Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-17 18:11:11 +02:00
Code Issues Projects Releases Wiki Activity
30,905 Commits 49 Branches 747 Tags 718 MiB
bfcaab99e0
Commit Graph

30905 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
desrosj
bfcaab99e0 Build/Test Tools: Support NodeJS 14.x in the 4.3 branch. 
This updates the 4.3 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401).

This change also introduces a `packager-lock.json` file to the branch.

In addition to backporting the package updates that happened after branching 4.3, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [33726,34888,35332,35335,35363,35513,35520-35521,35538-35541,35562-35563,35859-36865,36935,36978-36980,37017,37019-37020,37212,37612,38111,38688,39110,39113-39119,39478,42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185] to the 4.3 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.3@50212


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-02-05 04:25:38 +00:00
desrosj
bba829d4a6 Build/Test Tools: Correct JavaScript file in the 4.3 branch. 
In [46499], a JavaScript file was unintentionally changed. This restores that file to the correct state.

Partially reverts [46499].
See #52367.
Built from https://develop.svn.wordpress.org/branches/4.3@50019


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-01-25 20:16:17 +00:00
desrosj
70f76efa31 WordPress 4.3.25. 
Built from https://develop.svn.wordpress.org/branches/4.3@49421


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:42:02 +00:00
whyisjake
b8d6fd57e5 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.3 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.3@49403


git-svn-id: http://core.svn.wordpress.org/branches/4.3@49162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:06:19 +00:00
Sergey Biryukov
0516bef529 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.3 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.3@48255


git-svn-id: http://core.svn.wordpress.org/branches/4.3@48024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:53:18 +00:00
desrosj
9bd186c0b2 WordPress 4.3.24. 
Built from https://develop.svn.wordpress.org/branches/4.3@48000


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:39:14 +00:00
whyisjake
1bb15bafa8 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.3 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.3@47982


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 19:04:18 +00:00
desrosj
55f80c7741 Update the About page for WordPress 4.3.23 
Built from https://develop.svn.wordpress.org/branches/4.3@47693


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:26:19 +00:00
desrosj
7844e2d115 WordPress 4.3.23 
Built from https://develop.svn.wordpress.org/branches/4.3@47677


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:03:06 +00:00
whyisjake
9ff45194c0 User: Invalidate user_activation_key on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.3 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.3@47656


git-svn-id: http://core.svn.wordpress.org/branches/4.3@47433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:49:18 +00:00
Sergey Biryukov
96e62740a8 WordPress 4.3.22 
Built from https://develop.svn.wordpress.org/branches/4.3@46930


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:31:38 +00:00
Sergey Biryukov
101d18ce97 Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.3@46911


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:43:19 +00:00
desrosj
cb4bfad89c WordPress 4.3.21. 
Built from https://develop.svn.wordpress.org/branches/4.3@46517


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:13:18 +00:00
whyisjake
ee4a39e150 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@46499


git-svn-id: http://core.svn.wordpress.org/branches/4.3@46296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:12:19 +00:00
desrosj
6bb34dde2a WordPress 4.3.20. 
Built from https://develop.svn.wordpress.org/branches/4.3@46037


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:03:39 +00:00
desrosj
573fefce22 Fix for URL sanitization in wp_kses_bad_protocol_once(). 
Merges [45997] to the 4.3 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.3@46011


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:41:14 +00:00
Sergey Biryukov
96c871a4f9 Improve URL validation in wp_validate_redirect(). 
Merges [45971] to the 4.3 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.3@45982


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:14:37 +00:00
whyisjake
3bdd96e940 Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.3 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.3@45959


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:42:00 +00:00
Sergey Biryukov
778afee0d3 Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 4.3 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.3@45952


git-svn-id: http://core.svn.wordpress.org/branches/4.3@45763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:38:39 +00:00
Gary Pendergast
84ca459390 WordPress 4.3.19 
Built from https://develop.svn.wordpress.org/branches/4.3@44880


git-svn-id: http://core.svn.wordpress.org/branches/4.3@44711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:37:17 +00:00
Sergey Biryukov
ffaeca3c2d Comments: Improve comment content filtering. 
Merges [44842] to the 4.3 branch.
Built from https://develop.svn.wordpress.org/branches/4.3@44851


git-svn-id: http://core.svn.wordpress.org/branches/4.3@44683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:41:18 +00:00
Jeremy Felt
c213a12d6f Bump 4.3 branch to version 4.3.18. 
Built from https://develop.svn.wordpress.org/branches/4.3@44084


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:15:17 +00:00
Gary Pendergast
e89067cafb Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@44064


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:51:17 +00:00
Peter Wilson
100ac12da0 Multisite: Validate activation links. 
Merges [44048] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44063


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:49:37 +00:00
iandunn
7af3db4bdb KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.3` branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44041


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:14:24 +00:00
Peter Wilson
5be5e9f54a Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@44033


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:54:38 +00:00
Gary Pendergast
5514a623ed KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@44005


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:37:18 +00:00
Jeremy Felt
f7082228ba Media: Improve verification of MIME file types. 
Merges [43988] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43996


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:17:18 +00:00
Aaron Campbell
260ca2571b Bump 4.3 branch to version 4.3.17 
Built from https://develop.svn.wordpress.org/branches/4.3@43413


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:13:07 +00:00
John Blackbourn
e9c11f3385 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@43399


git-svn-id: http://core.svn.wordpress.org/branches/4.3@43227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:03:22 +00:00
Aaron Campbell
0f6c066275 Bump 4.3 branch to version 4.3.16 
Built from https://develop.svn.wordpress.org/branches/4.3@42939


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:30:26 +00:00
Dominik Schilling
9adb5428e9 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42923


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:09:03 +00:00
Dominik Schilling
11ab85e805 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42901


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:32:08 +00:00
Sergey Biryukov
89fe744a7d General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.3 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.3@42558


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:28:42 +00:00
Dion Hulse
2f6ab42321 Bump the 4.3 branch to 4.3.15. 
Built from https://develop.svn.wordpress.org/branches/4.3@42500


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:43:27 +00:00
Dion Hulse
8b6b82d51e External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.3 branch.
Fixes #42720 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42483


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:10:28 +00:00
Dion Hulse
912cef3697 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.3 branch.
Fixes #42963 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42471


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:57:27 +00:00
John Blackbourn
d36d7535ef Bump 4.3 branch to version 4.3.14. 
Built from https://develop.svn.wordpress.org/branches/4.3@42322


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:01:56 +00:00
John Blackbourn
9bde3962d9 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42291


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:32:55 +00:00
John Blackbourn
599b8a9765 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42290


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:32:31 +00:00
John Blackbourn
e7c75e3542 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42289


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:31:22 +00:00
John Blackbourn
93d2ea12fe Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@42288


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:30:57 +00:00
Dion Hulse
6c16725459 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.

Built from https://develop.svn.wordpress.org/branches/4.3@42235


git-svn-id: http://core.svn.wordpress.org/branches/4.3@42064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:12:26 +00:00
John Blackbourn
be37b2ea7b General: Remove the version number from the readme file in the 4.3 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/4.3@42093


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 17:44:26 +00:00
Gary Pendergast
b4ba20d05a Bump 4.3 branch to version 4.3.13. 
Built from https://develop.svn.wordpress.org/branches/4.3@42074


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:33:26 +00:00
Gary Pendergast
8227bf664f Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.3 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.3@42062


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:49:26 +00:00
Dominik Schilling
73bbbf0ec7 Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.3 branch.

Built from https://develop.svn.wordpress.org/branches/4.3@41528


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:38:25 +00:00
Dominik Schilling
1aff8f778b Bump 4.3 branch to version 4.3.12. 
Built from https://develop.svn.wordpress.org/branches/4.3@41515


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:02:26 +00:00
Aaron Campbell
6e1daaea02 Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41502


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:28:25 +00:00
Aaron Campbell
0ca1d61d97 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.3 branch.


Built from https://develop.svn.wordpress.org/branches/4.3@41489


git-svn-id: http://core.svn.wordpress.org/branches/4.3@41322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:25:25 +00:00