Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity
36,165 Commits 50 Branches 748 Tags 792 MiB
e6f4baa9b7
Commit Graph

36165 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dominik Schilling
e6f4baa9b7 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42919


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:07:07 +00:00
Dominik Schilling
f016a8555a Meta: Simplify the delete all meta query in delete_metadata(). 
Merge of [42913] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42914


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:41:36 +00:00
Dominik Schilling
67bcd5bbc0 HTTP: Don't treat localhost as same host by default. 
Merge of [42894] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42910


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:36:49 +00:00
Dominik Schilling
d7640f2536 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42897


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:30:06 +00:00
Sergey Biryukov
f89000d2b4 General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.7 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.7@42554


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:26:37 +00:00
Dion Hulse
b631c9a667 Bump the 4.7 branch to 4.7.9. 
Built from https://develop.svn.wordpress.org/branches/4.7@42496


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:40:05 +00:00
Dion Hulse
7949731503 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.7 branch.
Fixes #42720 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@42479


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:05:38 +00:00
Dion Hulse
5c6ad6022c Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.7 branch.
Fixes #42963 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@42467


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:54:06 +00:00
John Blackbourn
5abbd8a7b5 Bump 4.7 branch to 4.7.8. 
Built from https://develop.svn.wordpress.org/branches/4.7@42318


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 18:58:34 +00:00
John Blackbourn
ce44be8623 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42275


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:20:35 +00:00
John Blackbourn
6ad95824d6 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42274


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:19:34 +00:00
John Blackbourn
e951da4039 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42273


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:18:35 +00:00
John Blackbourn
547fd42bfe Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42272


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:17:35 +00:00
John Blackbourn
7b76bf79e7 Users: Correct the value of the lang attribute in the admin area. 
This corrects the value when the user's language is set to `English (United States)` but the site language is not.

Props ocean90, afercia

See #42242

Merges [42220] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42263


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:06:34 +00:00
Dion Hulse
2bb8ddb13f WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.7 branch.
Fixes #42431 and #42401 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@42231


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:08:36 +00:00
John Blackbourn
ccc801963c General: Remove the version number from the readme file in the 4.7 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/4.7@42100


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 18:06:45 +00:00
Gary Pendergast
b14e1b3d42 Bump 4.7 branch to version 4.7.7. 
Built from https://develop.svn.wordpress.org/branches/4.7@42070


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:13:33 +00:00
Gary Pendergast
cf1f0311c8 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.7 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.7@42058


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:34:34 +00:00
Dominik Schilling
0a70974b31 Taxonomy/Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41524


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:21:35 +00:00
Dominik Schilling
f920f99c1c Bump 4.7 branch to version 4.7.6. 
Built from https://develop.svn.wordpress.org/branches/4.7@41511


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 19:56:36 +00:00
Dominik Schilling
ec72da84f3 Bump 4.7 branch to version 4.7.3. 
Built from https://develop.svn.wordpress.org/branches/4.7@41510


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 19:51:32 +00:00
Aaron Campbell
727aa4586a Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41498


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:12:33 +00:00
Aaron Campbell
8e19eed411 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41485


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:20:06 +00:00
Aaron Campbell
5b685405be Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@41472


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:59:36 +00:00
John Blackbourn
2915a1c876 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41459


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 14:38:34 +00:00
Aaron Campbell
2a7026d88f oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 
Merges [41448] to 4.7 branch.



Built from https://develop.svn.wordpress.org/branches/4.7@41451


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 13:48:35 +00:00
Dominik Schilling
af0877f0db TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41436


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 12:42:05 +00:00
Dominik Schilling
c259dff63c Customize: Ensure valid themes in the preview. 
Merge of [41397] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41430


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:51:06 +00:00
Dominik Schilling
a0af012ed0 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41418


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 11:12:08 +00:00
John Blackbourn
7c8fbd2966 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41412] to the 4.7 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.7@41413


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:21:48 +00:00
Dominik Schilling
1e45c3e2fe Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41401


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:16:08 +00:00
John Blackbourn
fae164a240 Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.7 branch build. 
This removes the PHP 7.0, 5.5, 5.4, 5.3, and nightly jobs.

Fixes #41707

Built from https://develop.svn.wordpress.org/branches/4.7@41307


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-08-22 21:41:32 +00:00
John Blackbourn
f8663be50e Build/Test Tools: Remove ancient UT ticket handling for the 4.7 branch. 
See #40533

Merges [40523] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41305


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-08-22 19:59:36 +00:00
John Blackbourn
9cc990bb3e Build/Test tools: Use the latest in the 4.x and 6.x branches of PHPUnit when running tests on Travis for the 4.7 branch. 
See #41472

Merges [41294] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41296


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-08-22 17:11:09 +00:00
John Blackbourn
b98a29c182 Build: Switch PHP 5.2 and 5.3 to Travis' Ubuntu precise image 
Starting today, Travis will begin switching the default image to `trusty`, which does not support PHP 5.2 or 5.3.

This is not a full fix, because Travis will be dropping `precise` support entirely in September (https://github.com/travis-ci/travis-ci/issues/8072).  However, it buys us some time until then.

See #41292

Merges [41072] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41074


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-07-18 13:06:34 +00:00
John Blackbourn
61af9be9c6 Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised. 
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.

See #39822

Merges [40872] and [40873] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40876


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-06-05 10:42:38 +00:00
Konstantin Obenland
7783f8a29b Import Twenty Sixteen for the 4.7 branch. 
See #36497.

Built from https://develop.svn.wordpress.org/branches/4.7@40855


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-30 22:57:36 +00:00
John Blackbourn
1802c0b26d Build/Test Tools: Add a missing class to the PHPUnit 6 back compat. 
See #39822

Merges [40853] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40854


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-30 22:08:35 +00:00
Aaron Campbell
819af82764 Post-4.7.5 version bump for 4.7 branch. 
Built from https://develop.svn.wordpress.org/branches/4.7@40770


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 23:01:32 +00:00
Aaron Campbell
9fad803761 Bump 4.7 branch to version 4.7.5. 
Built from https://develop.svn.wordpress.org/branches/4.7@40748


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:48:33 +00:00
Pascal Birchler
314556b55c Media: Simplify upload error message construction. 
Merges [40736] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40737


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:00:35 +00:00
Pascal Birchler
79988bff38 REST API: JS Client - Enable connecting to multiple endpoints. 
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of 
connected endpoints is stored in `wp.api.endpoints`.

Props lucasstark.
Fixes #39683.

Merges [40364] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40735


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 16:35:33 +00:00
Aaron Campbell
a86f61290e Add nonce for updating file system credentials. 
Merges [40723] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40724


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:51:35 +00:00
Weston Ruter
58075bfc88 Customize: Fix phpunit tests after [40704] due to logic inversion error. 
Merge of [40716] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40717


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 14:37:35 +00:00
Dominik Schilling
2d7fa9d0dc Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40705


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:14:35 +00:00
Pascal Birchler
0f3180de02 Adjust post meta checks 
Merges [40692] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40693


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:48:34 +00:00
Pascal Birchler
8ef530d469 Improve redirect handling 
Merges[40689] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40690


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:40:36 +00:00
Pascal Birchler
031cbb0548 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40678


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:17:34 +00:00
Dion Hulse
22f5836c8c Bump Akismet external to 3.3.2 
See #40002


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-12 04:08:46 +00:00
Aaron Jorbin
d2a0e52c43 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop 
Backports [40604] to 4.7

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

Fixes #40712.

Built from https://develop.svn.wordpress.org/branches/4.7@40616


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-11 00:31:33 +00:00