Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 14:45:45 +01:00
Code Issues Projects Releases Wiki Activity
34,951 Commits 50 Branches 748 Tags 792 MiB
fea2ba3cd6
Commit Graph

34951 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
whyisjake
fea2ba3cd6 General: Backport several commits for release. 
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.6 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/4.6@47974


git-svn-id: http://core.svn.wordpress.org/branches/4.6@47744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-06-10 18:55:16 +00:00
Sergey Biryukov
4c7427aa06 Update the About page for WordPress 4.6.18 
Built from https://develop.svn.wordpress.org/branches/4.6@47696


git-svn-id: http://core.svn.wordpress.org/branches/4.6@47473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:34:22 +00:00
desrosj
1c099d1604 WordPress 4.6.18 
Built from https://develop.svn.wordpress.org/branches/4.6@47674


git-svn-id: http://core.svn.wordpress.org/branches/4.6@47451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 18:02:05 +00:00
whyisjake
e0fa795d49 Cache API: Ensure proper escaping around the stats method in the cache API. 
Brings the changes in [47637] to the 4.6 branch.

Props: nickdaugherty, batmoo, whyisjake, westi.

Built from https://develop.svn.wordpress.org/branches/4.6@47655


git-svn-id: http://core.svn.wordpress.org/branches/4.6@47432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:45:22 +00:00
whyisjake
6ebc722218 User: Invalidate user_activation_key on password update. 
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.6 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.


Built from https://develop.svn.wordpress.org/branches/4.6@47651


git-svn-id: http://core.svn.wordpress.org/branches/4.6@47426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-04-29 16:25:25 +00:00
Sergey Biryukov
5ca57c3ba6 WordPress 4.6.17 
Built from https://develop.svn.wordpress.org/branches/4.6@46927


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 20:29:22 +00:00
Sergey Biryukov
138f753da7 Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.6 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.6@46914


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-12-12 18:46:23 +00:00
desrosj
251c570d28 WordPress 4.6.16. 
Built from https://develop.svn.wordpress.org/branches/4.6@46514


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 20:10:39 +00:00
whyisjake
51d665a4a5 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@46496


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:02:25 +00:00
desrosj
c17ad2c252 WordPress 4.6.15. 
Built from https://develop.svn.wordpress.org/branches/4.6@46040


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 22:04:44 +00:00
Andrew Ozz
94e8b0b76b jQuery: Backport the patch from jQuery 3.4.0. 
Merges [45342] to the 4.6 branch.

Props MikeNGarrett, peterwilsoncc, azaozz.
Fixes #47020.
Built from https://develop.svn.wordpress.org/branches/4.6@46026


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:48:30 +00:00
desrosj
c33acf1903 Fix for URL sanitization in wp_kses_bad_protocol_once(). 
Merges [45997] to the 4.6 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.6@46008


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 21:40:13 +00:00
Sergey Biryukov
ef17e2b3b8 Improve handling the existing rel attribute in wp_rel_nofollow_callback(). 
Merges [45990] to the 4.6 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.6@45998


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:53:19 +00:00
Sergey Biryukov
f08a1c1302 Improve URL validation in wp_validate_redirect(). 
Merges [45971] to the 4.6 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.6@45978


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 17:12:24 +00:00
whyisjake
ed63f9e30d Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 
Merges [45937] to the 4.6 branch.

Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/4.6@45956


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:40:03 +00:00
Sergey Biryukov
2a4ac1ce68 Escape the output in wp_ajax_upload_attachment(). 
Merges [45936] to the 4.6 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.6@45948


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-09-04 16:36:24 +00:00
Gary Pendergast
5db18ede70 WordPress 4.6.14 
Built from https://develop.svn.wordpress.org/branches/4.6@44874


git-svn-id: http://core.svn.wordpress.org/branches/4.6@44705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-13 01:18:21 +00:00
Sergey Biryukov
1ff333ca3b Comments: Improve comment content filtering. 
Merges [44842] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44848


git-svn-id: http://core.svn.wordpress.org/branches/4.6@44680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:37:22 +00:00
Sergey Biryukov
f2daa0b4e6 Formatting: Improve rel="nofollow" handling in comments. 
Merges [44833] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@44839


git-svn-id: http://core.svn.wordpress.org/branches/4.6@44671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-03-12 22:23:22 +00:00
Jeremy Felt
c046ee1abd Bump 4.6 branch to version 4.6.13. 
Built from https://develop.svn.wordpress.org/branches/4.6@44081


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 02:14:04 +00:00
Gary Pendergast
5a48d3af8b Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@44058


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:43:21 +00:00
Peter Wilson
41a7a8e581 Multisite: Validate activation links. 
Merges [44048] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@44057


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:42:20 +00:00
iandunn
c54c0ddbf4 KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.6` branch.

Built from https://develop.svn.wordpress.org/branches/4.6@44031


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:52:22 +00:00
Peter Wilson
8c5cdf2b39 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@44028


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:45:21 +00:00
Gary Pendergast
6e7503eedc KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@44001


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:27:21 +00:00
Jeremy Felt
bcbb4f7808 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@43992


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:08:22 +00:00
Aaron Campbell
4f99911c22 Bump 4.6 branch to version 4.6.12 
Built from https://develop.svn.wordpress.org/branches/4.6@43410


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:12:07 +00:00
John Blackbourn
c656a7d373 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@43396


git-svn-id: http://core.svn.wordpress.org/branches/4.6@43224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 14:53:26 +00:00
Aaron Campbell
5798a9e9ae Bump 4.6 branch to version 4.6.11 
Built from https://develop.svn.wordpress.org/branches/4.6@42936


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:28:04 +00:00
Dominik Schilling
1a13b0102b Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42920


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:07:40 +00:00
Dominik Schilling
c1af867a7c Meta: Simplify the delete all meta query in delete_metadata(). 
Merge of [42913] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42915


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:42:32 +00:00
Dominik Schilling
5a4e8a9b94 HTTP: Don't treat localhost as same host by default. 
Merge of [42894] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42911


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:37:22 +00:00
Dominik Schilling
bf1163226c Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42898


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:30:40 +00:00
Sergey Biryukov
cf43545c07 General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.6 branch.
Fixes #43007.
Built from https://develop.svn.wordpress.org/branches/4.6@42555


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-23 11:27:13 +00:00
Dion Hulse
daf7cc8b30 Bump the 4.6 branch to 4.6.10. 
Built from https://develop.svn.wordpress.org/branches/4.6@42497


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:41:36 +00:00
Dion Hulse
ce6ffb6d25 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.6 branch.
Fixes #42720 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@42480


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:06:35 +00:00
Dion Hulse
cf61ff994d Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.6 branch.
Fixes #42963 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@42468


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 06:55:34 +00:00
John Blackbourn
8b0e75a650 Bump 4.6 branch to version 4.6.9. 
Built from https://develop.svn.wordpress.org/branches/4.6@42319


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 18:59:35 +00:00
John Blackbourn
969ac61dc4 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42279


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:24:34 +00:00
John Blackbourn
ed0c328547 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42278


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:23:06 +00:00
John Blackbourn
22068f006c Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42277


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:22:33 +00:00
John Blackbourn
78c7ec883d Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42276


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:21:34 +00:00
Dion Hulse
551d27db59 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.6 branch.
Fixes #42431 and #42401 for 4.6.

Built from https://develop.svn.wordpress.org/branches/4.6@42232


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:09:36 +00:00
John Blackbourn
98161af28f General: Remove the version number from the readme file in the 4.6 branch. 
See #42386

Built from https://develop.svn.wordpress.org/branches/4.6@42101


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 18:07:35 +00:00
Gary Pendergast
9c29274681 Bump 4.6 branch to version 4.6.8. 
Built from https://develop.svn.wordpress.org/branches/4.6@42071


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:15:33 +00:00
Gary Pendergast
e8617fb3a5 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.6 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.6@42059


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:41:33 +00:00
Dominik Schilling
8dc1cd00a1 Taxonomy/Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@41525


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 21:28:32 +00:00
Dominik Schilling
8d5d807270 Bump 4.6 branch to version 4.6.7. 
Built from https://develop.svn.wordpress.org/branches/4.6@41512


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 19:59:33 +00:00
Aaron Campbell
2fabb6d0e2 Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@41499


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:13:34 +00:00
Aaron Campbell
ce78b2a4fb Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.6 branch.


Built from https://develop.svn.wordpress.org/branches/4.6@41486


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:21:34 +00:00