This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.
This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.
Props joostdevalk
Fixes#42036
Built from https://develop.svn.wordpress.org/trunk@41741
git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.
Props MatheusGimenez, johnbillion
Fixes#39118
Built from https://develop.svn.wordpress.org/trunk@41254
git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Having a view mode switcher nestled within table navigation makes no sense, especially now that it's a sticky user option. While less convenient for frequent switching, there is no evidence as of yet that there is a large userbase of frequent view mode switchers.
Introduces a filter for `view_mode_post_types`, which by default is all hierarchical post types with edit UI on.
props Oxymoron.
fixes#22222.
Built from https://develop.svn.wordpress.org/trunk@35357
git-svn-id: http://core.svn.wordpress.org/trunk@35323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change also makes it bail early (without writing) if the markers content is the same as the existing, and uses `ftell()` rather than `$bytes` for the location to truncate the file to - based on the file pointer being at the end of the written stream.
Props willmot tigertech kevinatelement
See #31767
Built from https://develop.svn.wordpress.org/trunk@35267
git-svn-id: http://core.svn.wordpress.org/trunk@35233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.
A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available. However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.
The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.
Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828
git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The call to `flock()` is an exclusive advisory lock, which in my testing only PHP respects (apache continues to read it).
Not all filesystems support locking (remote NFS mounts for example) so this offers minimal benefit to those platforms, but offers much better protection against file corruption on systems which do support it.
The call is blocking, so a second process will wait for the first to complete before writing if supported.
See #31767
Built from https://develop.svn.wordpress.org/trunk@34740
git-svn-id: http://core.svn.wordpress.org/trunk@34704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`admin-filters.php`
`ms-admin-filters.php`
There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.
See #32529.
Built from https://develop.svn.wordpress.org/trunk@32653
git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Update about page, there's now 8.
* Display them four wide, not three, and ensure adequate spacing.
* Use a dedicated nonce.
* Push Light to the front in addition to Default.
* Use user-profile.js on about.php. A few extra things are initialized but they are harmless.
see #26468, #26387.
Built from https://develop.svn.wordpress.org/trunk@26776
git-svn-id: http://core.svn.wordpress.org/trunk@26663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both of these icons can be colored to match the color scheme, including hover states.
Both are accepted for register_post_type()'s menu_icon argument, and also add_menu_page()'s $icon_url argument.
To use a Dashicon, pass the name of the helper class, e.g. 'dashicons-piechart'.
To use an SVG, pass a valid data URI string starting with 'data:image/svg+xml;base64,'.
props helen.
fixes#25147.
Built from https://develop.svn.wordpress.org/trunk@26664
git-svn-id: http://core.svn.wordpress.org/trunk@26554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Color scheme selection on your own profile page gives you a preview and autosaves the selection.
Also introduces the usage of a preprocessor for core files, namely Sass. For 3.8, we will not expand its implementation past the color schemes. This does require Ruby as well as Sass 3.3.0+ due to the usage of the sourcemap option.
Note that only the default color scheme is available when running out of src. Use build to test the rest as well as the color picker.
props ryelle, melchoyce, tillkruess, drw158, littlethingsstudio, helen. see #25858, #22862.
Built from https://develop.svn.wordpress.org/trunk@26137
git-svn-id: http://core.svn.wordpress.org/trunk@26048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces got_url_rewrite() and a corresponding filter, which should now be used in lieu of the got_rewrite filter in got_mod_rewrite().
This does not write or even suggest nginx configuration; rather, it prevents nginx from being considered as either Apache or as an unrecognized server.
props johnbillion.
fixes#25098.
Built from https://develop.svn.wordpress.org/trunk@25456
git-svn-id: http://core.svn.wordpress.org/trunk@25377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
- After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
- Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
- Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.
See #23295, see #23216.
git-svn-id: http://core.svn.wordpress.org/trunk@24528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- When a post is locked, ensure the 'Go back' button doesn't reload the same screen. If no referrer, change the button from 'Go back' to 'Go to All Posts'/'Go to All Pages' etc.
- Remove restriction on checking locks only for posts.
See #23697.
git-svn-id: http://core.svn.wordpress.org/trunk@24408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Move nonces refreshing from autosave to lock checking.
- Do autosave only when there is something to save.
See #23295
git-svn-id: http://core.svn.wordpress.org/trunk@24209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Show 'Saving revision...' while autosaving after a post has been taken over. Change to 'Your latest changes were saved as a revision.' when autosave completes.
- Make sure a user exists before using $user->display_name.
- Add 'post_lock_text' action for extending the message text.
git-svn-id: http://core.svn.wordpress.org/trunk@24042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
