iandunn
0fc5160483
KSES: Make the URI attributes DRY.
...
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.
Merges [44014] and [44017] to the `4.4` branch.
Built from https://develop.svn.wordpress.org/branches/4.4@44035
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 00:59:19 +00:00
Peter Wilson
18e6420dff
Multisite: Improve messaging for previously activated users.
...
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.
Merges [44021] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@44030
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 00:50:20 +00:00
Gary Pendergast
9d99fdce47
KSES: Conditionally remove the <form>
element from $allowedposttags
.
...
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.
Merges [43994] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@44003
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:36:20 +00:00
Jeremy Felt
60dacc5deb
Media: Improve verification of MIME file types.
...
Merges [43988] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@43995
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:14:21 +00:00
Aaron Campbell
40f9e10d03
Bump 4.4 branch to version 4.4.16
...
Built from https://develop.svn.wordpress.org/branches/4.4@43412
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:12:48 +00:00
John Blackbourn
82dc7df085
Media: Limit thumbnail file deletions to the same directory as the original file.
...
Merges [43393] into the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@43398
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:57:24 +00:00
Aaron Campbell
77061065b4
Bump 4.4 branch to version 4.4.15
...
Built from https://develop.svn.wordpress.org/branches/4.4@42938
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:30:01 +00:00
Dominik Schilling
1816f1c364
Template: Make sure the version string is correctly escaped for use in attributes.
...
Merge of [42893] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@42922
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 16:08:38 +00:00
Dion Hulse
fbefbce5ea
Bump the 4.4 branch to 4.4.14.
...
Built from https://develop.svn.wordpress.org/branches/4.4@42499
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:42:38 +00:00
Dion Hulse
e462191652
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
...
Merges [42478] to the 4.4 branch.
Fixes #42720 for 4.4.
Built from https://develop.svn.wordpress.org/branches/4.4@42482
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:09:32 +00:00
John Blackbourn
448ccd4397
Bump 4.4 branch to version 4.4.13.
...
Built from https://develop.svn.wordpress.org/branches/4.4@42321
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:01:31 +00:00
John Blackbourn
4fac456d88
Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html
capability.
...
Merges [42261] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@42287
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:30:31 +00:00
John Blackbourn
94ed06c3c0
Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
...
Merges [42260] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@42286
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:29:31 +00:00
John Blackbourn
5f6f29f00a
Hardening: Add escaping to the language attributes used on html
elements.
...
Merges [42259] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@42285
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:29:00 +00:00
Dion Hulse
5da6b7c200
WPDB: Check that AUTH_SALT
is not empty, Fix a PHP notice when AUTH_SALT
is undefined.
...
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.4 branch.
Fixes #42431 and #42401 for 4.4.
Built from https://develop.svn.wordpress.org/branches/4.4@42234
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:11:03 +00:00
Gary Pendergast
2f96a03e6c
Bump 4.4 branch to version 4.4.12.
...
Built from https://develop.svn.wordpress.org/branches/4.4@42073
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:26:30 +00:00
Gary Pendergast
aec6946594
Database: Restore numbered placeholders in wpdb::prepare()
.
...
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.4 branch.
See #41925 .
Built from https://develop.svn.wordpress.org/branches/4.4@42061
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 12:46:31 +00:00
Dominik Schilling
a80bb4a686
Bump 4.4 branch to version 4.4.11.
...
Built from https://develop.svn.wordpress.org/branches/4.4@41514
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:02:00 +00:00
Aaron Campbell
a89b23a75a
Database: Hardening to bring wpdb::prepare()
inline with documentation.
...
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41501
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:15:37 +00:00
Aaron Campbell
5a0f95b6cf
Database: Don’t trigger _doing_it_wrong()
for null values in wpdb::prepare()
.
...
While `wpdb::prepare()` does not support null values (see #12819 ) they still appear in the wild like in the WordPress Importer and other plugins.
Merges [41483] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41488
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:24:03 +00:00
Aaron Campbell
45280bda66
Database: Hardening for wpdb::prepare()
...
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41475
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:02:30 +00:00
Aaron Campbell
78462a6178
oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
...
Merges [41448] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41455
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:51:01 +00:00
Dominik Schilling
2603a8b4d6
TinyMCE: Improve the previews for shortcodes.
...
Merge of [41395] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41439
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:43:37 +00:00
Dominik Schilling
c448e53286
Customize: Ensure valid themes in the preview.
...
Merge of [41397] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41433
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:52:37 +00:00
Dominik Schilling
6b08998219
Editor: Prevent adding javascript:
and data:
URLs through the inline link dialog.
...
Merge of [41393] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41404
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:31 +00:00
John Blackbourn
866662a9fd
General: Backport PHP 7.1 fixes to the 4.4 branch to avoid fatal errors and warnings.
...
See #41135
Built from https://develop.svn.wordpress.org/branches/4.4@41129
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-24 22:27:31 +00:00
Aaron Campbell
13db27bb7b
Bump 4.7 branch to version 4.4.10.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40751
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:51:30 +00:00
Pascal Birchler
9f7f4e5848
Media: Simplify upload error message construction.
...
Merges [40736] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40740
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:01 +00:00
Dominik Schilling
db7b82e90a
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40708
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:17:32 +00:00
Pascal Birchler
3ad4757088
Adjust post meta checks
...
Merges [40692] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40696
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:51:31 +00:00
Pascal Birchler
ad081ea634
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40681
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:21:01 +00:00
Pascal Birchler
96a0557865
Bump 4.4 branch to version 4.4.9.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40490
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:24:32 +00:00
James Nylen
b96b3f4d38
Bump 4.4 branch to version 4.4.8.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40205
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:23:31 +00:00
Aaron Campbell
442a4f4936
Strip control characters before validating redirect.
...
Merges [40183] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40187
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:43:31 +00:00
Dominik Schilling
3f478808ae
Embeds: URL encode YouTube video IDs for broader compatibility.
...
Merge of [40160] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40164
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:34 +00:00
Aaron Campbell
df7d68c218
Bump 4.4 branch to version 4.4.7.
...
Built from https://develop.svn.wordpress.org/branches/4.4@39999
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:23:31 +00:00
Dominik Schilling
bda00ecf73
Query: Ensure that queries work correctly with post type names with special characters.
...
Merge of [39952] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39959
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:03 +00:00
Aaron Campbell
7fcfc68c0b
Bump 4.4 branch to version 4.4.6.
...
Built from https://develop.svn.wordpress.org/branches/4.4@39863
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:56:29 +00:00
Joe McGill
af0a3c59d1
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39854
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:31 +00:00
Joe McGill
47bc8e98bd
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39835
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:16:32 +00:00
Dominik Schilling
26c8103030
Themes: Fix markup for theme name fallbacks.
...
Merge of [39807] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39812
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:10:35 +00:00
Jeremy Felt
e6a894dc68
Multisite: Use wp_rand()
in signup key creation.
...
Merges [39795] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39799
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:02 +00:00
Dion Hulse
2fb6c7ae35
Update PHPMailer to 5.2.22.
...
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22
Merges [39759] to the 4.4 branch.
Fixes #37210 for 4.4.
Built from https://develop.svn.wordpress.org/branches/4.4@39787
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:24:00 +00:00
Dion Hulse
891d7effb0
Mail: Upgrade PHPMailer to 5.2.21.
...
Merges [39645] to the 4.4 branch.
See #37210 .
Built from https://develop.svn.wordpress.org/branches/4.4@39724
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:05:06 +00:00
Jeremy Felt
6f2d676f76
Bump 4.4 branch to 4.4.5.
...
Built from https://develop.svn.wordpress.org/branches/4.4@38551
git-svn-id: http://core.svn.wordpress.org/branches/4.4@38494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:58:58 +00:00
Gary Pendergast
1d21012923
The 4.4 branch is now 4.4.5-alpha.
...
Built from https://develop.svn.wordpress.org/branches/4.4@37935
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 06:22:28 +00:00
Boone Gorges
74ef49671f
Bump 4.4 branch to 4.4.4.
...
Built from https://develop.svn.wordpress.org/branches/4.4@37829
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:21:26 +00:00
Joe McGill
f68837fd6f
Media: Improve handling of extensionless filenames.
...
Merge of [37756] to the 4.4 branch.
See #37111 .
Built from https://develop.svn.wordpress.org/branches/4.4@37810
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:53:31 +00:00
Pascal Birchler
0a517e47ec
Embeds: Improve performance when embedding a post from the current site.
...
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.
Merge of [37708], [37710] and [37729] to the 4.4 branch.
Fixes #36767 .
Built from https://develop.svn.wordpress.org/branches/4.4@37798
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:42:29 +00:00
Nikolay Bachiyski
e22ceae1b7
Admin: Escape attachment name in case it contains special characters
...
Merge of [37774] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37785
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:24:27 +00:00