Commit Graph

40662 Commits

Author SHA1 Message Date
Sergey Biryukov
31270d4511 WordPress 5.3.6.
Built from https://develop.svn.wordpress.org/branches/5.3@49460


git-svn-id: http://core.svn.wordpress.org/branches/5.3@49219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 19:49:08 +00:00
whyisjake
22149ac868 Upgrade/Install: During the install process, add additional checking for exising tables.
This commit brings the changes in [49452] to the 5.3 branch.

If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that$

Fixes #51676.

Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.3@49455


git-svn-id: http://core.svn.wordpress.org/branches/5.3@49214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 18:29:07 +00:00
desrosj
98b1bc6752 WordPress 5.3.5.
Built from https://develop.svn.wordpress.org/branches/5.3@49411


git-svn-id: http://core.svn.wordpress.org/branches/5.3@49170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:36:14 +00:00
whyisjake
9138d6e6ca General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.3 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/5.3@49393


git-svn-id: http://core.svn.wordpress.org/branches/5.3@49152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:44:12 +00:00
desrosj
669c5eacf1 Build/Test Tools: Explicitly specify a version number in the .nvmrc file for the 5.3 branch.
This ensures the ability to run NodeJS related tasks when using `nvm install` or `nvm use` will continue to be usable as new versions of NodeJS are moved into LTS.

The alias `lts/*` currently resolves to NodeJS 12.x (which is the highest version of NodeJS supported in the 5.3 branch). However, `lts/*` will point to newer versions in the near future.

This also removes the explicit version when running `nvm install` during automated testing. The command will now fall back to the version in the `.nvmrc` file.

See #51603.
Built from https://develop.svn.wordpress.org/branches/5.3@49279


git-svn-id: http://core.svn.wordpress.org/branches/5.3@49039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 18:10:51 +00:00
Sergey Biryukov
4b84596f68 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 5.3 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/5.3@48245


git-svn-id: http://core.svn.wordpress.org/branches/5.3@48014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:47:03 +00:00
desrosj
1a89f620f9 WordPress 5.3.4.
Built from https://develop.svn.wordpress.org/branches/5.3@47990


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:34:05 +00:00
desrosj
b454439e6f General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that `wp_validate_redirect()` sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend `set-screen-option`.

Merges [47948-47951] to the 5.3 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.3@47959


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:00:01 +00:00
whyisjake
66d6663227 Editor: Bump dependencies for WordPress 5.4.1 release.
Changes:
 - @wordpress/block-library: 2.9.6 => 2.9.7
 - @wordpress/edit-post: 3.8.6 => 3.8.7

Fixes #50094.
Props talldanwp, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.3@47945


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 15:48:08 +00:00
Sergey Biryukov
7a55e4aa60 Comments: Ensure that unmoderated comments won't be search indexed.
After a comment is submitted, only allow a brief window where the comment is live on the site.

Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov.
Merges [47887] and [47889] to the 5.3 branch.
See #49956.
Built from https://develop.svn.wordpress.org/branches/5.3@47916


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-06 09:53:04 +00:00
Sergey Biryukov
85e65c746a Themes: Add "Block Editor Styles" and "Wide Blocks" to the list of WordPress theme features.
These were added to Theme Directory API in anticipation of being committed to core for WordPress 5.2+, which has not happened until now.

Follow-up to [meta8273].

Merges [47790] to the 5.3 branch.
See #46272.
Built from https://develop.svn.wordpress.org/branches/5.3@47792


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-14 09:23:12 +00:00
Sergey Biryukov
5cb06dca4f Help/About: WordPress 5.3.3 included 10 bug fixes in addition to security fixes.
Built from https://develop.svn.wordpress.org/branches/5.3@47726


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 22:13:06 +00:00
Sergey Biryukov
d99c518d40 Update the About page for WordPress 5.3.3
Built from https://develop.svn.wordpress.org/branches/5.3@47705


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:43:02 +00:00
desrosj
9e08f12e0d Actually, WordPress 5.3.3 comes first.
Built from https://develop.svn.wordpress.org/branches/5.3@47684


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:06:02 +00:00
desrosj
644cb5fc24 WordPress 5.3.4
Built from https://develop.svn.wordpress.org/branches/5.3@47667


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 17:57:14 +00:00
whyisjake
bb6a2aa182 Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.4 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.3@47644


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:06:08 +00:00
whyisjake
676e70c5c7 Bundled Themes: Update copyright year in readme.txt. - Revert [47629]
Reverts [47629] as the tests will be updated, rather then the themes.

Props peterwilsoncc, whyisjake.
Fixes #48566.

Built from https://develop.svn.wordpress.org/branches/5.3@47630


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-28 03:07:03 +00:00
whyisjake
5dee0c5fa4 Bundled Themes: Update copyright year in readme.txt.
Add a unit test to ensure the year stays up to date.

Extends [46721] to 2020 and the 5.3 branch.

Fixes #48566.


Built from https://develop.svn.wordpress.org/branches/5.3@47629


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-28 02:19:06 +00:00
Sergey Biryukov
b3d7e737ab Media: Improve the appearance of image editor on small and medium screens.
This prevents the main area of Edit Media screen from being pushed down too far.

Props sabernhardt, afercia, fierevere, sathyapulse, mikeschroder, johnbillion.
Merges [47418] to the 5.3 branch.
Fixes #48780. See #47136.
Built from https://develop.svn.wordpress.org/branches/5.3@47419


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-03 17:25:02 +00:00
Sergey Biryukov
511f7cb751 Privacy: Fix the URLs and legacy redirects for the personal data export and erasure screens.
Props Jurgen Oldenburg, garrett-eclipse.
Merges [47412] to the 5.3 branch.
Fixes #49476.
Built from https://develop.svn.wordpress.org/branches/5.3@47417


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-03 17:09:04 +00:00
Sergey Biryukov
0d0a870240 Tests: Correct assertions in test_site_dates_are_gmt().
`assertSame()` doesn't have the `$delta` parameter, only `assertEquals()` does.

Follow-up to [47313].

Merges [47318] to the 5.3 branch.
See #40364.
Built from https://develop.svn.wordpress.org/branches/5.3@47319


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-19 05:14:03 +00:00
Sergey Biryukov
cd6ac02117 Tests: Use delta comparison in test_site_dates_are_gmt() to avoid race conditions.
Merges [47313] to the 5.3 branch.
See #40364.
Built from https://develop.svn.wordpress.org/branches/5.3@47314


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-19 02:56:04 +00:00
Sergey Biryukov
77512de0c2 Administration: Correct alignment of form controls inside custom meta boxes.
Props audrasjb, dontdream, valentinbora.
Merges [47289] to the 5.3 branch.
Fixes #49013.
Built from https://develop.svn.wordpress.org/branches/5.3@47290


git-svn-id: http://core.svn.wordpress.org/branches/5.3@47090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-14 00:55:03 +00:00
Sergey Biryukov
4e55b9a259 Twenty Nineteen: Standardize the Required PHP and Tested Up To headers.
* Remove `WordPress` from `Requires at least` headers.
* Ensure the `Requires at least` and `Requires PHP` headers are present in the `style.css` file.

Follow-up to [46676], which updated `style-rtl.css`, but not `style.scss` or `style.css`.

Merges [47136] to the 5.3 branch.
See #48517.
Built from https://develop.svn.wordpress.org/branches/5.3@47137


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-30 20:08:04 +00:00
Sergey Biryukov
449c2e21f1 Media: Make sure attachment_url_to_postid() performs a case-sensitive search for the uploaded file name.
Previously, the first available match was returned, regardless of the case, which was not always the expected result.

Props archon810, ben.greeley, tristangemus, vsamoletov, SergeyBiryukov.
Merges [47010] to the 5.3 branch.
Fixes #39768.
Built from https://develop.svn.wordpress.org/branches/5.3@47132


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:36:03 +00:00
Sergey Biryukov
e6d839b936 Editor: Add unit tests for v5.3.1 block serialization functions.
[46896] was intended to have included unit tests for the block serialization functions added as part of the changeset.

Props aduth.
Merges [46997] to the 5.3 branch.
Fixes #49048.
Built from https://develop.svn.wordpress.org/branches/5.3@47131


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46931 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:21:05 +00:00
Sergey Biryukov
22b941b16e Upgrade/Install: Correct vertical alignment for "Continue" button on language selection during the install process.
Props garrett-eclipse, audrasjb.
Merges [47070] to the 5.3 branch.
Fixes #49018.
Built from https://develop.svn.wordpress.org/branches/5.3@47130


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:19:00 +00:00
Sergey Biryukov
3fc8c7687d Editor: Correct vertical alignment for "Published on" month dropdown in Classic Editor.
Props pratik-jain, justinahinon, audrasjb.
Merges [47072] to the 5.3 branch.
Fixes #49115.
Built from https://develop.svn.wordpress.org/branches/5.3@47129


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:17:02 +00:00
Sergey Biryukov
f5a8d325ee File Editor: Remove extra padding on submit button for "Select plugin/theme to edit" dropdown on smaller screens.
Props passoniate.
Merges [47071] to the 5.3 branch.
Fixes #49197.
Built from https://develop.svn.wordpress.org/branches/5.3@47128


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:14:04 +00:00
Sergey Biryukov
c7963618ca Date/Time: Use wp_date() to display the correct time of the next DST transition in Timezone setting on General Settings screen.
Props Rarst, autotutorial.
Merges [47073] to the 5.3 branch.
Fixes #49038.
Built from https://develop.svn.wordpress.org/branches/5.3@47127


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:12:04 +00:00
Sergey Biryukov
b1e2b6174d Media: After [46375], enable JavaScript translations for the media-views script.
Props ocean90, audrasjb.
Merges [47040] to the 5.3 branch.
Fixes #49134.
Built from https://develop.svn.wordpress.org/branches/5.3@47126


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 16:10:02 +00:00
Sergey Biryukov
dd4a67807a Build/Test Tools: Pass the TRAVIS_BRANCH and TRAVIS_PULL_REQUEST environment variables along to the Docker container.
This ensures that `WP_UnitTestCase::skipOnAutomatedBranches()` has access to these variables.

Correct the check for pull requests in `WP_UnitTestCase_Base::skipOnAutomatedBranches()`.

Merges [46999], [47000], and [47001] to the 5.3 branch.
Fixes #49050.
Built from https://develop.svn.wordpress.org/branches/5.3@47125


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 15:22:05 +00:00
Sergey Biryukov
5ae97a43f1 Post WordPress 5.3.2 version bump.
Built from https://develop.svn.wordpress.org/branches/5.3@46995


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-18 22:49:03 +00:00
Sergey Biryukov
6abeb15791 WordPress 5.3.2
Built from https://develop.svn.wordpress.org/branches/5.3@46993


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-18 22:12:02 +00:00
Sergey Biryukov
9525d1c9f7 Help/About: Update the About page for 5.3.2.
Props audrasjb.
Fixes #49019.
Built from https://develop.svn.wordpress.org/branches/5.3@46992


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-18 16:02:03 +00:00
Sergey Biryukov
6f6975efde Post WordPress 5.3.2 RC1 version bump
Built from https://develop.svn.wordpress.org/branches/5.3@46984


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 22:25:03 +00:00
Sergey Biryukov
3aee1ab019 WordPress 5.3.2 RC1
Built from https://develop.svn.wordpress.org/branches/5.3@46983


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 22:11:02 +00:00
Sergey Biryukov
f1bcfd66d2 Tests: Use delta comparison in test_should_fall_back_to_last_post_modified() to avoid race conditions.
Merges [46981] to the 5.3 branch.
See #48957.
Built from https://develop.svn.wordpress.org/branches/5.3@46982


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 21:35:03 +00:00
Andrew Ozz
99c691c8e2 Upload: Fix the final file name collision test in wp_unique_filename() when uploading a file with upper case extension and limit it to run for each file in the directory + 1. Add a unit test to catch that in the future.
Props pbiron, azaozz.
Merges [46966] and [46976] to the 5.3 branch.
Fixes #48975.

Built from https://develop.svn.wordpress.org/branches/5.3@46980


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 21:20:03 +00:00
Andrew Ozz
fd030a496f Upload:
- Fix PHP warnings in `wp_unique_filename()` when the destination directory is unreadable.
- Run the final name collision test only for files that are saved to the uploads directory.
- Update the unit tests to match.

Props eden159, audrasjb, azaozz.
Merges [46965] to the 5.3 branch.
Fixes #48960.
Built from https://develop.svn.wordpress.org/branches/5.3@46979


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 21:12:03 +00:00
Sergey Biryukov
7b21983b01 Administration: Fix the colors in all color schemes for the .active class for buttons.
Props ryelle, audrasjb.
Merges [46967] to the 5.3 branch.
Fixes #49003.
Built from https://develop.svn.wordpress.org/branches/5.3@46978


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 21:03:02 +00:00
Sergey Biryukov
cd10cf0c79 Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
* Clarify in the documentation that the function returns `false` on failure.
* Consistently pass the return value through the `get_feed_build_date` filter.

Props Rarst, dd32, azaozz, tellyworth.
Merges [46974] and [46973] to the 5.3 branch.
Fixes #48957.
Built from https://develop.svn.wordpress.org/branches/5.3@46977


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 20:54:03 +00:00
Sergey Biryukov
6d7dca07b0 Date/Time: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.
[3525] allowed a difference up to 59 seconds between the post date/time and the current time to consider the post published instead of scheduled, but that didn't take start of a new minute into account.

Rapidly creating post fixtures in unit tests could encounter a one-second discrepancy between `current_time( 'mysql' )` and `gmdate( 'Y-m-d H:i:s' )`, returning values like `2019-12-16 23:43:00` vs. `2019-12-16 23:42:59`, respectively, and setting the post to a `future` status instead of `publish`.

[45851], while working as intended, made the issue somewhat more likely to occur.

This caused all sorts of occasional random failures in various tests on Travis, mostly on PHP 7.1.

Merges [46968] and [46969] to the 5.3 branch.
Fixes #48145.
Built from https://develop.svn.wordpress.org/branches/5.3@46975


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-17 20:47:06 +00:00
Sergey Biryukov
2c9cdc0550 Post WordPress 5.3.1 version bump.
Built from https://develop.svn.wordpress.org/branches/5.3@46956


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-13 00:17:03 +00:00
Sergey Biryukov
5bbd15d57f WordPress 5.3.1
Built from https://develop.svn.wordpress.org/branches/5.3@46920


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:24:04 +00:00
Sergey Biryukov
6b07ab9913 Bundled Themes: Bump version number and update changelog in Twenty Twenty for WordPress 5.3.1.
This bumps the Twenty Twenty version number to `1.1` and update the `readme.txt` changelog.

Props audrasjb, sinatrateam, SergeyBiryukov, ianbelanger.
Merges [46902] to the 5.3 branch.
Fixes #48944.
Built from https://develop.svn.wordpress.org/branches/5.3@46905


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:31:04 +00:00
whyisjake
20740afc8f Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.


Built from https://develop.svn.wordpress.org/branches/5.3@46900


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:14:06 +00:00
whyisjake
58f8f500d3 Update wp_kses_bad_protocol() to recognize : on uri attributes,
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 5.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

Built from https://develop.svn.wordpress.org/branches/5.3@46899


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:13:03 +00:00
whyisjake
8221d6d320 Prevent stored XSS through wp_targeted_link_rel().
Brings r46894 to the 5.3 branch.

Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.

Built from https://develop.svn.wordpress.org/branches/5.3@46898


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:11:01 +00:00
whyisjake
f0871560df Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Built from https://develop.svn.wordpress.org/branches/5.3@46897


git-svn-id: http://core.svn.wordpress.org/branches/5.3@46697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:09:02 +00:00