Aaron Campbell
0f6c066275
Bump 4.3 branch to version 4.3.16
...
Built from https://develop.svn.wordpress.org/branches/4.3@42939
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:30:26 +00:00
Dominik Schilling
9adb5428e9
Template: Make sure the version string is correctly escaped for use in attributes.
...
Merge of [42893] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@42923
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 16:09:03 +00:00
Dion Hulse
2f6ab42321
Bump the 4.3 branch to 4.3.15.
...
Built from https://develop.svn.wordpress.org/branches/4.3@42500
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:43:27 +00:00
Dion Hulse
8b6b82d51e
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
...
Merges [42478] to the 4.3 branch.
Fixes #42720 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@42483
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:10:28 +00:00
John Blackbourn
d36d7535ef
Bump 4.3 branch to version 4.3.14.
...
Built from https://develop.svn.wordpress.org/branches/4.3@42322
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:01:56 +00:00
John Blackbourn
9bde3962d9
Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html
capability.
...
Merges [42261] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@42291
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:32:55 +00:00
John Blackbourn
599b8a9765
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
...
Merges [42260] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@42290
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:32:31 +00:00
John Blackbourn
e7c75e3542
Hardening: Add escaping to the language attributes used on html
elements.
...
Merges [42259] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@42289
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:31:22 +00:00
Dion Hulse
6c16725459
WPDB: Check that AUTH_SALT
is not empty, Fix a PHP notice when AUTH_SALT
is undefined.
...
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@42235
git-svn-id: http://core.svn.wordpress.org/branches/4.3@42064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:12:26 +00:00
Gary Pendergast
b4ba20d05a
Bump 4.3 branch to version 4.3.13.
...
Built from https://develop.svn.wordpress.org/branches/4.3@42074
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:33:26 +00:00
Gary Pendergast
8227bf664f
Database: Restore numbered placeholders in wpdb::prepare()
.
...
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.3 branch.
See #41925 .
Built from https://develop.svn.wordpress.org/branches/4.3@42062
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:49:26 +00:00
Dominik Schilling
1aff8f778b
Bump 4.3 branch to version 4.3.12.
...
Built from https://develop.svn.wordpress.org/branches/4.3@41515
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:02:26 +00:00
Aaron Campbell
6e1daaea02
Database: Hardening to bring wpdb::prepare()
inline with documentation.
...
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@41502
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:28:25 +00:00
Aaron Campbell
0ca1d61d97
Database: Don’t trigger _doing_it_wrong()
for null values in wpdb::prepare()
.
...
While `wpdb::prepare()` does not support null values (see #12819 ) they still appear in the wild like in the WordPress Importer and other plugins.
Merges [41483] to 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@41489
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:25:25 +00:00
Aaron Campbell
a5edf110c0
Database: Hardening for wpdb::prepare()
...
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@41476
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:02:55 +00:00
Dominik Schilling
6fbcd8620a
TinyMCE: Improve the previews for shortcodes.
...
Merge of [41395] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@41440
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:44:02 +00:00
Dominik Schilling
83db96006c
Editor: Prevent adding javascript:
and data:
URLs through the inline link dialog.
...
Merge of [41393] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@41405
git-svn-id: http://core.svn.wordpress.org/branches/4.3@41238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:57 +00:00
Aaron Campbell
95b51d858b
Bump 4.3 branch to version 4.3.11.
...
Built from https://develop.svn.wordpress.org/branches/4.3@40752
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:51:55 +00:00
Pascal Birchler
bb73cd874b
Media: Simplify upload error message construction.
...
Merges [40736] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40741
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:27 +00:00
Dominik Schilling
33bf516808
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40709
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:18:26 +00:00
Pascal Birchler
a21c779e19
Adjust post meta checks
...
Merges [40692] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40697
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:52:26 +00:00
Pascal Birchler
51f3fe2909
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40682
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:22:27 +00:00
Pascal Birchler
1897b61ccb
Bump 4.3 branch to version 4.3.10.
...
Built from https://develop.svn.wordpress.org/branches/4.3@40491
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:25:27 +00:00
James Nylen
a5ea8d5b6e
Bump 4.3 branch to version 4.3.9.
...
Built from https://develop.svn.wordpress.org/branches/4.3@40206
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:28:25 +00:00
Aaron Campbell
6751b328d9
Strip control characters before validating redirect.
...
Merges [40183] to 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40188
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:43:55 +00:00
Dominik Schilling
46c23960dc
Embeds: URL encode YouTube video IDs for broader compatibility.
...
Merge of [40160] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40165
git-svn-id: http://core.svn.wordpress.org/branches/4.3@40104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:59 +00:00
Aaron Campbell
d9d2157746
Bump 4.3 branch to version 4.3.8.
...
Built from https://develop.svn.wordpress.org/branches/4.3@40000
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:24:27 +00:00
Dominik Schilling
f6e6b58725
Query: Ensure that queries work correctly with post type names with special characters.
...
Merge of [39952] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39960
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:29 +00:00
Aaron Campbell
b1b62d3ccd
Bump 4.3 branch to version 4.3.7.
...
Built from https://develop.svn.wordpress.org/branches/4.3@39864
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:57:25 +00:00
Joe McGill
90cd7353b3
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39855
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:56 +00:00
Joe McGill
abebce20a6
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39836
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:17:24 +00:00
Dominik Schilling
624ab728c7
Themes: Fix markup for theme name fallbacks.
...
Merge of [39807] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39813
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:11:26 +00:00
Jeremy Felt
a06e0059b1
Multisite: Use wp_rand()
in signup key creation.
...
Merges [39795] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39800
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:27 +00:00
Dion Hulse
ed440a7cf4
Update PHPMailer to 5.2.22.
...
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22
Merges [39759] to the 4.3 branch.
Fixes #37210 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@39788
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:24:24 +00:00
Dion Hulse
86a3e6e871
Mail: Upgrade PHPMailer to 5.2.21.
...
Merges [39645], [36083] to the 4.3 branch.
See #37210 .
Built from https://develop.svn.wordpress.org/branches/4.3@39725
git-svn-id: http://core.svn.wordpress.org/branches/4.3@39665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:05:31 +00:00
Jeremy Felt
180d083620
Bump 4.3 branch to 4.3.6.
...
Built from https://develop.svn.wordpress.org/branches/4.3@38552
git-svn-id: http://core.svn.wordpress.org/branches/4.3@38495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:59:23 +00:00
Boone Gorges
a240058e32
Bump 4.3 branch to 4.3.5.
...
Built from https://develop.svn.wordpress.org/branches/4.3@37830
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:33:25 +00:00
Joe McGill
89394fe908
Media: Improve handling of extensionless filenames.
...
Merge of [37756] to the 4.3 branch.
See #37111 .
Built from https://develop.svn.wordpress.org/branches/4.3@37814
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:55:52 +00:00
Nikolay Bachiyski
a0e40393b4
Admin: Escape attachment name in case it contains special characters
...
Merge of [37774] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37786
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:25:24 +00:00
Jeremy Felt
a939b84057
Admin: Allow for the consistent filtering of auth_redirect_scheme
...
Merge of [37651] to the 4.3 branch.
See #37047 .
Built from https://develop.svn.wordpress.org/branches/4.3@37760
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:12:19 +00:00
Dominik Schilling
4b5e93ba40
Bump 4.3 branch to 4.3.4.
...
Built from https://develop.svn.wordpress.org/branches/4.3@37386
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:12:22 +00:00
Nikolay Bachiyski
f1f6b9c2d6
External Libraries: Update plupload from upstream
...
Built from https://develop.svn.wordpress.org/branches/4.3@37380
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:00:24 +00:00
Dominik Schilling
032feff801
External Libraries: Update MediaElement.js from upstream.
...
Merge of [37370] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37374
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:54:33 +00:00
Nikolay Bachiyski
7da41242f9
Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
...
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.
Merge of [37133] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37136
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:23:24 +00:00
Dominik Schilling
9046c96d95
HTTP: Improve detection of valid IP addresses.
...
Merge of [37115] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37117
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:51:47 +00:00
Nikolay Bachiyski
9631f83b6f
Snoopy: use escapeshellarg instead of escapeshellcmd
...
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.
Built from https://develop.svn.wordpress.org/branches/4.3@37096
git-svn-id: http://core.svn.wordpress.org/branches/4.3@37063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:05:24 +00:00
Dominik Schilling
dd8b7de724
Bump 4.3 branch to 4.3.3.
...
Built from https://develop.svn.wordpress.org/branches/4.3@36456
git-svn-id: http://core.svn.wordpress.org/branches/4.3@36423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:28:22 +00:00
Dominik Schilling
eb0bd01048
Better validation of the URL used in HTTP redirects.
...
Merges [36444] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36448
git-svn-id: http://core.svn.wordpress.org/branches/4.3@36415 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:59:51 +00:00
Dominik Schilling
224efaf1e0
HTTP: 0.1.2.3
is not a valid IP.
...
Merges [36435] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36437
git-svn-id: http://core.svn.wordpress.org/branches/4.3@36404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:03:51 +00:00
Dominik Schilling
f6115d3bfe
Bump 4.3 branch to 4.3.2.
...
Built from https://develop.svn.wordpress.org/branches/4.3@36197
git-svn-id: http://core.svn.wordpress.org/branches/4.3@36164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:48:22 +00:00