Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity
049d99e977
WordPress/wp-includes/rest-api
History
Sergey Biryukov b12e78ee0b Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Brings r46893 to the 4.8 branch.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.8 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.8@46917


git-svn-id: http://core.svn.wordpress.org/branches/4.8@46717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:54:21 +00:00
..
endpoints Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:54:21 +00:00
fields REST API: Return a WP_Error if meta property is not an array. 2016-12-02 21:56:42 +00:00
class-wp-rest-request.php REST API: Fix changing parameters with set_param() for some requests. 2017-05-22 16:16:42 +00:00
class-wp-rest-response.php DOCS: Replace HTTP links with HTTPS. 2016-06-10 04:50:33 +00:00
class-wp-rest-server.php REST API: Add a filter to allow modifying the response *after* embedded data is added. 2017-07-19 20:12:38 +00:00