Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-07-04 18:55:31 +02:00
Code Issues Projects Releases Wiki Activity
36,771 Commits 49 Branches 744 Tags 845 MiB
03c2d89d0a
Commit Graph

36771 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
desrosj
03c2d89d0a WordPress 4.8.15. 
Built from https://develop.svn.wordpress.org/branches/4.8@49416


git-svn-id: http://core.svn.wordpress.org/branches/4.8@49175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:39:27 +00:00
whyisjake
2544e89df4 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.8 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.8@49398


git-svn-id: http://core.svn.wordpress.org/branches/4.8@49157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 18:55:23 +00:00
Sergey Biryukov
f175cf83a7 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.8 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.8@48250


git-svn-id: http://core.svn.wordpress.org/branches/4.8@48019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:50:46 +00:00
desrosj
499c907011 WordPress 4.8.14. 
Built from https://develop.svn.wordpress.org/branches/4.8@47995


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:37:26 +00:00
whyisjake
27f0839d04 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.8 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.8@47980


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:56:52 +00:00
Sergey Biryukov
f501f7d79b Update the About page for WordPress 4.8.13 
Built from https://develop.svn.wordpress.org/branches/4.8@47698


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:35:07 +00:00
desrosj
049d99e977 WordPress 4.8.13 
Built from https://develop.svn.wordpress.org/branches/4.8@47672


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:01:18 +00:00
whyisjake
166492f860 Customize: Add additional filters to Customizer to prevent JSON corruption. 
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.8 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.8@47649


git-svn-id: http://core.svn.wordpress.org/branches/4.8@47424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:19:21 +00:00
Sergey Biryukov
9548cae7ec WordPress 4.8.12 
Built from https://develop.svn.wordpress.org/branches/4.8@46925


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:28:21 +00:00
Sergey Biryukov
b12e78ee0b Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Brings r46893 to the 4.8 branch.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.8 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.8@46917


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:54:21 +00:00
desrosj
c359dde932 WordPress 4.8.11. 
Built from https://develop.svn.wordpress.org/branches/4.8@46512


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:09:50 +00:00
whyisjake
20821b59c0 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@46494


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 18:45:23 +00:00
desrosj
0f9e4ca0a2 WordPress 4.8.10. 
Built from https://develop.svn.wordpress.org/branches/4.8@46042


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:05:29 +00:00
Andrew Ozz
8c59b4a3c2 jQuery: Backport the patch from jQuery 3.4.0. 
Merges [45342] to the 4.8 branch.

Props MikeNGarrett, peterwilsoncc, azaozz.
Fixes #47020.
Built from https://develop.svn.wordpress.org/branches/4.8@46021


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:45:54 +00:00
desrosj
fdc41b55e7 Fix for URL sanitization in wp_kses_bad_protocol_once(). 
Merges [45997] to the 4.8 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.8@46006


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:39:27 +00:00
Sergey Biryukov
f76869ca2f Improve handling the existing rel attribute in wp_rel_nofollow_callback(). 
Merges [45990] to the 4.8 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.8@45995


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:48:46 +00:00
Sergey Biryukov
7b4f9a5118 Improve URL validation in wp_validate_redirect(). 
Merges [45971] to the 4.8 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.8@45976


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:11:21 +00:00
whyisjake
1242539c0e Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.8 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.8@45949


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:36:45 +00:00
Sergey Biryukov
33f4539c6e Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 4.8 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.8@45944


git-svn-id: http://core.svn.wordpress.org/branches/4.8@45755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:31:23 +00:00
Gary Pendergast
b3a9479bd3 WordPress 4.8.9 
Built from https://develop.svn.wordpress.org/branches/4.8@44870


git-svn-id: http://core.svn.wordpress.org/branches/4.8@44701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:05:20 +00:00
Sergey Biryukov
a32075cd83 Comments: Improve comment content filtering. 
Merges [44842] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@44846


git-svn-id: http://core.svn.wordpress.org/branches/4.8@44678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:35:20 +00:00
Sergey Biryukov
010a30cf09 Formatting: Improve rel="nofollow" handling in comments. 
Merges [44833] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@44837


git-svn-id: http://core.svn.wordpress.org/branches/4.8@44669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:21:23 +00:00
Jeremy Felt
d86c7ad402 Bump 4.8 branch to version 4.8.8. 
Built from https://develop.svn.wordpress.org/branches/4.8@44079


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:13:20 +00:00
Gary Pendergast
7bd776bdb3 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.8 branch.


Built from https://develop.svn.wordpress.org/branches/4.8@44055


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:40:21 +00:00
Peter Wilson
dfc71aee34 Multisite: Validate activation links. 
Merges [44048] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@44052


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:35:21 +00:00
Peter Wilson
a5be721238 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@44025


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:37:22 +00:00
iandunn
1bb4687f0b KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@44023


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:33:20 +00:00
Gary Pendergast
e00499f8df KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@43999


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:20:23 +00:00
Jeremy Felt
b20bad3d40 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@43990


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:04:22 +00:00
Aaron Campbell
ad514185cd Bump 4.8 branch to version 4.8.7 
Built from https://develop.svn.wordpress.org/branches/4.8@43408


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:11:22 +00:00
John Blackbourn
dc4313f798 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@43394


git-svn-id: http://core.svn.wordpress.org/branches/4.8@43222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 14:48:23 +00:00
Aaron Campbell
b9381e6229 Bump 4.8 branch to version 4.8.6 
Built from https://develop.svn.wordpress.org/branches/4.8@42934


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:23:31 +00:00
Dominik Schilling
ae68925e49 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42918


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:06:33 +00:00
Dominik Schilling
62ccb52bbc Meta: Simplify the delete all meta query in delete_metadata(). 
Built from https://develop.svn.wordpress.org/branches/4.8@42913


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:40:32 +00:00
Dominik Schilling
54e04cd70e HTTP: Don't treat localhost as same host by default. 
Merge of [42894] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42909


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:36:15 +00:00
Dominik Schilling
4f2919a7ef Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42896


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:29:34 +00:00
Sergey Biryukov
86c462ab7e General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.8 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.8@42553


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:25:33 +00:00
Dion Hulse
d75574cd84 Bump the 4.8 branch to 4.8.5. 
Built from https://develop.svn.wordpress.org/branches/4.8@42495


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:39:32 +00:00
Dion Hulse
726b806eab External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Fixes #42720 for 4.8.

Built from https://develop.svn.wordpress.org/branches/4.8@42478


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:02:34 +00:00
Dion Hulse
53c05552f3 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.8 branch.
Fixes #42963 for 4.8.

Built from https://develop.svn.wordpress.org/branches/4.8@42466


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:53:33 +00:00
John Blackbourn
9222292ccb Bump 4.8 branch to version 4.8.4. 
Built from https://develop.svn.wordpress.org/branches/4.8@42317


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 18:57:33 +00:00
John Blackbourn
47c076a77b Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42271


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:16:05 +00:00
John Blackbourn
3995f1e60f Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42270


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:15:34 +00:00
John Blackbourn
c5713fc570 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42269


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:14:07 +00:00
John Blackbourn
2aba074c5b Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42268


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:13:35 +00:00
John Blackbourn
8101b2aa4d Users: Correct the value of the lang attribute in the admin area. 
This corrects the value when the user's language is set to `English (United States)` but the site language is not.

Props ocean90, afercia

See #42242

Merges [42220] to the 4.8 branch.

Built from https://develop.svn.wordpress.org/branches/4.8@42262


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:05:34 +00:00
Dion Hulse
9eb5084390 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.8 branch.
Fixes #42431 and #42401 for 4.8.

Built from https://develop.svn.wordpress.org/branches/4.8@42230


git-svn-id: http://core.svn.wordpress.org/branches/4.8@42059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:07:34 +00:00
Dion Hulse
5f52157d46 Bump Akismet external to 4.0.1. 
git-svn-id: http://core.svn.wordpress.org/branches/4.8@41951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-07 03:10:32 +00:00
Gary Pendergast
3fdaf059b9 Bump 4.8 branch to version 4.8.3. 
Built from https://develop.svn.wordpress.org/branches/4.8@42069


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:07:32 +00:00
Gary Pendergast
a59f4bc10f Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.8 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.8@42057


git-svn-id: http://core.svn.wordpress.org/branches/4.8@41886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:23:33 +00:00