WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-17 20:15:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes
History
Sergey Biryukov e782caa1e7 Comments: Escape permalink values on edit screen to prevent XSS. 
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Merges [43290] to the 4.9 branch.
Fixes #44115.
Built from https://develop.svn.wordpress.org/branches/4.9@43301


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:40:26 +00:00
..
certificates
css
Privacy: Reposition pointer to ensure dismiss link is always visible.
2018-05-14 14:00:26 +00:00
customize
Customize: Correct closing tag in WP_Customize_Theme_Control::content_template().
2018-05-04 01:05:26 +00:00
fonts
ID3
Media: update the getID3 library to version 1.9.14 to avoid fatal errors in PHP7.
2017-07-31 19:50:45 +00:00
images
IXR
XML-RPC: Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings.
2018-03-08 19:56:40 +00:00
js
Privacy: add default text for a privacy policy including a tutorial on now to create one.
2018-05-03 17:59:30 +00:00
pomo
I18N: Fix a PHP error introduced in [41722].
2017-10-04 02:12:46 +00:00
random_compat
Avoid PHP Linting errors in the Random_Compat library under PHP7.
2017-12-01 03:07:42 +00:00
Requests
rest-api
REST API: When handling who=authors query parameter for GET wp/v2/users, only check edit_posts for post types that support author.
2018-05-03 06:54:25 +00:00
SimplePie
Text
External Libraries: Remove usage of each() from the Text_Diff_Engine_native class.
2017-10-26 12:52:53 +00:00
theme-compat
Embeds: Avoid "Division by zero" warning in embed-content.php template if a thumbnail has a zero height.
2017-10-18 15:09:48 +00:00
widgets
Customize: Ensure media playlists get initialized after selective refresh; expose new wp.playlist.initialize() API.
2018-01-30 14:56:41 +00:00
admin-bar.php
Users: Remove some links to the dashboard from My Sites for users who cannot access it.
2017-10-09 15:22:46 +00:00
atomlib.php
author-template.php
Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
2017-09-13 06:08:47 +00:00
bookmark-template.php
bookmark.php
cache.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
canonical.php
Canonical: Strip trailing punctuation from permalinks.
2017-10-24 14:18:48 +00:00
capabilities.php
Privacy: Require manage_privacy_options to edit policy page.
2018-05-15 20:59:25 +00:00
category-template.php
Taxonomy: Restore deprecated argument to term_description() signature.
2017-12-22 02:50:39 +00:00
category.php
class-feed.php
class-http.php
Docs: Correct type and description for the $data parameter in WP_Http::browser_redirect_compatibility().
2017-10-18 16:38:48 +00:00
class-IXR.php
class-json.php
class-oembed.php
Embeds: Add oEmbed support for someecards.com.
2017-10-02 19:10:49 +00:00
class-phpass.php
class-phpmailer.php
class-pop3.php
class-requests.php
class-simplepie.php
class-smtp.php
class-snoopy.php
class-walker-category-dropdown.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-walker-category.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-walker-comment.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-walker-nav-menu.php
Menus: Remove an extra space in the <ul> tag in Walker_Nav_Menu::start_lvl().
2017-10-20 10:40:46 +00:00
class-walker-page-dropdown.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-walker-page.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-admin-bar.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-ajax-response.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-comment-query.php
Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
2017-10-02 22:03:33 +00:00
class-wp-comment.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-customize-control.php
Customize: Deprecate nav menu classes that are no longer used, instead of removing them immediately.
2017-10-28 05:48:47 +00:00
class-wp-customize-manager.php
General: Replace Cheatin’ uh? with friendlier error messages.
2018-03-09 00:15:42 +00:00
class-wp-customize-nav-menus.php
Customize: Include nav menu item for Home custom link in search results for "Home".
2018-01-30 14:46:40 +00:00
class-wp-customize-panel.php
Accessibility: CodeMirror editing areas minor improvements.
2017-09-24 16:00:46 +00:00
class-wp-customize-section.php
Customize: Deprecate nav menu classes that are no longer used, instead of removing them immediately.
2017-10-28 05:48:47 +00:00
class-wp-customize-setting.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-customize-widgets.php
Widgets: Rename "Custom Menu" widget to "Navigation Menu".
2017-10-15 22:23:47 +00:00
class-wp-dependency.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-editor.php
TinyMCE: switch off concatenation when a custom TinyMCE theme is used. Prevents conflict with the default theme as it loads first.
2018-05-10 19:54:25 +00:00
class-wp-embed.php
Embeds: Improve consistency of update and refresh logic for oEmbed caching between oembed_cache and post meta.
2017-10-24 23:10:48 +00:00
class-wp-error.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-feed-cache-transient.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-feed-cache.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-hook.php
Docs: Use correct order of arguments in the DocBlock for WP_Hook::has_filter().
2017-09-21 10:00:48 +00:00
class-wp-http-cookie.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-http-curl.php
I18N: Replace function name in error message in WP_Http_Curl::request() and WP_Http_Streams::request() with a placeholder.
2017-10-18 15:04:51 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
class-wp-http-requests-hooks.php
Docs: Remove superfluous @package WordPress and @subpackage notations used outside of file headers in a variety of core files.
2017-07-01 16:58:42 +00:00
class-wp-http-requests-response.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-http-response.php
HTTP API: Use WP_HTTP_Response::set_data() in ::__construct() instead of directly accessing the $data property.
2017-10-03 15:18:46 +00:00
class-wp-http-streams.php
I18N: Replace function name in error message in WP_Http_Curl::request() and WP_Http_Streams::request() with a placeholder.
2017-10-18 15:04:51 +00:00
class-wp-image-editor-gd.php
Media: Rename several attachment related parameters from $post_id to $attachment_id for clarity, and improve related
2017-08-22 11:12:44 +00:00
class-wp-image-editor-imagick.php
Media: Rename several attachment related parameters from $post_id to $attachment_id for clarity, and improve related
2017-08-22 11:12:44 +00:00
class-wp-image-editor.php
Media: Rename several attachment related parameters from $post_id to $attachment_id for clarity, and improve related
2017-08-22 11:12:44 +00:00
class-wp-list-util.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-locale-switcher.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-wp-locale.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-matchesmapregex.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-meta-query.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-metadata-lazyloader.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-network-query.php
Multisite: Document all return types in get_networks().
2017-10-18 18:13:50 +00:00
class-wp-network.php
Multisite: Pass network object instead of ID to pre_get_main_site_id.
2017-10-30 19:56:47 +00:00
class-wp-oembed-controller.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-post-type.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-post.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-query.php
Query: Fix warning on counting non countable
2018-01-24 21:44:42 +00:00
class-wp-rewrite.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-role.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-roles.php
Multisite: Improve initializing available roles when switch sites.
2017-09-27 21:44:44 +00:00
class-wp-session-tokens.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-simplepie-file.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-simplepie-sanitize-kses.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-site-query.php
Multisite: Document all return types in get_sites().
2017-10-18 17:39:46 +00:00
class-wp-site.php
Multisite: Revert [41719].
2017-10-16 22:29:48 +00:00
class-wp-tax-query.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-taxonomy.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-term-query.php
Taxonomy: Add note about $number inconsistency to WP_Term_Query docs.
2017-10-16 18:38:48 +00:00
class-wp-term.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-text-diff-renderer-inline.php
class-wp-text-diff-renderer-table.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-theme.php
Themes: Introduce theme_templates filter for page templates of all post types.
2018-04-29 22:45:24 +00:00
class-wp-user-meta-session-tokens.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-user-query.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-user.php
Multisite: Initialize a user's roles correctly when setting them up for a different site.
2017-09-27 21:10:45 +00:00
class-wp-walker.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-widget-factory.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class-wp-widget.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-xmlrpc-server.php
General: Replace Cheatin’ uh? with friendlier error messages.
2018-03-09 00:15:42 +00:00
class-wp.php
Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
2017-10-02 22:03:33 +00:00
class.wp-dependencies.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
class.wp-scripts.php
Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
2017-10-02 22:03:33 +00:00
class.wp-styles.php
Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
2017-10-02 22:03:33 +00:00
comment-template.php
Comments: Move comment consent input outside the label for a11y.
2018-05-02 22:15:25 +00:00
comment.php
Privacy: Escape comment URLs in personal export file to prevent XSS.
2018-05-15 14:08:29 +00:00
compat.php
General: In the is_countable() polyfill, if the provided object implements SimpleXMLElement or ResourceBundle, consider it countable.
2018-05-10 17:59:25 +00:00
cron.php
Docs: Use third-person singular verbs in the summaries for wp_unschedule_hook() and wp_clear_scheduled_hook().
2017-06-30 04:54:41 +00:00
date.php
Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
2017-07-27 00:41:44 +00:00
default-constants.php
Docs: Document $wp_version global in wp_initial_constants().
2017-10-20 22:04:56 +00:00
default-filters.php
Privacy: Update request confirmation notice text for clarity.
2018-05-10 21:05:26 +00:00
default-widgets.php
Widgets: Introduce Gallery widget for displaying image galleries.
2017-09-25 06:28:45 +00:00
deprecated.php
General: Correct _deprecated_function() calls in debug_fopen(), debug_fwrite(), and debug_fclose().
2017-10-07 00:40:52 +00:00
embed-template.php
embed.php
Customize: Introduce a new experience for discovering, installing, and previewing themes within the customizer.
2017-09-29 20:13:50 +00:00
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss2-comments.php
feed-rss2.php
feed-rss.php
feed.php
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
2017-11-29 16:11:38 +00:00
formatting.php
Emoji: Update Emoji browser support tests for Twemoji v2.4.0
2018-01-24 22:05:39 +00:00
functions.php
Privacy: Rename exports folder to avoid deleting other files.
2018-05-15 20:32:26 +00:00
functions.wp-scripts.php
functions.wp-styles.php
general-template.php
Template: Make sure the version string is correctly escaped for use in attributes.
2018-04-03 16:05:39 +00:00
http.php
HTTP: Don't treat localhost as same host by default.
2018-04-03 15:35:41 +00:00
kses.php
Formatting: Avoid a PHP 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.
2018-03-20 21:37:41 +00:00
l10n.php
I18N: Make sure wp_dropdown_languages() does not print out empty name and id attributes.
2017-10-04 15:23:46 +00:00
link-template.php
Privacy: Add template tags for building link to privacy policy page.
2018-05-02 03:39:27 +00:00
load.php
Docs: Document $ini_all staticvar in wp_is_ini_value_changeable().
2017-10-18 19:54:48 +00:00
locale.php
media-template.php
Media: avoid page scrolling when opening the media modal.
2018-01-31 23:55:41 +00:00
media.php
Privacy: Store plugin callbacks in associative array for flexibility.
2018-05-03 19:38:27 +00:00
meta.php
Database: Restore numbered placeholders in wpdb::prepare().
2017-10-31 12:00:49 +00:00
ms-blogs.php
Multisite: Document all return types in get_networks().
2017-10-18 18:13:50 +00:00
ms-default-constants.php
Multisite: Use get_current_blog_id() instead of $wpdb->blogid.
2017-10-02 01:44:47 +00:00
ms-default-filters.php
Multisite: Only update a site's post count when post types of post are updated.
2017-10-02 03:09:44 +00:00
ms-deprecated.php
Docs: Correct some @since MU notation that was broken in [41200].
2017-10-03 17:44:48 +00:00
ms-files.php
ms-functions.php
Email: Don't send notifications for site or network admin email address change to the default 'admin_email' value.
2018-01-23 13:47:40 +00:00
ms-load.php
Multisite: Use WP_Network_Query in ms_load_current_site_and_network().
2017-10-03 19:26:49 +00:00
ms-settings.php
Multisite: Explicitly globalize global variables in ms-settings.php.
2017-10-16 17:06:48 +00:00
nav-menu-template.php
Menus: Make sure current-menu-parent and current-menu-ancestor classes are properly set for parent items of post type archive submenu items.
2017-07-05 21:31:44 +00:00
nav-menu.php
Menus: Add menu-$i slugs to mapping groups
2017-10-25 22:29:49 +00:00
option.php
Transients: After [41963], add missing cron task for delete_expired_transients().
2017-10-24 23:00:47 +00:00
pluggable-deprecated.php
pluggable.php
Comments: Change IP references in moderation option labels and email notifications to IP address for clarity.
2017-10-03 13:09:47 +00:00
plugin.php
Revert "Add wp.hooks - JavaScript actions and filters."
2017-10-04 20:25:49 +00:00
post-formats.php
Docs: Improve the return description for get_post_format_slugs() to note that the array contains slugs as both keys and values.
2017-08-20 20:03:54 +00:00
post-template.php
I18N: Allow for post custom field name in the_meta() to be translated, e.g. to insert a non-breaking space before the colon.
2017-09-24 11:28:46 +00:00
post-thumbnail-template.php
Post Thumbnails: Pass post ID to post_thumbnail_size filter.
2017-08-18 18:19:44 +00:00
post.php
Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
2018-05-02 01:04:26 +00:00
query.php
Docs: Correct $id parameter type for old_slug_redirect_post_id filter.
2018-04-29 22:37:28 +00:00
registration-functions.php
registration.php
rest-api.php
REST API: Don’t remove unregistered properties from objects in schema.
2017-10-24 21:05:49 +00:00
revision.php
rewrite.php
Rewrite: In url_to_postid(), bail early if the URL does not belong to the site.
2017-10-06 23:29:51 +00:00
rss-functions.php
rss.php
script-loader.php
Privacy: Use the terms "erase"/"erasure" instead of "remove"/"removal" for personal data.
2018-05-07 16:46:26 +00:00
session.php
shortcodes.php
Docs: Fix a typo in the DocBlock description for add_shortcode() introduced in [41281].
2017-08-20 20:38:42 +00:00
spl-autoload-compat.php
General: Move the __autoload() compat function into its own file to prevent deprecated notices being thrown by the compiler in PHP 7.2.
2017-07-28 01:15:52 +00:00
taxonomy.php
Taxonomy: After [40984], add the most_used label for non-hierarchical taxonomies too, and use it on the Menus screen.
2017-10-24 11:23:24 +00:00
template-loader.php
template.php
Docs: Don't reference non-existent hooks inline in the DocBlock descriptions for the following template functions:
2017-06-29 16:05:41 +00:00
theme.php
Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
2018-04-30 04:55:26 +00:00
update.php
Updates: Partially revert [42584], as this branch of code should always be run after a core update check.
2018-02-06 12:47:42 +00:00
user.php
Privacy: improve inline documentation.
2018-05-14 15:12:25 +00:00
vars.php
General: Introduce a wp_is_mobile filter for controlling whether a request should be treated as coming from a mobile device.
2017-06-15 12:05:42 +00:00
version.php
Comments: Escape permalink values on edit screen to prevent XSS.
2018-05-21 12:40:26 +00:00
widgets.php
Widgets: Always try restoring widget assignments
2017-12-07 02:23:45 +00:00
wlwmanifest.xml
wp-db.php
WPDB: Use a PCRE syntax which supports PCRE compiled between 2003 and 2006.
2018-01-23 03:40:42 +00:00
wp-diff.php