WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-18 12:35:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-admin/includes
History
John Blackbourn fbd44ee554 Security: Add a referrer policy header to the admin and login screens. 
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036

Built from https://develop.svn.wordpress.org/trunk@41741


git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
..
admin-filters.php
Security: Add a referrer policy header to the admin and login screens.
2017-10-04 18:25:46 +00:00
admin.php
Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
2016-08-31 16:31:29 +00:00
ajax-actions.php
File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
2017-10-04 00:20:45 +00:00
bookmark.php
Text Changes: Unify permission error messages.
2016-06-29 15:16:29 +00:00
class-automatic-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-bulk-plugin-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-bulk-theme-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-bulk-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-core-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-file-upload-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-ftp-pure.php
FTP: ensure that there is only one class named ftp, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files.
2016-08-26 18:47:29 +00:00
class-ftp-sockets.php
FTP: ensure that there is only one class named ftp, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won't hiccup when it gets to these files.
2016-08-26 18:47:29 +00:00
class-ftp.php
Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
2016-08-31 16:31:29 +00:00
class-language-pack-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-language-pack-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-pclzip.php
Filesystem API: Ensure memory limit calculations by PclZip are using integers.
2016-07-19 11:55:30 +00:00
class-plugin-installer-skin.php
Retire Press This and extract it to a plugin. First run.
2017-09-24 14:22:54 +00:00
class-plugin-upgrader-skin.php
Plugins: Introduce singular capabilities for activating and deactivating individual plugins.
2017-08-22 14:02:44 +00:00
class-plugin-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-theme-installer-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-theme-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-theme-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-walker-category-checklist.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-walker-nav-menu-checklist.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-walker-nav-menu-edit.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
class-wp-ajax-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-automatic-updater.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-wp-comments-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
class-wp-community-events.php
Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate.
2017-09-27 08:00:49 +00:00
class-wp-filesystem-base.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-filesystem-direct.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-filesystem-ftpext.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-filesystem-ftpsockets.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-filesystem-ssh2.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-importer.php
Database: Don't quote placeholders in queries going through $wpdb->prepare()
2017-09-28 04:32:46 +00:00
class-wp-internal-pointers.php
Docs: Clarify the file header summary for wp-admin/includes/class-wp-internal-pointers.php, introduced in [34241].
2015-09-22 14:35:25 +00:00
class-wp-links-list-table.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-list-table-compat.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-list-table.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-media-list-table.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-ms-sites-list-table.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-wp-ms-themes-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
class-wp-ms-users-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
class-wp-plugin-install-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
class-wp-plugins-list-table.php
Plugins: Add plugin icons to the plugin list tables.
2017-10-03 00:25:46 +00:00
class-wp-post-comments-list-table.php
Docs: Add missing file headers to the list table classes and adjust class DocBlocks accordingly.
2015-10-17 15:13:25 +00:00
class-wp-posts-list-table.php
Quick/Bulk Edit: Improve the inline error messages styling.
2017-10-02 21:52:52 +00:00
class-wp-screen.php
Docs: Correct description for view_mode_post_types filter added in [35357].
2017-08-25 19:27:45 +00:00
class-wp-site-icon.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-terms-list-table.php
Quick/Bulk Edit: Improve the inline error messages styling.
2017-10-02 21:52:52 +00:00
class-wp-theme-install-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
class-wp-themes-list-table.php
General: Fix various instances of incorrect filter docs and incorrect filter and action parameters.
2017-08-03 15:43:43 +00:00
class-wp-upgrader-skin.php
Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
2017-07-27 00:40:43 +00:00
class-wp-upgrader-skins.php
Load: Re-add class-wp-upgrader-skins.php.
2016-12-03 03:40:41 +00:00
class-wp-upgrader.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
class-wp-users-list-table.php
Accessibility: List Tables: use aria-current for the views current link.
2017-10-02 19:44:47 +00:00
comment.php
Text Changes: Unify permission error messages.
2016-06-29 15:16:29 +00:00
continents-cities.php
I18N: Update list of continents and cities for the timezone selection.
2016-05-24 23:24:27 +00:00
credits.php
Docs: Standardise the format used for documenting parameters passed by reference.
2017-10-02 22:14:46 +00:00
dashboard.php
Customize: Update dashboard welcome link to point to themes panel in the customizer instead of themes admin screen.
2017-10-03 04:13:46 +00:00
deprecated.php
Permalinks: Change structure tag button state more reliably.
2017-09-26 08:24:46 +00:00
edit-tag-messages.php
Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
2016-05-22 18:01:30 +00:00
export.php
Docs: Add missing backtick character in export_wp() DocBlock.
2017-06-27 00:58:41 +00:00
file.php
File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
2017-10-04 00:20:45 +00:00
image-edit.php
Media: Rename several attachment related parameters from $post_id to $attachment_id for clarity, and improve related
2017-08-22 11:12:44 +00:00
image.php
Docs: Fix various filter documentation.
2017-08-03 14:34:44 +00:00
import.php
Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate.
2017-09-27 08:00:49 +00:00
list-table.php
Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
2016-08-31 16:31:29 +00:00
media.php
Posts, Post Types: Pass $post parameter to post_submitbox_start, attachment_submitbox_misc_actions, media_submitbox_misc_sections, audio_submitbox_misc_sections filters.
2017-09-23 17:07:46 +00:00
menu.php
Text Changes: Unify permission error messages.
2016-06-29 15:16:29 +00:00
meta-boxes.php
Posts, Post Types: Pass $post parameter to post_submitbox_start, attachment_submitbox_misc_actions, media_submitbox_misc_sections, audio_submitbox_misc_sections filters.
2017-09-23 17:07:46 +00:00
misc.php
Security: Add a referrer policy header to the admin and login screens.
2017-10-04 18:25:46 +00:00
ms-admin-filters.php
Options, Meta APIs: Require a confirmation link in an email to be clicked when a user attempts to change the network
2017-09-27 14:17:45 +00:00
ms-deprecated.php
Docs: Standardize and add missing deprecation notations in DocBlocks for the following functions:
2017-06-22 17:48:45 +00:00
ms.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
nav-menu.php
Database: Don't quote placeholders in queries going through $wpdb->prepare()
2017-09-28 04:32:46 +00:00
network.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
noop.php
Docs: Add missing file header to wp-admin/includes/noop.php, introduced in [34037].
2017-01-25 23:10:43 +00:00
options.php
Permalinks: Change structure tag button state more reliably.
2017-09-26 08:24:46 +00:00
plugin-install.php
Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate.
2017-09-27 08:00:49 +00:00
plugin.php
Plugins: Introduce a singular and plural form for the plugin deletion error message.
2017-10-03 17:13:46 +00:00
post.php
Posts, Post Types: Simplify the wording in post locking notice.
2017-10-03 15:11:48 +00:00
revision.php
Revisions: correct a timezone display issue.
2017-09-21 23:33:44 +00:00
schema.php
Multisite: Use get_network() in populate_network() to check whether a network with the given ID already exists.
2017-09-08 16:33:43 +00:00
screen.php
Screen API: After [37972], ensure that $box['args'] is an array before trying to access __widget_basename.
2016-07-07 16:39:29 +00:00
taxonomy.php
Store only term IDs in object term relationships caches.
2016-05-26 04:50:27 +00:00
template.php
Quick/Bulk Edit: Improve the inline error messages styling.
2017-10-02 21:52:52 +00:00
theme-install.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
theme.php
Accessibility: Improve the Theme Details modal accessibility.
2017-10-01 13:48:46 +00:00
translation-install.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
update-core.php
Retire Press This and extract it to a plugin. First run.
2017-09-24 14:22:54 +00:00
update.php
General: Improve terminology used when referring to installations of WordPress and its extensions.
2017-08-22 11:52:48 +00:00
upgrade.php
Multisite: Replace calls to refresh_blog_details() with clean_blog_cache().
2017-10-03 19:05:46 +00:00
user.php
Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
2017-10-02 22:03:33 +00:00
widgets.php
Accessibility: Improve the sidebar toggles in the Widgets screen.
2017-09-27 16:29:44 +00:00