Commit Graph

546 Commits

Author SHA1 Message Date
Scott Taylor
d8e20fa273 Fotmatting: in sanitize_file_name(), escape % when uploads contain them, otherwise attachment URLs will unescape the char and break.
Adds unit tests.

Props mordauk, simonwheatley, dd32, solarissmoke.
Fixes #16226.

Built from https://develop.svn.wordpress.org/trunk@35122


git-svn-id: http://core.svn.wordpress.org/trunk@35087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 03:22:24 +00:00
John Blackbourn
6d21ed0d99 Avoid stripping square brackets from URLs, and instead correctly encode them. Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port.
Adds tests.

Fixes #16859

Built from https://develop.svn.wordpress.org/trunk@34920


git-svn-id: http://core.svn.wordpress.org/trunk@34885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 23:39:23 +00:00
Drew Jaynes
c6bbcdb256 Docs: Remove documentation for a phantom parameter not actually passed to the is_email filter.
The documentation error was introduced in [26485].

Props chrisvendiadvertisingcom.
Fixes #34097.

Built from https://develop.svn.wordpress.org/trunk@34770


git-svn-id: http://core.svn.wordpress.org/trunk@34735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 07:03:25 +00:00
Scott Taylor
7a0f8602f3 Shortcodes/Formatting: Add PCRE Performance Testing
* Move pattern from `wptexturize()` into a separate function.
* Move pattern from `wp_html_split()` into a separate function.
* Beautify code for `wp_html_split()`.
* Remove unnecessary instances of `/s` modifier in patterns that don't use dots.
* Add `tests/phpunit/data/formatting/whole-posts.php` for testing larger strings.
* Add function `benchmark_pcre_backtracking()`.
* Add tests for `wp_html_split()`.
* Add tests for `wptexturize()`.
* Add tests for `get_shortcode_regex()`.

Props miqrogroove.
Fixes #34121.

Built from https://develop.svn.wordpress.org/trunk@34761


git-svn-id: http://core.svn.wordpress.org/trunk@34726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 04:26:25 +00:00
Scott Taylor
99347fd96e Shortcodes: Fix PCRE performance bugs in get_shortcode_regexp() and related to wptexturize(), do_shortcode(), and strip_shortcodes()
Alters unit tests.

Props miqrogroove.
Fixes #33517.

Built from https://develop.svn.wordpress.org/trunk@34747


git-svn-id: http://core.svn.wordpress.org/trunk@34712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 18:05:25 +00:00
Drew Jaynes
ec9ec3138e Formatting: Rename the $richedit parameter in format_to_edit() to $rich_text.
Previously, it was necessary to explain in a double-negative that `$richedit` being false would prevent `$content` from being passed through `esc_textarea()`. The updated `$rich_edit` name and documentation now better reflects the intent of the parameter.

Fixes #21613.

Built from https://develop.svn.wordpress.org/trunk@34727


git-svn-id: http://core.svn.wordpress.org/trunk@34691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 02:01:26 +00:00
John Blackbourn
5f09357c21 Revert r34674 due to failures on PHP < 5.4.
See #16859

Built from https://develop.svn.wordpress.org/trunk@34675


git-svn-id: http://core.svn.wordpress.org/trunk@34639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 01:01:24 +00:00
John Blackbourn
eb352accc4 Avoid stripping square brackets from URLs, and instead correctly encode them.
Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port.

Adds a bunch of tests, including square brackets in query parameters, IPv6 URLs, and several other permutations.

See #16859

Built from https://develop.svn.wordpress.org/trunk@34674


git-svn-id: http://core.svn.wordpress.org/trunk@34638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 00:41:24 +00:00
Scott Taylor
3c66bd6cb6 Sanitization: when falling back to (wait for it...) $fallback in sanitize_html_class(), sanitize it as well.
Props MikeHansenMe, wonderboymusic.
Fixes #30967.

Built from https://develop.svn.wordpress.org/trunk@34377


git-svn-id: http://core.svn.wordpress.org/trunk@34341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 04:31:25 +00:00
Scott Taylor
c1c8b55617 Comments: in wp_rel_nofollow_callback(), account for the fact that a link might already have a rel attribute. Currently, if a link already has a rel, it will result it duplicate attributes on the element with conflicting values.
Adds unit tests.

Props junsuijin, wonderboymusic.
Fixes #9959.

Built from https://develop.svn.wordpress.org/trunk@34277


git-svn-id: http://core.svn.wordpress.org/trunk@34241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 04:36:24 +00:00
Sergey Biryukov
61bef72b95 Fix a typo in wptexturize() and wp_replace_in_html_tags() comments.
Props bobbingwide.
See #15694.
Built from https://develop.svn.wordpress.org/trunk@34222


git-svn-id: http://core.svn.wordpress.org/trunk@34186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 05:54:26 +00:00
Scott Taylor
3a0db2a22f Fix the case-sensitivity of some HTTP class usage.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34123


git-svn-id: http://core.svn.wordpress.org/trunk@34091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:37:25 +00:00
Andrew Ozz
4e7dd2c4b1 Formatting: maintain the content of HTML comments when they contain <object> tags. Add more tests for wpaitop().
Props miqrogroove.
Fixes #33645 for trunk.
Built from https://develop.svn.wordpress.org/trunk@33955


git-svn-id: http://core.svn.wordpress.org/trunk@33924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-08 22:55:24 +00:00
John Blackbourn
bdde0261bc Bail out early from esc_url() if the URL becomes empty after stripping out disallowed characters.
Fixes #28015
Props jesin for the unit test

Built from https://develop.svn.wordpress.org/trunk@33923


git-svn-id: http://core.svn.wordpress.org/trunk@33892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 21:29:25 +00:00
John Blackbourn
6aad2eb98c Correctly encode spaces in URLs passed to esc_url() instead of removing them.
Fixes #23605
Props enshrined, johnbillion

Built from https://develop.svn.wordpress.org/trunk@33858


git-svn-id: http://core.svn.wordpress.org/trunk@33826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 17:20:21 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor
3982598305 Doc block for_wp_specialchars: $quote_style can also be string ('single' or 'double')
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33700


git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:36:24 +00:00
Andrew Ozz
2de7757124 Fix creating of extra <br /> tags in both PHP and JS variants of wpautop(). Add PHP tests to catch similar problems in the future.
Props valendesigns, azaozz. Fixes #33377.
Built from https://develop.svn.wordpress.org/trunk@33624


git-svn-id: http://core.svn.wordpress.org/trunk@33591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 17:36:24 +00:00
Dominik Schilling
0e1476d078 Editor: word count: Remove indentation from the translator comment.
Avoids a duplicate comment in the POT file.

see #30966.
Built from https://develop.svn.wordpress.org/trunk@33517


git-svn-id: http://core.svn.wordpress.org/trunk@33484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-30 17:08:24 +00:00
Scott Taylor
15a7d98ce6 Protect newlines inside of CDATA. This was breaking things, notably inline JS that used comments for HTML standards compat.
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()` 
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`

Adds unit tests.

Props miqrogroove, kitchin, azaozz.
Fixes #33106.

Built from https://develop.svn.wordpress.org/trunk@33469


git-svn-id: http://core.svn.wordpress.org/trunk@33436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 23:03:24 +00:00
Ella Iseulde Van Dorpe
491c863f35 Editor: word count: better names for types.
Also fix it in wp_trim_words().

Fixes #30966.

Built from https://develop.svn.wordpress.org/trunk@33440


git-svn-id: http://core.svn.wordpress.org/trunk@33407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 11:19:26 +00:00
Scott Taylor
d8e8ad4a2f Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@33411


git-svn-id: http://core.svn.wordpress.org/trunk@33379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-24 17:27:24 +00:00
Gary Pendergast
c3e0ed7e03 Shortcodes: Improve the reliablity of shortcodes inside HTML tags.
Props miqrogroove.

See #15694.


Built from https://develop.svn.wordpress.org/trunk@33359


git-svn-id: http://core.svn.wordpress.org/trunk@33331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 05:15:25 +00:00
Scott Taylor
7c218ab59a After [33148]:
Don't nest `esc_attr()` and `htmlspecialchars()` when escaping the post title on the edit post screen.

Unrevert parts of [32851] and [32850].

Adds/alters unit tests.

Props miqrogroove.
Fixes #17780.

Built from https://develop.svn.wordpress.org/trunk@33271


git-svn-id: http://core.svn.wordpress.org/trunk@33243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-14 17:56:26 +00:00
Drew Jaynes
9e12c71872 Fix inline documentation syntax for two formatting functions added in 4.3.
* `wptexturize_primes()` See [32863]
* `format_for_editor()` See [32899]

See #32891.

Built from https://develop.svn.wordpress.org/trunk@33225


git-svn-id: http://core.svn.wordpress.org/trunk@33197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 21:30:24 +00:00
Andrew Ozz
4bd5e2db01 TinyMCE:
- Go back to encoding the editor content only when TinyMCE is used.
- Add check and encode `</textarea>` if present.
See #32425.
Built from https://develop.svn.wordpress.org/trunk@33187


git-svn-id: http://core.svn.wordpress.org/trunk@33159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 03:19:24 +00:00
Scott Taylor
6cc3a903d7 Revert [32851] and [32850] for now, tl;dr encoding issues.
See #17780.


Built from https://develop.svn.wordpress.org/trunk@33148


git-svn-id: http://core.svn.wordpress.org/trunk@33120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-09 20:56:24 +00:00
Aaron Jorbin
91712711eb Don't strip newline in esc_url() when protocol is mailto:
The mailto protocol is a bit different than the other protocols in that new lines are something you might realistically want to include. Includes tests to make sure that http protocol urls that contain mailto: aren't affected. Tests for stripping newlines in general already exist.

Fixes #31632
Props danielbachhuber


Built from https://develop.svn.wordpress.org/trunk@33064


git-svn-id: http://core.svn.wordpress.org/trunk@33035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-03 14:28:23 +00:00
Dominik Schilling
699dbedb03 l10n: Update wp_get_installed_translations() to support variants of a language.
* A variant of a language has its own locale, for example the locale of the formal variant of German is `de_DE_formal`.
* Update `remove_accents()` and some CSS rules to support `de_DE_formal`.
* Add tests for `get_bloginfo( 'language' )`.
* API changes will be deployed over the next few days.

see #28303.
Built from https://develop.svn.wordpress.org/trunk@33027


git-svn-id: http://core.svn.wordpress.org/trunk@32998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 15:43:24 +00:00
Konstantin Obenland
c56a8ae0f7 Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.

Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.


Built from https://develop.svn.wordpress.org/trunk@32994


git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 12:58:25 +00:00
Andrew Ozz
eaadfde950 Define SCRIPT_DEBUG early on every load, similarly to WP_DEBUG. Remove defined( 'SCRIPT_DEBUG' ) checks.
Fixes #32333.
Built from https://develop.svn.wordpress.org/trunk@32935


git-svn-id: http://core.svn.wordpress.org/trunk@32906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-25 02:29:31 +00:00
Andrew Ozz
baa8e833ff Fix typo/white space in the docs.
See #32425.
Built from https://develop.svn.wordpress.org/trunk@32900


git-svn-id: http://core.svn.wordpress.org/trunk@32871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-21 22:08:28 +00:00
Andrew Ozz
e4758f42e5 Update the TinyMCE initialization:
- Replace `wp_htmledit_pre()` and `wp_richedit_pre()` with `format_for_editor()`.
- Replace the `'htmledit_pre'` and `'richedit_pre'` filters with `'format_for_editor'`.
- Do not run the post content through `wpautop()` in PHP when the visual editor is default. Run the textarea content through the JS wpautop on initializing TinyMCE.
- Simplify both editors initialization.
- Improve setting of `wpActiveEditor` in Quicktags.
- Improve editor.js, use `tinymce.$` when possible.
See #32425.
Built from https://develop.svn.wordpress.org/trunk@32899


git-svn-id: http://core.svn.wordpress.org/trunk@32870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-21 22:01:28 +00:00
Dominik Schilling
4423739c65 Use 3-digit x.x.x style for 4.3.0 @since versions.
see #32335, #32430.
Built from https://develop.svn.wordpress.org/trunk@32897


git-svn-id: http://core.svn.wordpress.org/trunk@32868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-21 11:41:26 +00:00
Andrew Ozz
b9a4fefb08 Update convert_chars():
- Stop trying to remove `<title>` and `<category>` meta tags. They have not been used for many many years.
- Replacement of `<br>` with `<br />` and `<hr>` with `<hr />` is not needed for HTML 5.0. Also, these tags are formatted like that by the visual editor.
- Replace invalid HTML entities that might be pasted in the Text editor on save instead of on display.
Fixes #32335.
Built from https://develop.svn.wordpress.org/trunk@32896


git-svn-id: http://core.svn.wordpress.org/trunk@32867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-21 00:59:26 +00:00
Scott Taylor
777d3ba7e2 wptexturize() improvements:
* Make sure that strings ending with a number and quotation mark get the proper smart quotes
* Introduce `wptexturize_primes()`, a logic tree to determine whether or not "7'." represents seven feet, then converts the special char into either a prime char or a closing quote char.

Adds unit tests.

Props miqrogroove.
Fixes #29256.

Built from https://develop.svn.wordpress.org/trunk@32863


git-svn-id: http://core.svn.wordpress.org/trunk@32834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-19 20:06:25 +00:00
Andrew Ozz
503b80be0b Fix using htmlspecialchars() whit the $double_encode parameter. PHP < 5.4 doesn't validate the entities.
Props miqrogroove. Fixes #17780.
Built from https://develop.svn.wordpress.org/trunk@32851


git-svn-id: http://core.svn.wordpress.org/trunk@32822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-19 01:53:26 +00:00
Scott Taylor
d8c93a081d Since PHP 5.2.3, the htmlspecialchars() function has an optional $double_encode parameter, which we can now use. This will save us a few expensive kses/html decoding calls.
Adds unit tests.

Props miqrogroove.
Fixes #17780.

Built from https://develop.svn.wordpress.org/trunk@32850


git-svn-id: http://core.svn.wordpress.org/trunk@32821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-18 22:00:26 +00:00
Scott Taylor
5c6b63d3a6 if is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor
efbb8fa4e5 Document the default list of allowed protocols in the doc block for wp_allowed_protocols() and cross-reference in esc_url() and the kses_allowed_protocols filter.
Props GunGeekATX.
Fixes #32421.

Built from https://develop.svn.wordpress.org/trunk@32797


git-svn-id: http://core.svn.wordpress.org/trunk@32768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 19:45:26 +00:00
Scott Taylor
362704ab9a sanitize_option() needs to handle WP_Error. DRY the conditional calls to add_settings_error().
Props chriscct7 for an initial patch.
Fixes #32350.

Built from https://develop.svn.wordpress.org/trunk@32791


git-svn-id: http://core.svn.wordpress.org/trunk@32762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 01:29:27 +00:00
Scott Taylor
8df67cb188 Add a note to wptexturize() docs.
Props miqrogroove.
Fixes #32521.

Built from https://develop.svn.wordpress.org/trunk@32790


git-svn-id: http://core.svn.wordpress.org/trunk@32761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 00:57:24 +00:00
Scott Taylor
2043805da4 Improve the consistency of punctuation matching in wptexturize().
Adds unit tests.

Props miqrogroove.
Fixes #31886.

Built from https://develop.svn.wordpress.org/trunk@32789


git-svn-id: http://core.svn.wordpress.org/trunk@32760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 00:50:25 +00:00
Scott Taylor
7db2c06ab6 Allow 'Cockney' filter to be translated.
Updates unit test.

Props miqrogroove.
Fixes #31953.

Built from https://develop.svn.wordpress.org/trunk@32788


git-svn-id: http://core.svn.wordpress.org/trunk@32759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 00:46:24 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Drew Jaynes
4c37f68b79 Fix inline documentation syntax in wp_xmlrpc_server.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32591


git-svn-id: http://core.svn.wordpress.org/trunk@32561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 06:25:25 +00:00
Boone Gorges
33b99991a8 In sanitize_option(), pass the unsanitized $value to the filter.
Props simonwheatley, MikeHansenMe.
Fixes #26199.
Built from https://develop.svn.wordpress.org/trunk@32520


git-svn-id: http://core.svn.wordpress.org/trunk@32490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 18:00:26 +00:00
Andrew Ozz
9ecaba2688 Check if running from /src or SCRIPT_DEBUG is defined in print_emoji_detection_script().
See #32118.
Built from https://develop.svn.wordpress.org/trunk@32482


git-svn-id: http://core.svn.wordpress.org/trunk@32452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-10 18:24:30 +00:00
Andrew Ozz
4e971bea9f Emoji:
- Fix loading errors in IE9 and IE10.
- Add fallbacks for the loading events.
Fixes #32109 for trunk.
Built from https://develop.svn.wordpress.org/trunk@32334


git-svn-id: http://core.svn.wordpress.org/trunk@32305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-03 18:45:29 +00:00
Sergey Biryukov
89bf126626 Check if SCRIPT_DEBUG is defined before using it in print_emoji_detection_script().
props Craig Ralston.
fixes #32118 for trunk.
Built from https://develop.svn.wordpress.org/trunk@32296


git-svn-id: http://core.svn.wordpress.org/trunk@32267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-26 10:36:28 +00:00