Commit Graph

18062 Commits

Author SHA1 Message Date
Aaron Campbell
0f6c066275 Bump 4.3 branch to version 4.3.16
Built from https://develop.svn.wordpress.org/branches/4.3@42939


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:30:26 +00:00
Dominik Schilling
9adb5428e9 Template: Make sure the version string is correctly escaped for use in attributes.
Merge of [42893] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42923


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 16:09:03 +00:00
Dion Hulse
2f6ab42321 Bump the 4.3 branch to 4.3.15.
Built from https://develop.svn.wordpress.org/branches/4.3@42500


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:43:27 +00:00
Dion Hulse
8b6b82d51e External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.3 branch.
Fixes #42720 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42483


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:10:28 +00:00
John Blackbourn
d36d7535ef Bump 4.3 branch to version 4.3.14.
Built from https://develop.svn.wordpress.org/branches/4.3@42322


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:01:56 +00:00
John Blackbourn
9bde3962d9 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Merges [42261] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42291


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:32:55 +00:00
John Blackbourn
599b8a9765 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42290


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:32:31 +00:00
John Blackbourn
e7c75e3542 Hardening: Add escaping to the language attributes used on html elements.
Merges [42259] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42289


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:31:22 +00:00
Dion Hulse
6c16725459 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined.
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42235


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:12:26 +00:00
Gary Pendergast
b4ba20d05a Bump 4.3 branch to version 4.3.13.
Built from https://develop.svn.wordpress.org/branches/4.3@42074


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:33:26 +00:00
Gary Pendergast
8227bf664f Database: Restore numbered placeholders in wpdb::prepare().
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.3 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.3@42062


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:49:26 +00:00
Dominik Schilling
1aff8f778b Bump 4.3 branch to version 4.3.12.
Built from https://develop.svn.wordpress.org/branches/4.3@41515


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:02:26 +00:00
Aaron Campbell
6e1daaea02 Database: Hardening to bring wpdb::prepare() inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41502


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:28:25 +00:00
Aaron Campbell
0ca1d61d97 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare().
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41489


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:25:25 +00:00
Aaron Campbell
a5edf110c0 Database: Hardening for wpdb::prepare()
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41476


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:02:55 +00:00
Dominik Schilling
6fbcd8620a TinyMCE: Improve the previews for shortcodes.
Merge of [41395] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41440


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:44:02 +00:00
Dominik Schilling
83db96006c Editor: Prevent adding javascript: and data: URLs through the inline link dialog.
Merge of [41393] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41405


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:57 +00:00
Aaron Campbell
95b51d858b Bump 4.3 branch to version 4.3.11.
Built from https://develop.svn.wordpress.org/branches/4.3@40752


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:51:55 +00:00
Pascal Birchler
bb73cd874b Media: Simplify upload error message construction.
Merges [40736] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40741


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:27 +00:00
Dominik Schilling
33bf516808 Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40709


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:18:26 +00:00
Pascal Birchler
a21c779e19 Adjust post meta checks
Merges [40692] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40697


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:52:26 +00:00
Pascal Birchler
51f3fe2909 Whitelist post arguments in XML-RPC
Merges [40677] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40682


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:22:27 +00:00
Pascal Birchler
1897b61ccb Bump 4.3 branch to version 4.3.10.
Built from https://develop.svn.wordpress.org/branches/4.3@40491


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:25:27 +00:00
James Nylen
a5ea8d5b6e Bump 4.3 branch to version 4.3.9.
Built from https://develop.svn.wordpress.org/branches/4.3@40206


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:28:25 +00:00
Aaron Campbell
6751b328d9 Strip control characters before validating redirect.
Merges [40183] to 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40188


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:43:55 +00:00
Dominik Schilling
46c23960dc Embeds: URL encode YouTube video IDs for broader compatibility.
Merge of [40160] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40165


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:59 +00:00
Aaron Campbell
d9d2157746 Bump 4.3 branch to version 4.3.8.
Built from https://develop.svn.wordpress.org/branches/4.3@40000


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:24:27 +00:00
Dominik Schilling
f6e6b58725 Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39960


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:29 +00:00
Aaron Campbell
b1b62d3ccd Bump 4.3 branch to version 4.3.7.
Built from https://develop.svn.wordpress.org/branches/4.3@39864


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:57:25 +00:00
Joe McGill
90cd7353b3 Media: Fix exif_imagetype check in wp_get_image_mime
This is a follow up to [39831].

Merges [39850] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39855


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:56 +00:00
Joe McGill
abebce20a6 Media: Improve image filetype checking.
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39836


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:17:24 +00:00
Dominik Schilling
624ab728c7 Themes: Fix markup for theme name fallbacks.
Merge of [39807] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39813


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:11:26 +00:00
Jeremy Felt
a06e0059b1 Multisite: Use wp_rand() in signup key creation.
Merges [39795] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39800


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:27 +00:00
Dion Hulse
ed440a7cf4 Update PHPMailer to 5.2.22.
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.3 branch.
Fixes #37210 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@39788


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:24:24 +00:00
Dion Hulse
86a3e6e871 Mail: Upgrade PHPMailer to 5.2.21.
Merges [39645], [36083] to the 4.3 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.3@39725


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:05:31 +00:00
Jeremy Felt
180d083620 Bump 4.3 branch to 4.3.6.
Built from https://develop.svn.wordpress.org/branches/4.3@38552


git-svn-id: http://core.svn.wordpress.org/branches/4.3@38495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:59:23 +00:00
Boone Gorges
a240058e32 Bump 4.3 branch to 4.3.5.
Built from https://develop.svn.wordpress.org/branches/4.3@37830


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:33:25 +00:00
Joe McGill
89394fe908 Media: Improve handling of extensionless filenames.
Merge of [37756] to the 4.3 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.3@37814


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:55:52 +00:00
Nikolay Bachiyski
a0e40393b4 Admin: Escape attachment name in case it contains special characters
Merge of [37774] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@37786


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:25:24 +00:00
Jeremy Felt
a939b84057 Admin: Allow for the consistent filtering of auth_redirect_scheme
Merge of [37651] to the 4.3 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.3@37760


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:12:19 +00:00
Dominik Schilling
4b5e93ba40 Bump 4.3 branch to 4.3.4.
Built from https://develop.svn.wordpress.org/branches/4.3@37386


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:12:22 +00:00
Nikolay Bachiyski
f1f6b9c2d6 External Libraries: Update plupload from upstream
Built from https://develop.svn.wordpress.org/branches/4.3@37380


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:00:24 +00:00
Dominik Schilling
032feff801 External Libraries: Update MediaElement.js from upstream.
Merge of [37370] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37374


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:54:33 +00:00
Nikolay Bachiyski
7da41242f9 Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@37136


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:23:24 +00:00
Dominik Schilling
9046c96d95 HTTP: Improve detection of valid IP addresses.
Merge of [37115] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37117


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:51:47 +00:00
Nikolay Bachiyski
9631f83b6f Snoopy: use escapeshellarg instead of escapeshellcmd
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

Built from https://develop.svn.wordpress.org/branches/4.3@37096


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:05:24 +00:00
Dominik Schilling
dd8b7de724 Bump 4.3 branch to 4.3.3.
Built from https://develop.svn.wordpress.org/branches/4.3@36456


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:28:22 +00:00
Dominik Schilling
eb0bd01048 Better validation of the URL used in HTTP redirects.
Merges [36444] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36448


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36415 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:59:51 +00:00
Dominik Schilling
224efaf1e0 HTTP: 0.1.2.3 is not a valid IP.
Merges [36435] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36437


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:03:51 +00:00
Dominik Schilling
f6115d3bfe Bump 4.3 branch to 4.3.2.
Built from https://develop.svn.wordpress.org/branches/4.3@36197


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:48:22 +00:00