Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-12 13:44:21 +01:00
Code Issues Projects Releases Wiki Activity
33,016 Commits 50 Branches 747 Tags 792 MiB
87bf09100d
Commit Graph

569 Commits

Author SHA1 Message Date
whyisjake
bb6d812c70 User: Invalidate user_activation_key on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.4 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.4@47653


git-svn-id: http://core.svn.wordpress.org/branches/4.4@47430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:39:23 +00:00
Sergey Biryukov
7f160a4160 Improve handling the existing rel attribute in wp_rel_nofollow_callback(). 
Merges [45990] to the 4.4 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.4@46001


git-svn-id: http://core.svn.wordpress.org/branches/4.4@45812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:58:13 +00:00
Sergey Biryukov
ab80be3ffa Formatting: Improve rel="nofollow" handling in comments. 
Merges [44833] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@44841


git-svn-id: http://core.svn.wordpress.org/branches/4.4@44673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:27:20 +00:00
Joe McGill
f68837fd6f Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 4.4 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.4@37810


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:53:31 +00:00
Gary Pendergast
3331f83d78 Emoji: Fix the diversity emoji check in Safari. 
When the browser test for diversity emoji was added in [36160], it included a workaround for Chrome not being able to compare Uint8ClampedArray objects directly, by converting them to a string. Unfortunately, Safari doesn't support the Uint8ClampedArray.toString() method correctly, so the test was incorrectly failing in Safari.

Merge of [37028] to the 4.4 branch.

Fixes #36266.

Built from https://develop.svn.wordpress.org/branches/4.4@37090


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-29 02:19:28 +00:00
Dominik Schilling
9770d9e317 Emoji: Explicitly use https as the scheme for emoji fallback images, as they're only served over HTTPS by the CDN anyway. 
Merges [36249] to the 4.4 branch.
See #35376.
Built from https://develop.svn.wordpress.org/branches/4.4@36428


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-01 14:24:28 +00:00
Dion Hulse
487580f7c4 Emoji: Work around a mod_security rule which prevents pages with 4 or more instances of String.fromCharCode( from being served. 
Merges [36359] to the 4.4 branch.
Fixes #35412.

Built from https://develop.svn.wordpress.org/branches/4.4@36410


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-27 10:11:28 +00:00
Gary Pendergast
410109ca49 Emoji: Add Emoji Diversity support, and fall back to twemoji if the browser doesn't support diverse emoji. 
Merge of [36126] and [36160] to the 4.4 branch.

See #33592.


Built from https://develop.svn.wordpress.org/branches/4.4@36161


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-03 04:42:23 +00:00
Dion Hulse
dd821410c9 Admin: After [35128], make the 'Configure' link work again for dashboard widgets. 
This merges the CSS changes from [35896] into an inline function in formatting.php to avoid a `wp-admin.min.css` rebuild.

Fixes #34987.

Built from https://develop.svn.wordpress.org/branches/4.4@36153


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-02 04:34:22 +00:00
Dion Hulse
4680a9a281 Allow map_deep() to work with object properties containing a reference. Restores the previous behaviour of stripslashes_deep(). 
Merges [36100] to the 4.4 branch.
Props jeff@pyebrook.com, swissspidy.
See #22300, [35252].
Fixes #35058.

Built from https://develop.svn.wordpress.org/branches/4.4@36101


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-26 05:24:22 +00:00
Dion Hulse
dbb12be45a Shortcodes: = is a reserved character in shortcode names, mark it as such. 
This allows for shortcodes such as `[shortcode=attribute]` to work, which while never intentionally supported were widely used in the pre-shortcode days.

Merges [36097] to the 4.4 branch, minus a string change.
Props aaroncampbell.
Fixes #34939.

Built from https://develop.svn.wordpress.org/branches/4.4@36098


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-26 04:48:23 +00:00
Gary Pendergast
b702c2f95b Texturize: Transform & into & in tag attributes. 
[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.

Merge of [36036] to the 4.4 branch.

Fixes #35008.


Built from https://develop.svn.wordpress.org/branches/4.4@36037


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-21 02:46:22 +00:00
Dominik Schilling
2a9083b97e Docs: After [35314], fix the DocBlock for url_shorten(). 
Merge of [35813] for the 4.4 branch.

Props swissspidy.
See #20166.
Built from https://develop.svn.wordpress.org/branches/4.4@35815


git-svn-id: http://core.svn.wordpress.org/branches/4.4@35779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-07 17:06:25 +00:00
Gary Pendergast
a3cd85eefd Texturize: Only convert & to & within text nodes. 
Previously, `&` would be converted everywhere, which caused problems when it was converted within a `<script>`, for example.

`convert_chars()` is now removed from the `the_content` filter, as it was doing the same job as `wptexturize()`.

KSES correctly handles converting `&` within HTML attributes, so there's no need for `wptexturize()` and `convert_chars()` to do the same job.

Fixes #34698.


Built from https://develop.svn.wordpress.org/trunk@35709


git-svn-id: http://core.svn.wordpress.org/trunk@35673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-19 23:31:26 +00:00
Gary Pendergast
d3f30288e9 Emoji: Use twemoji in browsers that don't support Unicode 8 emoji. 
Some less advanced browsers are yet to add support for the important advances made in Unicode 8. Let's make ensure that their users can experience emoji in their full glory.

See #33592.


Built from https://develop.svn.wordpress.org/trunk@35606


git-svn-id: http://core.svn.wordpress.org/trunk@35570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-11 02:25:25 +00:00
Sergey Biryukov
5f16d19be7 Use the MONTH_IN_SECONDS constant added in [33698] for the month representation in human_time_diff() logic. 
Props tyxla.
Fixes #34602.
Built from https://develop.svn.wordpress.org/trunk@35555


git-svn-id: http://core.svn.wordpress.org/trunk@35519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-06 16:34:26 +00:00
Sergey Biryukov
a9d6fa9c7a Formatting: wp_make_link_relative() should return an empty string if no path is present in the link. 
Props bcworkz, MikeHansenMe, chriscct7, SergeyBiryukov.
Fixes #26819.
Built from https://develop.svn.wordpress.org/trunk@35497


git-svn-id: http://core.svn.wordpress.org/trunk@35461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-03 21:36:25 +00:00
Scott Taylor
d8eacd51d8 Media: add a new image size, medium_large. Bumps db version to add new options. 
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-31 20:50:25 +00:00
Dion Hulse
d63f346cbc Use wp_parse_url() in esc_url() to avoid parsing bugs in < PHP 5.4.7. 
Props johnbillion for unit tests
See #34408
Fixes #34202

Built from https://develop.svn.wordpress.org/trunk@35370


git-svn-id: http://core.svn.wordpress.org/trunk@35334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-23 05:57:24 +00:00
Scott Taylor
8eb3de46c9 Formatting: move url_shorten() from wp-admin/includes/misc.php to wp-includes/formatting.php for more global access. 
Adds unit tests.

Props mulvane, chriscct7.
Fixes #20166.

Built from https://develop.svn.wordpress.org/trunk@35314


git-svn-id: http://core.svn.wordpress.org/trunk@35280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-21 03:48:24 +00:00
Scott Taylor
afe975d754 Formatting: allow date strings to be passed to get_gmt_from_date(), instead of requiring 'Y-m-d H:i:s'. 
Adds unit tests.

Props pbearne.
Fixes #34279.

Built from https://develop.svn.wordpress.org/trunk@35284


git-svn-id: http://core.svn.wordpress.org/trunk@35250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-20 06:08:25 +00:00
John Blackbourn
5576cd3978 Introduce map_deep(), a utility function that recursively maps a callable function to every item in an array or object. Works like array_walk_recursive() but works with objects too. 
Updates `rawurlencode_deep()`, `urlencode_deep()`, and `stripslashes_deep()` to use `map_deep()`. Introduces `urldecode_deep()` for completeness.

Props wpmuguru, nbachiyski, boonebgorges, MikeHansenMe, chriscct7, realloc, johnbillion
Fixes #22300

Built from https://develop.svn.wordpress.org/trunk@35252


git-svn-id: http://core.svn.wordpress.org/trunk@35218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-17 23:26:24 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places. 
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-14 23:44:25 +00:00
Scott Taylor
d8e20fa273 Fotmatting: in sanitize_file_name(), escape % when uploads contain them, otherwise attachment URLs will unescape the char and break. 
Adds unit tests.

Props mordauk, simonwheatley, dd32, solarissmoke.
Fixes #16226.

Built from https://develop.svn.wordpress.org/trunk@35122


git-svn-id: http://core.svn.wordpress.org/trunk@35087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-13 03:22:24 +00:00
John Blackbourn
6d21ed0d99 Avoid stripping square brackets from URLs, and instead correctly encode them. Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port. 
Adds tests.

Fixes #16859

Built from https://develop.svn.wordpress.org/trunk@34920


git-svn-id: http://core.svn.wordpress.org/trunk@34885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-07 23:39:23 +00:00
Drew Jaynes
c6bbcdb256 Docs: Remove documentation for a phantom parameter not actually passed to the is_email filter. 
The documentation error was introduced in [26485].

Props chrisvendiadvertisingcom.
Fixes #34097.

Built from https://develop.svn.wordpress.org/trunk@34770


git-svn-id: http://core.svn.wordpress.org/trunk@34735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-02 07:03:25 +00:00
Scott Taylor
7a0f8602f3 Shortcodes/Formatting: Add PCRE Performance Testing 
* Move pattern from `wptexturize()` into a separate function.
* Move pattern from `wp_html_split()` into a separate function.
* Beautify code for `wp_html_split()`.
* Remove unnecessary instances of `/s` modifier in patterns that don't use dots.
* Add `tests/phpunit/data/formatting/whole-posts.php` for testing larger strings.
* Add function `benchmark_pcre_backtracking()`.
* Add tests for `wp_html_split()`.
* Add tests for `wptexturize()`.
* Add tests for `get_shortcode_regex()`.

Props miqrogroove.
Fixes #34121.

Built from https://develop.svn.wordpress.org/trunk@34761


git-svn-id: http://core.svn.wordpress.org/trunk@34726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-02 04:26:25 +00:00
Scott Taylor
99347fd96e Shortcodes: Fix PCRE performance bugs in get_shortcode_regexp() and related to wptexturize(), do_shortcode(), and strip_shortcodes() 
Alters unit tests.

Props miqrogroove.
Fixes #33517.

Built from https://develop.svn.wordpress.org/trunk@34747


git-svn-id: http://core.svn.wordpress.org/trunk@34712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-01 18:05:25 +00:00
Drew Jaynes
ec9ec3138e Formatting: Rename the $richedit parameter in format_to_edit() to $rich_text. 
Previously, it was necessary to explain in a double-negative that `$richedit` being false would prevent `$content` from being passed through `esc_textarea()`. The updated `$rich_edit` name and documentation now better reflects the intent of the parameter.

Fixes #21613.

Built from https://develop.svn.wordpress.org/trunk@34727


git-svn-id: http://core.svn.wordpress.org/trunk@34691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-01 02:01:26 +00:00
John Blackbourn
5f09357c21 Revert r34674 due to failures on PHP < 5.4. 
See #16859

Built from https://develop.svn.wordpress.org/trunk@34675


git-svn-id: http://core.svn.wordpress.org/trunk@34639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-29 01:01:24 +00:00
John Blackbourn
eb352accc4 Avoid stripping square brackets from URLs, and instead correctly encode them. 
Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port.

Adds a bunch of tests, including square brackets in query parameters, IPv6 URLs, and several other permutations.

See #16859

Built from https://develop.svn.wordpress.org/trunk@34674


git-svn-id: http://core.svn.wordpress.org/trunk@34638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-29 00:41:24 +00:00
Scott Taylor
3c66bd6cb6 Sanitization: when falling back to (wait for it...) $fallback in sanitize_html_class(), sanitize it as well. 
Props MikeHansenMe, wonderboymusic.
Fixes #30967.

Built from https://develop.svn.wordpress.org/trunk@34377


git-svn-id: http://core.svn.wordpress.org/trunk@34341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-22 04:31:25 +00:00
Scott Taylor
c1c8b55617 Comments: in wp_rel_nofollow_callback(), account for the fact that a link might already have a rel attribute. Currently, if a link already has a rel, it will result it duplicate attributes on the element with conflicting values. 
Adds unit tests.

Props junsuijin, wonderboymusic.
Fixes #9959.

Built from https://develop.svn.wordpress.org/trunk@34277


git-svn-id: http://core.svn.wordpress.org/trunk@34241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-18 04:36:24 +00:00
Sergey Biryukov
61bef72b95 Fix a typo in wptexturize() and wp_replace_in_html_tags() comments. 
Props bobbingwide.
See #15694.
Built from https://develop.svn.wordpress.org/trunk@34222


git-svn-id: http://core.svn.wordpress.org/trunk@34186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-16 05:54:26 +00:00
Scott Taylor
3a0db2a22f Fix the case-sensitivity of some HTTP class usage. 
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34123


git-svn-id: http://core.svn.wordpress.org/trunk@34091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 17:37:25 +00:00
Andrew Ozz
4e7dd2c4b1 Formatting: maintain the content of HTML comments when they contain <object> tags. Add more tests for wpaitop(). 
Props miqrogroove.
Fixes #33645 for trunk.
Built from https://develop.svn.wordpress.org/trunk@33955


git-svn-id: http://core.svn.wordpress.org/trunk@33924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-08 22:55:24 +00:00
John Blackbourn
bdde0261bc Bail out early from esc_url() if the URL becomes empty after stripping out disallowed characters. 
Fixes #28015
Props jesin for the unit test

Built from https://develop.svn.wordpress.org/trunk@33923


git-svn-id: http://core.svn.wordpress.org/trunk@33892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-05 21:29:25 +00:00
John Blackbourn
6aad2eb98c Correctly encode spaces in URLs passed to esc_url() instead of removing them. 
Fixes #23605
Props enshrined, johnbillion

Built from https://develop.svn.wordpress.org/trunk@33858


git-svn-id: http://core.svn.wordpress.org/trunk@33826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-02 17:20:21 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function. 
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-25 20:28:22 +00:00
Scott Taylor
3982598305 Doc block for_wp_specialchars: $quote_style can also be string ('single' or 'double') 
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33700


git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-21 18:36:24 +00:00
Andrew Ozz
2de7757124 Fix creating of extra <br /> tags in both PHP and JS variants of wpautop(). Add PHP tests to catch similar problems in the future. 
Props valendesigns, azaozz. Fixes #33377.
Built from https://develop.svn.wordpress.org/trunk@33624


git-svn-id: http://core.svn.wordpress.org/trunk@33591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-17 17:36:24 +00:00
Dominik Schilling
0e1476d078 Editor: word count: Remove indentation from the translator comment. 
Avoids a duplicate comment in the POT file.

see #30966.
Built from https://develop.svn.wordpress.org/trunk@33517


git-svn-id: http://core.svn.wordpress.org/trunk@33484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-30 17:08:24 +00:00
Scott Taylor
15a7d98ce6 Protect newlines inside of CDATA. This was breaking things, notably inline JS that used comments for HTML standards compat. 
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()` 
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`

Adds unit tests.

Props miqrogroove, kitchin, azaozz.
Fixes #33106.

Built from https://develop.svn.wordpress.org/trunk@33469


git-svn-id: http://core.svn.wordpress.org/trunk@33436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-28 23:03:24 +00:00
Ella Iseulde Van Dorpe
491c863f35 Editor: word count: better names for types. 
Also fix it in wp_trim_words().

Fixes #30966.

Built from https://develop.svn.wordpress.org/trunk@33440


git-svn-id: http://core.svn.wordpress.org/trunk@33407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-27 11:19:26 +00:00
Scott Taylor
d8e8ad4a2f Pinking shears. 
Built from https://develop.svn.wordpress.org/trunk@33411


git-svn-id: http://core.svn.wordpress.org/trunk@33379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-24 17:27:24 +00:00
Gary Pendergast
c3e0ed7e03 Shortcodes: Improve the reliablity of shortcodes inside HTML tags. 
Props miqrogroove.

See #15694.


Built from https://develop.svn.wordpress.org/trunk@33359


git-svn-id: http://core.svn.wordpress.org/trunk@33331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-22 05:15:25 +00:00
Scott Taylor
7c218ab59a After [33148]: 
Don't nest `esc_attr()` and `htmlspecialchars()` when escaping the post title on the edit post screen.

Unrevert parts of [32851] and [32850].

Adds/alters unit tests.

Props miqrogroove.
Fixes #17780.

Built from https://develop.svn.wordpress.org/trunk@33271


git-svn-id: http://core.svn.wordpress.org/trunk@33243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-14 17:56:26 +00:00
Drew Jaynes
9e12c71872 Fix inline documentation syntax for two formatting functions added in 4.3. 
* `wptexturize_primes()` See [32863]
* `format_for_editor()` See [32899]

See #32891.

Built from https://develop.svn.wordpress.org/trunk@33225


git-svn-id: http://core.svn.wordpress.org/trunk@33197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-13 21:30:24 +00:00
Andrew Ozz
4bd5e2db01 TinyMCE: 
- Go back to encoding the editor content only when TinyMCE is used.
- Add check and encode `</textarea>` if present.
See #32425.
Built from https://develop.svn.wordpress.org/trunk@33187


git-svn-id: http://core.svn.wordpress.org/trunk@33159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-13 03:19:24 +00:00
Scott Taylor
6cc3a903d7 Revert [32851] and [32850] for now, tl;dr encoding issues. 
See #17780.


Built from https://develop.svn.wordpress.org/trunk@33148


git-svn-id: http://core.svn.wordpress.org/trunk@33120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-09 20:56:24 +00:00