Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-16 23:55:12 +01:00
Code Issues Projects Releases Wiki Activity
30,921 Commits 50 Branches 748 Tags 792 MiB
336ae059ba
Commit Graph

1365 Commits

Author SHA1 Message Date
Sergey Biryukov
3296fa0099 Grouped backports to the 4.3 branch. 
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Comments: Apply kses when editing comments,
- Customize: Escape blogname option in underscores templates,
- Mail: Reset PHPMailer properties between use,
- Query: Validate relation in `WP_Date_Query`,
- Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54525], [54526], [54527], [54529], [54530], [54541] to the 4.3 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, davidbaumwald, tykoted, johnjamesjacoby, ehtis, matveb, talldanwp.

Built from https://develop.svn.wordpress.org/branches/4.3@54557


git-svn-id: http://core.svn.wordpress.org/branches/4.3@54112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-10-17 18:00:20 +00:00
whyisjake
ee4a39e150 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@46499


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:12:19 +00:00
Jeremy Felt
f7082228ba Media: Improve verification of MIME file types. 
Merges [43988] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43996


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:17:18 +00:00
John Blackbourn
e9c11f3385 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43399


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:03:22 +00:00
John Blackbourn
9bde3962d9 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42291


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:32:55 +00:00
Joe McGill
90cd7353b3 Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39855


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:42:56 +00:00
Joe McGill
abebce20a6 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39836


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:17:24 +00:00
Dion Hulse
7f29687a55 Revert [33845] 
git-svn-id: http://core.svn.wordpress.org/branches/4.3@33847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-03 03:33:24 +00:00
Dion Hulse
f0706a0895 Term Splitting: Switch to a faster cron unschedule process to benefit sites with thousands of affected jobs. Fix the cron hook name in the failsafe rescheduler. 
Merges [33727] to the 4.3 branch
Props Otto42, dd32, peterwilsoncc
Fixes #33423 for trunk

Built from https://develop.svn.wordpress.org/branches/4.3@33877


git-svn-id: http://core.svn.wordpress.org/branches/4.3@33845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-03 03:31:17 +00:00
Dion Hulse
7cfe2d293f Revert [33688] which removed all branches/4.3 files due to a sync script error. 
git-svn-id: http://core.svn.wordpress.org/branches/4.3@33692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-24 22:14:43 +00:00
Weston Ruter
4e96fc9fd7 Widgets: Switch back to using array_key_exists() instead of isset() for widget instance existence check. 
Reverts unnecessary change in [32602] since `array_key_exists()` does actually work with `ArrayIterator` objects.

Merges [33696] to the 4.3 branch.
See #32474.
Fixes #33442 for the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@33721


git-svn-id: http://core.svn.wordpress.org/branches/4.3@33688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-24 19:31:16 +00:00
Dion Hulse
0b648f198b Revert [33614] which removed all branches/4.3 files due to a sync script error. 
git-svn-id: http://core.svn.wordpress.org/branches/4.3@33616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-19 13:24:10 +00:00
Dion Hulse
7f86f37642 Term Splitting: Fix a reversal of parameters to wp_schedule_single_event() introduced in [33621]. 
The existing invalid cron entries will not be purged automatically (as the 'timestamp' is never matched) so we do this ourselves.

Merges [33646] to the 4.3 branch.
Props mechter for noticing!
See #30261.
Fixes #33423 for the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@33647


git-svn-id: http://core.svn.wordpress.org/branches/4.3@33614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-19 11:37:14 +00:00
Drew Jaynes
ceec5ac00b Fix inline documentation syntax for a few general-purpose functions and hooks added in 4.3. 
* `_deprecated_constructor()` See [32989]
* `deprecated_constructor_trigger_error` See [32989]
* `get_main_network_id()` See [32775]
* `wp_post_preview_js()` See [32809]

See #32891.

Built from https://develop.svn.wordpress.org/trunk@33226


git-svn-id: http://core.svn.wordpress.org/trunk@33198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-13 21:35:24 +00:00
Aaron Jorbin
a6ebaefb92 Add Deprecated Constructor Function 
This function is one that can be called in core to indicate that a PHP4 style constructor is used. PHP4 style constructors are deprecated in PHP7.

Props jorbin, DrewAPicture for docs
See #31982


Built from https://develop.svn.wordpress.org/trunk@32989


git-svn-id: http://core.svn.wordpress.org/trunk@32960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-28 14:56:24 +00:00
Scott Taylor
642af1f3f4 Some doc blocks should use bool instead of true|false 
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32963


git-svn-id: http://core.svn.wordpress.org/trunk@32934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-27 00:45:24 +00:00
Drew Jaynes
25829e05fa Add line-wrapping to a long return description because readability in documentation is important. 
See [32797]. See #32421.

Built from https://develop.svn.wordpress.org/trunk@32810


git-svn-id: http://core.svn.wordpress.org/trunk@32781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 23:18:25 +00:00
Andrew Ozz
82fcdec660 Editor: do not reuse the preview tab when the user has navigated away. 
See #32588.
Built from https://develop.svn.wordpress.org/trunk@32809


git-svn-id: http://core.svn.wordpress.org/trunk@32780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 23:13:26 +00:00
Scott Taylor
5c6b63d3a6 if is a statment, not a function. 
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 20:01:25 +00:00
Scott Taylor
efbb8fa4e5 Document the default list of allowed protocols in the doc block for wp_allowed_protocols() and cross-reference in esc_url() and the kses_allowed_protocols filter. 
Props GunGeekATX.
Fixes #32421.

Built from https://develop.svn.wordpress.org/trunk@32797


git-svn-id: http://core.svn.wordpress.org/trunk@32768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 19:45:26 +00:00
Jeremy Felt
947eef9468 Introduce get_main_network_id() 
Expand on the logic previously available as part of `is_main_network()` and provide a way to obtain the ID of the main network. Most useful in multi-network configurations.

Props @johnjamesjacoby for the initial patch.
Fixes #30294.

Built from https://develop.svn.wordpress.org/trunk@32775


git-svn-id: http://core.svn.wordpress.org/trunk@32746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-14 21:45:25 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing. 
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-29 15:43:29 +00:00
Scott Taylor
89a6ace623 Add missing doc blocks to wp-includes/functions.php. 
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32595


git-svn-id: http://core.svn.wordpress.org/trunk@32565 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-25 16:11:25 +00:00
Jeremy Felt
3471545942 s/anbled/enabled/ in global_terms_enabled filter documentation. 
Fixes #32436.

Built from https://develop.svn.wordpress.org/trunk@32513


git-svn-id: http://core.svn.wordpress.org/trunk@32483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-19 06:35:25 +00:00
John Blackbourn
1c40b495a1 Add a viewport meta tag to wp_die(). 
Props leogopal

Fixes #29336

Built from https://develop.svn.wordpress.org/trunk@32501


git-svn-id: http://core.svn.wordpress.org/trunk@32471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-13 04:08:25 +00:00
Andrew Nacin
62d845f32b Add a comment to maybe_serialize(). 
Built from https://develop.svn.wordpress.org/trunk@32458


git-svn-id: http://core.svn.wordpress.org/trunk@32428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-08 16:27:27 +00:00
Boone Gorges
d9e8492ea8 Add 'webcal' to the list of URI protocols whitelisted by default. 
Fixes #31666.
Built from https://develop.svn.wordpress.org/trunk@32346


git-svn-id: http://core.svn.wordpress.org/trunk@32317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-05 00:38:27 +00:00
Sergey Biryukov
cb1ad98015 Fix typo in a comment in wp_guess_url(). 
props ixkaito.
fixes #32179.
Built from https://develop.svn.wordpress.org/trunk@32325


git-svn-id: http://core.svn.wordpress.org/trunk@32296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-29 07:19:29 +00:00
Gary Pendergast
024e7bbd46 Revert [30640], as it was incorrectly checking some filenames. 
Built from https://develop.svn.wordpress.org/trunk@32171


git-svn-id: http://core.svn.wordpress.org/trunk@32146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-20 06:39:25 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org. 
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-12 21:29:32 +00:00
Gary Pendergast
acef02f060 Smilies: One more tweak to matching smilies with emoji. 
Props iseulde.

See #31709.


Built from https://develop.svn.wordpress.org/trunk@32107


git-svn-id: http://core.svn.wordpress.org/trunk@32086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-11 02:17:29 +00:00
Gary Pendergast
56f59c2ad7 Smilies: Tweak which smiley matches which emoji. 
Props iseulde.

See #31709.


Built from https://develop.svn.wordpress.org/trunk@32105


git-svn-id: http://core.svn.wordpress.org/trunk@32084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-10 06:30:26 +00:00
Gary Pendergast
b7c7882d1c Smilies: Update our few remaining smilies to better align with Twemoji, and add frownie.png until Twemoji provide a build containing it. 
Props joen.

See #31709.


Built from https://develop.svn.wordpress.org/trunk@32104


git-svn-id: http://core.svn.wordpress.org/trunk@32083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-10 06:20:26 +00:00
Boone Gorges
481352bd2e Avoid the use of array_replace() in add_query_arg(). 
`array_replace()` was introduced PHP 5.3+. Instead, we walk the array manually.

See [31966].

Fixes #31306.
Built from https://develop.svn.wordpress.org/trunk@31967


git-svn-id: http://core.svn.wordpress.org/trunk@31946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-01 19:40:26 +00:00
Scott Taylor
c113cb5130 Respect numerical keys in add_query_arg(), use array_replace() instead of array_merge(). 
Adds unit test.

Props tyxla.
Fixes #31306.

Built from https://develop.svn.wordpress.org/trunk@31966


git-svn-id: http://core.svn.wordpress.org/trunk@31945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-01 19:15:31 +00:00
Drew Jaynes
79f58d9d40 Clarify the DocBlock summary for wp_scheduled_delete() to mention that it includes posts of any type where the 'trash' status is used. 
Props dkotter for the initial patch.
Fixes #31757.

Built from https://develop.svn.wordpress.org/trunk@31891


git-svn-id: http://core.svn.wordpress.org/trunk@31870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-25 22:45:27 +00:00
Andrew Ozz
64f1a8a992 TinyMCE: fix error and PHP warning when adding more than one instance in RTL mode. 
Part props maimairel. Fixes #31578.
Built from https://develop.svn.wordpress.org/trunk@31874


git-svn-id: http://core.svn.wordpress.org/trunk@31853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-24 20:33:27 +00:00
Gary Pendergast
46e2a65cf1 Add emoji support, with Twemoji fallback. 
Replace exisiting smilies with equivalent emoji, or with shiny new smiley images where no emoji existed.

Props batmoo, joen and mkaz for the original plugin upon which this is based.

Props pento, iseulde, kraftbj and peterwilsoncc for making the internet's dreams come true.

See #31242


Built from https://develop.svn.wordpress.org/trunk@31733


git-svn-id: http://core.svn.wordpress.org/trunk@31714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-11 22:49:28 +00:00
Drew Jaynes
a49cd7851b Add an entry to the changelog for wp_get_mime_types() mentioning that GIMP (xcf) file support was added in 4.2. 
See [31578].
Fixes #31146.

Built from https://develop.svn.wordpress.org/trunk@31590


git-svn-id: http://core.svn.wordpress.org/trunk@31571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-01 07:10:26 +00:00
Scott Taylor
7994009296 Support GIMP files in the Media Library. We already support Photoshop files. 
Props MikeHansenMe.
Fixes #31146.

Built from https://develop.svn.wordpress.org/trunk@31578


git-svn-id: http://core.svn.wordpress.org/trunk@31559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-27 19:47:25 +00:00
Scott Taylor
f6b1b01ecd Make a new function, wp_delete_file(). Use it. 
Props scribu, wonderboymusic.
Fixes #17864.

Built from https://develop.svn.wordpress.org/trunk@31575


git-svn-id: http://core.svn.wordpress.org/trunk@31556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-27 16:51:25 +00:00
Scott Taylor
7cb45f2402 Don't call the size function count() as part of a test condition in loops. Compute the size beforehand, and not on each iteration. 
Scrutinizer added a Performance label: these are the only violations.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31554


git-svn-id: http://core.svn.wordpress.org/trunk@31535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-26 05:48:24 +00:00
Boone Gorges
6505278ea7 Improve documentation for return value of wp_list_pluck(). 
`wp_list_pluck()` will preserve the original array keys if no `$index_key`
parameter is provided. This changeset updates the documentation accordingly.

Props adamsilverstein.
Fixes #31316.
Built from https://develop.svn.wordpress.org/trunk@31451


git-svn-id: http://core.svn.wordpress.org/trunk@31432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-13 16:52:27 +00:00
Scott Taylor
bc55996a0b @param cleanup: 
* `get_metadata()` will return literally anything, needs to be `mixed`
* `wp()` and `WP_Query::__construct()` no longer just take a query string
* Clarify a few others

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31212


git-svn-id: http://core.svn.wordpress.org/trunk@31193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-16 19:03:23 +00:00
Drew Jaynes
f2bc30c03f Ensure we're using the correct @ignore phpDocumentor tag to mark elements that should be skipped when parsing. 
Up to this point, various core elements' DocBlocks incorrectly included an `@internal` tag as a means for skipping the parsing process. When paired with a description (inline or otherwise), `@internal` is a valid tag meant to provide internal-only context, but not necessarily to skip parsing the entire element.

See #30987.

Built from https://develop.svn.wordpress.org/trunk@31170


git-svn-id: http://core.svn.wordpress.org/trunk@31151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-13 00:51:21 +00:00
Scott Taylor
ac654632fe Use PHP_SAPI constant instead of php_sapi_name() in iis7_supports_permalinks(), wp_fix_server_vars(), and wp_redirect(). 
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-10 04:59:22 +00:00
Scott Taylor
60b0cd7943 The keyword elseif should be used instead of else if so that all control keywords look like single words. 
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-08 07:05:25 +00:00
Scott Taylor
29cd3fa5bf PHP keywords and constants "true", "false", "null" should be in lower case - there was one lingering capitalized false in _http_build_query(). 
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31086


git-svn-id: http://core.svn.wordpress.org/trunk@31067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-08 06:14:23 +00:00
Gary Pendergast
e6a74136f9 size_format() incorrectly included a trailing space for B values: less than 1024 bytes. 
Also add a unit test to check for this, so we don't do it again.

Fixes #30908.

Props tillkruess.
 

Built from https://develop.svn.wordpress.org/trunk@31052


git-svn-id: http://core.svn.wordpress.org/trunk@31033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-05 13:13:23 +00:00
Scott Taylor
be59efcfbf ImageMagick expects TIFF files to have .tiff as an extension, so the key in wp_get_mime_types() should be 'tiff|tif' not 'tif|tiff' so the proper extension is returned in WP_Image_Editor->get_extension() subclass invocations. 
Fixes #30211.

Built from https://develop.svn.wordpress.org/trunk@31044


git-svn-id: http://core.svn.wordpress.org/trunk@31025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-04 03:09:22 +00:00