Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
34,157 Commits 48 Branches 718 Tags 892 MiB
Commit Graph

15672 Commits

Author SHA1 Message Date
Joe McGill e94973e70d WordPress 4.5.31. 
Built from https://develop.svn.wordpress.org/branches/4.5@57419


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2024-01-30 16:11:21 +00:00
Aaron Jorbin 2bea61184d Grouped Backports to the 4.5 branch. 
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.

Merges [57388] and [57389] to the 4.5 branch.

Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.

Built from https://develop.svn.wordpress.org/branches/4.5@57410


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2024-01-30 15:11:23 +00:00
audrasjb 17107f00cb WordPress 4.5.30. 
Built from https://develop.svn.wordpress.org/branches/4.5@56863


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2023-10-12 18:14:14 +00:00
davidbaumwald 3dd30db613 Grouped backports to the 4.5 branch. 
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.5 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.5@56857


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2023-10-12 18:10:07 +00:00
Sergey Biryukov 55f6ac107d Grouped backports to the 4.5 branch. 
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.

Merges [55763] and [55764] to the 4.5 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.
Built from https://develop.svn.wordpress.org/branches/4.5@55780


git-svn-id: http://core.svn.wordpress.org/branches/4.5@55292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2023-05-16 15:40:23 +00:00
Peter Wilson 9cd2e73f35 I18N: Add new strings to `about.php` for use with end-of-life updates. 
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.

Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 4.5 branch.
Fixes #57216.

Built from https://develop.svn.wordpress.org/branches/4.5@55387


git-svn-id: http://core.svn.wordpress.org/branches/4.5@54920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2023-02-21 03:11:21 +00:00
Sergey Biryukov ed0ccf4948 WordPress 4.5.28. 
Built from https://develop.svn.wordpress.org/branches/4.5@54589


git-svn-id: http://core.svn.wordpress.org/branches/4.5@54143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-10-17 19:52:13 +00:00
Peter Wilson ddca3ce4b1 Security: Introduce strings to indicate support status. 
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.5 branch.
See #56532.

Built from https://develop.svn.wordpress.org/branches/4.5@54455


git-svn-id: http://core.svn.wordpress.org/branches/4.5@54014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-10-10 22:18:21 +00:00
desrosj 56fb95e576 WordPress 4.5.27. 
Built from https://develop.svn.wordpress.org/branches/4.5@54002


git-svn-id: http://core.svn.wordpress.org/branches/4.5@53561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-08-30 17:37:05 +00:00
Sergey Biryukov 37ab12312c Grouped backports to the 4.5 branch. 
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.

Merges [53958-53960] to the 4.5 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/4.5@53978


git-svn-id: http://core.svn.wordpress.org/branches/4.5@53537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-08-30 15:49:21 +00:00
davidbaumwald f3d6369173 WordPress 4.5.26. 
Built from https://develop.svn.wordpress.org/branches/4.5@52888


git-svn-id: http://core.svn.wordpress.org/branches/4.5@52477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-03-10 22:16:21 +00:00
desrosj 22341980e2 WordPress 4.5.25. 
Built from https://develop.svn.wordpress.org/branches/4.5@52500


git-svn-id: http://core.svn.wordpress.org/branches/4.5@52092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-01-06 18:55:42 +00:00
desrosj 1e5efe9093 Grouped backports to the 4.5 branch. 
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 4.5 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.5@52478


git-svn-id: http://core.svn.wordpress.org/branches/4.5@52070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-01-06 18:18:41 +00:00
Peter Wilson baf423c157 WordPress 4.5.24. 
Built from https://develop.svn.wordpress.org/branches/4.5@50881


git-svn-id: http://core.svn.wordpress.org/branches/4.5@50490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-05-12 23:21:20 +00:00
desrosj 968d57a6b3 Build/Test Tools: Support NodeJS 14.x in the 4.5 branch. 
This updates the 4.5 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401).

This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.

In addition to backporting the package updates that happened after branching 4.5, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [37185,37212,37612,38111,38688,39110,39113-39119,39478,42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185,50192] to the 4.5 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.5@50208


git-svn-id: http://core.svn.wordpress.org/branches/4.5@49880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-02-05 04:20:44 +00:00
desrosj 511300cfed WordPress 4.5.23. 
Built from https://develop.svn.wordpress.org/branches/4.5@49419


git-svn-id: http://core.svn.wordpress.org/branches/4.5@49178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:41:21 +00:00
whyisjake a14f1a83a9 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.5 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.5@49401


git-svn-id: http://core.svn.wordpress.org/branches/4.5@49160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:02:24 +00:00
Sergey Biryukov 36436be2e3 Administration: Pass the result of `set-screen-option` filter to the new `set_screen_option_{$option}` filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.5 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.5@48253


git-svn-id: http://core.svn.wordpress.org/branches/4.5@48022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:51:55 +00:00
desrosj fb5af944fe WordPress 4.5.22. 
Built from https://develop.svn.wordpress.org/branches/4.5@47998


git-svn-id: http://core.svn.wordpress.org/branches/4.5@47766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:38:34 +00:00
whyisjake acdabf9d25 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.5 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.5@47973


git-svn-id: http://core.svn.wordpress.org/branches/4.5@47743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:54:52 +00:00
Sergey Biryukov 84318ad4e5 Update the About page for WordPress 4.5.21 
Built from https://develop.svn.wordpress.org/branches/4.5@47695


git-svn-id: http://core.svn.wordpress.org/branches/4.5@47472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:32:21 +00:00
Sergey Biryukov 6f2686ba36 WordPress 4.5.20 
Built from https://develop.svn.wordpress.org/branches/4.5@46928


git-svn-id: http://core.svn.wordpress.org/branches/4.5@46728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:30:20 +00:00
desrosj 102f8be630 WordPress 4.5.19. 
Built from https://develop.svn.wordpress.org/branches/4.5@46515


git-svn-id: http://core.svn.wordpress.org/branches/4.5@46312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:11:21 +00:00
desrosj 5c04f19922 WordPress 4.5.18. 
Built from https://develop.svn.wordpress.org/branches/4.5@46039


git-svn-id: http://core.svn.wordpress.org/branches/4.5@45851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:04:22 +00:00
Sergey Biryukov 65d87ce862 Escape the output in `wp_ajax_upload_attachment()`. 
Merges [45936] to the 4.5 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.5@45950


git-svn-id: http://core.svn.wordpress.org/branches/4.5@45761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:37:09 +00:00
Gary Pendergast a55abbe18f WordPress 4.5.17 
Built from https://develop.svn.wordpress.org/branches/4.5@44876


git-svn-id: http://core.svn.wordpress.org/branches/4.5@44707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:25:20 +00:00
Sergey Biryukov fb7f4bf7b6 Comments: Improve comment content filtering. 
Merges [44842] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@44849


git-svn-id: http://core.svn.wordpress.org/branches/4.5@44681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:38:19 +00:00
Jeremy Felt ab5c2ba564 Bump 4.5 branch to version 4.5.16. 
Built from https://develop.svn.wordpress.org/branches/4.5@44082


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:14:25 +00:00
Gary Pendergast ab40c9608a Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.5 branch.


Built from https://develop.svn.wordpress.org/branches/4.5@44060


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:45:20 +00:00
Peter Wilson baa754b110 Multisite: Validate activation links. 
Merges [44048] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@44059


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:44:20 +00:00
Aaron Campbell dce2bd647f Bump 4.5 branch to version 4.5.15 
Built from https://develop.svn.wordpress.org/branches/4.5@43411


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:12:28 +00:00
Aaron Campbell fff3ef94b7 Bump 4.5 branch to version 4.5.14 
Built from https://develop.svn.wordpress.org/branches/4.5@42937


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:29:32 +00:00
Dion Hulse 466e565a32 Bump the 4.5 branch to 4.5.13. 
Built from https://develop.svn.wordpress.org/branches/4.5@42498


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:42:07 +00:00
Dion Hulse c5126cd06a External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.5 branch.
Fixes #42720 for 4.5.

Built from https://develop.svn.wordpress.org/branches/4.5@42481


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:08:33 +00:00
Dion Hulse fce8018006 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.5 branch.
Fixes #42963 for 4.5.

Built from https://develop.svn.wordpress.org/branches/4.5@42469


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:56:04 +00:00
John Blackbourn c33337c395 Bump 4.5 branch to 4.5.12. 
Built from https://develop.svn.wordpress.org/branches/4.5@42320


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:00:32 +00:00
John Blackbourn f19b2b4635 Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring. 
Merges [42258] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@42280


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:25:07 +00:00
Gary Pendergast 512427a740 Bump 4.5 branch to version 4.5.11. 
Built from https://develop.svn.wordpress.org/branches/4.5@42072


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:16:30 +00:00
Dominik Schilling df3d5cd1af Taxonomy/Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@41526


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:30:32 +00:00
Dominik Schilling 5047d9b8db Bump 4.5 branch to version 4.5.10. 
Built from https://develop.svn.wordpress.org/branches/4.5@41513


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:01:31 +00:00
John Blackbourn 6208a0780c Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@41461


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:41:31 +00:00
Dominik Schilling b38f64fe94 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@41420


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:13:13 +00:00
John Blackbourn 367007e79a General: Remove context added in [41414] in order to avoid a string change in a point release. 
See #13377

Built from https://develop.svn.wordpress.org/branches/4.5@41416


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:46:31 +00:00
John Blackbourn 9d2e40d699 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41414] into the 4.5. branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.5@41415


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:32:31 +00:00
Aaron Campbell 9ab481b9e5 Bump 4.7 branch to version 4.5.9. 
Built from https://develop.svn.wordpress.org/branches/4.5@40750


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:50:02 +00:00
Aaron Campbell a6878209f8 Add nonce for updating file system credentials. 
Merges [40723] to 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40726


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:54:03 +00:00
Dominik Schilling 5046262be3 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.5 branch.
Built from https://develop.svn.wordpress.org/branches/4.5@40707


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:16:31 +00:00
Pascal Birchler 26c585efa7 Bump 4.5 branch to version 4.5.8. 
Built from https://develop.svn.wordpress.org/branches/4.5@40489


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:23:33 +00:00
Pascal Birchler 4e293bfa45 Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40462


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-17 13:14:34 +00:00
James Nylen 5d48102386 Bump 4.5 branch to version 4.5.7. 
Built from https://develop.svn.wordpress.org/branches/4.5@40204


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:18:31 +00:00