Commit Graph

43487 Commits

Author SHA1 Message Date
audrasjb
f28c97fa8c Grouped backports to the 5.7 branch.
- Editor: Bump @wordpress packages for the branch,
- Media: Refactor search by filename within the admin,
- REST API: Lockdown post parameter of the terms endpoint,
- Customize: Escape blogname option in underscores templates,
- Query: Validate relation in `WP_Date_Query`,
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Comments: Apply kses when editing comments,
- Widgets: Escape RSS error messages for display.

Merges [54521-54530] to the 5.7 branch.
Props audrasjb, costdev, cu121, dd32, davidbaumwald, ehtis, johnbillion, johnjamesjacoby, martinkrcho, matveb, oztaser, paulkevan, peterwilsoncc, ravipatel, SergeyBiryukov, talldanwp, timothyblynjacobs, tykoted, voldemortensen, vortfu, xknown.

Built from https://develop.svn.wordpress.org/branches/5.7@54553


git-svn-id: http://core.svn.wordpress.org/branches/5.7@54108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 17:55:21 +00:00
Peter Wilson
e5a1534aee Security: Introduce strings to indicate support status.
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.7 branch.
See #56532.


Built from https://develop.svn.wordpress.org/branches/5.7@54433


git-svn-id: http://core.svn.wordpress.org/branches/5.7@53992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 04:53:10 +00:00
desrosj
1feee50c15 WordPress 5.7.7.
Built from https://develop.svn.wordpress.org/branches/5.7@53990


git-svn-id: http://core.svn.wordpress.org/branches/5.7@53549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 17:28:10 +00:00
Sergey Biryukov
8b87e45e69 Grouped backports to the 5.7 branch.
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.
- Build/Test Tools: Allow the PHPCS plugin in Composer configuration.

Merges [52412,53958-53960] to the 5.7 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/5.7@53966


git-svn-id: http://core.svn.wordpress.org/branches/5.7@53525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 15:32:03 +00:00
audrasjb
361bcac2b9 WordPress 5.7.6.
Built from https://develop.svn.wordpress.org/branches/5.7@52893


git-svn-id: http://core.svn.wordpress.org/branches/5.7@52482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 22:30:03 +00:00
audrasjb
3c2e859ac7 External Librairies: Update jQuery.query to version 2.2.3.
This updates the "jquery-query" library from version 2.1.7 to 2.2.3.

Props jorbin, peterwilsoncc, xknown, audrasjb, jorgefilipecosta.
Merges [52844] to the 5.7 branch.

Built from https://develop.svn.wordpress.org/branches/5.7@52849


git-svn-id: http://core.svn.wordpress.org/branches/5.7@52438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 20:51:01 +00:00
jorgefilipecosta
9c065b7134 Update WordPress packages.
Updates the WordPress packages to their most recent patch versions.

Props xknown, sergey, audrasjb.
Built from https://develop.svn.wordpress.org/branches/5.7@52847


git-svn-id: http://core.svn.wordpress.org/branches/5.7@52436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 20:27:21 +00:00
desrosj
072d23667d WordPress 5.7.5.
Built from https://develop.svn.wordpress.org/branches/5.7@52488


git-svn-id: http://core.svn.wordpress.org/branches/5.7@52080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:47:02 +00:00
desrosj
5030de2e76 Grouped backports to the 5.7 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 5.7 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/5.7@52466


git-svn-id: http://core.svn.wordpress.org/branches/5.7@52058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 17:56:05 +00:00
desrosj
3ad4c815cd WordPress 5.7.4.
Built from https://develop.svn.wordpress.org/branches/5.7@52114


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-10 17:06:59 +00:00
desrosj
242bd3b338 HTTP: Remove the DST Root CA X3 certificate expired on September 30, 2021.
> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
> 
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
> 
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.

References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]

Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].

Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.7 branch.
Fixes #54207. See #50828.
Built from https://develop.svn.wordpress.org/branches/5.7@52097


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-10 02:10:01 +00:00
desrosj
b06d0d90b4 WordPress 5.7.3.
Built from https://develop.svn.wordpress.org/branches/5.7@51759


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:28:58 +00:00
desrosj
709e3315f3 Grouped merges for 5.7.3.
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.

Merges [51426,50941] to the 5.7 branch.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad.
Built from https://develop.svn.wordpress.org/branches/5.7@51750


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:06:23 +00:00
Sergey Biryukov
e3554a9aa7 General: Only use _jsonp_wp_die_handler() for JSONP REST API requests.
Props mdawaffe, peterwilsoncc.
Merges [51740] to the 5.7 branch.
Built from https://develop.svn.wordpress.org/branches/5.7@51742


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 17:24:01 +00:00
Sergey Biryukov
9ca0faa204 Upgrade/Install: Update sodium_compat to v1.16.1.
The latest version of sodium_compat includes polyfills for new features slated to land in PHP 8.1:
https://paragonie.com/blog/2021/05/ristretto255-for-php-community

It also fixes a race condition with the autoloader that caused an "undefined constant" error on some systems:
https://github.com/paragonie/sodium_compat/issues/122

A full list of changes in this update can be found on GitHub:
https://github.com/paragonie/sodium_compat/compare/v1.14.0...v1.16.1

Follow-up to [49741].

Props paragoninitiativeenterprises, oxyrealm.
Merges [51002] to the 5.7 branch.
Fixes #53274.
Built from https://develop.svn.wordpress.org/branches/5.7@51171


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-16 17:29:58 +00:00
Sergey Biryukov
82b478b0be External Libraries: Upgrade PHPMailer to version 6.5.0.
Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.4.1...v6.5.0

Props ayeshrajans, Synchro.
Merges [51169] to the 5.7 branch.
Fixes #53430.
Built from https://develop.svn.wordpress.org/branches/5.7@51170


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-16 17:27:02 +00:00
Peter Wilson
eae23abd88 Build tools: Use hashed module IDs for minified files.
Further improves webpack configuration for editor files to use hashed module IDs in the compressed (`*.min.js`) production files.

Follow up to [50940].

Props @gziolo.
Merges [51035] to the 5.7 branch.
Fixes #53192.


Built from https://develop.svn.wordpress.org/branches/5.7@51036


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-27 00:29:10 +00:00
Peter Wilson
5a721be794 Build: Use hashed/deterministic moduleIDs in webpack config
Props peterwilsoncc, desrosj, gziolo.
Merges [50940] in to the 5.7 branch.
Fixes #53192.


Built from https://develop.svn.wordpress.org/branches/5.7@50990


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 05:22:08 +00:00
Peter Wilson
43ac82a96f XML-RPC: Set HTTP status code in accordance with the spec.
When the XML-RPC endpoint is enabled, always return a HTTP `200 OK` status code in accordance with the XML-RPC specification. Continue to return an HTTP `405 Method Not Allowed` status code when the endpoint is disabled.

Props ariskataoka, johnbillion.
Merges [50954] in to the 5.7 branch.
Fixes #52958.


Built from https://develop.svn.wordpress.org/branches/5.7@50989


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 05:21:00 +00:00
Peter Wilson
1cdead833e Menus: Do not auto-set locations for new menus.
Do not auto-set new menus to all vacant locations on the Appearance > Menus screen in the dashboard.

Follow up to [48051].

Props Chouby, audrasjb, davidbaumwald, mukesh27.
Merges [50938] in to the 5.7 branch.
Fixes #52949.

Built from https://develop.svn.wordpress.org/branches/5.7@50988


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 05:19:05 +00:00
Peter Wilson
a6d9325574 Help/About: Reduce space below minor release log.
Reduce the size of the space below the maintenance and security release log of the WP 5.7 about page.

Props dhrumil12, audrasjb, sabernhardt, ryelle.
Fixes #53067.


Built from https://develop.svn.wordpress.org/branches/5.7@50937


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-20 04:08:01 +00:00
Peter Wilson
6688af8108 WordPress 5.7.2 post-release version bump.
Built from https://develop.svn.wordpress.org/branches/5.7@50911


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-13 01:13:02 +00:00
Peter Wilson
b6b214a557 WordPress 5.7.2.
Built from https://develop.svn.wordpress.org/branches/5.7@50869


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:11:59 +00:00
Peter Wilson
bf12394dbd About page for WordPress 5.7.2.
Built from https://develop.svn.wordpress.org/branches/5.7@50868


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:08:00 +00:00
Sergey Biryukov
962a6c6888 External Libraries: Upgrade PHPMailer to version 6.4.1.
Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.1

For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.4.0...v6.4.1

Props ayeshrajans.
Merges [50799] to the 5.7 branch.
Fixes #53114.
Built from https://develop.svn.wordpress.org/branches/5.7@50800


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-29 20:33:13 +00:00
Peter Wilson
5ba41bd4f0 Post 5.7.1 version bump.
Built from https://develop.svn.wordpress.org/branches/5.7@50758


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 03:33:06 +00:00
Peter Wilson
d19b84afba Version bump for 5.7.1.
Built from https://develop.svn.wordpress.org/branches/5.7@50736


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:32:02 +00:00
Peter Wilson
42730aa8a9 About page update for 5.7.1.
Props audrasjb.

Built from https://develop.svn.wordpress.org/branches/5.7@50735


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:20:05 +00:00
Peter Wilson
1e36365912 Editor: Finalise update of @wordpress npm packages for 5.7.1.
Commit built files stored in repo following package updates.

Props gziolo, noisysocks, isabel_brison, peterwilsoncc.
Follow up to [50719].
Fixes #52912.

Built from https://develop.svn.wordpress.org/branches/5.7@50720


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 23:52:02 +00:00
Peter Wilson
ffc9a87780 Editor: Update @wordpress npm packages for 5.7.1.
Update @wordpress npm packages to the latest published versions for the 5.7 branch. This includes block editor bug fixes for WordPress 5.7.1.

Props gziolo, noisysocks, isabel_brison, peterwilsoncc.
Fixes #52912.

Built from https://develop.svn.wordpress.org/branches/5.7@50719


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 23:40:18 +00:00
desrosj
18f802b860 REST API: Allow authors to read their own password protected posts.
Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.

Merges [50717] to the 5.7 branch.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/branches/5.7@50718


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 23:27:00 +00:00
desrosj
c29db9c1e3 External libraries: Include upstream GetID3 fix for PHP 8.
Merges [50714] to the 5.7 branch.
Props jrf, xknown.
Built from https://develop.svn.wordpress.org/branches/5.7@50715


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 23:16:03 +00:00
Sergey Biryukov
5162106aa1 Site Health: Correct test result status for the HTTPS test.
The supported status values for Site Health tests are `good`, `recommended`, and `critical`.

Follow-up to [50660].

Props TimothyBlynJacobs.
Merges [50710] to the 5.7 branch.
Fixes #52783.
Built from https://develop.svn.wordpress.org/branches/5.7@50711


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 13:15:05 +00:00
Peter Wilson
bf8239a30c Bundled Themes: Bump versions for WordPress 5.7.1.
Twenty Twenty-One: Bump version to 1.3
Twenty Seventeen: Bump version to 2.7

Props desrosj, mukesh27, peterwilsoncc.
Merges [50708] to the 5.7 branch.
Fixes #52859.


Built from https://develop.svn.wordpress.org/branches/5.7@50709


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 00:00:05 +00:00
Peter Wilson
70c6bb2d83 5.7 branch post 5.7.1 RC1 version bump.
Built from https://develop.svn.wordpress.org/branches/5.7@50691


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-07 23:33:02 +00:00
Peter Wilson
6689f11a42 5.7 branch is now 5.7.1 RC1.
Built from https://develop.svn.wordpress.org/branches/5.7@50690


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-07 23:08:09 +00:00
ryelle
f5e008b193 Accessibility: Administration: Update various background colors for increased contrast.
This ensures that contrast between text color and background meets the WCAG 2.0 AA recommended value. The following locations were changed:

 - Network List Tables: Use lighter background colors for site status indicator.
 - Nav Menus: Use a lighter background color for invalid menu items.
 - Pointers: Use a darker background for pointer header.
 - Themes: Use darker background on filter button hover.
 - Customizer: Use darker background for selected widget.

Follow-up to [50025], [50571].
Props kebbet, melchoyce, peterwilsoncc.
Merges [50687] to the 5.7 branch.
Fixes #52760.


Built from https://develop.svn.wordpress.org/branches/5.7@50688


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-07 17:44:09 +00:00
Peter Wilson
bc8b720e01 Media: Do not lazy load hidden images or embeds.
Improve the check for sourceless or dimensionless media when determining if the lazy loading attribute should be added to iframes and images. Never include the lazy loading attribute on embeds of WordPress posts as the iframe is initially hidden.

Including `loading="lazy"` on initially hidden iframes and images can prevent the media from loading in some browsers.

Props adamsilverstein, fabianpimminger, flixos90, johnbillion, jonkastonka, joyously, peterwilsoncc, SergeyBiryukov, SirStuey, swissspidy.
Merges [50682], [50683] to the 5.7 branch.
Fixes #52768.


Built from https://develop.svn.wordpress.org/branches/5.7@50684


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-07 01:52:02 +00:00
Peter Wilson
fcbd087303 Bundled Themes: Update the “Tested up to” value.
“Tested up to” is not displayed on the theme directory or within the WordPress dashboard, but should be updated to be accurate for anyone reading the theme’s source code.

Follow up to [50508].

Props desrosj.
Merges [50669] to the 5.7 branch.
Fixes #52982.

Built from https://develop.svn.wordpress.org/branches/5.7@50681


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 23:56:02 +00:00
Peter Wilson
eff1fa7e1e Twenty Twenty-One: Rebuild IE specific editor stylesheet.
This was not updated to include the changes from [50493].

Props desrosj.
Merges [50667] to the 5.7 branch.
Fixes #52981. See #52702.

Built from https://develop.svn.wordpress.org/branches/5.7@50680


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 23:54:03 +00:00
Peter Wilson
4a193e9847 Options, Meta APIs: Update default color scheme swatch to match CSS changes.
Update the default/fresh theme color swatch displayed on user profile pages to match CSS changes made during the 5.7 release cycle.

Props audrasjb, desrosj, ninetyninew, ryelle.
Merges [50663] to the 5.7 branch.
Fixes #52750.


Built from https://develop.svn.wordpress.org/branches/5.7@50679


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 23:52:03 +00:00
Peter Wilson
6587ec5372 Editor: Update @wordpress npm packages for 5.7.1 RC1.
Update @wordpress npm packages to the latest published versions for the 5.7 branch. This includes block editor bug fixes for WordPress 5.7.1.

Props gziolo, noisysocks, youknowriad.
See #52912.


Built from https://develop.svn.wordpress.org/branches/5.7@50678


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 23:50:28 +00:00
desrosj
0a0f6dfb77 Build/Test Tools: Prevent PHPUnit tests on push for forks/private mirrors.
The reorganization of the PHPUnit workflow in [50441] unintentionally caused the tests to be run for every `push` event, even for forks and private mirrors.

Previously, the second job required the first one to pass, and the conditional check on the first prevented both from running. Because the first job is no longer required for the second, both jobs must have the appropriate conditional check.

Merges [50670] to the 5.7 branch.
Fixes #52983.
Built from https://develop.svn.wordpress.org/branches/5.7@50671


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 15:26:07 +00:00
Peter Wilson
2c8182fcba Media: Conditionally pass 2nd parameter to getimagesize().
In the wrapper function `wp_getimagesize()` check if the second parameter was passed before sending it to the PHP function `getimagesize()`.

The PHP function has a different execution path depending on the number of parameters passed, this ensures the wrapper function follows the appropriate path.

Follow up to [50552].
Props azaozz, hellofromtonya, Mista-Flo, peterwilsoncc, rinatkhaziev, RogerTheriault, SergeyBiryukov, terriann, whyisjake.
Merges [50586] to the 5.7 branch.
Fixes #52826.

Built from https://develop.svn.wordpress.org/branches/5.7@50662


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 03:44:02 +00:00
Peter Wilson
894f140b12 Script Loader: Escape HTML5 boolean attribute names.
Add escaping of boolean attribute names in `wp_sanitize_script_attributes()` for themes supporting HTML5 script elements.

Props tmatsuur, johnbillion, joyously.
Merges [50575] to the 5.7 branch.
Fixes #52894.

Built from https://develop.svn.wordpress.org/branches/5.7@50661


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 03:42:01 +00:00
Peter Wilson
1d0be627a9 Site Health: Reduce false reports of HTTPS failures.
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.

Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Merges [50659] to the 5.7 branch.
Fixes #52783.

Built from https://develop.svn.wordpress.org/branches/5.7@50660


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 03:40:06 +00:00
Sergey Biryukov
551b6260da REST API: Correct enum validation for numeric values.
When validating `enum` values as `integer` or `number`, consider a number with a zero fractional part to be equivalent to an integer of the same value.

In `rest_are_values_equal()`, when comparing two values of type `int` or `float` (in any combination), first cast both of them to `float` and then compare.

This matches some test cases from the official JSON Schema test suite.

Follow-up to [50010].

Props yakimun, stefanjoebstl, TimothyBlynJacobs, rachelbaker.
Merges [50653] to the 5.7 branch.
Fixes #52932.
Built from https://develop.svn.wordpress.org/branches/5.7@50656


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-04 19:13:03 +00:00
Sergey Biryukov
69bfd1ff63 Coding Standards: Move some translator comments to the correct place.
Follow-up to [46273], [50060], [50117].

Merges [50654] to the 5.7 branch.
See #52627.
Built from https://develop.svn.wordpress.org/branches/5.7@50655


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-04 18:34:04 +00:00
Sergey Biryukov
8bda8b2847 KSES: Add object-position to the list of safe CSS properties.
This resolves an issue with the Cover block, where the `object-position` property is removed from the content when a non-admin user saves the post, leading to block recovery loop.

Props Mamaduka, aristath.
Merges [50634] to the 5.7 branch.
Fixes #52961.
Built from https://develop.svn.wordpress.org/branches/5.7@50649


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-02 19:31:06 +00:00
Sergey Biryukov
4fa46b8d14 External Libraries: Upgrade PHPMailer from 6.3.0 to 6.4.0.
6.4.0 reverts a change that made the `mail()` and sendmail transports set the envelope sender if one isn't explicitly provided, as it was causing problems in specific PHP/server configurations.

Release post: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.0
Changelog: https://github.com/PHPMailer/PHPMailer/compare/v6.3.0...v6.4.0

Props Synchro, tigertech, ayeshrajans, galbaras, audrasjb, SergeyBiryukov, desrosj, ocean90.
Merges [50628] to the 5.7 branch.
Fixes #52822.
Built from https://develop.svn.wordpress.org/branches/5.7@50630


git-svn-id: http://core.svn.wordpress.org/branches/5.7@50242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-01 13:01:06 +00:00