Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 14:45:45 +01:00
Code Issues Projects Releases Wiki Activity
38,079 Commits 50 Branches 748 Tags 792 MiB
315b0d8efe
Commit Graph

38079 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey Biryukov
315b0d8efe WordPress 4.9.13 
Built from https://develop.svn.wordpress.org/branches/4.9@46924


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:27:12 +00:00
Sergey Biryukov
f524de858c Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Brings r46893 to the 4.9 branch.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.9 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.9@46918


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:57:27 +00:00
desrosj
9c716931a3 WordPress 4.9.12. 
Built from https://develop.svn.wordpress.org/branches/4.9@46511


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:09:28 +00:00
whyisjake
ca7629305c Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@46493


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 18:39:28 +00:00
desrosj
0df80b099e WordPress 4.9.11. 
Built from https://develop.svn.wordpress.org/branches/4.9@46043


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:05:54 +00:00
Andrew Ozz
bef4964cc3 jQuery: Backport the patch from jQuery 3.4.0. 
Merges [45342] to the 4.9 branch.

Props MikeNGarrett, peterwilsoncc, azaozz.
Fixes #47020.
Built from https://develop.svn.wordpress.org/branches/4.9@46020


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:45:33 +00:00
desrosj
061b316605 Fix for URL sanitization in wp_kses_bad_protocol_once(). 
Merges [45997] to the 4.9 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.9@46005


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:39:04 +00:00
Sergey Biryukov
ee57ce6745 Improve handling the existing rel attribute in wp_rel_nofollow_callback(). 
Merges [45990] to the 4.9 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.9@45994


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:48:24 +00:00
Sergey Biryukov
0b53ca170a Improve URL validation in wp_validate_redirect(). 
Merges [45971] to the 4.9 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.9@45975


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:08:24 +00:00
whyisjake
f4bc98cc1d Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.9 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.9@45946


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:35:26 +00:00
Sergey Biryukov
94aa7baeb2 Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 4.9 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.9@45943


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:29:27 +00:00
Gary Pendergast
0e494b043d WordPress 4.9.10 
Built from https://develop.svn.wordpress.org/branches/4.9@44868


git-svn-id: http://core.svn.wordpress.org/branches/4.9@44699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 00:58:25 +00:00
Sergey Biryukov
176bfb2694 Comments: Improve comment content filtering. 
Merges [44842] to the 4.9 branch.
Built from https://develop.svn.wordpress.org/branches/4.9@44845


git-svn-id: http://core.svn.wordpress.org/branches/4.9@44677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:34:26 +00:00
Sergey Biryukov
9940eb5493 Formatting: Improve rel="nofollow" handling in comments. 
Merges [44833] to the 4.9 branch.
Built from https://develop.svn.wordpress.org/branches/4.9@44836


git-svn-id: http://core.svn.wordpress.org/branches/4.9@44668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:19:26 +00:00
Gary Pendergast
f105803f14 Dashboard: Remove the Try Gutenberg callout. 
Merge of [43807] from the 5.0 branch.

Props mukesh27.
Fixes #45063.


Built from https://develop.svn.wordpress.org/branches/4.9@44106


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 09:07:26 +00:00
Jeremy Felt
21095bb883 Bump 4.9 branch to version 4.9.9. 
Built from https://develop.svn.wordpress.org/branches/4.9@44078


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:12:11 +00:00
Gary Pendergast
ed38a616b1 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.9 branch.


Built from https://develop.svn.wordpress.org/branches/4.9@44053


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:38:25 +00:00
Peter Wilson
298af5bcf2 Multisite: Validate activation links. 
Merges [44048] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@44051


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:33:26 +00:00
Peter Wilson
6559bdf187 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@44024


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:34:26 +00:00
iandunn
39710dcb5a KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.9` branch.

Built from https://develop.svn.wordpress.org/branches/4.9@44020


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:14:26 +00:00
Gary Pendergast
070403f1c7 KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43997


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:17:43 +00:00
Jeremy Felt
498a6acb14 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43989


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:03:26 +00:00
Peter Wilson
59a3c2199c Media: Revert [43602] from the 4.9 branch. 
Reverts changes to the "Edit more details" link in the attachment details modal.

This is out of scope for 4.9.9 and will be re-introduced in 5.0.0.

Fixes #44620.

Built from https://develop.svn.wordpress.org/branches/4.9@43948


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-11-29 21:21:27 +00:00
Dion Hulse
fe76b0206d Bump akismet external to 4.1 
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-11-15 07:01:19 +00:00
Sergey Biryukov
b5b4d771ae REST API: Revert [43648] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #40510.
Built from https://develop.svn.wordpress.org/branches/4.9@43715


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 07:16:24 +00:00
Sergey Biryukov
6863424407 Taxonomy: Revert [43620] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44872.
Built from https://develop.svn.wordpress.org/branches/4.9@43711


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 04:42:25 +00:00
Sergey Biryukov
3769f76ca6 Privacy: Revert [43624] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44685.
Built from https://develop.svn.wordpress.org/branches/4.9@43708


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 04:23:26 +00:00
Sergey Biryukov
f6edca7a9e Posts, Post Types: Revert [43617] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #34706.
Built from https://develop.svn.wordpress.org/branches/4.9@43707


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 04:17:25 +00:00
Sergey Biryukov
b1f105e400 Privacy: Revert [43614] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #43985.
Built from https://develop.svn.wordpress.org/branches/4.9@43705


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 04:04:26 +00:00
Sergey Biryukov
639b5f6ed8 Customize: Revert [43619] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44809.
Built from https://develop.svn.wordpress.org/branches/4.9@43702


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 03:53:26 +00:00
Sergey Biryukov
6c98f19ad2 Customize: Revert [43611] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44770.
Built from https://develop.svn.wordpress.org/branches/4.9@43701


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 03:48:25 +00:00
Sergey Biryukov
319971e3ed Customize: Revert [43575] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44763.
Built from https://develop.svn.wordpress.org/branches/4.9@43699


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 03:41:25 +00:00
Sergey Biryukov
7bb7707e9d Twenty Sixteen: Revert [43607] from the 4.9 branch. 
This change is out of the 4.9.x scope, and will be reintroduced in 5.1.x.

See #44668.
Built from https://develop.svn.wordpress.org/branches/4.9@43698


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-11 03:30:24 +00:00
Boone Gorges
081d0ebbc8 Revert [43632] from the 4.9 branch. 
These new hooks are not part of the 4.9.x scope, and will be reintroduced
as part of 5.0.x.

See #44733.

Built from https://develop.svn.wordpress.org/branches/4.9@43690


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-10 04:17:13 +00:00
Adam Silverstein
b250096446 Try Gutenberg callout: improve formatting for Internet Explorer 11. 
Correct an issue where the layout of the "Try Gutenberg" callout added in #41316 falls apart under IE11.

Props kjellr, ianbelanger, pbiron, Luciano Croce, belcherj, ryansommers.     
Fixes #44742.

Built from https://develop.svn.wordpress.org/branches/4.9@43674


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-10-05 14:51:26 +00:00
Sergey Biryukov
1963afa5ff General: PHP 7.3 throws an E_WARNING when using continue to target a switch. 
Applying continue to a switch is equivalent to using break and quite possibly, a continue targeting a higher level control structure is actually intended.

To target the higher level control structure, a numeric argument has to be passed to continue. This fixes two cases in WordPress Core where this is currently happening.

See: https://github.com/php/php-src/pull/3364
See: https://wiki.php.net/rfc/continue_on_switch_deprecation

Props jrf.
Merges [43653] to the 4.9 branch.
Fixes #44543.
Built from https://develop.svn.wordpress.org/branches/4.9@43656


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-24 20:05:29 +00:00
Mike Schroder
47fdbd4add Media: In WP_Image_Editor::make_image(), close previously opened output buffer if the file could not be created. 
In addition to the merge noted below, includes important brackets added in [42343].

Props dhanendran, gnif, sergey.
Merges [42695] and [42702] to the 4.9 branch.
Fixes #43255.


Built from https://develop.svn.wordpress.org/branches/4.9@43649


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-18 22:02:28 +00:00
Sergey Biryukov
a5c8e5caa3 REST API: Support pagination, order, search and other common query parameters for revisions. 
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.

Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 4.9 branch.
Fixes #40510.
Built from https://develop.svn.wordpress.org/branches/4.9@43648


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-18 03:55:26 +00:00
Sergey Biryukov
6793aad486 Tests: Improve coverage for REST API term meta registration. 
Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.

Props timmydcrawford.
Merges [43567] to the 4.9 branch.
See #39122.
Built from https://develop.svn.wordpress.org/branches/4.9@43646


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-18 03:30:28 +00:00
Sergey Biryukov
f0001b7423 Docs: Correct @since value for _wp_privacy_statuses(). 
Fix typo in `@since` entry for `WP_Privacy_Policy_Content:add()`.

Props dimadin.
Merges [43638] to the 4.9 branch.
Fixes #44915.
Built from https://develop.svn.wordpress.org/branches/4.9@43639


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-13 10:22:24 +00:00
Sergey Biryukov
1c7d7b7c15 REST API: Pass correct ID to meta->update_value to permit setting term meta during term creation. 
Props joehoyle.
Merges [43636] to the 4.9 branch.
Fixes #44834.
Built from https://develop.svn.wordpress.org/branches/4.9@43637


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-13 09:53:28 +00:00
Sergey Biryukov
3941885dc0 Taxonomy: Introduce new hooks when registering/unregistering taxonomies for object types. 
Props soulseekah.
Merges [43558] and [43631] to the 4.9 branch.
Fixes #44733.
Built from https://develop.svn.wordpress.org/branches/4.9@43632


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-06 07:51:26 +00:00
Sergey Biryukov
f18b19bac9 Tests: Introduce Tests_HTTP_Functions::skipTestOnTimeout(), mirroring the same WP_HTTP_UnitTestCase method. 
Merges [43512] to the 4.9 branch.
Fixes #44613.
Built from https://develop.svn.wordpress.org/branches/4.9@43626


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:56:26 +00:00
Sergey Biryukov
f2dc2970ba Tests: Use WP_HTTP_UnitTestCase::skipTestOnTimeout() in more HTTP tests. 
Adjust it to handle more types of timeouts, e.g. "Resolving timed out", "Connection timed out".

Merges [43511] to the 4.9 branch.
See #44613.
Built from https://develop.svn.wordpress.org/branches/4.9@43625


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:53:24 +00:00
Sergey Biryukov
c04ce8198b Privacy: When clicking a confirmation link for a privacy request, return a WP_Error object if the link has expired. 
Returning a string caused a success message to be displayed instead of the correct error message.

Props desrosj.
Merges [43623] to the 4.9 branch.
Fixes #44685.
Built from https://develop.svn.wordpress.org/branches/4.9@43624


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:47:25 +00:00
Sergey Biryukov
7296f063d7 Help/About: Ensure the space after the period for the 4.9.8 changelog entry is preserved. 
Props chetan200891, burhandodhy, swissspidy.
Fixes #44717.
Built from https://develop.svn.wordpress.org/branches/4.9@43622


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:36:26 +00:00
Sergey Biryukov
197fe91d39 Docs: Correct param documentation for WP_Term_Query. 
The description of `$meta_type` introduced in [40053] was incorrect.

Props dlh.
Merges [43559] to the 4.9 branch.
Fixes #44608.
Built from https://develop.svn.wordpress.org/branches/4.9@43621


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:26:26 +00:00
Sergey Biryukov
9016ffbafa Taxonomy: Make sure wp_list_categories() correctly outputs term name of 0. 
Props joyously, SergeyBiryukov.
Merges [43605] to the 4.9 branch.
Fixes #44872.
Built from https://develop.svn.wordpress.org/branches/4.9@43620


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:24:25 +00:00
Sergey Biryukov
934d7cf523 Customize: Safeguard a check on the customize_validate_{$setting_id} filter value to ensure it is a WP_Error. 
While the filter is documented to only support a `WP_Error`, it has been a common practice to return true in a validation function if no errors have occurred. This was already caught when the same filter was executed in `WP_Customize_Setting`, it was however missing in `WP_Customize_Manager::validate_setting_values()`.

Props flixos90.
Merges [43578] to the 4.9 branch.
Fixes #44809.
Built from https://develop.svn.wordpress.org/branches/4.9@43619


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:21:26 +00:00
Sergey Biryukov
a3ff44115b Script loader: remove (PHP based) compression from load-styles.php and load-scripts.php. WIth the amount of scripts and stylesheets grown a lot over the years, it has become pretty slow and consumes a lot of server resources. Also, most servers are set to compress PHP output anyway. 
Props LucasRolff, azaozz.
Merges [43580] to the 4.9 branch.
Fixes #44815. See #43308.
Built from https://develop.svn.wordpress.org/branches/4.9@43618


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-09-03 21:17:25 +00:00