desrosj
be121a35d7
Grouped backports to the 4.2 branch.
...
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.
Merges [52454-52457] to the 4.2 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.2@52481
git-svn-id: http://core.svn.wordpress.org/branches/4.2@52073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:20:40 +00:00
Peter Wilson
23f87c7bc2
WordPress 4.2.30.
...
Built from https://develop.svn.wordpress.org/branches/4.2@50884
git-svn-id: http://core.svn.wordpress.org/branches/4.2@50493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:23:18 +00:00
desrosj
4a80453fcf
Build/Test Tools: Backport GitHub Action and build improvements to the 4.2 branch.
...
This backports several build and test tool improvements to the 4.2 branch. Most notably, this includes:
- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.
Merges [50379,50387,50416,50432,50435,50436,50444,50446,50473,50474,50476,50479,50485,50486,50487,50545,50579,50590] to the 4.2 branch.
See #50401 , #51801 , #51802 , #52548 , #52612 , #52624 , #52625 , #52645 , #52653 , #52658 , #52660 , #52667 .
Built from https://develop.svn.wordpress.org/branches/4.2@50642
git-svn-id: http://core.svn.wordpress.org/branches/4.2@50254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 15:50:22 +00:00
desrosj
e3353e0860
Build/Test Tools: Support NodeJS 14.x in the 4.2 branch.
...
This updates the 4.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301 ). This also blocks the ability to move automated testing over to GitHub Actions (see #50401 ).
This change also introduces a `packager-lock.json` file to the branch.
In addition to backporting the package updates that happened after branching 4.2, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [32356-32357,32988,33726,34888,35335,35363,35513,35521,35538-35541,35859,36861-36865,36935,36979,37017,37019-37020,37212,37612,38111,39110,39113,39115-39119,39478,41835,42460,42461,42463,42887,43320,43323,43977,44219,44233,45321,45765,46404,46408-46409,47404,47867,47872-47873,48705,49636,49933,49937,49939,50126,50176,50185] to the 4.2 branch.
See #52341 .
Built from https://develop.svn.wordpress.org/branches/4.2@50214
git-svn-id: http://core.svn.wordpress.org/branches/4.2@49883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:28:43 +00:00
desrosj
c22a2a6998
WordPress 4.2.29.
...
Built from https://develop.svn.wordpress.org/branches/4.2@49422
git-svn-id: http://core.svn.wordpress.org/branches/4.2@49181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:42:23 +00:00
whyisjake
b2b0e0d427
General: WordPress updates
...
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.2 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.2@49404
git-svn-id: http://core.svn.wordpress.org/branches/4.2@49163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:08:22 +00:00
Sergey Biryukov
0998a57991
Administration: Pass the result of set-screen-option
filter to the new set_screen_option_{$option}
filter to ensure backward compatibility.
...
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.
Follow-up to [47951].
Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.2 branch.
Fixes #50392 .
Built from https://develop.svn.wordpress.org/branches/4.2@48256
git-svn-id: http://core.svn.wordpress.org/branches/4.2@48025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:53:39 +00:00
desrosj
370ecdfd1a
WordPress 4.2.28.
...
Built from https://develop.svn.wordpress.org/branches/4.2@48001
git-svn-id: http://core.svn.wordpress.org/branches/4.2@47769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:39:36 +00:00
whyisjake
426696ba21
General: Backport several commits for release.
...
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.2@47970
git-svn-id: http://core.svn.wordpress.org/branches/4.2@47741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:53:51 +00:00
desrosj
7fb64672ce
Update the About page for WordPress 4.2.27
...
Built from https://develop.svn.wordpress.org/branches/4.2@47692
git-svn-id: http://core.svn.wordpress.org/branches/4.2@47469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:23:21 +00:00
Sergey Biryukov
00ae10906e
WordPress 4.2.26
...
Built from https://develop.svn.wordpress.org/branches/4.2@46931
git-svn-id: http://core.svn.wordpress.org/branches/4.2@46731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:32:20 +00:00
desrosj
229d71e0f8
WordPress 4.2.25.
...
Built from https://develop.svn.wordpress.org/branches/4.2@46518
git-svn-id: http://core.svn.wordpress.org/branches/4.2@46315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:15:21 +00:00
desrosj
de854c38b5
WordPress 4.2.24.
...
Built from https://develop.svn.wordpress.org/branches/4.2@46036
git-svn-id: http://core.svn.wordpress.org/branches/4.2@45848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:03:21 +00:00
Sergey Biryukov
9807e138d3
Escape the output in wp_ajax_upload_attachment()
.
...
Merges [45936] to the 4.2 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.2@45953
git-svn-id: http://core.svn.wordpress.org/branches/4.2@45764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:39:00 +00:00
Gary Pendergast
ebbc9ff12e
WordPress 4.2.23
...
Built from https://develop.svn.wordpress.org/branches/4.2@44882
git-svn-id: http://core.svn.wordpress.org/branches/4.2@44713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:43:20 +00:00
Sergey Biryukov
bc4ed1a93e
Comments: Improve comment content filtering.
...
Merges [44842] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@44852
git-svn-id: http://core.svn.wordpress.org/branches/4.2@44684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:42:20 +00:00
Jeremy Felt
3efe9a5fdb
Bump 4.2 branch to version 4.2.22.
...
Built from https://develop.svn.wordpress.org/branches/4.2@44085
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:15:37 +00:00
Gary Pendergast
aab268600a
Editor: Remove unwanted fields before saving posts.
...
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@44066
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:52:19 +00:00
Peter Wilson
303bd241f3
Multisite: Validate activation links.
...
Merges [44048] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@44065
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:51:37 +00:00
Aaron Campbell
61881c7156
Bump 4.2 branch to version 4.2.21
...
Built from https://develop.svn.wordpress.org/branches/4.2@43414
git-svn-id: http://core.svn.wordpress.org/branches/4.2@43242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:13:28 +00:00
Aaron Campbell
dac39608a3
Bump 4.2 branch to version 4.2.20
...
Built from https://develop.svn.wordpress.org/branches/4.2@42940
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:31:29 +00:00
Dion Hulse
e74c55ff6d
Bump the 4.2 branch to 4.2.19.
...
Built from https://develop.svn.wordpress.org/branches/4.2@42501
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:45:31 +00:00
Dion Hulse
507c958ab6
External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
...
Merges [42478] to the 4.2 branch.
Fixes #42720 for 4.2.
Built from https://develop.svn.wordpress.org/branches/4.2@42484
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:12:32 +00:00
Dion Hulse
4b860b51ae
Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
...
Props joemcgill, dd32.
Merges [42434] to the 4.2 branch.
Fixes #42963 for 4.2.
Built from https://develop.svn.wordpress.org/branches/4.2@42472
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:57:57 +00:00
John Blackbourn
ec85529fb7
Bump 4.2 branch to version 4.2.18.
...
Built from https://develop.svn.wordpress.org/branches/4.2@42323
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:02:31 +00:00
John Blackbourn
f345c93563
Hardening: Use a properly generated hash for the newbloguser
key instead of a determinate substring.
...
Merges [42258] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@42292
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:25 +00:00
Gary Pendergast
eb5a635d04
Bump 4.2 branch to version 4.3.17.
...
Built from https://develop.svn.wordpress.org/branches/4.2@42075
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:42:30 +00:00
Dominik Schilling
7a5426f3fe
Users: Use correct escaping function for URLs.
...
Merge of [41522] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@41529
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:38:56 +00:00
Dominik Schilling
c4fb8dfbf1
Bump 4.2 branch to version 4.2.16.
...
Built from https://develop.svn.wordpress.org/branches/4.2@41516
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 20:03:31 +00:00
John Blackbourn
a59dfc257f
Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
...
Merges [41457] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@41464
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:43:56 +00:00
John Blackbourn
6ddef3f8ab
General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
...
Merges [41434] with changes to the 4.2 branch.
See #13377
Built from https://develop.svn.wordpress.org/branches/4.2@41445
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:32:30 +00:00
Dominik Schilling
e7865eb9ae
Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@41423
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:14:36 +00:00
Aaron Campbell
a01117bf0d
Bump 4.2 branch to version 4.2.15.
...
Built from https://develop.svn.wordpress.org/branches/4.2@40753
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:52:23 +00:00
Aaron Campbell
566df4de1a
Add nonce for updating file system credentials.
...
Merges [40723] to 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40729
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:56:24 +00:00
Dominik Schilling
8f47014af6
Customize: Ignore invalid customization sessions.
...
Merge of [40704] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40710
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:19:29 +00:00
Pascal Birchler
5565b98dde
Bump 4.2 branch to version 4.2.14.
...
Built from https://develop.svn.wordpress.org/branches/4.2@40492
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:26:30 +00:00
Pascal Birchler
82c9b36ce7
Fix broken audio/video functions when sanitizing ID3 data
...
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.
See #40075 , #40085 .
Merges [40400] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40465
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:22:30 +00:00
James Nylen
b9a98e7562
Bump 4.2 branch to version 4.2.13.
...
Built from https://develop.svn.wordpress.org/branches/4.2@40207
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 16:32:30 +00:00
John Blackbourn
8299a48476
Press This: Verify intent before fetching in-page resources using Press This.
...
Props vortfu
Merges [40195] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40201
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 14:04:31 +00:00
Aaron Campbell
2bc231688e
Plugins: Add file check to plugin deletions.
...
Merges [40169] to 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40175
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:03:30 +00:00
Jeremy Felt
933f556e84
Validate video and audio metadata.
...
Merge of [40148] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@40154
git-svn-id: http://core.svn.wordpress.org/branches/4.2@40093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:09:31 +00:00
Aaron Campbell
f449b0a0ce
Bump 4.2 branch to version 4.2.12.
...
Built from https://develop.svn.wordpress.org/branches/4.2@40001
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:25:29 +00:00
John Blackbourn
22688ca8c6
Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
...
Merges [39956] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39984
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:17:17 +00:00
Dominik Schilling
afc91088f4
Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
...
Merge of [39968] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39975
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:13:31 +00:00
Aaron Campbell
ab64033700
Bump 4.2 branch to version 4.2.11.
...
Built from https://develop.svn.wordpress.org/branches/4.2@39865
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:58:29 +00:00
Dominik Schilling
87912afcf6
Updates: Translate plugin data on the Updates screen.
...
Merge of [39808] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39825
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:42:26 +00:00
Aaron Campbell
9f4a883e2f
Add nonce for widget accessibility mode.
...
Props vortfu.
See #23328 .
Merges [39765] to 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39766
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:49:32 +00:00
Joe McGill
8afdd2be32
Media: Improved media titles when created from filename.
...
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.
Merge of [38615] to the 4.2 branch.
Fixes #37989 .
Built from https://develop.svn.wordpress.org/branches/4.2@39714
git-svn-id: http://core.svn.wordpress.org/branches/4.2@39654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:01:02 +00:00
Jeremy Felt
e57416e1d7
Bump 4.2 branch to 4.2.10.
...
Built from https://develop.svn.wordpress.org/branches/4.2@38553
git-svn-id: http://core.svn.wordpress.org/branches/4.2@38496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 15:00:32 +00:00
Jeremy Felt
f7adf3c9d2
Media: Sanitize upload filename.
...
Merge of [38538] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@38543
git-svn-id: http://core.svn.wordpress.org/branches/4.2@38486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:59:32 +00:00