Commit Graph

38428 Commits

Author SHA1 Message Date
desrosj
a2e5bf9057 WordPress 5.0.15.
Built from https://develop.svn.wordpress.org/branches/5.0@52495


git-svn-id: http://core.svn.wordpress.org/branches/5.0@52087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:52:53 +00:00
desrosj
e84750df64 Grouped backports to the 5.0 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 5.0 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/5.0@52473


git-svn-id: http://core.svn.wordpress.org/branches/5.0@52065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:15:24 +00:00
desrosj
8ab825de51 Block Editor: Additional package updates.
Built from https://develop.svn.wordpress.org/branches/5.0@51833


git-svn-id: http://core.svn.wordpress.org/branches/5.0@51440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-21 16:49:44 +00:00
desrosj
49925ddb25 Grouped merges for 5.0.14.
Follow up to [51758].
Built from https://develop.svn.wordpress.org/branches/5.0@51769


git-svn-id: http://core.svn.wordpress.org/branches/5.0@51376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 23:31:41 +00:00
desrosj
adb3129097 WordPress 5.0.14.
Built from https://develop.svn.wordpress.org/branches/5.0@51766


git-svn-id: http://core.svn.wordpress.org/branches/5.0@51373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:42:36 +00:00
desrosj
5b2a7a5a1f Grouped merges for 5.0.14.
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.

Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.0 branch.
Built from https://develop.svn.wordpress.org/branches/5.0@51758


git-svn-id: http://core.svn.wordpress.org/branches/5.0@51365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:24:36 +00:00
Peter Wilson
10e25cd42a WordPress 5.0.13.
Built from https://develop.svn.wordpress.org/branches/5.0@50876


git-svn-id: http://core.svn.wordpress.org/branches/5.0@50485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:18:36 +00:00
Peter Wilson
ccb7d4060e External libraries: Improve attachment handling in PHPMailer
Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown.
Partially merges [50799] to the 5.0 branch.


Built from https://develop.svn.wordpress.org/branches/5.0@50854


git-svn-id: http://core.svn.wordpress.org/branches/5.0@50463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 22:31:06 +00:00
Peter Wilson
cd89adefc2 Version bump for 5.0.12.
Built from https://develop.svn.wordpress.org/branches/5.0@50743


git-svn-id: http://core.svn.wordpress.org/branches/5.0@50352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:40:22 +00:00
desrosj
9f95a91e28 Grouped merges for 5.0.12.
* REST API: Allow authors to read their own password protected posts.
* About page update.

Merges [50717] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/5.0@50731


git-svn-id: http://core.svn.wordpress.org/branches/5.0@50340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:13:27 +00:00
desrosj
d07e548037 Build/Test Tools: Backport GitHub Action and build improvements to the 5.0 branch.
This backports several build and test tool improvements to the 5.0 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [45317,50267,50379,50387,50413,50416,50432,50435-50436,50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50598] to the 5.0 branch.
See #50401, #51801, #51802, #52548, #52608, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/5.0@50624


git-svn-id: http://core.svn.wordpress.org/branches/5.0@50236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-31 19:27:41 +00:00
desrosj
28683975c9 Build/Test Tools: Support NodeJS 14.x in the 5.0 branch.
This updates the 5.0 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

In addition to backporting the package updates that happened after branching 5.0, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [44233,44728,45321,45765,45826,46403-46404,46408,46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,49940,49983,49989,50017,50126,50176,50185,50192] to the 5.0 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/5.0@50201


git-svn-id: http://core.svn.wordpress.org/branches/5.0@49875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:05:04 +00:00
desrosj
4d0d68c942 WordPress 5.0.11.
Built from https://develop.svn.wordpress.org/branches/5.0@49414


git-svn-id: http://core.svn.wordpress.org/branches/5.0@49173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:38:41 +00:00
whyisjake
8428d1077f General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.0 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/5.0@49396


git-svn-id: http://core.svn.wordpress.org/branches/5.0@49155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:51:46 +00:00
Sergey Biryukov
639a8628e2 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 5.0 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/5.0@48248


git-svn-id: http://core.svn.wordpress.org/branches/5.0@48017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:49:40 +00:00
desrosj
7b299542fd WordPress 5.0.10.
Built from https://develop.svn.wordpress.org/branches/5.0@47993


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:36:36 +00:00
whyisjake
71841d604b Editor: Ensure latest comments can only be viewed from public posts.
This brings the changes from [47984] to the 5.0 branch.

Props: poena, xknown.

Built from https://develop.svn.wordpress.org/branches/5.0@47988


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 19:32:45 +00:00
desrosj
c5a0caaaae General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that `wp_validate_redirect()` sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option. 

Merges [47947-47951] to the 5.0 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.0@47964


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:22:47 +00:00
Sergey Biryukov
82f3f9e8a1 Update the About page for WordPress 5.0.9
Built from https://develop.svn.wordpress.org/branches/5.0@47701


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:38:20 +00:00
desrosj
977206959f WordPress 5.0.9
Built from https://develop.svn.wordpress.org/branches/5.0@47670


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:00:31 +00:00
whyisjake
afc65069bb Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.0 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.0@47647


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:14:48 +00:00
Sergey Biryukov
5032f17b37 WordPress 5.0.8
Built from https://develop.svn.wordpress.org/branches/5.0@46923


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:26:46 +00:00
whyisjake
ee92e93f79 Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent  stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize &colon; on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.


Built from https://develop.svn.wordpress.org/branches/5.0@46915


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:52:47 +00:00
desrosj
970ccf3c73 WordPress 5.0.7.
Built from https://develop.svn.wordpress.org/branches/5.0@46510


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:08:38 +00:00
whyisjake
de7d42ed47 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/5.0@46492


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:26:51 +00:00
desrosj
b67804a2a5 WordPress 5.0.6
Built from https://develop.svn.wordpress.org/branches/5.0@46063


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 23:54:48 +00:00
desrosj
d7e71b0458 WordPress 5.0.5.
Built from https://develop.svn.wordpress.org/branches/5.0@46044


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:06:41 +00:00
whyisjake
a8c16b5330 Update the block library to 2.2.17 to fix an issue with invalid shortcode blocks.
Props aduth, flaviozavan, epiqueras, jorgefilipecosta


Built from https://develop.svn.wordpress.org/branches/5.0@46029


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:50:46 +00:00
whyisjake
e2ad4d2e2a Update the block library to 2.2.17 to fix an issue with invalid shortcode blocks.
Props aduth, flaviozavan, epiqueras, jorgefilipecosta


Built from https://develop.svn.wordpress.org/branches/5.0@46029


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:50:35 +00:00
Andrew Ozz
4c7b037229 jQuery: Backport the patch from jQuery 3.4.0.
Merges [45342] to the 5.0 branch.

Props MikeNGarrett, peterwilsoncc, azaozz.
Fixes #47020.
Built from https://develop.svn.wordpress.org/branches/5.0@46017


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:44:01 +00:00
desrosj
1f26aab97c Fix for URL sanitization in wp_kses_bad_protocol_once().
Merges [45997] to the 5.0 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.0@46004


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:38:37 +00:00
whyisjake
f99c8057e0 Update the block library to 2.2.17 to fix an issue with invalid shortcode blocks.
Props aduth, flaviozavan, epiqueras


Built from https://develop.svn.wordpress.org/branches/5.0@46003


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:37:50 +00:00
Sergey Biryukov
65d7b91757 Improve handling the existing rel attribute in wp_rel_nofollow_callback().
Merges [45990] to the 5.0 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.0@45993


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:47:47 +00:00
Sergey Biryukov
002e75631f Improve URL validation in wp_validate_redirect().
Merges [45971] to the 5.0 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/5.0@45974


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:05:47 +00:00
whyisjake
bd6ae7b3eb Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
Merges [45937] to the 5.0 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/5.0@45945


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:32:47 +00:00
Sergey Biryukov
045c01e20b Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 5.0 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.0@45941


git-svn-id: http://core.svn.wordpress.org/branches/5.0@45752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:26:48 +00:00
Gary Pendergast
8e716641a0 WordPress 5.0.4, undoing the incorrect version bump in [44862].
Built from https://develop.svn.wordpress.org/branches/5.0@44866


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 00:44:45 +00:00
Gary Pendergast
08f8bb412e WordPress 5.0.5
Built from https://develop.svn.wordpress.org/branches/5.0@44862


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 00:35:46 +00:00
Sergey Biryukov
ed88ef2072 Comments: Improve comment content filtering.
Merges [44842] to the 5.0 branch.
Built from https://develop.svn.wordpress.org/branches/5.0@44844


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:33:45 +00:00
Sergey Biryukov
4c251a6373 Formatting: Improve rel="nofollow" handling in comments.
Merges [44833] to the 5.0 branch.
Built from https://develop.svn.wordpress.org/branches/5.0@44835


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:18:47 +00:00
desrosj
4aecf904f2 Post WordPress 5.0.3 version bump.
Built from https://develop.svn.wordpress.org/branches/5.0@44523


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 19:06:47 +00:00
desrosj
6cb9d75640 WordPress 5.0.3.
Built from https://develop.svn.wordpress.org/branches/5.0@44521


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 18:10:44 +00:00
desrosj
7464de6273 About: Add 5.0.3 details to the about page.
Fixes #45884.
Built from https://develop.svn.wordpress.org/branches/5.0@44520


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 17:40:46 +00:00
desrosj
07237344d2 Post WordPress 5.0.3-RC1 version bump.
Built from https://develop.svn.wordpress.org/branches/5.0@44445


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 23:09:46 +00:00
desrosj
b09f8b7589 WordPress 5.0.3-RC1.
Built from https://develop.svn.wordpress.org/branches/5.0@44444


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 22:56:45 +00:00
Joe McGill
7ca9a37c89 Upload: Fix upload failures of common text file types.
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.

Merges [44438], [44439], [44441], and [44442] to the 4.9 branch.

Props Kloon, birgire, tellyworth, joemcgill.
See #45615.

Built from https://develop.svn.wordpress.org/branches/5.0@44443


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 22:23:52 +00:00
desrosj
dd2338ad41 Block Editor: Display notice to the user when JavaScript is disabled.
Currently, when viewing the block editor with JavaScript disabled, the user sees a blank admin page with the admin menu sidebar. This adds an admin notice informing the user that JavaScript is required for the new block editor.

Props mkaz, pento, azaozz, ocean90, desrosj.

Merges [44437] to the 5.0 branch.
Fixes #45453.
Built from https://develop.svn.wordpress.org/branches/5.0@44440


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 20:59:45 +00:00
Sergey Biryukov
9c8873e942 Default Themes: Bump the version numbers and release dates.
Update the theme versions and release dates for the default themes, in time for WordPress 5.0.3.

The POT file for Twenty Eleven has also been updated.

Props laurelfulford.
Merges [44435] to the 5.0 branch.
Fixes #45792.
Built from https://develop.svn.wordpress.org/branches/5.0@44436


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 19:01:46 +00:00
Sergey Biryukov
9fdc9c60c3 Bundled Themes: Bump script and style version numbers.
When existing scripts or styles are updated in default themes, the version numbers in the enqueues should also be bumped to make sure the old files don't cache. This update bumps version numbers for changes since version 5.0, for themes Twenty Eleven through Twenty Nineteen. 

Props laurelfulford.
Merges [44382] to the 5.0 branch.
Fixes #45679.
Built from https://develop.svn.wordpress.org/branches/5.0@44434


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 18:40:45 +00:00
Sergey Biryukov
86f3506479 Twenty Twelve: Correct padding rule precedence for Quote block.
Props superpoincare.
Merges [44432] to the 5.0 branch.
Fixes #45794.
Built from https://develop.svn.wordpress.org/branches/5.0@44433


git-svn-id: http://core.svn.wordpress.org/branches/5.0@44264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 18:35:47 +00:00