Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity
36,204 Commits 50 Branches 748 Tags 792 MiB
d9932631e6
Commit Graph

16235 Commits

Author SHA1 Message Date
desrosj
d9932631e6 Grouped backports to the 4.7 branch. 
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 4.7 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/4.7@52476


git-svn-id: http://core.svn.wordpress.org/branches/4.7@52068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2022-01-06 18:17:12 +00:00
Peter Wilson
47e2b23466 WordPress 4.7.21. 
Built from https://develop.svn.wordpress.org/branches/4.7@50879


git-svn-id: http://core.svn.wordpress.org/branches/4.7@50488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-05-12 23:20:21 +00:00
Peter Wilson
ffd7da5959 Grouped merges for 4.7.20. 
* REST API: Allow authors to read their own password protected posts.
* About page update

Merges [50717] to the 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@50733


git-svn-id: http://core.svn.wordpress.org/branches/4.7@50342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-04-15 01:14:24 +00:00
desrosj
9145a3c762 Build/Test Tools: Backport GitHub Action and build improvements to the 4.7 branch. 
This backports several build and test tool improvements to the 4.7 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50379,50387,50413,50416,50432,50435,50436,50444,50446,50473,50474,50476,50479,50485,50486,50487,50545,50579,50590] to the 4.7 branch.
See #50401, #51801, #51802, #52548, #52608, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/4.7@50636


git-svn-id: http://core.svn.wordpress.org/branches/4.7@50248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-04-02 15:27:25 +00:00
desrosj
89444cb643 Build/Test Tools: Support NodeJS 14.x in the 4.7 branch. 
This updates the 4.7 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.

In addition to backporting the package updates that happened after branching 4.7, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin.
Merges [42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185,50192] to the 4.7 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.7@50204


git-svn-id: http://core.svn.wordpress.org/branches/4.7@49878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2021-02-05 04:12:36 +00:00
desrosj
5c520a5b9a WordPress 4.7.19. 
Built from https://develop.svn.wordpress.org/branches/4.7@49417


git-svn-id: http://core.svn.wordpress.org/branches/4.7@49176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:39:52 +00:00
whyisjake
9b67830c05 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.7 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.7@49399


git-svn-id: http://core.svn.wordpress.org/branches/4.7@49158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 18:57:24 +00:00
Sergey Biryukov
2353b610e9 Administration: Pass the result of set-screen-option filter to the new set_screen_option_{$option} filter to ensure backward compatibility. 
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.

Follow-up to [47951].

Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.7 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.7@48251


git-svn-id: http://core.svn.wordpress.org/branches/4.7@48020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-07-01 09:51:10 +00:00
desrosj
62593e3f73 WordPress 4.7.18. 
Built from https://develop.svn.wordpress.org/branches/4.7@47996


git-svn-id: http://core.svn.wordpress.org/branches/4.7@47764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 21:37:49 +00:00
whyisjake
e8b6c5c329 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.7 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.7@47978


git-svn-id: http://core.svn.wordpress.org/branches/4.7@47747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:56:20 +00:00
Sergey Biryukov
31561a4a82 Update the About page for WordPress 4.7.17 
Built from https://develop.svn.wordpress.org/branches/4.7@47697


git-svn-id: http://core.svn.wordpress.org/branches/4.7@47474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:34:45 +00:00
Sergey Biryukov
f2b4026b21 WordPress 4.7.16 
Built from https://develop.svn.wordpress.org/branches/4.7@46926


git-svn-id: http://core.svn.wordpress.org/branches/4.7@46726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:28:44 +00:00
desrosj
eb11d89736 WordPress 4.7.15. 
Built from https://develop.svn.wordpress.org/branches/4.7@46513


git-svn-id: http://core.svn.wordpress.org/branches/4.7@46310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:10:15 +00:00
desrosj
1f06c6044e WordPress 4.7.14. 
Built from https://develop.svn.wordpress.org/branches/4.7@46041


git-svn-id: http://core.svn.wordpress.org/branches/4.7@45853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:05:08 +00:00
Sergey Biryukov
ac5e918526 Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 4.7 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.7@45947


git-svn-id: http://core.svn.wordpress.org/branches/4.7@45758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:35:47 +00:00
Gary Pendergast
c1d8f3c319 WordPress 4.7.13 
Built from https://develop.svn.wordpress.org/branches/4.7@44872


git-svn-id: http://core.svn.wordpress.org/branches/4.7@44703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:13:22 +00:00
Sergey Biryukov
c088a3b025 Comments: Improve comment content filtering. 
Merges [44842] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@44847


git-svn-id: http://core.svn.wordpress.org/branches/4.7@44679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:36:22 +00:00
Jeremy Felt
f646b1a559 Bump 4.7 branch to version 4.7.12. 
Built from https://develop.svn.wordpress.org/branches/4.7@44080


git-svn-id: http://core.svn.wordpress.org/branches/4.7@43910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:13:42 +00:00
Gary Pendergast
6f9a887644 Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@44056


git-svn-id: http://core.svn.wordpress.org/branches/4.7@43886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:41:22 +00:00
Peter Wilson
51631c8f07 Multisite: Validate activation links. 
Merges [44048] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@44054


git-svn-id: http://core.svn.wordpress.org/branches/4.7@43884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:39:22 +00:00
Aaron Campbell
c7498304f3 Bump 4.7 branch to version 4.7.11 
Built from https://develop.svn.wordpress.org/branches/4.7@43409


git-svn-id: http://core.svn.wordpress.org/branches/4.7@43237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:11:43 +00:00
Aaron Campbell
cf0f4c6d2c Bump 4.7 branch to version 4.7.10 
Built from https://develop.svn.wordpress.org/branches/4.7@42935


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:27:32 +00:00
Dion Hulse
b631c9a667 Bump the 4.7 branch to 4.7.9. 
Built from https://develop.svn.wordpress.org/branches/4.7@42496


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:40:05 +00:00
Dion Hulse
7949731503 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.7 branch.
Fixes #42720 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@42479


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:05:38 +00:00
Dion Hulse
5c6ad6022c Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.7 branch.
Fixes #42963 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@42467


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:54:06 +00:00
John Blackbourn
5abbd8a7b5 Bump 4.7 branch to 4.7.8. 
Built from https://develop.svn.wordpress.org/branches/4.7@42318


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 18:58:34 +00:00
John Blackbourn
547fd42bfe Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42272


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:17:35 +00:00
Gary Pendergast
b14e1b3d42 Bump 4.7 branch to version 4.7.7. 
Built from https://develop.svn.wordpress.org/branches/4.7@42070


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:13:33 +00:00
Dominik Schilling
0a70974b31 Taxonomy/Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41524


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:21:35 +00:00
Dominik Schilling
f920f99c1c Bump 4.7 branch to version 4.7.6. 
Built from https://develop.svn.wordpress.org/branches/4.7@41511


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 19:56:36 +00:00
Dominik Schilling
ec72da84f3 Bump 4.7 branch to version 4.7.3. 
Built from https://develop.svn.wordpress.org/branches/4.7@41510


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 19:51:32 +00:00
John Blackbourn
2915a1c876 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41459


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:38:34 +00:00
Dominik Schilling
a0af012ed0 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41418


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:12:08 +00:00
John Blackbourn
7c8fbd2966 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41412] to the 4.7 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.7@41413


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:21:48 +00:00
Aaron Campbell
9fad803761 Bump 4.7 branch to version 4.7.5. 
Built from https://develop.svn.wordpress.org/branches/4.7@40748


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:48:33 +00:00
Aaron Campbell
a86f61290e Add nonce for updating file system credentials. 
Merges [40723] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40724


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:51:35 +00:00
Dominik Schilling
2d7fa9d0dc Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40705


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:14:35 +00:00
Dion Hulse
0516c67beb List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again. 
Unprop afercia.
Merges [40268] to the 4.7 branch.
Fixes #40056.

Built from https://develop.svn.wordpress.org/branches/4.7@40512


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-21 07:36:37 +00:00
Pascal Birchler
8cf8ada93d Bump 4.7 branch to version 4.7.4. 
Built from https://develop.svn.wordpress.org/branches/4.7@40487


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:21:36 +00:00
Pascal Birchler
d9681fd881 Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40460


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-17 13:00:35 +00:00
Pascal Birchler
3623849a05 Customize: Verify availability of history.replaceState (in IE9) before attempting to populate changeset_uuid parameter. 
Props westonruter, timmydcrawford for testing.
Amends [39686].
See #39227.
Fixes #40405.

Merges[40405] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40420


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-13 12:32:35 +00:00
Pascal Birchler
6736569b43 Customize: Auto-expand a widget area section when expanding the Widgets panel if there is only one registered sidebar and it is active. 
Introduces WP_Customize_Panel::$auto_expand_sole_section property which allows panels to opt-in to the behavior, which the Widgets panel is made to do by default.

Props delawski, westonruter, melchoyce.
Fixes #37471.

Merges [40395] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40402


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-10 12:36:34 +00:00
Pascal Birchler
df7c706b34 Customize: Fix behavior of clicking Delete Menu link and keep available nav menu items panel open when doing bulk deletion. 
Props maguiar, adamsilverstein for testing.
Amends [39548].
Fixes #38953.

Merges [40396] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40401


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-10 12:29:38 +00:00
Pascal Birchler
0a91666a7e Customize: Fix reversal of nav menu item's type and object properties for 
page stub added in customizer.

Amends [38906].
See #38164.
Fixes #40277.

Merges [40380] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40383


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-06 17:18:36 +00:00
Pascal Birchler
c0f0a7739a Customize: Fix failure to collapse expanded sections and panels that become deactivated. 
Improve jsdoc for `onChangeActive` function. Restores fix from [34557] which got dropped in [38648].

Props dlh, westonruter.
See #34391, #33509.
Fixes #39430.

Merges [40304] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40375


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-05 02:20:25 +00:00
Pascal Birchler
a394c05654 Customize: Use get_user_locale() in customizer body class. 
Otherwise CSS specific to the site's locale would be applied, even though the customizer is displayed in the user's locale.

See #29783.
Fixes #40271.

Merges [40368] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40369


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-05 02:16:34 +00:00
Pascal Birchler
5a10b5c879 Administration: Fix minor misalignments caused by the button-link CSS class. 
After [40059] the CSS class `button-link` uses `text-align: left` by default.
This change now requires to limit as much as possible the use of `button-link`
to controls that should really look like links and to explicitly set
`text-align: center` in a few other cases.

Fixes #39983.

Merges [40358] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40367


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-05 02:15:18 +00:00
Pascal Birchler
1b7455c6d3 Quick/Bulk Edit: Fix the Tag suggestions position on the Bulk Edit textarea. 
Always passes the complete `position` object to the jQuery autocomplete widget.
Also checks if an autocomplete instance already exists on the Bulk Edit textarea.

Props davidbenton.
Fixes #40242.

Merges [40357] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40365


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-05 02:14:11 +00:00
Pascal Birchler
511b47afd9 Customize: Prevent client-side validation from being cleared when no corresponding server-side validation is present. 
See #36944.
Fixes #39770.

Merges [40319] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40345


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-28 07:22:37 +00:00
Pascal Birchler
52f0c65fc5 Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present. 
Props dlh.
See #23367, #32692.
Fixes #31850.

Merges [40313] to the 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@40331


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-25 13:35:38 +00:00