whyisjake
9a0b89f7a8
Backporting several bug fixes.
...
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.
Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@46498
git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:09:23 +00:00
Jeremy Felt
60dacc5deb
Media: Improve verification of MIME file types.
...
Merges [43988] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@43995
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:14:21 +00:00
John Blackbourn
82dc7df085
Media: Limit thumbnail file deletions to the same directory as the original file.
...
Merges [43393] into the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@43398
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:57:24 +00:00
John Blackbourn
4fac456d88
Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html
capability.
...
Merges [42261] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@42287
git-svn-id: http://core.svn.wordpress.org/branches/4.4@42116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:30:31 +00:00
Joe McGill
af0a3c59d1
Media: Fix exif_imagetype check in wp_get_image_mime
...
This is a follow up to [39831].
Merges [39850] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39854
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:42:31 +00:00
Joe McGill
47bc8e98bd
Media: Improve image filetype checking.
...
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39835
git-svn-id: http://core.svn.wordpress.org/branches/4.4@39773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:16:32 +00:00
Dion Hulse
70d9869e38
I18N: In wp_maybe_decline_date()
, bail early if translation functions are not available, e.g. in SHORTINIT
mode.
...
Merges [35880] to the 4.4 branch.
Props SergeyBiryukov.
Fixes #34967 .
Built from https://develop.svn.wordpress.org/branches/4.4@36063
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-23 01:39:28 +00:00
Sergey Biryukov
d9faafbd44
I18N: Move translatable Codex URLs to separate strings in wp-includes/functions.php
.
...
Props ramiy.
See #34687 .
Built from https://develop.svn.wordpress.org/trunk@35667
git-svn-id: http://core.svn.wordpress.org/trunk@35631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 17:41:27 +00:00
Sergey Biryukov
2583c1e4ec
Replace 7 * DAY_IN_SECONDS
with WEEK_IN_SECONDS
in get_weekstartend()
.
...
Props MikeHansenMe.
Fixes #34603 .
Built from https://develop.svn.wordpress.org/trunk@35556
git-svn-id: http://core.svn.wordpress.org/trunk@35520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-06 16:37:27 +00:00
Sergey Biryukov
5d87e7d2b8
Introduce wp_maybe_decline_date()
for languages where certain date formats need to be declined, and hook it to the date_i18n
filter.
...
If the locale specifies that month names require a genitive case in certain formats like `'j F Y'` or `'j. F'`, the month name will be replaced with a correct form.
Fixes #11226 .
Built from https://develop.svn.wordpress.org/trunk@35517
git-svn-id: http://core.svn.wordpress.org/trunk@35481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 21:28:26 +00:00
Andrea Fercia
04c2cd1913
Accessibility: Improve buttons focus and links style in the install screens.
...
Fixes #34530 .
Built from https://develop.svn.wordpress.org/trunk@35494
git-svn-id: http://core.svn.wordpress.org/trunk@35458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-03 17:59:24 +00:00
John Blackbourn
263b2890d4
Add wp-post-new-reload
to the list of removable query vars so it doesn't persist in the URL.
...
Fixes #34510
Built from https://develop.svn.wordpress.org/trunk@35460
git-svn-id: http://core.svn.wordpress.org/trunk@35424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-30 18:06:34 +00:00
Helen Hou-Sandí
8803c05db5
wp_die()
: Update colors and button styling.
...
see #34388 , #31459 .
Built from https://develop.svn.wordpress.org/trunk@35327
git-svn-id: http://core.svn.wordpress.org/trunk@35293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 15:23:26 +00:00
Drew Jaynes
81524f3bfc
Filesystem: Following the introduction of the KB|MB|GB|TB_IN_BYTES
constants in [35286], use them in various places in core.
...
Props sudar.
Fixes #22405 .
Built from https://develop.svn.wordpress.org/trunk@35325
git-svn-id: http://core.svn.wordpress.org/trunk@35291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 14:03:25 +00:00
Drew Jaynes
875c82f17f
Media: Introduce the enclosure_links
filter, which makes it possible to adjust the list of audio and video enclosure links derived from post content before querying the database.
...
Props niallkennedy, stevenkword.
Fixes #19890 .
Built from https://develop.svn.wordpress.org/trunk@35288
git-svn-id: http://core.svn.wordpress.org/trunk@35254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 07:09:25 +00:00
Scott Taylor
89d1eb1e00
Formatting: when making unique filenames in wp_unique_filename()
by adding an incrementing number, prefix it with a dash to disambiguate from files that end in numbers.
...
Updates unit tests.
Props mikejolley, tyxla.
Fixes #21453 .
Built from https://develop.svn.wordpress.org/trunk@35276
git-svn-id: http://core.svn.wordpress.org/trunk@35242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 04:05:25 +00:00
Drew Jaynes
217b661703
Docs: Add missing descriptions for the $wpdb
global in DocBlocks all the places.
...
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@35170
git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Sergey Biryukov
c332da3e12
Feeds: Pass the feed name to do_feed_{$feed}
action.
...
Props johnbillion.
See #34259 .
Built from https://develop.svn.wordpress.org/trunk@35115
git-svn-id: http://core.svn.wordpress.org/trunk@35080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 02:44:23 +00:00
Drew Jaynes
48811702cd
Feeds: Simplify logic for checking if the do_feed_{$feed}
action is hooked to any callbacks.
...
See [35097] for where the aforementioned hook was renamed to actually be dynamic, thus rendering creation of the extra `$hook` variable moot.
See #34264 .
Built from https://develop.svn.wordpress.org/trunk@35098
git-svn-id: http://core.svn.wordpress.org/trunk@35063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 01:07:25 +00:00
Drew Jaynes
b234b5d896
Feeds: Adjust the do_feed_{$feed}
hook name to actually be dynamic, rather than pre-storing the tag name in a variable and referencing that.
...
Props johnbillion.
Fixes #34264 .
Built from https://develop.svn.wordpress.org/trunk@35097
git-svn-id: http://core.svn.wordpress.org/trunk@35062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 01:03:25 +00:00
Sergey Biryukov
7ef095171a
In number_format_i18n()
, check if $wp_locale
is set before using it.
...
Props pauldewouters.
Fixes #31553 .
Built from https://develop.svn.wordpress.org/trunk@35092
git-svn-id: http://core.svn.wordpress.org/trunk@35057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 00:30:24 +00:00
Sergey Biryukov
0d7c5569f5
In do_robots()
, allow crawling for admin-ajax.php
, since it's often used on front-end.
...
Props dmchale, joostdevalk.
Fixes #33156 .
Built from https://develop.svn.wordpress.org/trunk@34985
git-svn-id: http://core.svn.wordpress.org/trunk@34950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-09 05:16:23 +00:00
Ryan McCue
b3051048be
REST API: Add wp_is_numeric_array helper function
...
The API uses this to do special operations on list responses (used
for collections), so we need to detect whether an array is
associative or numeric-indexed.
After much discussion, the bikeshed is to be painted green and gold.
See #33982 .
Built from https://develop.svn.wordpress.org/trunk@34927
git-svn-id: http://core.svn.wordpress.org/trunk@34892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:14:25 +00:00
Ryan McCue
4bac3c3f14
REST API: Add JsonSerializable compatibility to wp_json_encode
...
Following on from r34845, the JsonSerializable shim needs support
on the encoding side too. _wp_json_prepare_data handles this when
we've loaded the shim.
Props chriscct7.
See #33982 .
Built from https://develop.svn.wordpress.org/trunk@34926
git-svn-id: http://core.svn.wordpress.org/trunk@34891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 01:30:25 +00:00
John Blackbourn
c83a66cbf3
Add an optional $description
parameter to status_header()
so custom HTTP status descriptions can be provided.
...
Fixes #21472
Props nbachiyski, iamfriendly
Built from https://develop.svn.wordpress.org/trunk@34914
git-svn-id: http://core.svn.wordpress.org/trunk@34879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 21:26:25 +00:00
Jeremy Felt
9926983b66
Revert [34778], continue using _site_option()
for the current network.
...
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.
See #28290 .
Built from https://develop.svn.wordpress.org/trunk@34912
git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Boone Gorges
226bb29ff0
Move wp_installing()
to load.php.
...
Various functions in load.php need to check whether WP is in installation mode.
Let's let them.
Props adamsilverstein.
See #31130 .
Built from https://develop.svn.wordpress.org/trunk@34896
git-svn-id: http://core.svn.wordpress.org/trunk@34861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 03:02:23 +00:00
Scott Taylor
4d3223b28e
Introduce wp_get_server_protocol()
to DRY protocol parsing logic and make adding more protocols, like HTTP/2
, easier.
...
Props johnbillion, wonderboymusic.
Fixes #34131 .
Built from https://develop.svn.wordpress.org/trunk@34894
git-svn-id: http://core.svn.wordpress.org/trunk@34859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 02:35:26 +00:00
Scott Taylor
0c6ee34d00
REST API: add a utility function, mysql_to_rfc3339()
to functions.php
...
Background:
6d0ad766ca
Props rmmcue.
See #33982 .
Built from https://develop.svn.wordpress.org/trunk@34846
git-svn-id: http://core.svn.wordpress.org/trunk@34811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 03:19:25 +00:00
Boone Gorges
0e7c1d3b14
Use wp_installing()
instead of WP_INSTALLING
constant.
...
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.
A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available. However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.
The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.
Props boonebgorges, jeremyfelt.
See #31130 .
Built from https://develop.svn.wordpress.org/trunk@34828
git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
John Blackbourn
5e98b20e84
Adjust _default_wp_die_handler()
formatting so it doesn't confuse Sublime Text's parsing and syntax highlighting.
...
Fixes #34135
Built from https://develop.svn.wordpress.org/trunk@34793
git-svn-id: http://core.svn.wordpress.org/trunk@34758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 01:32:24 +00:00
Jeremy Felt
54512d64cb
MS: Use *_network_option()
functions throughout core.
...
Replaces all uses of `*_site_option()` with the corresponding "network" function.
This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.
Props spacedmonkey.
See #28290 .
Built from https://develop.svn.wordpress.org/trunk@34778
git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
John Blackbourn
a8728b987f
Deprecate force_ssl_login()
, which is simply a wrapper for force_ssl_admin()
and is not used in core.
...
Fixes #34011
Built from https://develop.svn.wordpress.org/trunk@34700
git-svn-id: http://core.svn.wordpress.org/trunk@34664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 21:28:50 +00:00
John Blackbourn
aa35e473f7
callback
is not a valid type in PHP, PSR-5, or phpDocumentor. callable
should be used instead.
...
Fixes #34032
Built from https://develop.svn.wordpress.org/trunk@34566
git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Drew Jaynes
f84c653fad
Docs: Clarify the summary and optional $query
parameter description for remove_query_arg()
.
...
Props johnbillion.
Fixes #33912 .
Built from https://develop.svn.wordpress.org/trunk@34512
git-svn-id: http://core.svn.wordpress.org/trunk@34476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 19:34:24 +00:00
Drew Jaynes
92574015aa
Docs: Overhaul the DocBlock for add_query_arg()
to attempt to better explain the various call signatures it accepts.
...
Also adds a couple of in-DocBlock examples illustrating single key and value, and associative array usage. Retains the note about the unescaped return value.
Props johnbillion.
See #33912 .
Built from https://develop.svn.wordpress.org/trunk@34511
git-svn-id: http://core.svn.wordpress.org/trunk@34475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 19:32:24 +00:00
Scott Taylor
84da11d918
Pass false
as the 2nd argument to class_exists()
to disable autoloading and to not cause problems for those who define __autoload()
.
...
Fixes #20523 .
Built from https://develop.svn.wordpress.org/trunk@34348
git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
Helen Hou-Sandí
48befcf361
Superglobals: Revert [34059] until further notice.
...
see #33837 .
Built from https://develop.svn.wordpress.org/trunk@34265
git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Drew Jaynes
e13d18969f
Docs: Add a reminder to the DocBlock description for add_query_arg()
mentioning that the output is not escaped by default.
...
Props brentvr for the initial patch. (first props!)
See #33912 . See #32246 .
Built from https://develop.svn.wordpress.org/trunk@34264
git-svn-id: http://core.svn.wordpress.org/trunk@34228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 09:39:24 +00:00
Scott Taylor
c871986819
Uploader: Fire 'wp_handle_upload' in wp_upload_bits()
. Thusly, the filter in wp_xmlrpc_server::mw_newMediaObject()
is redundant.
...
Props dllh.
Fixes #33539 .
Built from https://develop.svn.wordpress.org/trunk@34257
git-svn-id: http://core.svn.wordpress.org/trunk@34221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 04:46:25 +00:00
Scott Taylor
b1bc8a6522
More comment functions can accept a full object instead of comment_ID to reduce cache/db lookups.
...
See ##33638.
Built from https://develop.svn.wordpress.org/trunk@34129
git-svn-id: http://core.svn.wordpress.org/trunk@34097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:40:24 +00:00
Dion Hulse
476b5c2046
When running on windows systems, normalise the capitalisation of the drive letter for more reliable string comparisons.
...
Props tyxla
Fixes #33265
Built from https://develop.svn.wordpress.org/trunk@34104
git-svn-id: http://core.svn.wordpress.org/trunk@34072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:59:25 +00:00
Scott Taylor
cd7c0f0b0d
Introduce wp_validate_action( $action = '' )
, a helper function that checks $_REQUEST
for action
and returns it, or empty string if not present. If $action
is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
...
Implementing this removes 27 uses of direct superglobal access in the admin.
For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php
See #33837 .
Built from https://develop.svn.wordpress.org/trunk@34059
git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Scott Taylor
62ec4a3bfd
Deprecate wp_get_http()
- function isn't used anywhere (apart from itself).
...
Props swissspidy.
Fixes #33709 .
Built from https://develop.svn.wordpress.org/trunk@33969
git-svn-id: http://core.svn.wordpress.org/trunk@33938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 04:26:25 +00:00
John Blackbourn
606b6d15f1
Introduce wp_removable_query_args()
, which returns an array of single-use query variables which can be removed from a URL.
...
Also applies the function to the return URL when the Customizer is closed.
Fixes #32692
Props swissspidy, Mte90
Built from https://develop.svn.wordpress.org/trunk@33849
git-svn-id: http://core.svn.wordpress.org/trunk@33817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 11:29:23 +00:00
Gary Pendergast
48e83418ed
When wp_json_encode()
calls json_encode()
, the latter will generate warnings if the string contains non-UTF-8 characters. No-one likes warnings, so we need to do something about that.
...
The good news is, the point of `wp_json_encode()` is to handle those non-UTF-8 characters. It'll totally just fix them up, no problem.
Anyway, we can just ignore those warnings.
Fixes #33524 .
Built from https://develop.svn.wordpress.org/trunk@33747
git-svn-id: http://core.svn.wordpress.org/trunk@33715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 03:26:21 +00:00
Scott Taylor
ef87172270
foreach
is a statement, not a function.
...
See #33491 .
Built from https://develop.svn.wordpress.org/trunk@33734
git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Drew Jaynes
ceec5ac00b
Fix inline documentation syntax for a few general-purpose functions and hooks added in 4.3.
...
* `_deprecated_constructor()` See [32989]
* `deprecated_constructor_trigger_error` See [32989]
* `get_main_network_id()` See [32775]
* `wp_post_preview_js()` See [32809]
See #32891 .
Built from https://develop.svn.wordpress.org/trunk@33226
git-svn-id: http://core.svn.wordpress.org/trunk@33198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 21:35:24 +00:00
Aaron Jorbin
a6ebaefb92
Add Deprecated Constructor Function
...
This function is one that can be called in core to indicate that a PHP4 style constructor is used. PHP4 style constructors are deprecated in PHP7.
Props jorbin, DrewAPicture for docs
See #31982
Built from https://develop.svn.wordpress.org/trunk@32989
git-svn-id: http://core.svn.wordpress.org/trunk@32960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-28 14:56:24 +00:00
Scott Taylor
642af1f3f4
Some doc blocks should use bool
instead of true|false
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32963
git-svn-id: http://core.svn.wordpress.org/trunk@32934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 00:45:24 +00:00