whyisjake
1fcbdb46e6
Backporting several bug fixes.
...
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.
Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@46500
git-svn-id: http://core.svn.wordpress.org/branches/4.2@46297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:15:22 +00:00
Jeremy Felt
f91b78ec58
Media: Improve verification of MIME file types.
...
Merges [43988] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@43998
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:18:20 +00:00
John Blackbourn
ef0bb8bab1
Media: Limit thumbnail file deletions to the same directory as the original file.
...
Merges [43393] into the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@43400
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:06:23 +00:00
John Blackbourn
64c1ec2877
Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html
capability.
...
Merges [42261] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@42295
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:35:01 +00:00
Joe McGill
073c7e6092
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39856
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:43:32 +00:00
Joe McGill
99f9d45c10
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39837
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:18:29 +00:00
Gary Pendergast
024e7bbd46
Revert [30640], as it was incorrectly checking some filenames.
...
Built from https://develop.svn.wordpress.org/trunk@32171
git-svn-id: http://core.svn.wordpress.org/trunk@32146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 06:39:25 +00:00
Dominik Schilling
64fc7294b6
Use HTTPS URLs for codex.wordpress.org.
...
see #27115 .
Built from https://develop.svn.wordpress.org/trunk@32116
git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Gary Pendergast
acef02f060
Smilies: One more tweak to matching smilies with emoji.
...
Props iseulde.
See #31709 .
Built from https://develop.svn.wordpress.org/trunk@32107
git-svn-id: http://core.svn.wordpress.org/trunk@32086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-11 02:17:29 +00:00
Gary Pendergast
56f59c2ad7
Smilies: Tweak which smiley matches which emoji.
...
Props iseulde.
See #31709 .
Built from https://develop.svn.wordpress.org/trunk@32105
git-svn-id: http://core.svn.wordpress.org/trunk@32084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-10 06:30:26 +00:00
Gary Pendergast
b7c7882d1c
Smilies: Update our few remaining smilies to better align with Twemoji, and add frownie.png until Twemoji provide a build containing it.
...
Props joen.
See #31709 .
Built from https://develop.svn.wordpress.org/trunk@32104
git-svn-id: http://core.svn.wordpress.org/trunk@32083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-10 06:20:26 +00:00
Boone Gorges
481352bd2e
Avoid the use of array_replace()
in add_query_arg()
.
...
`array_replace()` was introduced PHP 5.3+. Instead, we walk the array manually.
See [31966].
Fixes #31306 .
Built from https://develop.svn.wordpress.org/trunk@31967
git-svn-id: http://core.svn.wordpress.org/trunk@31946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 19:40:26 +00:00
Scott Taylor
c113cb5130
Respect numerical keys in add_query_arg()
, use array_replace()
instead of array_merge()
.
...
Adds unit test.
Props tyxla.
Fixes #31306 .
Built from https://develop.svn.wordpress.org/trunk@31966
git-svn-id: http://core.svn.wordpress.org/trunk@31945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 19:15:31 +00:00
Drew Jaynes
79f58d9d40
Clarify the DocBlock summary for wp_scheduled_delete()
to mention that it includes posts of any type where the 'trash' status is used.
...
Props dkotter for the initial patch.
Fixes #31757 .
Built from https://develop.svn.wordpress.org/trunk@31891
git-svn-id: http://core.svn.wordpress.org/trunk@31870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 22:45:27 +00:00
Andrew Ozz
64f1a8a992
TinyMCE: fix error and PHP warning when adding more than one instance in RTL mode.
...
Part props maimairel. Fixes #31578 .
Built from https://develop.svn.wordpress.org/trunk@31874
git-svn-id: http://core.svn.wordpress.org/trunk@31853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-24 20:33:27 +00:00
Gary Pendergast
46e2a65cf1
Add emoji support, with Twemoji fallback.
...
Replace exisiting smilies with equivalent emoji, or with shiny new smiley images where no emoji existed.
Props batmoo, joen and mkaz for the original plugin upon which this is based.
Props pento, iseulde, kraftbj and peterwilsoncc for making the internet's dreams come true.
See #31242
Built from https://develop.svn.wordpress.org/trunk@31733
git-svn-id: http://core.svn.wordpress.org/trunk@31714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 22:49:28 +00:00
Drew Jaynes
a49cd7851b
Add an entry to the changelog for wp_get_mime_types()
mentioning that GIMP (xcf) file support was added in 4.2.
...
See [31578].
Fixes #31146 .
Built from https://develop.svn.wordpress.org/trunk@31590
git-svn-id: http://core.svn.wordpress.org/trunk@31571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-01 07:10:26 +00:00
Scott Taylor
7994009296
Support GIMP files in the Media Library. We already support Photoshop files.
...
Props MikeHansenMe.
Fixes #31146 .
Built from https://develop.svn.wordpress.org/trunk@31578
git-svn-id: http://core.svn.wordpress.org/trunk@31559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-27 19:47:25 +00:00
Scott Taylor
f6b1b01ecd
Make a new function, wp_delete_file()
. Use it.
...
Props scribu, wonderboymusic.
Fixes #17864 .
Built from https://develop.svn.wordpress.org/trunk@31575
git-svn-id: http://core.svn.wordpress.org/trunk@31556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-27 16:51:25 +00:00
Scott Taylor
7cb45f2402
Don't call the size function count()
as part of a test condition in loops. Compute the size beforehand, and not on each iteration.
...
Scrutinizer added a Performance label: these are the only violations.
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31554
git-svn-id: http://core.svn.wordpress.org/trunk@31535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 05:48:24 +00:00
Boone Gorges
6505278ea7
Improve documentation for return value of wp_list_pluck()
.
...
`wp_list_pluck()` will preserve the original array keys if no `$index_key`
parameter is provided. This changeset updates the documentation accordingly.
Props adamsilverstein.
Fixes #31316 .
Built from https://develop.svn.wordpress.org/trunk@31451
git-svn-id: http://core.svn.wordpress.org/trunk@31432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-13 16:52:27 +00:00
Scott Taylor
bc55996a0b
@param
cleanup:
...
* `get_metadata()` will return literally anything, needs to be `mixed`
* `wp()` and `WP_Query::__construct()` no longer just take a query string
* Clarify a few others
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31212
git-svn-id: http://core.svn.wordpress.org/trunk@31193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 19:03:23 +00:00
Drew Jaynes
f2bc30c03f
Ensure we're using the correct @ignore
phpDocumentor tag to mark elements that should be skipped when parsing.
...
Up to this point, various core elements' DocBlocks incorrectly included an `@internal` tag as a means for skipping the parsing process. When paired with a description (inline or otherwise), `@internal` is a valid tag meant to provide internal-only context, but not necessarily to skip parsing the entire element.
See #30987 .
Built from https://develop.svn.wordpress.org/trunk@31170
git-svn-id: http://core.svn.wordpress.org/trunk@31151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-13 00:51:21 +00:00
Scott Taylor
ac654632fe
Use PHP_SAPI
constant instead of php_sapi_name()
in iis7_supports_permalinks()
, wp_fix_server_vars()
, and wp_redirect()
.
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31120
git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Scott Taylor
60b0cd7943
The keyword elseif
should be used instead of else if
so that all control keywords look like single words.
...
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs.
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31090
git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Scott Taylor
29cd3fa5bf
PHP keywords and constants "true", "false", "null" should be in lower case - there was one lingering capitalized false
in _http_build_query()
.
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31086
git-svn-id: http://core.svn.wordpress.org/trunk@31067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 06:14:23 +00:00
Gary Pendergast
e6a74136f9
size_format()
incorrectly included a trailing space for B
values: less than 1024 bytes.
...
Also add a unit test to check for this, so we don't do it again.
Fixes #30908 .
Props tillkruess.
Built from https://develop.svn.wordpress.org/trunk@31052
git-svn-id: http://core.svn.wordpress.org/trunk@31033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-05 13:13:23 +00:00
Scott Taylor
be59efcfbf
ImageMagick expects TIFF files to have .tiff
as an extension, so the key in wp_get_mime_types()
should be 'tiff|tif'
not 'tif|tiff'
so the proper extension is returned in WP_Image_Editor->get_extension()
subclass invocations.
...
Fixes #30211 .
Built from https://develop.svn.wordpress.org/trunk@31044
git-svn-id: http://core.svn.wordpress.org/trunk@31025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-04 03:09:22 +00:00
Scott Taylor
a0df295f5c
Improve various @param
docs.
...
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@30674
git-svn-id: http://core.svn.wordpress.org/trunk@30664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 23:24:25 +00:00
Drew Jaynes
bffe95d34c
Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
...
Affects DocBlocks for the following hooks:
* `auth_post_meta_{$meta_key}`
* `term_links-$taxonomy`
* `customize_render_control_ . $this->id`
* `customize_render_panel_{$this->id}`
* `customize_render_section_{$this->id}`
* `customize_preview_{$this->id}`
* `customize_save_ . $this->id_data[ 'base' ]`
* `customize_update_ . $this->type`
* `customize_value_ . $this->id_data[ 'base' ]`
* `customize_sanitize_js_{$this->id}`
* `comment_form_field_{$name}`
* `comment_{$old_status}_to_{$new_status}`
* `comment_{$new_status}_{$comment->comment_type}`
* `extra_{$context}_headers`
* `get_template_part_{$slug}`
* `get_the_generator_{$type}`
* `get_{$adjacent}_post_join`
* `get_{$adjacent}_post_where`
* `get_{$adjacent}_post_sort`
* `{$adjacent}_post_rel_link`
* `{$adjacent}_post_link`
* `{$adjacent}_image_link`
* `blog_option_{$option}`
* `$permastructname . _rewrite_rules`
* `{$type}_template`
* `theme_mod_{$name}`
* `pre_set_theme_mod_$name`
* `current_theme_supports-{$feature}`
* `get_user_option_{$option}`
* `edit_user_{$field}`
* `pre_user_{$field}`
* `user_{$field}`
See #30552 .
Built from https://develop.svn.wordpress.org/trunk@30656
git-svn-id: http://core.svn.wordpress.org/trunk@30646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:10:23 +00:00
Scott Taylor
4718bf4f76
Adjust the RegEx in wp_check_filetype()
to be aware that query strings are thing that exist sometimes in URLs.
...
Adds unit tests.
Props voldemortensen.
Fixes #30377 .
Built from https://develop.svn.wordpress.org/trunk@30640
git-svn-id: http://core.svn.wordpress.org/trunk@30630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 06:33:23 +00:00
Drew Jaynes
a1f244d454
Improve line-wrapping and formatting in the DocBlock for wp_send_json_error()
.
...
See #30469 .
Built from https://develop.svn.wordpress.org/trunk@30614
git-svn-id: http://core.svn.wordpress.org/trunk@30604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 11:39:22 +00:00
Drew Jaynes
68432b0cd1
4.1 Docs Audit: Ensure optional arguments in wp_json_encode()
are properly documented as such.
...
See #30469 .
Built from https://develop.svn.wordpress.org/trunk@30613
git-svn-id: http://core.svn.wordpress.org/trunk@30603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 11:36:23 +00:00
Gary Pendergast
a62fc4e4e5
When json_encode()
returns a JSON string containing 'null'
in PHP 5.4 or earlier, wp_json_encode()
will now sanity check the data, as older versions of PHP failed to encode non UTF-8 characters correctly, instead returning 'null'
.
...
Fixes #30471 .
Built from https://develop.svn.wordpress.org/trunk@30561
git-svn-id: http://core.svn.wordpress.org/trunk@30550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-25 05:01:23 +00:00
Drew Jaynes
07c58f5cca
Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
...
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `_deprecated_argument()`
* Markdown-indent a code snippet in the description for `wp_localize_script()`
* Backtick-escape HTML tags in two parameter descriptions for `wp_register()`
* Various DocBlock formatting in the description for `get_bloginfo()`
* Remove HTML tag from the summary for `_wp_render_title_tag()`
* Backtick-escape a HTML tag in the description for `get_archives_link()`
* Markdown-indent a code snippet in the description for `wp_admin_css_color()`
* Markdown-indent a code snippet in the description for the `welcome_panel` hook
Props rarst.
See #30473 .
Built from https://develop.svn.wordpress.org/trunk@30541
git-svn-id: http://core.svn.wordpress.org/trunk@30530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 05:39:22 +00:00
Drew Jaynes
0fb8811fb6
Improve return description for get_file_data()
documentation.
...
Also convert an incorrect use of `@see` to `@link`.
Props 5um17 for the initial patch.
Fixes #30466 .
Built from https://develop.svn.wordpress.org/trunk@30532
git-svn-id: http://core.svn.wordpress.org/trunk@30521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-23 17:57:22 +00:00
John Blackbourn
b66c58f76a
Update the inline docs for wp_die()
to reflect parameter changes made in r30355
...
See #10551
Built from https://develop.svn.wordpress.org/trunk@30507
git-svn-id: http://core.svn.wordpress.org/trunk@30496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-21 17:08:23 +00:00
John Blackbourn
53a9e3b420
Add support for WP_Error
objects passed to wp_send_json_error()
. The error object gets output as an array of error codes and messages, rather than as an empty object.
...
Fixes #28978
Props paulschreiber
Built from https://develop.svn.wordpress.org/trunk@30506
git-svn-id: http://core.svn.wordpress.org/trunk@30495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-21 16:56:23 +00:00
Drew Jaynes
5943966b69
Ensure the mixed type of string|int
is reflected on the $title
parameter in wp_die()
.
...
The ability to pass an error code as short-hand to the `$title` and `$args` parameters was added in r30355. Changes also include cleaned-up formatting and line-wraps for other documentation in the DocBlock.
See [30355]. Fixes #10551 .
Built from https://develop.svn.wordpress.org/trunk@30379
git-svn-id: http://core.svn.wordpress.org/trunk@30376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-18 16:47:23 +00:00
John Blackbourn
d88ed475b0
Switch to a 403
response code in places where it is more appropriate than a 500
due to permissions errors.
...
Fixes #10551
Props nacin
Built from https://develop.svn.wordpress.org/trunk@30356
git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
John Blackbourn
5f30f13780
Allow the response code to be passed as a shorthand to the $title
or $args
parameter of wp_die()
, for brevity.
...
See #10551 and #11286
Props nacin
Built from https://develop.svn.wordpress.org/trunk@30355
git-svn-id: http://core.svn.wordpress.org/trunk@30354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:11:22 +00:00
Boone Gorges
89526ca7f1
Ignore case when checking string 'false' in wp_validate_boolean()
.
...
Props TobiasBg, kitchin.
Fixes #30238 .
Built from https://develop.svn.wordpress.org/trunk@30207
git-svn-id: http://core.svn.wordpress.org/trunk@30207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 15:55:23 +00:00
Scott Taylor
3e4ca28eb9
Correct the @param
type for the $query
arg for remove_query_arg()
.
...
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@30191
git-svn-id: http://core.svn.wordpress.org/trunk@30191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 05:29:22 +00:00
Scott Taylor
fbd6efdfb8
In _wp_json_convert_string()
, when $use_mb
is false
, perhaps pass a variable that actually exists to wp_check_invalid_utf8()
.
...
Introduced in [30055].
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@30162
git-svn-id: http://core.svn.wordpress.org/trunk@30162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 22:00:24 +00:00
Drew Jaynes
66c47f29bb
Correct references of @uses $wpdb
in core documentation to use @global
.
...
See #30191 , [30105].
Fixes #30217 .
Built from https://develop.svn.wordpress.org/trunk@30122
git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes
f8657d5890
Remove redundant and erroneous @uses
tag from most core inline documentation.
...
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes #30191 .
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Mark Jaquith
a81a321f9a
Docs and code standards cleanup for [30055] (wp_json_encode()
& friends)
...
fixes #28786
props TobiasBg
Built from https://develop.svn.wordpress.org/trunk@30078
git-svn-id: http://core.svn.wordpress.org/trunk@30078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 21:29:23 +00:00
Scott Taylor
315612a96b
Adjust caching for get_term_by()
calls:
...
* Remove md5 hashes for term name cache keys
* Remove the namespace for the keys for `names` and `slugs` and add them to the group names
* Remove `wp_get_last_changed()`, which @nacin hated
Props tollmanz.
Fixes #21760 .
Built from https://develop.svn.wordpress.org/trunk@30073
git-svn-id: http://core.svn.wordpress.org/trunk@30073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 21:05:23 +00:00
Gary Pendergast
3495fa40df
Fix a PHPDoc typo for wp_json_encode()
.
...
Props JustinSainton.
See #28786 .
Built from https://develop.svn.wordpress.org/trunk@30058
git-svn-id: http://core.svn.wordpress.org/trunk@30058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:54:18 +00:00
Gary Pendergast
007ec52958
Add wp_json_encode()
, a wrapper for json_encode()
that ensures everything is converted to UTF-8.
...
Change all core calls from `json_encode()` to `wp_json_encode()`.
Fixes #28786 .
Built from https://develop.svn.wordpress.org/trunk@30055
git-svn-id: http://core.svn.wordpress.org/trunk@30055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:35:19 +00:00