 +00:00
class-wp-embed.php
Backport r33469 and r33470 to 4.1.
2015-07-31 01:43:23 +00:00
class-wp-error.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
class-wp-http-ixr-client.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
class-wp-image-editor-gd.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
class-wp-image-editor-imagick.php
WP_Image_Editor_GD and WP_Image_Editor_Imagick should specify type in a doc block for the $image property, instead of inferring bool and null.
2014-11-03 02:38:23 +00:00
class-wp-image-editor.php
Clarify the behaviour of the wp_editor_set_quality and jpeg_quality filters.
2014-12-15 21:51:22 +00:00
class-wp-theme.php
Themes: Fix markup for theme name fallbacks.
2017-01-11 11:12:20 +00:00
class-wp-walker.php
class-wp-xmlrpc-server.php
Adjust post meta checks
2017-05-16 08:53:19 +00:00
class-wp.php
Backporting several bug fixes.
2019-10-14 19:17:19 +00:00
class.wp-dependencies.php
Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented.
2014-11-24 04:58:22 +00:00
class.wp-scripts.php
Convert various uses of (optional) in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP.
2014-12-06 21:24:45 +00:00
class.wp-styles.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
comment-template.php
Correctly capitalize JavaScript throughout core docs.
2014-12-02 00:31:22 +00:00
comment.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
compat.php
WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion.
2015-05-06 19:07:25 +00:00
cron.php
Improve various @param docs for src/wp-includes/*.
2014-12-01 01:34:24 +00:00
date.php
Support array values in WP_Date_Query::validate_date_values().
2015-02-10 01:14:23 +00:00
default-constants.php
default-filters.php
Revert shared taxonomy term splitting for 4.1.
2014-11-27 00:05:22 +00:00
default-widgets.php
Nav menus: Consistent titles in widgets.
2015-08-03 20:58:03 +00:00
deprecated.php
Convert various uses of (optional) in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP.
2014-12-06 21:24:45 +00:00
feed-atom-comments.php
feed-atom.php
feed-rdf.php
Improve various hook and filter docs so they are correctly parsed for the code reference.
2014-12-06 21:32:24 +00:00
feed-rss2-comments.php
Improve various hook and filter docs so they are correctly parsed for the code reference.
2014-12-06 21:32:24 +00:00
feed-rss2.php
Improve various hook and filter docs so they are correctly parsed for the code reference.
2014-12-06 21:32:24 +00:00
feed-rss.php
feed.php
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
2017-11-29 16:37:18 +00:00
formatting.php
Media: Improve handling of extensionless filenames.
2016-06-21 14:57:40 +00:00
functions.php
Backporting several bug fixes.
2019-10-14 19:17:19 +00:00
functions.wp-scripts.php
Improve various @param docs.
2014-11-30 23:24:25 +00:00
functions.wp-styles.php
Improve various @param docs.
2014-11-30 23:24:25 +00:00
general-template.php
Multisite: Improve messaging for previously activated users.
2018-12-13 00:59:36 +00:00
http.php
Backporting several bug fixes.
2019-10-14 19:17:19 +00:00
kses.php
Update wp_kses_bad_protocol() to recognize : on uri attributes,
2019-12-12 18:40:17 +00:00
l10n.php
Improve various @param docs.
2014-11-30 23:24:25 +00:00
link-template.php
Add context for 'Previous' and 'Next' strings in get_the_posts_pagination().
2015-01-08 05:57:22 +00:00
load.php
Remove unbounded check for "install.php" in wp_not_installed().
2014-11-26 20:56:23 +00:00
locale.php
In WP_Locale, declare $number_format as a property.
2014-11-03 03:40:22 +00:00
media-template.php
Clarify the text for the 'Edit Selection' link when multiple media items are selected in the media manager.
2014-12-01 04:15:23 +00:00
media.php
Embeds: URL encode YouTube video IDs for broader compatibility.
2017-03-06 12:08:26 +00:00
meta.php
In WP_Meta_Query, interpret 'value' correctly when used with EXISTS/NOT EXISTS.
2014-12-14 19:31:23 +00:00
ms-blogs.php
Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
2014-11-30 12:10:23 +00:00
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php
Multisite: Validate activation links.
2018-12-13 01:54:18 +00:00
ms-files.php
ms-functions.php
Multisite: Use wp_rand() in signup key creation.
2017-01-11 05:35:19 +00:00
ms-load.php
Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
2014-11-24 05:53:22 +00:00
ms-settings.php
nav-menu-template.php
4.1 Docs Audit: Spell out HTML element names in DocBlock summaries for the nav_menu_css_class, nav_menu_item_id, and nav_menu_link_attributes filters.
2014-11-28 12:12:23 +00:00
nav-menu.php
4.1 Docs Audit: Formatting, line-wrap, and other fixes for the wp_get_nav_menus() DocBlock.
2014-11-28 12:15:23 +00:00
option.php
Add braces around a Docblock in an if statement, although not required by PHP, this is required by our coding standards for readability.
2014-12-16 22:37:22 +00:00
pluggable-deprecated.php
Improve the @param docs for src/wp-includes/pluggable*.
2014-11-30 22:19:25 +00:00
pluggable.php
Backporting several bug fixes.
2019-10-14 19:17:19 +00:00
plugin.php
Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
2014-11-24 06:05:23 +00:00
post-formats.php
Remove redundant and erroneous @uses tag from most core inline documentation.
2014-10-30 01:05:24 +00:00
post-template.php
Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
2019-09-04 16:43:37 +00:00
post-thumbnail-template.php
post.php
Media: Limit thumbnail file deletions to the same directory as the original file.
2018-07-05 15:08:20 +00:00
query.php
Backporting several bug fixes.
2019-10-14 19:17:19 +00:00
registration-functions.php
registration.php
revision.php
Improve various @param docs.
2014-11-30 22:56:25 +00:00
rewrite.php
Using let's properly in inline comments lets us move on to more pressing matters of inline documentation.
2014-12-02 04:43:22 +00:00
rss-functions.php
rss.php
Fill in the @param types for the args for functions missing them in wp-admin/includes/deprecated.php (pour one out).
2014-11-03 06:08:22 +00:00
script-loader.php
TinyMCE: Improve the previews for shortcodes.
2017-09-19 12:44:54 +00:00
session.php
Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
2014-11-13 15:21:21 +00:00
shortcodes.php
Shortcodes: don't allow unclosed HTML elements in attributes
2015-09-14 22:48:48 +00:00
taxonomy.php
Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
2016-03-30 17:32:22 +00:00
template-loader.php
template.php
Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
2014-11-30 12:10:23 +00:00
theme.php
Themes: Fix some broken links in the legacy theme preview.
2015-08-04 04:57:08 +00:00
update.php
Background Updates: Remove the 7am/7pm background update check.
2016-01-06 13:24:33 +00:00
user.php
No need for wp_get_password_hint() to be prefixed as if it is private.
2014-12-16 22:19:22 +00:00
vars.php
version.php
WordPress 4.1.28.
2019-10-14 20:16:18 +00:00
widgets.php
Fix formatting in the DocBlock for wp_get_sidebars_widgets().
2014-12-07 20:15:26 +00:00
wlwmanifest.xml
wp-db.php
WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined.
2017-11-27 01:13:21 +00:00
wp-diff.php
Minor syntactical adjustments to the inline documentation for the revision_text_diff_options hook.
2014-11-21 03:50:24 +00:00