Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-17 08:05:21 +01:00
Code Issues Projects Releases Wiki Activity
30,855 Commits 50 Branches 748 Tags 792 MiB
a5edf110c0
Commit Graph

18048 Commits

Author SHA1 Message Date
Aaron Campbell
a5edf110c0 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41476


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:02:55 +00:00
Dominik Schilling
6fbcd8620a TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41440


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 12:44:02 +00:00
Dominik Schilling
83db96006c Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41405


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:18:57 +00:00
Aaron Campbell
95b51d858b Bump 4.3 branch to version 4.3.11. 
Built from https://develop.svn.wordpress.org/branches/4.3@40752


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:51:55 +00:00
Pascal Birchler
bb73cd874b Media: Simplify upload error message construction. 
Merges [40736] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40741


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:03:27 +00:00
Dominik Schilling
33bf516808 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@40709


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:18:26 +00:00
Pascal Birchler
a21c779e19 Adjust post meta checks 
Merges [40692] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40697


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:52:26 +00:00
Pascal Birchler
51f3fe2909 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40682


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:22:27 +00:00
Pascal Birchler
1897b61ccb Bump 4.3 branch to version 4.3.10. 
Built from https://develop.svn.wordpress.org/branches/4.3@40491


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:25:27 +00:00
James Nylen
a5ea8d5b6e Bump 4.3 branch to version 4.3.9. 
Built from https://develop.svn.wordpress.org/branches/4.3@40206


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:28:25 +00:00
Aaron Campbell
6751b328d9 Strip control characters before validating redirect. 
Merges [40183] to 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40188


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:43:55 +00:00
Dominik Schilling
46c23960dc Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@40165


git-svn-id: http://core.svn.wordpress.org/branches/4.3@40104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 12:06:59 +00:00
Aaron Campbell
d9d2157746 Bump 4.3 branch to version 4.3.8. 
Built from https://develop.svn.wordpress.org/branches/4.3@40000


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 18:24:27 +00:00
Dominik Schilling
f6e6b58725 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39960


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 13:51:29 +00:00
Aaron Campbell
b1b62d3ccd Bump 4.3 branch to version 4.3.7. 
Built from https://develop.svn.wordpress.org/branches/4.3@39864


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:57:25 +00:00
Joe McGill
90cd7353b3 Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39855


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:42:56 +00:00
Joe McGill
abebce20a6 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39836


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:17:24 +00:00
Dominik Schilling
624ab728c7 Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@39813


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:11:26 +00:00
Jeremy Felt
a06e0059b1 Multisite: Use wp_rand() in signup key creation. 
Merges [39795] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@39800


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:34:27 +00:00
Dion Hulse
ed440a7cf4 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.3 branch.
Fixes #37210 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@39788


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:24:24 +00:00
Dion Hulse
86a3e6e871 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645], [36083] to the 4.3 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.3@39725


git-svn-id: http://core.svn.wordpress.org/branches/4.3@39665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:05:31 +00:00
Jeremy Felt
180d083620 Bump 4.3 branch to 4.3.6. 
Built from https://develop.svn.wordpress.org/branches/4.3@38552


git-svn-id: http://core.svn.wordpress.org/branches/4.3@38495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 14:59:23 +00:00
Boone Gorges
a240058e32 Bump 4.3 branch to 4.3.5. 
Built from https://develop.svn.wordpress.org/branches/4.3@37830


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 16:33:25 +00:00
Joe McGill
89394fe908 Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 4.3 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.3@37814


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:55:52 +00:00
Nikolay Bachiyski
a0e40393b4 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@37786


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:25:24 +00:00
Jeremy Felt
a939b84057 Admin: Allow for the consistent filtering of auth_redirect_scheme 
Merge of [37651] to the 4.3 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.3@37760


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:12:19 +00:00
Dominik Schilling
4b5e93ba40 Bump 4.3 branch to 4.3.4. 
Built from https://develop.svn.wordpress.org/branches/4.3@37386


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 18:12:22 +00:00
Nikolay Bachiyski
f1f6b9c2d6 External Libraries: Update plupload from upstream 
Built from https://develop.svn.wordpress.org/branches/4.3@37380


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 18:00:24 +00:00
Dominik Schilling
032feff801 External Libraries: Update MediaElement.js from upstream. 
Merge of [37370] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37374


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 17:54:33 +00:00
Nikolay Bachiyski
7da41242f9 Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@37136


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 17:23:24 +00:00
Dominik Schilling
9046c96d95 HTTP: Improve detection of valid IP addresses. 
Merge of [37115] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@37117


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 15:51:47 +00:00
Nikolay Bachiyski
9631f83b6f Snoopy: use escapeshellarg instead of escapeshellcmd 
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

Built from https://develop.svn.wordpress.org/branches/4.3@37096


git-svn-id: http://core.svn.wordpress.org/branches/4.3@37063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 14:05:24 +00:00
Dominik Schilling
dd8b7de724 Bump 4.3 branch to 4.3.3. 
Built from https://develop.svn.wordpress.org/branches/4.3@36456


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 17:28:22 +00:00
Dominik Schilling
eb0bd01048 Better validation of the URL used in HTTP redirects. 
Merges [36444] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36448


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36415 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 16:59:51 +00:00
Dominik Schilling
224efaf1e0 HTTP: 0.1.2.3 is not a valid IP. 
Merges [36435] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@36437


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 13:03:51 +00:00
Dominik Schilling
f6115d3bfe Bump 4.3 branch to 4.3.2. 
Built from https://develop.svn.wordpress.org/branches/4.3@36197


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 18:48:22 +00:00
Aaron Jorbin
424c4d9a59 Theme: Escape error messages 
[36185] for 4.3 branch

Built from https://develop.svn.wordpress.org/branches/4.3@36187


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 17:25:23 +00:00
Dion Hulse
a2cf26ef40 Background Updates: Remove the 7am/7pm background update check. 
This changeset is a more basic version of [36180], clearing the extra now redundant schedule.
As the functionality for this was introduced in 3.9, [28129] has been backported to 3.7/3.8, allowing the API TTL to be respected by those versions.

See #27772.
Fixes #35323.

Built from https://develop.svn.wordpress.org/trunk@36184


git-svn-id: http://core.svn.wordpress.org/branches/4.3@36151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-06 13:24:33 +00:00
Weston Ruter
0b2de83d41 Customize: Fix live previewing of menu changes on subdirectory installs. 
Merges [34278] from trunk.

Props adamsilverstein, westonruter.
Fixes #33916 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@34279


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-18 05:50:25 +00:00
Dominik Schilling
286bf05ea7 The 4.3 branch is now 4.3.2-alpha. 
Built from https://develop.svn.wordpress.org/branches/4.3@34267


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-17 16:21:25 +00:00
Helen Hou-Sandí
cbcc1cbaa3 Finish bumping the 4.3 branch to 4.3.1. 
Built from https://develop.svn.wordpress.org/branches/4.3@34189


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-15 14:49:29 +00:00
Dominik Schilling
9c57f3a429 XMLRPC: Don't allow private posts to be sticky. 
Merge of [34135] to the 4.3 branch.

See #20662.
Built from https://develop.svn.wordpress.org/branches/4.3@34151


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 22:50:31 +00:00
Nikolay Bachiyski
f72b21af23 Shortcodes: don't allow unclosed HTML elements in attributes 
Merges [34134] for 4.3 branch

Built from https://develop.svn.wordpress.org/branches/4.3@34144


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 22:47:23 +00:00
Dominik Schilling
5fe5a0eb07 Passwords: Trigger a wp-check-valid-field event when the password field is filled with a password by generatePassword(). 
Updates event handler in `wpAjax.invalidateForm()` to support `wp-check-valid-field`.

Merge of [34114] to the 4.3 branch.

Fixes #33406.
Built from https://develop.svn.wordpress.org/branches/4.3@34120


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 13:09:23 +00:00
Dominik Schilling
12b08da9c2 Settings, password field: Fix placement of the error icon and removal of the error class. 
Merge of [34068] to the 4.3 branch.

Props liljimmi, adamsilverstein.
See #33406.
Built from https://develop.svn.wordpress.org/branches/4.3@34119


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 13:07:23 +00:00
Dominik Schilling
cca265971e Passwords: Deprecate second parameter of wp_new_user_notification(). 
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Merge of [34116] to the 4.3 branch.

Props kraftbj, adamsilverstein, welcher, ocean90.
See #33654.
Built from https://develop.svn.wordpress.org/branches/4.3@34118


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 13:03:24 +00:00
Dominik Schilling
e52a25130a Users: Import the global var $wp_hasher in wp_new_user_notification(). 
Adds `@global` entries to the DocBlock.

Merge of [34052] to the 4.3 branch.

See #33826.
Built from https://develop.svn.wordpress.org/branches/4.3@34053


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-11 19:18:23 +00:00
Andrew Ozz
a10c2ba8f3 TinyMCE: ensure the wordpress plugin is loaded before calling _createToolbar(). 
Props hauvong, azaozz.
Fixes #33393 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@34032


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-11 01:47:22 +00:00
Andrew Ozz
26093bdc3e TinyMCE: update to 4.2.5, changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=index&pr_id=1. 
Fixes #33782 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@34029


git-svn-id: http://core.svn.wordpress.org/branches/4.3@33998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-10 23:57:23 +00:00
Andrew Ozz
de170f4c55 Formatting: fix removing line break placeholders from HTML comments at the end of wpautop(). 
Props miqrogroove.
Fixes #33645 for 4.3.
Built from https://develop.svn.wordpress.org/branches/4.3@34024


git-svn-id: http://core.svn.wordpress.org/branches/4.3@33993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-10 22:23:23 +00:00