Commit Graph

29761 Commits

Author SHA1 Message Date
Pascal Birchler
7fc612abfb Whitelist post arguments in XML-RPC
Merges [40677] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40683


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:24:31 +00:00
Pascal Birchler
5565b98dde Bump 4.2 branch to version 4.2.14.
Built from https://develop.svn.wordpress.org/branches/4.2@40492


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:26:30 +00:00
Pascal Birchler
82c9b36ce7 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40465


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:22:30 +00:00
James Nylen
b9a98e7562 Bump 4.2 branch to version 4.2.13.
Built from https://develop.svn.wordpress.org/branches/4.2@40207


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:32:30 +00:00
John Blackbourn
8299a48476 Press This: Verify intent before fetching in-page resources using Press This.
Props vortfu

Merges [40195] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40201


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 14:04:31 +00:00
Aaron Campbell
db266e95e1 Strip control characters before validating redirect.
Merges [40183] to 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40189


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:44:24 +00:00
Aaron Campbell
2bc231688e Plugins: Add file check to plugin deletions.
Merges [40169] to 4.2 branch.


Built from https://develop.svn.wordpress.org/branches/4.2@40175


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:03:30 +00:00
Dominik Schilling
462631b8cc Embeds: URL encode YouTube video IDs for broader compatibility.
Merge of [40160] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40166


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:07:35 +00:00
Jeremy Felt
933f556e84 Validate video and audio metadata.
Merge of [40148] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40154


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:09:31 +00:00
Aaron Campbell
f449b0a0ce Bump 4.2 branch to version 4.2.12.
Built from https://develop.svn.wordpress.org/branches/4.2@40001


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:25:29 +00:00
John Blackbourn
22688ca8c6 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39984


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:17:17 +00:00
Dominik Schilling
afc91088f4 Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39975


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:13:31 +00:00
Dominik Schilling
b7509648b8 Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39961


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:52:00 +00:00
Aaron Campbell
ab64033700 Bump 4.2 branch to version 4.2.11.
Built from https://develop.svn.wordpress.org/branches/4.2@39865


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:58:29 +00:00
Joe McGill
073c7e6092 Media: Fix exif_imagetype check in wp_get_image_mime
This is a follow up to [39831].

Merges [39850] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39856


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:43:32 +00:00
Joe McGill
99f9d45c10 Media: Improve image filetype checking.
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39837


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:18:29 +00:00
Dominik Schilling
87912afcf6 Updates: Translate plugin data on the Updates screen.
Merge of [39808] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39825


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:42:26 +00:00
Dominik Schilling
76d93255d6 Themes: Fix markup for theme name fallbacks.
Merge of [39807] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39814


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:11:56 +00:00
Jeremy Felt
ed1586d7ff Multisite: Use wp_rand() in signup key creation.
Merges [39795] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39801


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:34:56 +00:00
Dion Hulse
4873f1b139 Update PHPMailer to 5.2.22.
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.2 branch.
Fixes #37210 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@39789


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:25:28 +00:00
Jeremy Felt
516cd7a86c Mail: Disable wp-mail.php when mailserver_url is mail.example.com.
Merges [39772] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39778


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 05:19:26 +00:00
Aaron Campbell
9f4a883e2f Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39765] to 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@39766


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:49:32 +00:00
Dion Hulse
755a765d49 Mail: Upgrade PHPMailer to 5.2.21.
Merges [39645], [36083], [33142], [33124] to the 4.2 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.2@39726


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:06:00 +00:00
Joe McGill
8afdd2be32 Media: Improved media titles when created from filename.
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 4.2 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/4.2@39714


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:01:02 +00:00
Dion Hulse
fe2cc48d0e General: Update copyright year to 2017 in license.txt.
Props Nikschavan.
Merges [39659] to the 4.2 branch.
Fixes #39433.

Built from https://develop.svn.wordpress.org/branches/4.2@39702


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:44:31 +00:00
Jeremy Felt
e57416e1d7 Bump 4.2 branch to 4.2.10.
Built from https://develop.svn.wordpress.org/branches/4.2@38553


git-svn-id: http://core.svn.wordpress.org/branches/4.2@38496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 15:00:32 +00:00
Jeremy Felt
f7adf3c9d2 Media: Sanitize upload filename.
Merge of [38538] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@38543


git-svn-id: http://core.svn.wordpress.org/branches/4.2@38486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:59:32 +00:00
Pascal Birchler
0e5485fe33 Upgrade/Install: Sanitize file name in File_Upload_Upgrader.
Merge of [38524] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@38529


git-svn-id: http://core.svn.wordpress.org/branches/4.2@38470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:55:29 +00:00
Gary Pendergast
2c40eb4cf2 Database: dbDelta() will no longer try to downgrade the size of TEXT and BLOB columns.
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.

On the subsequent upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their new size, so let's do that.

The `FULLTEXT` indexes are removed from the tests, as `dbDelta()`'s `FULLTEXT` support was added in WordPress 4.4.

This also includes the `setUp()` and `tearDown()` parts of [32270], to allow the tests to run, and fixes a typo them.

Merge of [37525] to the 4.2 branch.
Partial merge of [36552] to the 4.2 branch.
Partial merge of [32270] to the 4.2 branch.

See #36748.


Built from https://develop.svn.wordpress.org/branches/4.2@37939


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 11:51:28 +00:00
Boone Gorges
3042245749 Bump 4.2 branch to 4.2.9.
Built from https://develop.svn.wordpress.org/branches/4.2@37831


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 16:36:27 +00:00
Joe McGill
754a809bfb Media: Improve handling of extensionless filenames.
Merge of [37756] to the 4.2 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.2@37816


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:56:48 +00:00
Nikolay Bachiyski
3c1876e6c5 Admin: escape URL-encoded permalinks
Merge of [37801] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37812


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:54:28 +00:00
Rachel Baker
d5a6676eb2 Revisions: Change the capability needed to view revision diffs to edit_post.
Merge of [37779] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37799


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:44:29 +00:00
Nikolay Bachiyski
437f727e8f Admin: Escape attachment name in case it contains special characters
Merge of [37774] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37789


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:26:11 +00:00
Boone Gorges
b4bf158d3a Taxonomy: More specific cap check when processing category data on post save.
Ports [37691] to the 4.2 branch.

Props dlh.
Fixes #36379.
Built from https://develop.svn.wordpress.org/branches/4.2@37776


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:21:38 +00:00
Dominik Schilling
569f0c90fc Customize: Make sure that preview and return URLs are URLs.
Merge of [37527] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37772


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:19:48 +00:00
Jeremy Felt
0ba49c4a4c Admin: Allow for the consistent filtering of auth_redirect_scheme
Merge of [37651] to the 4.2 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.2@37761


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:12:47 +00:00
Dominik Schilling
94306911e2 Bump 4.2 branch to 4.2.8.
Built from https://develop.svn.wordpress.org/branches/4.2@37387


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:13:27 +00:00
Nikolay Bachiyski
96731bcfb4 External Libraries: Update plupload from upstream
Built from https://develop.svn.wordpress.org/branches/4.2@37379


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:59:26 +00:00
Dominik Schilling
e35259b0bc External Libraries: Update MediaElement.js from upstream.
Merge of [37370] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37375


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:55:00 +00:00
Nikolay Bachiyski
0986b209ea Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37137


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 17:29:28 +00:00
Jeremy Felt
6d9698863c Multisite: Improve escaping in network settings.
Merge of [37124] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37127


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 16:02:49 +00:00
Dominik Schilling
a60f6eea61 HTTP: Improve detection of valid IP addresses.
Merge of [37115] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37118


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:52:12 +00:00
Dominik Schilling
1c4f8827a2 Multisite: Validate new email address confirmations.
Merge of [37103] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37106


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:50:27 +00:00
Nikolay Bachiyski
080ef55551 Snoopy: use escapeshellarg instead of escapeshellcmd
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

Merges [37094] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37097


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:08:28 +00:00
Dominik Schilling
666b9f8558 Bump 4.2 branch to 4.2.7.
Built from https://develop.svn.wordpress.org/branches/4.2@36457


git-svn-id: http://core.svn.wordpress.org/branches/4.2@36424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:28:49 +00:00
Dominik Schilling
c1769766f6 Better validation of the URL used in HTTP redirects.
Merges [36444] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@36449


git-svn-id: http://core.svn.wordpress.org/branches/4.2@36416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 17:00:28 +00:00
Dominik Schilling
c30865a6b5 HTTP: 0.1.2.3 is not a valid IP.
Merges [36435] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@36438


git-svn-id: http://core.svn.wordpress.org/branches/4.2@36405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 13:04:20 +00:00
Dominik Schilling
c897bed043 Bump 4.2 branch to 4.2.6.
Built from https://develop.svn.wordpress.org/branches/4.2@36198


git-svn-id: http://core.svn.wordpress.org/branches/4.2@36165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 18:49:27 +00:00
Aaron Jorbin
f26900d209 Theme: Escape error messages
[36185] for 4.2 branch

Built from https://develop.svn.wordpress.org/branches/4.2@36188


git-svn-id: http://core.svn.wordpress.org/branches/4.2@36155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-06 17:26:28 +00:00