Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 14:45:45 +01:00
Code Issues Projects Releases Wiki Activity
25,891 Commits 50 Branches 748 Tags 792 MiB
62423cc81f
Commit Graph

13737 Commits

Author SHA1 Message Date
John Blackbourn
62423cc81f Bump 3.9 branch to version 3.9.22. 
Built from https://develop.svn.wordpress.org/branches/3.9@42326


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:04:15 +00:00
John Blackbourn
2a5436237f Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42307


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:42:29 +00:00
John Blackbourn
a18a45296d Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42306


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:42:15 +00:00
John Blackbourn
8c9519f1e7 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42305


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:41:04 +00:00
Dion Hulse
80a325fda9 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 3.9 branch.
Fixes #42431 and #42401 for 3.9.

Built from https://develop.svn.wordpress.org/branches/3.9@42239


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:14:32 +00:00
Gary Pendergast
76ec03176d Bump 3.9 branch to version 3.9.21. 
Built from https://develop.svn.wordpress.org/branches/3.9@42078


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:45:15 +00:00
Gary Pendergast
9b92304fd1 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 3.9 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/3.9@42066


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:57:16 +00:00
Aaron Campbell
79224df81a Bump 3.9 branch to version 3.9.20. 
Built from https://develop.svn.wordpress.org/branches/3.9@41519


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:13:15 +00:00
Aaron Campbell
f6afa94bef Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41506


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:43:15 +00:00
Aaron Campbell
30570f494f Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41493


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:27:16 +00:00
Aaron Campbell
a5756e9c27 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 3.9 branch.


Built from https://develop.svn.wordpress.org/branches/3.9@41480


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:04:33 +00:00
Dominik Schilling
435ca07747 Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@41409


git-svn-id: http://core.svn.wordpress.org/branches/3.9@41242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:20:24 +00:00
Aaron Campbell
66aaaa6aa8 Bump 3.9 branch to version 3.9.19. 
Built from https://develop.svn.wordpress.org/branches/3.9@40756


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:53:55 +00:00
Pascal Birchler
73b0352cba Media: Simplify upload error message construction. 
Merges [40736] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40745


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:05:32 +00:00
Dominik Schilling
9febffc6f7 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@40713


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:21:15 +00:00
Pascal Birchler
c2f264d25f Adjust post meta checks 
Merges [40692] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40701


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:54:15 +00:00
Pascal Birchler
a81079c403 Whitelist post arguments in XML-RPC 
Merges [40677] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40686


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:29:15 +00:00
Pascal Birchler
063e974bd7 Bump 3.9 branch to version 3.9.18. 
Built from https://develop.svn.wordpress.org/branches/3.9@40495


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:28:15 +00:00
James Nylen
f2ef35f4a9 Bump 3.9 branch to version 3.9.17. 
Built from https://develop.svn.wordpress.org/branches/3.9@40210


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:42:15 +00:00
Aaron Campbell
244804028c Strip control characters before validating redirect. 
Merges [40183] to 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@40192


git-svn-id: http://core.svn.wordpress.org/branches/3.9@40131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:45:58 +00:00
Aaron Campbell
946d349b71 Bump 3.9 branch to version 3.9.16. 
Built from https://develop.svn.wordpress.org/branches/3.9@40004


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 18:29:15 +00:00
Dominik Schilling
13a15e6e07 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39964


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 13:53:00 +00:00
Aaron Campbell
ec5bf14855 Bump 3.9 branch to version 3.9.15. 
Built from https://develop.svn.wordpress.org/branches/3.9@39868


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:59:32 +00:00
Joe McGill
e2ef6cefbe Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39859


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:45:15 +00:00
Joe McGill
c47e0b66a2 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39840


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:20:15 +00:00
Dominik Schilling
d9f0c45795 Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@39817


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:12:53 +00:00
Jeremy Felt
8d2a900277 Multisite: Use wp_rand() in signup key creation. 
Merges [39795] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39804


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:36:32 +00:00
Dion Hulse
924f935cb3 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 3.9 branch.
Fixes #37210 for 3.9.

Built from https://develop.svn.wordpress.org/branches/3.9@39792


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:26:32 +00:00
Dion Hulse
40ce4b29b1 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645], [36083], [33142], [33124], [29783] to the 3.9 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/3.9@39729


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:06:55 +00:00
Jeremy Felt
ca27550a35 Bump 3.9 branch to 3.9.14. 
Built from https://develop.svn.wordpress.org/branches/3.9@38556


git-svn-id: http://core.svn.wordpress.org/branches/3.9@38499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 15:02:18 +00:00
Boone Gorges
41276a8b92 Bump 3.9 branch to 3.9.13. 
Built from https://develop.svn.wordpress.org/branches/3.9@37834


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 16:44:14 +00:00
Joe McGill
b7be0d01c0 Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 3.9 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/3.9@37822


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:59:24 +00:00
Nikolay Bachiyski
5995443179 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37793


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:28:14 +00:00
Jeremy Felt
0f819f1f57 Admin: Allow for the consistent filtering of auth_redirect_scheme 
Merge of [37651] to the 3.9 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/3.9@37764


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:13:52 +00:00
Dominik Schilling
7f38e9a815 Bump 3.9 branch to 3.9.12. 
Built from https://develop.svn.wordpress.org/branches/3.9@37390


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 18:15:30 +00:00
Nikolay Bachiyski
d1db26f726 External Libraries: Update plupload from upstream 
Built from https://develop.svn.wordpress.org/branches/3.9@37376


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 17:56:15 +00:00
Nikolay Bachiyski
7da57d4ef3 Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37140


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 17:38:15 +00:00
Dominik Schilling
8576838329 HTTP: Improve detection of valid IP addresses. 
Merge of [37115] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@37121


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 15:53:01 +00:00
Nikolay Bachiyski
0ff6ca33c7 Snoopy: use escapeshellarg instead of escapeshellcmd 
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

Merges [37094] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37100


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 14:12:14 +00:00
Dominik Schilling
ea26079cde Bump 3.9 branch to 3.9.11. 
Built from https://develop.svn.wordpress.org/branches/3.9@36460


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 17:30:14 +00:00
Dominik Schilling
53226bc6f2 Better validation of the URL used in HTTP redirects. 
Merges [36444] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@36452


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 17:01:19 +00:00
Dominik Schilling
dfea282b1d HTTP: 0.1.2.3 is not a valid IP. 
Merges [36435] to the 3.9 branch.
Built from https://develop.svn.wordpress.org/branches/3.9@36441


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 13:05:12 +00:00
Dominik Schilling
97a834aaab Bump 3.9 branch to 3.9.10. 
Built from https://develop.svn.wordpress.org/branches/3.9@36201


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 18:51:14 +00:00
Aaron Jorbin
5014bb866c Theme: Escape error messages 
[36185] for 3.9 branch

Built from https://develop.svn.wordpress.org/branches/3.9@36191


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 17:28:14 +00:00
Dion Hulse
96ad697c96 Background Updates: Remove the 7am/7pm background update check. 
This changeset is a more basic version of [36180], clearing the extra now redundant schedule.
As the functionality for this was introduced in 3.9, [28129] has been backported to 3.7/3.8, allowing the API TTL to be respected by those versions.

See #27772.
Fixes #35323.

Built from https://develop.svn.wordpress.org/trunk@36184


git-svn-id: http://core.svn.wordpress.org/branches/3.9@36151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 13:24:33 +00:00
Dominik Schilling
5ef1e3048b Finish bumping the 3.9 branch to 3.9.11. 
Built from https://develop.svn.wordpress.org/branches/3.9@34196


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-15 14:53:17 +00:00
Dominik Schilling
fdc6949e64 XMLRPC: Don't allow private posts to be sticky. 
Merge of [33325], [33612], and [34135] to the 3.9 branch.

See #20662.
Built from https://develop.svn.wordpress.org/branches/3.9@34155


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 23:02:14 +00:00
Nikolay Bachiyski
008ebcfae7 Shortcodes: don't allow unclosed HTML elements in attributes 
Merges [34134] for 3.9 branch

Built from https://develop.svn.wordpress.org/branches/3.9@34148


git-svn-id: http://core.svn.wordpress.org/branches/3.9@34116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 22:49:30 +00:00
Gary Pendergast
b7606aaa3c WPDB: get_table_from_query() didn't find table names with hyphens in them. 
Merge of [33718] to the 3.9 branch.

Props dustinbolton, pento.

See #33470.


Built from https://develop.svn.wordpress.org/branches/3.9@33995


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-10 07:09:14 +00:00
Gary Pendergast
3edf686b37 Capabilities: Fall back to the edit_posts capability for orphaned comments. 
Merge of the `capabilities.php` part of [33614] to the 3.9 branch.

Props pento, dd32.

See #33154.


Built from https://develop.svn.wordpress.org/branches/3.9@33975


git-svn-id: http://core.svn.wordpress.org/branches/3.9@33944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-09 06:14:14 +00:00