Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-10-02 00:57:40 +02:00
Code Issues Projects Releases Wiki Activity
04602bccd8
WordPress/wp-includes/rest-api/endpoints
History
Sergey Biryukov f524de858c Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Brings r46893 to the 4.9 branch.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.9 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.9@46918


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:57:27 +00:00
..
class-wp-rest-attachments-controller.php REST API: Ensure attachments created with WP_REST_Attachments_Controller::create_item() on Windows have a relative path. 2018-07-24 16:54:26 +00:00
class-wp-rest-comments-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-post-statuses-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-post-types-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-posts-controller.php Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:57:27 +00:00
class-wp-rest-revisions-controller.php REST API: Revert [43648] from the 4.9 branch. 2018-10-11 07:16:24 +00:00
class-wp-rest-settings-controller.php REST API: Don’t remove unregistered properties from objects in schema. 2017-10-24 21:05:49 +00:00
class-wp-rest-taxonomies-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-terms-controller.php REST API: Pass correct ID to meta->update_value to permit setting term meta during term creation. 2018-09-13 09:53:28 +00:00
class-wp-rest-users-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00