Joe McGill
e94973e70d
WordPress 4.5.31.
...
Built from https://develop.svn.wordpress.org/branches/4.5@57419
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 16:11:21 +00:00
Aaron Jorbin
2bea61184d
Grouped Backports to the 4.5 branch.
...
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 4.5 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/4.5@57410
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 15:11:23 +00:00
audrasjb
17107f00cb
WordPress 4.5.30.
...
Built from https://develop.svn.wordpress.org/branches/4.5@56863
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:14:14 +00:00
davidbaumwald
3dd30db613
Grouped backports to the 4.5 branch.
...
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56834], [56835], [56836], and [56838] to the 4.5 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.5@56857
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:10:07 +00:00
Sergey Biryukov
55f6ac107d
Grouped backports to the 4.5 branch.
...
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.
Merges [55763] and [55764] to the 4.5 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.
Built from https://develop.svn.wordpress.org/branches/4.5@55780
git-svn-id: http://core.svn.wordpress.org/branches/4.5@55292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:40:23 +00:00
Peter Wilson
9cd2e73f35
I18N: Add new strings to `about.php` for use with end-of-life updates.
...
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.
Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 4.5 branch.
Fixes #57216 .
Built from https://develop.svn.wordpress.org/branches/4.5@55387
git-svn-id: http://core.svn.wordpress.org/branches/4.5@54920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-21 03:11:21 +00:00
Sergey Biryukov
ed0ccf4948
WordPress 4.5.28.
...
Built from https://develop.svn.wordpress.org/branches/4.5@54589
git-svn-id: http://core.svn.wordpress.org/branches/4.5@54143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 19:52:13 +00:00
Peter Wilson
ddca3ce4b1
Security: Introduce strings to indicate support status.
...
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.5 branch.
See #56532 .
Built from https://develop.svn.wordpress.org/branches/4.5@54455
git-svn-id: http://core.svn.wordpress.org/branches/4.5@54014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 22:18:21 +00:00
desrosj
56fb95e576
WordPress 4.5.27.
...
Built from https://develop.svn.wordpress.org/branches/4.5@54002
git-svn-id: http://core.svn.wordpress.org/branches/4.5@53561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 17:37:05 +00:00
Sergey Biryukov
37ab12312c
Grouped backports to the 4.5 branch.
...
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.
Merges [53958-53960] to the 4.5 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/branches/4.5@53978
git-svn-id: http://core.svn.wordpress.org/branches/4.5@53537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 15:49:21 +00:00
davidbaumwald
f3d6369173
WordPress 4.5.26.
...
Built from https://develop.svn.wordpress.org/branches/4.5@52888
git-svn-id: http://core.svn.wordpress.org/branches/4.5@52477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 22:16:21 +00:00
desrosj
22341980e2
WordPress 4.5.25.
...
Built from https://develop.svn.wordpress.org/branches/4.5@52500
git-svn-id: http://core.svn.wordpress.org/branches/4.5@52092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:55:42 +00:00
desrosj
1e5efe9093
Grouped backports to the 4.5 branch.
...
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.
Merges [52454-52457] to the 4.5 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.5@52478
git-svn-id: http://core.svn.wordpress.org/branches/4.5@52070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:18:41 +00:00
Peter Wilson
baf423c157
WordPress 4.5.24.
...
Built from https://develop.svn.wordpress.org/branches/4.5@50881
git-svn-id: http://core.svn.wordpress.org/branches/4.5@50490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:21:20 +00:00
desrosj
968d57a6b3
Build/Test Tools: Support NodeJS 14.x in the 4.5 branch.
...
This updates the 4.5 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301 ). This also blocks the ability to move automated testing over to GitHub Actions (see #50401 ).
This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.
In addition to backporting the package updates that happened after branching 4.5, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [37185,37212,37612,38111,38688,39110,39113-39119,39478,42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185,50192] to the 4.5 branch.
See #52341 .
Built from https://develop.svn.wordpress.org/branches/4.5@50208
git-svn-id: http://core.svn.wordpress.org/branches/4.5@49880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:20:44 +00:00
desrosj
511300cfed
WordPress 4.5.23.
...
Built from https://develop.svn.wordpress.org/branches/4.5@49419
git-svn-id: http://core.svn.wordpress.org/branches/4.5@49178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:41:21 +00:00
whyisjake
a14f1a83a9
General: WordPress updates
...
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.5 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.5@49401
git-svn-id: http://core.svn.wordpress.org/branches/4.5@49160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:02:24 +00:00
Sergey Biryukov
36436be2e3
Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility.
...
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.
Follow-up to [47951].
Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.5 branch.
Fixes #50392 .
Built from https://develop.svn.wordpress.org/branches/4.5@48253
git-svn-id: http://core.svn.wordpress.org/branches/4.5@48022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:51:55 +00:00
desrosj
fb5af944fe
WordPress 4.5.22.
...
Built from https://develop.svn.wordpress.org/branches/4.5@47998
git-svn-id: http://core.svn.wordpress.org/branches/4.5@47766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:38:34 +00:00
whyisjake
acdabf9d25
General: Backport several commits for release.
...
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.5 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.5@47973
git-svn-id: http://core.svn.wordpress.org/branches/4.5@47743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:54:52 +00:00
Sergey Biryukov
84318ad4e5
Update the About page for WordPress 4.5.21
...
Built from https://develop.svn.wordpress.org/branches/4.5@47695
git-svn-id: http://core.svn.wordpress.org/branches/4.5@47472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:32:21 +00:00
Sergey Biryukov
6f2686ba36
WordPress 4.5.20
...
Built from https://develop.svn.wordpress.org/branches/4.5@46928
git-svn-id: http://core.svn.wordpress.org/branches/4.5@46728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:30:20 +00:00
desrosj
102f8be630
WordPress 4.5.19.
...
Built from https://develop.svn.wordpress.org/branches/4.5@46515
git-svn-id: http://core.svn.wordpress.org/branches/4.5@46312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:11:21 +00:00
desrosj
5c04f19922
WordPress 4.5.18.
...
Built from https://develop.svn.wordpress.org/branches/4.5@46039
git-svn-id: http://core.svn.wordpress.org/branches/4.5@45851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:04:22 +00:00
Sergey Biryukov
65d87ce862
Escape the output in `wp_ajax_upload_attachment()`.
...
Merges [45936] to the 4.5 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.5@45950
git-svn-id: http://core.svn.wordpress.org/branches/4.5@45761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:37:09 +00:00
Gary Pendergast
a55abbe18f
WordPress 4.5.17
...
Built from https://develop.svn.wordpress.org/branches/4.5@44876
git-svn-id: http://core.svn.wordpress.org/branches/4.5@44707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:25:20 +00:00
Sergey Biryukov
fb7f4bf7b6
Comments: Improve comment content filtering.
...
Merges [44842] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@44849
git-svn-id: http://core.svn.wordpress.org/branches/4.5@44681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:38:19 +00:00
Jeremy Felt
ab5c2ba564
Bump 4.5 branch to version 4.5.16.
...
Built from https://develop.svn.wordpress.org/branches/4.5@44082
git-svn-id: http://core.svn.wordpress.org/branches/4.5@43912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:14:25 +00:00
Gary Pendergast
ab40c9608a
Editor: Remove unwanted fields before saving posts.
...
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@44060
git-svn-id: http://core.svn.wordpress.org/branches/4.5@43890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:45:20 +00:00
Peter Wilson
baa754b110
Multisite: Validate activation links.
...
Merges [44048] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@44059
git-svn-id: http://core.svn.wordpress.org/branches/4.5@43889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:44:20 +00:00
Aaron Campbell
dce2bd647f
Bump 4.5 branch to version 4.5.15
...
Built from https://develop.svn.wordpress.org/branches/4.5@43411
git-svn-id: http://core.svn.wordpress.org/branches/4.5@43239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:12:28 +00:00
Aaron Campbell
fff3ef94b7
Bump 4.5 branch to version 4.5.14
...
Built from https://develop.svn.wordpress.org/branches/4.5@42937
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:29:32 +00:00
Dion Hulse
466e565a32
Bump the 4.5 branch to 4.5.13.
...
Built from https://develop.svn.wordpress.org/branches/4.5@42498
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:42:07 +00:00
Dion Hulse
c5126cd06a
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
...
Merges [42478] to the 4.5 branch.
Fixes #42720 for 4.5.
Built from https://develop.svn.wordpress.org/branches/4.5@42481
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:08:33 +00:00
Dion Hulse
fce8018006
Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
...
Props joemcgill, dd32.
Merges [42434] to the 4.5 branch.
Fixes #42963 for 4.5.
Built from https://develop.svn.wordpress.org/branches/4.5@42469
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:56:04 +00:00
John Blackbourn
c33337c395
Bump 4.5 branch to 4.5.12.
...
Built from https://develop.svn.wordpress.org/branches/4.5@42320
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:00:32 +00:00
John Blackbourn
f19b2b4635
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@42280
git-svn-id: http://core.svn.wordpress.org/branches/4.5@42109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:25:07 +00:00
Gary Pendergast
512427a740
Bump 4.5 branch to version 4.5.11.
...
Built from https://develop.svn.wordpress.org/branches/4.5@42072
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:16:30 +00:00
Dominik Schilling
df3d5cd1af
Taxonomy/Users: Use correct escaping function for URLs.
...
Merge of [41522] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@41526
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:30:32 +00:00
Dominik Schilling
5047d9b8db
Bump 4.5 branch to version 4.5.10.
...
Built from https://develop.svn.wordpress.org/branches/4.5@41513
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:01:31 +00:00
John Blackbourn
6208a0780c
Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
...
Merges [41457] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@41461
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:41:31 +00:00
Dominik Schilling
b38f64fe94
Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@41420
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:13:13 +00:00
John Blackbourn
367007e79a
General: Remove context added in [41414] in order to avoid a string change in a point release.
...
See #13377
Built from https://develop.svn.wordpress.org/branches/4.5@41416
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:46:31 +00:00
John Blackbourn
9d2e40d699
General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
...
Merges [41414] into the 4.5. branch
See #13377
Built from https://develop.svn.wordpress.org/branches/4.5@41415
git-svn-id: http://core.svn.wordpress.org/branches/4.5@41248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:32:31 +00:00
Aaron Campbell
9ab481b9e5
Bump 4.7 branch to version 4.5.9.
...
Built from https://develop.svn.wordpress.org/branches/4.5@40750
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:50:02 +00:00
Aaron Campbell
a6878209f8
Add nonce for updating file system credentials.
...
Merges [40723] to 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@40726
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:54:03 +00:00
Dominik Schilling
5046262be3
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@40707
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:16:31 +00:00
Pascal Birchler
26c585efa7
Bump 4.5 branch to version 4.5.8.
...
Built from https://develop.svn.wordpress.org/branches/4.5@40489
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:23:33 +00:00
Pascal Birchler
4e293bfa45
Fix broken audio/video functions when sanitizing ID3 data
...
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.
See #40075 , #40085 .
Merges [40400] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@40462
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:14:34 +00:00
James Nylen
5d48102386
Bump 4.5 branch to version 4.5.7.
...
Built from https://develop.svn.wordpress.org/branches/4.5@40204
git-svn-id: http://core.svn.wordpress.org/branches/4.5@40143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:18:31 +00:00