Commit Graph

39658 Commits

Author SHA1 Message Date
desrosj
4c0fc42454 Build Tools: One additional coding standards fix now detected after [49514].
See #51624, #48301.
Built from https://develop.svn.wordpress.org/branches/5.2@49515


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 16:38:52 +00:00
desrosj
b4da91521f Build Tools: Fix running installing Composer dependencies using Composer 2.0.
This updates the `dealerdirect/phpcodesniffer-composer-installer` package to allow installing version `0.7.0` which supports Composer 2.0.

It also includes several minor spacing/alignment coding standards fixes that are made as a result of the package update.

Props itowhid06, jrf.
Merges [49306] to the 5.2 branch.
See #51624, #48301.
Built from https://develop.svn.wordpress.org/branches/5.2@49514


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 16:29:54 +00:00
Sergey Biryukov
130b6904f3 WordPress 5.2.9.
Built from https://develop.svn.wordpress.org/branches/5.2@49461


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 19:50:57 +00:00
whyisjake
0cf9faf171 Upgrade/Install: During the install process, add additional checking for exising tables.
This commit brings the changes in [49452] to the 5.2 branch.

If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that$

Fixes #51676.

Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@49456


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 18:30:03 +00:00
desrosj
8dd5c0cdec WordPress 5.2.8.
Built from https://develop.svn.wordpress.org/branches/5.2@49412


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:37:05 +00:00
whyisjake
505afcd180 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.2 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/5.2@49394


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:45:55 +00:00
Sergey Biryukov
94cd77983b Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 5.2 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/5.2@48246


git-svn-id: http://core.svn.wordpress.org/branches/5.2@48015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:47:58 +00:00
desrosj
8b8aef2834 WordPress 5.2.7.
Built from https://develop.svn.wordpress.org/branches/5.2@47991


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:34:59 +00:00
whyisjake
8e6550737f Editor: Ensure latest comments can only be viewed from public posts.
This brings the changes from [47984] to the 5.2 branch.
Props: poena, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@47986


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 19:26:53 +00:00
desrosj
0d6541c100 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option. 

Merges [47948-47951] to the 5.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@47960


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:12:52 +00:00
Sergey Biryukov
ff95ac1af3 Editor: Bump package-lock.json on the 5.2 branch.
Follow-up to [47946].

See #50094.
Built from https://develop.svn.wordpress.org/branches/5.2@47958


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 17:51:12 +00:00
Sergey Biryukov
4f0367ef88 Comments: Ensure that unmoderated comments won't be search indexed.
After a comment is submitted, only allow a brief window where the comment is live on the site.

Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov.
Merges [47887] and [47889] to the 5.2 branch.
See #49956.
Built from https://develop.svn.wordpress.org/branches/5.2@47917


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-06 09:59:56 +00:00
Sergey Biryukov
a0ec22dbda Themes: Add "Block Editor Styles" and "Wide Blocks" to the list of WordPress theme features.
These were added to Theme Directory API in anticipation of being committed to core for WordPress 5.2+, which has not happened until now.

Follow-up to [meta8273].

Merges [47790] to the 5.2 branch.
See #46272.
Built from https://develop.svn.wordpress.org/branches/5.2@47793


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-14 09:24:07 +00:00
Sergey Biryukov
b8368e4d72 Update the About page for WordPress 5.2.6
Built from https://develop.svn.wordpress.org/branches/5.2@47704


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:41:43 +00:00
desrosj
c9886c5357 WordPress 5.2.6
Built from https://develop.svn.wordpress.org/branches/5.2@47668


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 17:58:51 +00:00
whyisjake
bf5d4c15cc Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.2 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@47645


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:07:54 +00:00
Sergey Biryukov
7d171684bc WordPress 5.2.5
Built from https://develop.svn.wordpress.org/branches/5.2@46921


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:24:58 +00:00
whyisjake
da95cca74c Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Prevent  stored XSS through wp_targeted_link_rel().

Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 5.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

Prevent stored XSS in the block editor.

Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras.

Built from https://develop.svn.wordpress.org/branches/5.2@46901


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:18:54 +00:00
Dion Hulse
373c82a7c4 Bump Akismet external to 4.1.3.
See #WP47269.


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-02 15:33:32 +00:00
whyisjake
42a430a0a9 REST API: Allow for multiple Vary: Origin headers in GET responses.
Simple fix, we pass false as the second parameter to the header function.

This is something that we added downstream of the 5.2.4 release, but we missed in 5.2/trunk.

Fixes #48309, see also [46544].
Props xknown, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46545


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 15:54:53 +00:00
desrosj
d60f90873c Post WordPress 5.2.4 version bump. The 5.2 branch is now 5.2.5-alpha.
Built from https://develop.svn.wordpress.org/branches/5.2@46540


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 22:02:53 +00:00
desrosj
9380cf2995 WordPress 5.2.4.
Built from https://develop.svn.wordpress.org/branches/5.2@46508


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:06:55 +00:00
whyisjake
e9ecfd078e REST API: Send a Vary: Origin header on GET requests.
Add this header on all GET requests to prevent cached requests.

Fixes some code dulication from [46484] and backports the changes from [46484] to the 5.2 branch.
Props darthhexx, davidbinda, nickdaugherty, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46487


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:44:54 +00:00
whyisjake
0ca56956ae Administration: Ensure that admin referer nonce is valid.
Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Backports [46477] to the 5.2 branch.
Props vortfu, xknown, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46486


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:34:53 +00:00
whyisjake
cbc773dcbb Filesystem API: Prevent directory travelersals when creating new folders.
Reject file paths that contain sub-directory paths.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46484


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:34:53 +00:00
whyisjake
e5e18e9b15 Filesystem API: Prevent directory travelersals when creating new folders.
Reject file paths that contain sub-directory paths.

Backports [46476] to the 5.2 branch.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46482


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:13:53 +00:00
whyisjake
c4a25f9386 Add merge information missed in r46474-46475.
Built from https://develop.svn.wordpress.org/branches/5.2@46481


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:09:51 +00:00
whyisjake
f0335c6a8b HTTP API: Protect against hex interpretation.
Return earlier from wp_http_validate_url().

Props: iandunn, xknown, voldemortensen, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46480


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:52:53 +00:00
whyisjake
f82ed753cf Query: Remove the static query property.
Prevent unauthenticated views of publicly queryables content types.

Props aaroncampbell, whyisjake, nickdaugherty, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@46479


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:51:54 +00:00
Sergey Biryukov
c83ea95120 Formatting: In wp_validate_redirect(), normalize the path when validating the location for relative URLs, to account for Windows paths.
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Merges [46472] to the 5.2 branch.
Fixes #47980.
Built from https://develop.svn.wordpress.org/branches/5.2@46473


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 11:04:55 +00:00
desrosj
5753d19fe4 Build/Test Tools: Remove PHP 7.4 and nightly builds from Travis.
See #48225.
Built from https://develop.svn.wordpress.org/branches/5.2@46406


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 16:58:53 +00:00
whyisjake
e4b3059eb2 Remove the extra call for wp-sanitize from the script loader.
Merges [46073] to the 5.2 branch.
Fixes #47986.


Built from https://develop.svn.wordpress.org/branches/5.2@46074


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-06 21:56:54 +00:00
Sergey Biryukov
fd1d9bb298 Post WordPress 5.2.3 version bump.
Built from https://develop.svn.wordpress.org/branches/5.2@46065


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-05 02:16:54 +00:00
whyisjake
e3194da7eb WordPress 5.2.3.
Built from https://develop.svn.wordpress.org/branches/5.2@46047


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:09:18 +00:00
desrosj
2df5a45321 Help/About: Update the About page for 5.2.3.
Props whyisjake, desrosj.
Fixes #47923.
Built from https://develop.svn.wordpress.org/branches/5.2@46046


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:08:25 +00:00
Sergey Biryukov
cbd492abd3 Coding Standards: Fix WPCS issue in [45990].
Merges [46019] to the 5.2. branch.
Built from https://develop.svn.wordpress.org/branches/5.2@46022


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:46:48 +00:00
desrosj
a3c199b473 Fix for URL sanitization in wp_kses_bad_protocol_once().
Merges [45997] to the 5.2 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@46000


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:57:52 +00:00
Sergey Biryukov
50f2f05956 Improve handling the existing rel attribute in wp_rel_nofollow_callback().
Merges [45990] to the 5.2 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.2@45991


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:39:51 +00:00
whyisjake
affedce0a8 Update wp.a11y.speak() to sanitize HTML before display.
Merges [45979] to the 5.2 branch

Props iandunn, adamsilverstein, sstoqnov, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/5.2@45989


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:23:52 +00:00
Sergey Biryukov
684ef4e3a7 Improve URL validation in wp_validate_redirect().
Merges [45971] to the 5.2 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/5.2@45972


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:58:52 +00:00
Sergey Biryukov
4315d85d65 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 5.2 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.2@45938


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:15:51 +00:00
whyisjake
6a63bf0361 Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/5.2@45937


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:10:52 +00:00
whyisjake
c4999912e7 WordPress 5.2.3 Release Candidate 1 version bump.
Built from https://develop.svn.wordpress.org/branches/5.2@45880


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-22 17:57:52 +00:00
whyisjake
6e45fa6779 WordPress 5.2.3 Release Candidate 2
Built from https://develop.svn.wordpress.org/branches/5.2@45879


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-22 17:48:52 +00:00
whyisjake
dbfcb74609 WordPress 5.2.3 Release Candidate 1
Built from https://develop.svn.wordpress.org/branches/5.2@45878


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-22 17:21:52 +00:00
Sergey Biryukov
6b8460ee43 Customizer: Trim whitespace from custom link URLs.
This complements a similar fix for the Menus screen in [45655].

Props donmhico, audrasjb.
Merges [45869] to the 5.2 branch.
Fixes #47888. See #47723.
Built from https://develop.svn.wordpress.org/branches/5.2@45870


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-21 00:29:52 +00:00
Sergey Biryukov
7a64dfb557 Docs: Update @since tag for new JS functions and variables introduced in [45572].
Props garrett-eclipse.
Merges [45867] to the 5.2 branch.
See #47145.
Built from https://develop.svn.wordpress.org/branches/5.2@45868


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-20 22:55:52 +00:00
Sergey Biryukov
5bb75cf4fd Accessibility: Make the Media modal an ARIA modal dialog.
For a number of years, the Media modal missed an explicit ARIA role and the required attributes for modal dialogs.

This was confusing for assistive technology users, since they may not realize they're inside a dialog, and that consequently the keyboard interactions may be different from the rest of the page. Lack of an explicit label for the dialog was confusing as well, since assistive technology users didn't have an immediate sense of what the dialog is for.

This change makes the Media modal meet the ARIA Authoring Practices recommendations, helping users better understand the purpose and interactions with the modal. Also, it makes sure to hide the rest of the page content from assistive technologies, until support for `aria-modal="true"` improves.

Additionally:
- moves the modal H1 heading to the beginning of the modal content 
- changes the modal left menu position to make visual and DOM order match 
- improves the `wp.media.view.FocusManager` documentation

Props afercia.
Merges [45572] to the 5.2 branch.
Fixes #47145.
Built from https://develop.svn.wordpress.org/branches/5.2@45866


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-20 22:42:51 +00:00
Sergey Biryukov
f6a419e564 Accessibility: Fix the alt attribute of the Gallery images within the Classic Editor.
Passes the images `alt` attribute value to the Gallery template used within the Classic Editor.

Props yarnboy, wpboss.
Merges [45725] to the 5.2 branch.
Fixes #47687.
Built from https://develop.svn.wordpress.org/branches/5.2@45865


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-20 19:15:52 +00:00
Sergey Biryukov
49d9d2dc57 Twenty Seventeen: Correct height for a Button block without text.
Props ianbelanger, laurelfulford, nayana123.
Merges [45764], [45861], and [45863] to the 5.2 branch.
Fixes #47414.
Built from https://develop.svn.wordpress.org/branches/5.2@45864


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-20 19:13:54 +00:00