WordPress/wp-includes/rest-api
whyisjake da95cca74c Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Prevent  stored XSS through wp_targeted_link_rel().

Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 5.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

Prevent stored XSS in the block editor.

Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras.

Built from https://develop.svn.wordpress.org/branches/5.2@46901


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:18:54 +00:00
..
endpoints Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:18:54 +00:00
fields REST API: Slash existing meta values when comparing with incoming meta upates. 2018-12-13 16:30:37 +00:00
search REST API: Introduce rest_post_search_query filter. 2019-01-08 21:45:48 +00:00
class-wp-rest-request.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-rest-response.php Docs: Correct and improve various inline documentation. 2018-08-27 14:28:26 +00:00
class-wp-rest-server.php Docs: Correct and improve various inline documentation. 2018-08-27 14:28:26 +00:00