Aaron Campbell
45280bda66
Database: Hardening for wpdb::prepare()
...
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41475
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:02:30 +00:00
Aaron Campbell
78462a6178
oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
...
Merges [41448] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41455
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:51:01 +00:00
Dominik Schilling
2603a8b4d6
TinyMCE: Improve the previews for shortcodes.
...
Merge of [41395] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41439
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:43:37 +00:00
Dominik Schilling
c448e53286
Customize: Ensure valid themes in the preview.
...
Merge of [41397] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41433
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:52:37 +00:00
Dominik Schilling
6b08998219
Editor: Prevent adding javascript:
and data:
URLs through the inline link dialog.
...
Merge of [41393] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@41404
git-svn-id: http://core.svn.wordpress.org/branches/4.4@41237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:31 +00:00
John Blackbourn
866662a9fd
General: Backport PHP 7.1 fixes to the 4.4 branch to avoid fatal errors and warnings.
...
See #41135
Built from https://develop.svn.wordpress.org/branches/4.4@41129
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-24 22:27:31 +00:00
Aaron Campbell
13db27bb7b
Bump 4.7 branch to version 4.4.10.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40751
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:51:30 +00:00
Pascal Birchler
9f7f4e5848
Media: Simplify upload error message construction.
...
Merges [40736] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40740
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:01 +00:00
Dominik Schilling
db7b82e90a
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40708
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:17:32 +00:00
Pascal Birchler
3ad4757088
Adjust post meta checks
...
Merges [40692] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40696
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:51:31 +00:00
Pascal Birchler
ad081ea634
Whitelist post arguments in XML-RPC
...
Merges [40677] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40681
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:21:01 +00:00
Pascal Birchler
96a0557865
Bump 4.4 branch to version 4.4.9.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40490
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:24:32 +00:00
James Nylen
b96b3f4d38
Bump 4.4 branch to version 4.4.8.
...
Built from https://develop.svn.wordpress.org/branches/4.4@40205
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:23:31 +00:00
Aaron Campbell
442a4f4936
Strip control characters before validating redirect.
...
Merges [40183] to 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40187
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:43:31 +00:00
Dominik Schilling
3f478808ae
Embeds: URL encode YouTube video IDs for broader compatibility.
...
Merge of [40160] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@40164
git-svn-id: http://core.svn.wordpress.org/branches/4.4@40103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:06:34 +00:00
Aaron Campbell
df7d68c218
Bump 4.4 branch to version 4.4.7.
...
Built from https://develop.svn.wordpress.org/branches/4.4@39999
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:23:31 +00:00
Dominik Schilling
bda00ecf73
Query: Ensure that queries work correctly with post type names with special characters.
...
Merge of [39952] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39959
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:03 +00:00
Aaron Campbell
7fcfc68c0b
Bump 4.4 branch to version 4.4.6.
...
Built from https://develop.svn.wordpress.org/branches/4.4@39863
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:56:29 +00:00
Joe McGill
af0a3c59d1
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39854
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:31 +00:00
Joe McGill
47bc8e98bd
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39835
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:16:32 +00:00
Dominik Schilling
26c8103030
Themes: Fix markup for theme name fallbacks.
...
Merge of [39807] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39812
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:10:35 +00:00
Jeremy Felt
e6a894dc68
Multisite: Use wp_rand()
in signup key creation.
...
Merges [39795] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39799
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:02 +00:00
Dion Hulse
2fb6c7ae35
Update PHPMailer to 5.2.22.
...
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22
Merges [39759] to the 4.4 branch.
Fixes #37210 for 4.4.
Built from https://develop.svn.wordpress.org/branches/4.4@39787
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:24:00 +00:00
Dion Hulse
891d7effb0
Mail: Upgrade PHPMailer to 5.2.21.
...
Merges [39645] to the 4.4 branch.
See #37210 .
Built from https://develop.svn.wordpress.org/branches/4.4@39724
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:05:06 +00:00
Jeremy Felt
6f2d676f76
Bump 4.4 branch to 4.4.5.
...
Built from https://develop.svn.wordpress.org/branches/4.4@38551
git-svn-id: http://core.svn.wordpress.org/branches/4.4@38494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 14:58:58 +00:00
Gary Pendergast
1d21012923
The 4.4 branch is now 4.4.5-alpha.
...
Built from https://develop.svn.wordpress.org/branches/4.4@37935
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 06:22:28 +00:00
Boone Gorges
74ef49671f
Bump 4.4 branch to 4.4.4.
...
Built from https://develop.svn.wordpress.org/branches/4.4@37829
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:21:26 +00:00
Joe McGill
f68837fd6f
Media: Improve handling of extensionless filenames.
...
Merge of [37756] to the 4.4 branch.
See #37111 .
Built from https://develop.svn.wordpress.org/branches/4.4@37810
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:53:31 +00:00
Pascal Birchler
0a517e47ec
Embeds: Improve performance when embedding a post from the current site.
...
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.
Merge of [37708], [37710] and [37729] to the 4.4 branch.
Fixes #36767 .
Built from https://develop.svn.wordpress.org/branches/4.4@37798
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:42:29 +00:00
Nikolay Bachiyski
e22ceae1b7
Admin: Escape attachment name in case it contains special characters
...
Merge of [37774] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37785
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:24:27 +00:00
Dominik Schilling
30bb01b2e4
Customize: Make sure that preview and return URLs are URLs.
...
Merge of [37527] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37769
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:18:30 +00:00
Jeremy Felt
a0f643da35
Admin: Allow for the consistent filtering of auth_redirect_scheme
...
Merge of [37651] to the 4.4 branch.
See #37047 .
Built from https://develop.svn.wordpress.org/branches/4.4@37758
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:11:28 +00:00
Dominik Schilling
90afd7e46c
Bump 4.4 branch to 4.4.3.
...
Built from https://develop.svn.wordpress.org/branches/4.4@37385
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:11:55 +00:00
Nikolay Bachiyski
f3907c1da9
External Libraries: Update plupload from upstream
...
Built from https://develop.svn.wordpress.org/branches/4.4@37381
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:00:51 +00:00
Dominik Schilling
b1e244d828
External Libraries: Update MediaElement.js from upstream.
...
Merge of [37370] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37372
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:53:28 +00:00
Nikolay Bachiyski
b2fde3d346
4.4.3-RC1
...
Built from https://develop.svn.wordpress.org/branches/4.4@37149
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 19:44:26 +00:00
Nikolay Bachiyski
2c818e3fbd
Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
...
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.
Merge of [37133] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37134
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:17:28 +00:00
Dominik Schilling
434d135f12
HTTP: Improve detection of valid IP addresses.
...
Merge of [37115] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37116
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:51:26 +00:00
Nikolay Bachiyski
e0cfe8655c
Snoopy: use escapeshellarg instead of escapeshellcmd
...
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.
Built from https://develop.svn.wordpress.org/branches/4.4@37095
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:03:28 +00:00
Pascal Birchler
eb51235b19
Embeds: Improve how iframes are loaded after being initially hidden.
...
Use a more accessible way to initially hide the iframe. After that, only display an iframe when it was successfully loaded.
Merge of [36648] and [36708] to the 4.4 branch.
Fixes #35894 .
Built from https://develop.svn.wordpress.org/branches/4.4@37093
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 10:57:27 +00:00
Gary Pendergast
3331f83d78
Emoji: Fix the diversity emoji check in Safari.
...
When the browser test for diversity emoji was added in [36160], it included a workaround for Chrome not being able to compare Uint8ClampedArray objects directly, by converting them to a string. Unfortunately, Safari doesn't support the Uint8ClampedArray.toString() method correctly, so the test was incorrectly failing in Safari.
Merge of [37028] to the 4.4 branch.
Fixes #36266 .
Built from https://develop.svn.wordpress.org/branches/4.4@37090
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:19:28 +00:00
Gary Pendergast
f9fa129053
Emoji: Add some extra IE11 compatibility.
...
IE 11's implementation of MutationObserver is buggy. It unnecessarily splits text nodes when it encounters a HTML template interpolation symbol ( "{{", for example ). So, we join the text nodes back together as a work-around.
Merge of [36817] and [36981] to the 4.4 branch.
Fixes #35977 .
Built from https://develop.svn.wordpress.org/branches/4.4@37089
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:02:51 +00:00
Boone Gorges
f2410b407d
Query: Ignore search terms consisting of a single dash.
...
Due to the "exclude" support added in WP 4.4, single dashes were being
converted to "NOT LIKE '%%'" clauses, causing all searches to fail.
Ports [36989] to the 4.4 branch.
Props RomSocial, swissspidy.
Fixes #36195 .
Built from https://develop.svn.wordpress.org/branches/4.4@37082
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 18:41:27 +00:00
Sergey Biryukov
71788d7c89
Mail: Correct compact()
usage in wp_mail()
.
...
Merges [36688] to the 4.4 branch.
Props Ankit K Gupta, maweder.
Fixes #35781 .
Built from https://develop.svn.wordpress.org/branches/4.4@37081
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 17:07:27 +00:00
Dominik Schilling
abae151cbd
Bump 4.4 branch to 4.4.2.
...
Built from https://develop.svn.wordpress.org/branches/4.4@36455
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:10:27 +00:00
Dominik Schilling
16414c4f90
Better validation of the URL used in HTTP redirects.
...
Merges [36444] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@36447
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:59:28 +00:00
Dominik Schilling
59523c0dba
HTTP: 0.1.2.3
is not a valid IP.
...
Merges [36435] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@36436
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:03:28 +00:00
Dominik Schilling
ff833390f5
Bump 4.4 branch to 4.4.2-RC1.
...
Built from https://develop.svn.wordpress.org/branches/4.4@36431
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 15:09:27 +00:00
Dominik Schilling
98b994303e
Media: In wp_read_image_metadata()
make sure that IPTC keywords are UTF8 encoded.
...
Prevents missing `_wp_attachment_metadata` when an image contains keywords with latin extended characters.
Merges [36429] to the 4.4 branch.
See #35316 .
Built from https://develop.svn.wordpress.org/branches/4.4@36430
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:58:28 +00:00
Dominik Schilling
9770d9e317
Emoji: Explicitly use https as the scheme for emoji fallback images, as they're only served over HTTPS by the CDN anyway.
...
Merges [36249] to the 4.4 branch.
See #35376 .
Built from https://develop.svn.wordpress.org/branches/4.4@36428
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:24:28 +00:00