WordPress/wp-includes
John Blackbourn e16db41a65 Hardening: Add escaping to the language attributes used on `html` elements.
Merges [42259] to the 4.1 branch.

Built from https://develop.svn.wordpress.org/branches/4.1@42297


git-svn-id: http://core.svn.wordpress.org/branches/4.1@42126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:36:53 +00:00
..
ID3 Update getID3 library to 1.9.8. 2014-09-11 19:07:17 +00:00
SimplePie
Text
certificates WP_HTTP: Revert r30491 which updated the bundled root certificates. There's a report that this is breaking under certain PHP/OpenSSL versions (which we've encountered before), and we're safer with a slighty out of date CA bundle than breaking HTTPS communication on affected sites. 2014-12-07 03:13:22 +00:00
css Revert [31198] from the 4.1 branch, as it is an incomplete fix that introduces more problems than the tiny issue it was attempting to solve. 2015-02-17 14:11:25 +00:00
fonts Dashicons: Update to the latest files. 2014-12-09 19:34:23 +00:00
images TwentyFifteen: 2014-11-25 06:12:22 +00:00
js TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:44:54 +00:00
pomo Add missing `@param`s to `src/wp-includes/pomo` files. 2014-11-30 21:41:22 +00:00
theme-compat Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
admin-bar.php Consistently handle an empty site title in Site and My Sites toolbar menus. 2014-11-28 08:13:24 +00:00
atomlib.php
author-template.php Remove redundant and erroneous `@uses` tag from most core inline documentation. 2014-10-30 01:05:24 +00:00
bookmark-template.php Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented. 2014-11-24 04:42:22 +00:00
bookmark.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
cache.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
canonical.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
capabilities.php Capabilities: Fall back to the `edit_posts` capability for orphaned comments. 2015-09-09 06:06:23 +00:00
category-template.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
category.php Add inline `@see` tags to the docs for the `get_categories_taxonomy` hook. 2014-11-17 17:37:23 +00:00
class-IXR.php Add missing documentation for the `xmlrpc_element_limit` hook in wp-includes/class-IXR.php. 2014-12-05 03:28:22 +00:00
class-feed.php Add access modifiers to methods/members in `WP_Feed_Cache`, `WP_SimplePie_File`, and `WP_Feed_Cache_Transient`. 2014-05-19 05:27:15 +00:00
class-http.php Fix a typo in the DocBlock for `WP_Http_Curl::$bytes_written_total` introduced in [29968]. 2014-12-07 05:16:24 +00:00
class-json.php
class-oembed.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
class-phpass.php Prevent high resource usage when hashing large passwords. props mdawaffe, pento 2014-11-20 16:03:24 +00:00
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 05:25:51 +00:00
class-pop3.php
class-simplepie.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 05:25:51 +00:00
class-snoopy.php Snoopy: use escapeshellarg instead of escapeshellcmd 2016-03-30 14:10:23 +00:00
class-wp-admin-bar.php
class-wp-ajax-response.php Fix some words that aren't words. 2014-08-09 19:30:17 +00:00
class-wp-customize-control.php Customizer: Improve IE 8 compatibility. 2015-02-10 01:41:24 +00:00
class-wp-customize-manager.php Customize: Ignore invalid customization sessions. 2017-05-16 12:20:25 +00:00
class-wp-customize-panel.php Customizer: Add panel/section type as CSS class to the HTML container. 2014-12-02 22:16:23 +00:00
class-wp-customize-section.php Customizer: Add panel/section type as CSS class to the HTML container. 2014-12-02 22:16:23 +00:00
class-wp-customize-setting.php Ensure that `WP_Customize_Setting::value()` returns default value for setting if not dirty. 2015-02-11 06:25:23 +00:00
class-wp-customize-widgets.php Customizer: Use `hash_equals()` for widgets. 2015-08-04 04:52:35 +00:00
class-wp-editor.php Remove some old backwards compatibility code from TinyMCE. Merge of [32166] to the 4.1 branch. 2015-04-20 05:53:23 +00:00
class-wp-embed.php Backport r33469 and r33470 to 4.1. 2015-07-31 01:43:23 +00:00
class-wp-error.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
class-wp-http-ixr-client.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
class-wp-image-editor-gd.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
class-wp-image-editor-imagick.php `WP_Image_Editor_GD` and `WP_Image_Editor_Imagick` should specify type in a doc block for the `$image` property, instead of inferring `bool` and `null`. 2014-11-03 02:38:23 +00:00
class-wp-image-editor.php Clarify the behaviour of the `wp_editor_set_quality` and `jpeg_quality` filters. 2014-12-15 21:51:22 +00:00
class-wp-theme.php Themes: Fix markup for theme name fallbacks. 2017-01-11 11:12:20 +00:00
class-wp-walker.php Fix some documentation typos in various core files. 2014-08-13 03:56:17 +00:00
class-wp-xmlrpc-server.php Adjust post meta checks 2017-05-16 08:53:19 +00:00
class-wp.php Using let's properly in inline comments lets us move on to more pressing matters of inline documentation. 2014-12-02 04:43:22 +00:00
class.wp-dependencies.php Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented. 2014-11-24 04:58:22 +00:00
class.wp-scripts.php Convert various uses of `(optional)` in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP. 2014-12-06 21:24:45 +00:00
class.wp-styles.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
comment-template.php Correctly capitalize JavaScript throughout core docs. 2014-12-02 00:31:22 +00:00
comment.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
compat.php WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion. 2015-05-06 19:07:25 +00:00
cron.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
date.php Support array values in `WP_Date_Query::validate_date_values()`. 2015-02-10 01:14:23 +00:00
default-constants.php Set Twenty Fifteen as the new default theme. see #29799. 2014-10-14 19:58:19 +00:00
default-filters.php Revert shared taxonomy term splitting for 4.1. 2014-11-27 00:05:22 +00:00
default-widgets.php Nav menus: Consistent titles in widgets. 2015-08-03 20:58:03 +00:00
deprecated.php Convert various uses of `(optional)` in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP. 2014-12-06 21:24:45 +00:00
feed-atom-comments.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-atom.php Introduce 'rss_tag_pre' action, which fires between the xml and rss tags in a feed. 2014-07-07 10:18:15 +00:00
feed-rdf.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed-rss.php
feed-rss2-comments.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed-rss2.php Improve various hook and filter docs so they are correctly parsed for the code reference. 2014-12-06 21:32:24 +00:00
feed.php Improve various `@param` docs for `src/wp-includes/*`. 2014-12-01 01:34:24 +00:00
formatting.php Media: Improve handling of extensionless filenames. 2016-06-21 14:57:40 +00:00
functions.php Media: Fix exif_imagetype check in wp_get_image_mime 2017-01-11 16:44:24 +00:00
functions.wp-scripts.php Improve various `@param` docs. 2014-11-30 23:24:25 +00:00
functions.wp-styles.php Improve various `@param` docs. 2014-11-30 23:24:25 +00:00
general-template.php Hardening: Add escaping to the language attributes used on `html` elements. 2017-11-29 16:36:53 +00:00
http.php HTTP: Improve detection of valid IP addresses. 2016-03-30 15:52:33 +00:00
kses.php Shortcodes: Improve the reliablity of shortcodes inside HTML tags. 2015-07-23 04:37:22 +00:00
l10n.php Improve various `@param` docs. 2014-11-30 23:24:25 +00:00
link-template.php Add context for 'Previous' and 'Next' strings in get_the_posts_pagination(). 2015-01-08 05:57:22 +00:00
load.php Remove unbounded check for "install.php" in `wp_not_installed()`. 2014-11-26 20:56:23 +00:00
locale.php In `WP_Locale`, declare `$number_format` as a property. 2014-11-03 03:40:22 +00:00
media-template.php Clarify the text for the 'Edit Selection' link when multiple media items are selected in the media manager. 2014-12-01 04:15:23 +00:00
media.php Embeds: URL encode YouTube video IDs for broader compatibility. 2017-03-06 12:08:26 +00:00
meta.php In `WP_Meta_Query`, interpret 'value' correctly when used with EXISTS/NOT EXISTS. 2014-12-14 19:31:23 +00:00
ms-blogs.php Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*. 2014-11-30 12:10:23 +00:00
ms-default-constants.php After [29200], switch back to using `static` vars instead of adding 2 `global`s, as per Sergey. 2014-07-19 23:14:15 +00:00
ms-default-filters.php Simplify the code for calling refresh_blog_details() whenever 'blogname', 'siteurl', or 'post_count' option is updated. 2014-09-02 07:30:16 +00:00
ms-deprecated.php Delete admin_created_user_subject() rather than deprecate 2014-11-02 02:07:23 +00:00
ms-files.php
ms-functions.php Multisite: Use `wp_rand()` in signup key creation. 2017-01-11 05:35:19 +00:00
ms-load.php Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 2014-11-24 05:53:22 +00:00
ms-settings.php Move ms-load.php and ms-default-constants.php inclusion back to ms-settings.php to avoid breaking WP-CLI. 2014-06-30 23:50:15 +00:00
nav-menu-template.php 4.1 Docs Audit: Spell out HTML element names in DocBlock summaries for the `nav_menu_css_class`, `nav_menu_item_id`, and `nav_menu_link_attributes` filters. 2014-11-28 12:12:23 +00:00
nav-menu.php 4.1 Docs Audit: Formatting, line-wrap, and other fixes for the `wp_get_nav_menus()` DocBlock. 2014-11-28 12:15:23 +00:00
option.php Add braces around a Docblock in an if statement, although not required by PHP, this is required by our coding standards for readability. 2014-12-16 22:37:22 +00:00
pluggable-deprecated.php Improve the `@param` docs for `src/wp-includes/pluggable*`. 2014-11-30 22:19:25 +00:00
pluggable.php Strip control characters before validating redirect. 2017-03-06 13:45:27 +00:00
plugin.php Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 2014-11-24 06:05:23 +00:00
post-formats.php Remove redundant and erroneous `@uses` tag from most core inline documentation. 2014-10-30 01:05:24 +00:00
post-template.php Admin: Escape attachment name in case it contains special characters 2016-06-21 14:26:33 +00:00
post-thumbnail-template.php
post.php Database: Restore numbered placeholders in `wpdb::prepare()`. 2017-10-31 12:53:27 +00:00
query.php Query: Ensure that queries work correctly with post type names with special characters. 2017-01-26 13:52:26 +00:00
registration-functions.php
registration.php
revision.php Improve various `@param` docs. 2014-11-30 22:56:25 +00:00
rewrite.php Using let's properly in inline comments lets us move on to more pressing matters of inline documentation. 2014-12-02 04:43:22 +00:00
rss-functions.php
rss.php Fill in the `@param` types for the args for functions missing them in `wp-admin/includes/deprecated.php` (pour one out). 2014-11-03 06:08:22 +00:00
script-loader.php TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:44:54 +00:00
session.php Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared. 2014-11-13 15:21:21 +00:00
shortcodes.php Shortcodes: don't allow unclosed HTML elements in attributes 2015-09-14 22:48:48 +00:00
taxonomy.php Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 2016-03-30 17:32:22 +00:00
template-loader.php
template.php Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*. 2014-11-30 12:10:23 +00:00
theme.php Themes: Fix some broken links in the legacy theme preview. 2015-08-04 04:57:08 +00:00
update.php Background Updates: Remove the 7am/7pm background update check. 2016-01-06 13:24:33 +00:00
user.php No need for wp_get_password_hint() to be prefixed as if it is private. 2014-12-16 22:19:22 +00:00
vars.php
version.php Bump 4.1 branch to version 4.1.20. 2017-10-31 13:43:26 +00:00
widgets.php Fix formatting in the DocBlock for `wp_get_sidebars_widgets()`. 2014-12-07 20:15:26 +00:00
wlwmanifest.xml
wp-db.php WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined. 2017-11-27 01:13:21 +00:00
wp-diff.php Minor syntactical adjustments to the inline documentation for the `revision_text_diff_options` hook. 2014-11-21 03:50:24 +00:00