Upstream/WordPress - WordPress - Git Lipovcan.cz Service by Gitea

Upstream/WordPress

mirror of https://github.com/WordPress/WordPress.git synced 2024-06-24 13:54:59 +02:00

Author	SHA1	Message	Date
audrasjb	5bb7ee0fba	Grouped backports to the 5.7 branch. - Media: Prevent CSRF setting attachment thumbnails. - Embeds: Add protocol validation for WordPress Embed code. - I18N: Introduce sanitization function for locale. - Editor: Ensure block comments are of a valid form. Merges [55760-55764] to the 5.7 branch. Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad. Built from https://develop.svn.wordpress.org/branches/5.7@55778 git-svn-id: http://core.svn.wordpress.org/branches/5.7@55290 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2023-05-16 15:37:10 +00:00
desrosj	05f174acf6	Build/Test Tools: Update UglifyJS to the latest version. This updates the `uglify-js` package from version `3.6.0` to `3.12.4`. See #51801. Built from https://develop.svn.wordpress.org/trunk@49940 git-svn-id: http://core.svn.wordpress.org/trunk@49639 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2021-01-06 15:29:24 +00:00
Sergey Biryukov	49007e52bc	Build/Test Tools: Add banner to RTL CSS and minified JS files. Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto-generated. This is a follow-up to [41271], which added the banner to minified CSS files. Fixes #48424. See #30666. Built from https://develop.svn.wordpress.org/trunk@46589 git-svn-id: http://core.svn.wordpress.org/trunk@46386 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2019-10-26 00:17:07 +00:00
Aaron Jorbin	0e21d32900	Build/Test: Bump devDependencies for WordPress 5.3 This upgrades a number of devDependencies. Some of these include changes to how the tasks are configured. Uglify: There are deprecated options from 2.x to 4.x, see: https://github.com/gruntjs/grunt-contrib-uglify#options Autoprefixer: Browserslist now warns when passing in the browser list, so that is put into package.json As with most changes to uglify, this changes every minified JS file. Fixes #48203. Built from https://develop.svn.wordpress.org/trunk@46408 git-svn-id: http://core.svn.wordpress.org/trunk@46206 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2019-10-05 19:49:10 +00:00
Sergey Biryukov	e1b0d4ed7a	Embeds: After [43593], move the new check to a separate line to avoid `test_js_no_ampersands_in_compiled` failure caused by UglifyJS task. See #44832. Built from https://develop.svn.wordpress.org/trunk@43597 git-svn-id: http://core.svn.wordpress.org/trunk@43426 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-08-30 12:40:26 +00:00
Sergey Biryukov	07e2fba981	Embeds: Avoid a JS error in `wp.receiveEmbedMessage` if `data` parameter is not set. Props dsifford, kadamwhite. Fixes #44832. Built from https://develop.svn.wordpress.org/trunk@43593 git-svn-id: http://core.svn.wordpress.org/trunk@43422 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-08-30 10:30:24 +00:00
Pascal Birchler	98e8bf7ba2	Embeds: Correctly remove security attribute from iframes in IE 10 and IE 11. This was originally added in 4.4, but presumably broke with [35708], which prevented these browsers from actually reaching the relevant code section. Let's make embeds work again in IE 10 and IE 11. Fixes #38694. Built from https://develop.svn.wordpress.org/trunk@39347 git-svn-id: http://core.svn.wordpress.org/trunk@39287 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2016-11-23 13:38:33 +00:00
Aaron Jorbin	32be6f7bb7	Bump grunt-contrib-uglify from 1.0.1 to 2.0.0 Sets `screwIE8` to false as it is now enabled by default Files Changed: build/wp-admin/js/customize-nav-menus.min.js build/wp-admin/js/customize-widgets.min.js build/wp-includes/js/customize-loader.min.js Changelog: 2016-07-19 v2.0.0 Update uglify-js to v2.7.0. screwIE8 is enabled by default. 2016-07-19 v1.0.2 Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values. See #38199. Built from https://develop.svn.wordpress.org/trunk@39117 git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2016-11-03 05:40:34 +00:00
Pascal Birchler	0425e01d21	Embeds: Use a more accessible way to initially hide the iframe. This fixes a bug in Firefox where assets inside the iframe aren't being displayed because they have no computed style. See #35894. Built from https://develop.svn.wordpress.org/trunk@36708 git-svn-id: http://core.svn.wordpress.org/trunk@36675 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2016-02-25 10:23:27 +00:00
Pascal Birchler	383c422527	Embeds: Only display an iframe when it was successfully loaded. This prevents showing a blank iframe by first checking if a message was successfully received from it. Fixes #35894. Built from https://develop.svn.wordpress.org/trunk@36648 git-svn-id: http://core.svn.wordpress.org/trunk@36615 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2016-02-23 20:23:25 +00:00
Scott Taylor	8cf8e2c66d	WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances. In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped. In theory, this could lead to some broken embeds. Props mdawaffe. Fixes #34831. Built from https://develop.svn.wordpress.org/trunk@35761 git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-12-03 20:17:25 +00:00
Gary Pendergast	603d3c0013	Embeds: Remove `&` characters from the inline embed JS. Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is. Props pento, peterwilsoncc. See #34698. Built from https://develop.svn.wordpress.org/trunk@35708 git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-11-19 23:06:26 +00:00
Gary Pendergast	a2349a2377	Embeds: Fix support for embedding in non-WordPress sites. This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour. Props swissspidy. Fixes #34451. Built from https://develop.svn.wordpress.org/trunk@35577 git-svn-id: http://core.svn.wordpress.org/trunk@35541 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-11-09 00:08:27 +00:00
Scott Taylor	382d455235	WP oEmbed: Improve height attribute sanitization Props afercia, swissspidy. Fixes #34527. Built from https://develop.svn.wordpress.org/trunk@35478 git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-10-31 20:39:25 +00:00
Gary Pendergast	21393df10e	Embeds: Add fallbacks for IE7-9. Older IE versions need just that little bit of extra tender care to keep them going. Props peterwilsoncc, swissspidy, pento. Fixes #34204. Built from https://develop.svn.wordpress.org/trunk@35466 git-svn-id: http://core.svn.wordpress.org/trunk@35430 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-10-31 04:38:25 +00:00
Gary Pendergast	368e5f9fc3	Embeds: Provide a cached text fallback. Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post. Fixes #34462. Built from https://develop.svn.wordpress.org/trunk@35437 git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-10-29 23:11:24 +00:00
Sergey Biryukov	a908d2d4b1	Embeds: Rename files, functions, and hooks added in [34903] to make it more clear what is oEmbed-specific and what isn't. See https://core.trac.wordpress.org/ticket/34272#comment:7 for full list of renamed functions and hooks. Props swissspidy. Fixes #34272. Built from https://develop.svn.wordpress.org/trunk@35235 git-svn-id: http://core.svn.wordpress.org/trunk@35201 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2015-10-17 01:21:25 +00:00