Commit Graph

29829 Commits

Author SHA1 Message Date
Sergey Biryukov
bf6dcc242c WordPress 4.2.32.
Built from https://develop.svn.wordpress.org/branches/4.2@52891


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 22:19:19 +00:00
Sergey Biryukov
44d0dcc2ed External Librairies: Update jQuery.query to version 2.2.3.
This updates the "jquery-query" library from version 2.1.7 to 2.2.3.

Props jorbin, peterwilsoncc, xknown, audrasjb, jorgefilipecosta.
Merges [52844] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@52864


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 21:50:20 +00:00
desrosj
4159c216ba WordPress 4.2.31.
Built from https://develop.svn.wordpress.org/branches/4.2@52503


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:56:43 +00:00
desrosj
be121a35d7 Grouped backports to the 4.2 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 4.2 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.2@52481


git-svn-id: http://core.svn.wordpress.org/branches/4.2@52073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:20:40 +00:00
Peter Wilson
23f87c7bc2 WordPress 4.2.30.
Built from https://develop.svn.wordpress.org/branches/4.2@50884


git-svn-id: http://core.svn.wordpress.org/branches/4.2@50493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:23:18 +00:00
Peter Wilson
49e8789cfd External libraries: Improve attachment handling in PHPMailer
Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown.
Partially merges [50799] to the 4.2 branch.


Built from https://develop.svn.wordpress.org/branches/4.2@50862


git-svn-id: http://core.svn.wordpress.org/branches/4.2@50471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 22:35:03 +00:00
desrosj
4a80453fcf Build/Test Tools: Backport GitHub Action and build improvements to the 4.2 branch.
This backports several build and test tool improvements to the 4.2 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50379,50387,50416,50432,50435,50436,50444,50446,50473,50474,50476,50479,50485,50486,50487,50545,50579,50590] to the 4.2 branch.
See #50401, #51801, #51802, #52548, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/4.2@50642


git-svn-id: http://core.svn.wordpress.org/branches/4.2@50254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 15:50:22 +00:00
desrosj
e3353e0860 Build/Test Tools: Support NodeJS 14.x in the 4.2 branch.
This updates the 4.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401).

This change also introduces a `packager-lock.json` file to the branch.

In addition to backporting the package updates that happened after branching 4.2, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [32356-32357,32988,33726,34888,35335,35363,35513,35521,35538-35541,35859,36861-36865,36935,36979,37017,37019-37020,37212,37612,38111,39110,39113,39115-39119,39478,41835,42460,42461,42463,42887,43320,43323,43977,44219,44233,45321,45765,46404,46408-46409,47404,47867,47872-47873,48705,49636,49933,49937,49939,50126,50176,50185] to the 4.2 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.2@50214


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 04:28:43 +00:00
desrosj
44622b0812 Build/Test Tools: Correct JavaScript files in the 4.2 branch.
In [46500], some JavaScript files were unintentionally changed. This restores those files to their correct state.

Partially reverts [46500].
Fixes #52367.
Built from https://develop.svn.wordpress.org/branches/4.2@50020


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-25 20:17:19 +00:00
desrosj
c22a2a6998 WordPress 4.2.29.
Built from https://develop.svn.wordpress.org/branches/4.2@49422


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:42:23 +00:00
whyisjake
b2b0e0d427 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.2 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.2@49404


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:08:22 +00:00
Sergey Biryukov
0998a57991 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.2 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.2@48256


git-svn-id: http://core.svn.wordpress.org/branches/4.2@48025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 09:53:39 +00:00
desrosj
370ecdfd1a WordPress 4.2.28.
Built from https://develop.svn.wordpress.org/branches/4.2@48001


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:39:36 +00:00
whyisjake
426696ba21 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.2@47970


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:53:51 +00:00
desrosj
7fb64672ce Update the About page for WordPress 4.2.27
Built from https://develop.svn.wordpress.org/branches/4.2@47692


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:23:21 +00:00
desrosj
08db0ad5a5 WordPress 4.2.27
Built from https://develop.svn.wordpress.org/branches/4.2@47678


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 18:03:27 +00:00
whyisjake
7077580716 User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.2 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.2@47657


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:52:22 +00:00
Sergey Biryukov
00ae10906e WordPress 4.2.26
Built from https://develop.svn.wordpress.org/branches/4.2@46931


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:32:20 +00:00
Sergey Biryukov
7bfe4a912f Update wp_kses_bad_protocol() to recognize &colon; on uri attributes,
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.2 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.2@46910


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:41:21 +00:00
desrosj
229d71e0f8 WordPress 4.2.25.
Built from https://develop.svn.wordpress.org/branches/4.2@46518


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:15:21 +00:00
whyisjake
1fcbdb46e6 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@46500


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:15:22 +00:00
desrosj
de854c38b5 WordPress 4.2.24.
Built from https://develop.svn.wordpress.org/branches/4.2@46036


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:03:21 +00:00
desrosj
43cac2c9d4 Fix for URL sanitization in wp_kses_bad_protocol_once().
Merges [45997] to the 4.2 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.2@46012


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:41:35 +00:00
Sergey Biryukov
561924df40 Improve URL validation in wp_validate_redirect().
Merges [45971] to the 4.2 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.2@45983


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:14:58 +00:00
whyisjake
ca92ecbe61 Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
Merges [45937] to the 4.2 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.2@45961


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:43:20 +00:00
Sergey Biryukov
9807e138d3 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 4.2 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.2@45953


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:39:00 +00:00
Gary Pendergast
ebbc9ff12e WordPress 4.2.23
Built from https://develop.svn.wordpress.org/branches/4.2@44882


git-svn-id: http://core.svn.wordpress.org/branches/4.2@44713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 01:43:20 +00:00
Sergey Biryukov
bc4ed1a93e Comments: Improve comment content filtering.
Merges [44842] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@44852


git-svn-id: http://core.svn.wordpress.org/branches/4.2@44684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:42:20 +00:00
Jeremy Felt
3efe9a5fdb Bump 4.2 branch to version 4.2.22.
Built from https://develop.svn.wordpress.org/branches/4.2@44085


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 02:15:37 +00:00
Gary Pendergast
aab268600a Editor: Remove unwanted fields before saving posts.
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.2 branch.


Built from https://develop.svn.wordpress.org/branches/4.2@44066


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:52:19 +00:00
Peter Wilson
303bd241f3 Multisite: Validate activation links.
Merges [44048] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@44065


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:51:37 +00:00
iandunn
2d9f6ab9dd KSES: Make the URI attributes DRY.
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.2` branch.

Built from https://develop.svn.wordpress.org/branches/4.2@44042


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:16:20 +00:00
Peter Wilson
7000d8a45f Multisite: Improve messaging for previously activated users.
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@44034


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 00:56:19 +00:00
Gary Pendergast
0e98d850b9 KSES: Conditionally remove the <form> element from $allowedposttags.
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@44008


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:40:39 +00:00
Jeremy Felt
f91b78ec58 Media: Improve verification of MIME file types.
Merges [43988] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@43998


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 23:18:20 +00:00
Aaron Campbell
61881c7156 Bump 4.2 branch to version 4.2.21
Built from https://develop.svn.wordpress.org/branches/4.2@43414


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:13:28 +00:00
John Blackbourn
ef0bb8bab1 Media: Limit thumbnail file deletions to the same directory as the original file.
Merges [43393] into the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@43400


git-svn-id: http://core.svn.wordpress.org/branches/4.2@43228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:06:23 +00:00
Aaron Campbell
dac39608a3 Bump 4.2 branch to version 4.2.20
Built from https://develop.svn.wordpress.org/branches/4.2@42940


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:31:29 +00:00
Dominik Schilling
93cae5c2ab Template: Make sure the version string is correctly escaped for use in attributes.
Merge of [42893] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42924


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 16:10:29 +00:00
Dominik Schilling
581a8a01c7 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS.
Merge of [42892] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42902


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:33:31 +00:00
Sergey Biryukov
04d983d6c1 General: Update copyright year to 2018 in license.txt.
Props rachelbaker.
Merges [42424] to the 4.2 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.2@42559


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-23 11:29:31 +00:00
Dion Hulse
e74c55ff6d Bump the 4.2 branch to 4.2.19.
Built from https://develop.svn.wordpress.org/branches/4.2@42501


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 21:45:31 +00:00
Dion Hulse
507c958ab6 External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.2 branch.
Fixes #42720 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@42484


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:12:32 +00:00
Dion Hulse
4b860b51ae Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
Props joemcgill, dd32.
Merges [42434] to the 4.2 branch.
Fixes #42963 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@42472


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 06:57:57 +00:00
John Blackbourn
ec85529fb7 Bump 4.2 branch to version 4.2.18.
Built from https://develop.svn.wordpress.org/branches/4.2@42323


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 19:02:31 +00:00
John Blackbourn
64c1ec2877 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Merges [42261] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42295


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:35:01 +00:00
John Blackbourn
a8df162eea Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42294


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:34:32 +00:00
John Blackbourn
63cc2673a1 Hardening: Add escaping to the language attributes used on html elements.
Merges [42259] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42293


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:54 +00:00
John Blackbourn
f345c93563 Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring.
Merges [42258] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@42292


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:25 +00:00
Dion Hulse
9dadfcb012 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined.
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.2 branch.
Fixes #42431 and #42401 for 4.2.

Built from https://develop.svn.wordpress.org/branches/4.2@42236


git-svn-id: http://core.svn.wordpress.org/branches/4.2@42065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:12:56 +00:00