WordPress/wp-includes
Gary Pendergast 1947e4424a KSES: Allow url() to be used in inline CSS.
The cover image block uses the `url()` function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the `url()` function, too.

Merges [43781] from the 5.0 branch to core.

Props peterwilsoncc, azaozz, pento, dd32.
Fixes #45067.


Built from https://develop.svn.wordpress.org/trunk@44136


git-svn-id: http://core.svn.wordpress.org/trunk@43966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 01:41:36 +00:00
..
blocks Blocks: Parse blocks when displaying posts. 2018-12-13 22:22:38 +00:00
certificates
css Build/Test: Update dependencies for 5.0 2018-12-11 16:13:26 +00:00
customize I18n: Improve translators comments [2]. 2018-08-30 12:36:24 +00:00
fonts
ID3
images
IXR XML-RPC: Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings. 2018-02-06 02:56:32 +00:00
js Script loader: Adjust JS packages registration. 2018-12-13 17:27:38 +00:00
pomo General: PHP7.3 throws an E_WARNING when using continue to target a switch 2018-09-23 22:50:24 +00:00
random_compat External Libraries: Update Random_Compat from 1.2.1 to 2.0.11. 2017-11-08 11:48:49 +00:00
Requests
rest-api REST API: Include block_version on Post content object. 2018-12-14 00:55:37 +00:00
SimplePie
Text External Libraries: Remove usage of each() from the Text_Diff_Engine_native class. 2017-10-26 12:52:53 +00:00
theme-compat Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
widgets Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
admin-bar.php Multisite: Display registered new_item text for post post type in My Sites menu. 2018-08-29 15:50:25 +00:00
atomlib.php
author-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
blocks.php REST API: Include block_version on Post content object. 2018-12-14 00:55:37 +00:00
bookmark-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
bookmark.php Code is Poetry. 2017-11-30 23:11:00 +00:00
cache.php Code is Poetry. 2017-11-30 23:11:00 +00:00
canonical.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
capabilities.php Docs: Update @since version to 4.9.8 for meta registration subtype handling. 2018-07-23 17:02:25 +00:00
category-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
category.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-feed.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-http.php Docs: Add missing HTTP methods to the list of those supported. 2018-05-14 15:23:21 +00:00
class-IXR.php
class-json.php Docs: Fix typo in Services_JSON DocBlocks. 2018-06-28 02:20:54 +00:00
class-oembed.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-phpass.php
class-phpmailer.php
class-pop3.php
class-requests.php
class-simplepie.php
class-smtp.php
class-snoopy.php
class-walker-category-dropdown.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-walker-category.php Taxonomy: Make sure wp_list_categories() correctly outputs term name of 0. 2018-09-02 22:09:24 +00:00
class-walker-comment.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-walker-nav-menu.php Docs: Correct and improve various inline documentation. 2018-03-25 19:35:29 +00:00
class-walker-page-dropdown.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-walker-page.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 18:10:32 +00:00
class-wp-admin-bar.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-ajax-response.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-block-parser.php Blocks: Parse blocks when displaying posts. 2018-12-13 22:22:38 +00:00
class-wp-block-type-registry.php Blocks: Introduce WP_Block_Type and WP_Block_Type_Registry classes. 2018-12-13 09:44:23 +00:00
class-wp-block-type.php Blocks: Introduce WP_Block_Type and WP_Block_Type_Registry classes. 2018-12-13 09:44:23 +00:00
class-wp-comment-query.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 18:10:32 +00:00
class-wp-comment.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-customize-control.php Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes. 2018-02-25 20:32:30 +00:00
class-wp-customize-manager.php Customize: Safeguard a check on the customize_validate_{$setting_id} filter value to ensure it is a WP_Error. 2018-08-19 16:38:24 +00:00
class-wp-customize-nav-menus.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-customize-panel.php Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes. 2018-02-25 20:32:30 +00:00
class-wp-customize-section.php Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes. 2018-02-25 20:32:30 +00:00
class-wp-customize-setting.php General: Introduce WP_Error::has_errors() method and use it where appropriate. 2018-02-27 02:31:31 +00:00
class-wp-customize-widgets.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-dependency.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-editor.php Classic Editor: Disable the wpautop TinyMCE plugin on block posts. 2018-12-13 22:23:55 +00:00
class-wp-embed.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-error.php General: Introduce WP_Error::has_errors() method and use it where appropriate. 2018-02-27 02:31:31 +00:00
class-wp-feed-cache-transient.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-feed-cache.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-hook.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-http-cookie.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-http-curl.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-http-encoding.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-http-ixr-client.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 19:33:31 +00:00
class-wp-http-proxy.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-http-requests-hooks.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-http-requests-response.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-http-response.php
class-wp-http-streams.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-image-editor-gd.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-image-editor-imagick.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-image-editor.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-list-util.php General: Allow wp_list_pluck() to operate on arrays of references without overwriting the referenced items. 2018-01-18 05:18:31 +00:00
class-wp-locale-switcher.php REST API: Render response in user locale with ?_locale=user. 2018-12-14 01:32:39 +00:00
class-wp-locale.php I18N: Remove unused $start_of_week property from WP_Locale. 2018-02-18 16:32:34 +00:00
class-wp-matchesmapregex.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-meta-query.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-metadata-lazyloader.php Docs: Correct and improve various inline documentation. 2018-03-25 19:35:29 +00:00
class-wp-network-query.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 19:33:31 +00:00
class-wp-network.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 19:33:31 +00:00
class-wp-oembed-controller.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-post-type.php
class-wp-post.php Docs: Update and correct various inline documentation. 2018-05-07 17:20:22 +00:00
class-wp-query.php Docs: Correct and improve various inline documentation. 2018-08-27 14:28:26 +00:00
class-wp-rewrite.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-role.php Docs: Document more parameters and properties using typed array notation. 2018-03-25 19:33:31 +00:00
class-wp-roles.php Docs: Document WP_Roles properties with typed array notation. 2018-03-22 18:56:33 +00:00
class-wp-session-tokens.php Docs: Correct and improve docblocks for user session management functionality. 2018-09-14 13:45:26 +00:00
class-wp-simplepie-file.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-simplepie-sanitize-kses.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-site-query.php Multisite: Add meta query functionality to WP_Site_Query. 2018-04-27 11:41:22 +00:00
class-wp-site.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-tax-query.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-taxonomy.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-term-query.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-term.php Docs: Remove @static notations from method DocBlocks in wp-includes/* classes. 2018-02-25 20:22:30 +00:00
class-wp-text-diff-renderer-inline.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-text-diff-renderer-table.php Revisions: Improve performance of WP_Text_Diff_Renderer_Table. 2018-12-14 01:04:36 +00:00
class-wp-theme.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-user-meta-session-tokens.php Docs: Correct and improve docblocks for user session management functionality. 2018-09-14 13:45:26 +00:00
class-wp-user-query.php Users: Pass the current WP_User_Query instance to found_users_query filter. 2018-09-24 22:54:23 +00:00
class-wp-user.php Users: Add LIMIT 1 to SQL query in WP_User::get_data_by(), as only one row is requested. 2018-09-23 15:33:24 +00:00
class-wp-walker.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-widget-factory.php Code is Poetry. 2017-11-30 23:11:00 +00:00
class-wp-widget.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-xmlrpc-server.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp.php Multisite: Validate activation links. 2018-12-13 01:26:24 +00:00
class.wp-dependencies.php Docs: Document that the $src parameter of WP_Dependencies::add() can be boolean. 2018-09-28 21:51:24 +00:00
class.wp-scripts.php Docs: Improve inline documentation for WP_Scripts. 2018-08-27 14:34:24 +00:00
class.wp-styles.php Script/Style Dependencies: Simplify some logic in WP_Styles::do_item(). 2018-08-11 17:42:24 +00:00
comment-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
comment.php REST API: Move object type-specific metadata integrations from the wrapper functions to the low-level Meta API functions. 2018-12-12 03:02:24 +00:00
compat.php General: In the is_countable() polyfill, if the provided object implements SimpleXMLElement or ResourceBundle, consider it countable. 2018-05-10 17:58:22 +00:00
cron.php Cron API: Clarify documentation for wp_reschedule_event(). 2018-09-03 04:04:25 +00:00
date.php Docs: Correct and improve various inline documentation. 2018-03-25 19:35:29 +00:00
default-constants.php Docs: Fix a copy paste error in the DocBlock summary for wp_ssl_constants(), see [13062]. 2018-02-09 18:21:31 +00:00
default-filters.php Blocks: Parse blocks when displaying posts. 2018-12-13 22:22:38 +00:00
default-widgets.php
deprecated.php Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)". 2018-05-05 09:45:22 +00:00
embed-template.php
embed.php Build/Test: Update dependencies for 5.0 2018-12-11 16:13:26 +00:00
feed-atom-comments.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed-atom.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed-rdf.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed-rss2-comments.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed-rss2.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed-rss.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
feed.php Docs: Remove erroneous zero-width space before URL in fetch_feed() DocBlock. 2017-12-21 02:40:54 +00:00
formatting.php Blocks: Parse blocks when displaying posts. 2018-12-13 22:22:38 +00:00
functions.php General: Introduce wp_unique_id(), a PHP implementation of Underscore's uniqueId method. 2018-09-24 20:57:23 +00:00
functions.wp-scripts.php Docs: Document that the $src parameter of WP_Dependencies::add() can be boolean. 2018-09-28 21:51:24 +00:00
functions.wp-styles.php Docs: Document that the $src parameter of WP_Dependencies::add() can be boolean. 2018-09-28 21:51:24 +00:00
general-template.php REST API: Render response in user locale with ?_locale=user. 2018-12-14 01:32:39 +00:00
http.php HTTP: Don't treat localhost as same host by default. 2018-04-03 15:00:31 +00:00
kses.php KSES: Allow url() to be used in inline CSS. 2018-12-14 01:41:36 +00:00
l10n.php REST API: Render response in user locale with ?_locale=user. 2018-12-14 01:32:39 +00:00
link-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
load.php Load: Disable PHP errors for JSON requests 2018-12-12 03:08:23 +00:00
locale.php
media-template.php PHPCS: Fix errors 2018-12-11 04:45:23 +00:00
media.php Media: Improve display and accessibility of meta data in detail view. 2018-09-08 04:20:24 +00:00
meta.php REST API: Move object type-specific metadata integrations from the wrapper functions to the low-level Meta API functions. 2018-12-12 03:02:24 +00:00
ms-blogs.php Multisite: Fix coding standard errors after [43654]. 2018-09-24 15:22:24 +00:00
ms-default-constants.php Code is Poetry. 2017-11-30 23:11:00 +00:00
ms-default-filters.php Multisite: Introduce a site initialization and uninitialization API. 2018-09-24 15:09:26 +00:00
ms-deprecated.php Multisite: Validate activation links. 2018-12-13 01:26:24 +00:00
ms-files.php Code is Poetry. 2017-11-30 23:11:00 +00:00
ms-functions.php Multisite: Introduce a site initialization and uninitialization API. 2018-09-24 15:09:26 +00:00
ms-load.php Networks and Sites: In get_site_by_path(), use single domain and path parameters if there's only one item to look for. 2018-02-11 17:09:31 +00:00
ms-settings.php Code is Poetry. 2017-11-30 23:11:00 +00:00
nav-menu-template.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
nav-menu.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
option.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
pluggable-deprecated.php
pluggable.php i18n: Improve consistency of translator comments. 2018-10-02 19:51:24 +00:00
plugin.php Code is Poetry. 2017-11-30 23:11:00 +00:00
post-formats.php Post Formats: Don't assign a variable inside if statement in get_post_format(). 2018-08-30 09:01:25 +00:00
post-template.php Docs: Remove an erroneous closing brace from the description of wp_list_pages(). 2018-08-19 11:17:26 +00:00
post-thumbnail-template.php Pinking shears. 2018-03-18 14:23:33 +00:00
post.php Posts, Post Types: Add labels for post transformation messages. 2018-12-13 09:57:24 +00:00
query.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
registration-functions.php Code is Poetry. 2017-11-30 23:11:00 +00:00
registration.php Code is Poetry. 2017-11-30 23:11:00 +00:00
rest-api.php REST API: Introduce Autosaves controller and endpoint. 2018-12-13 22:42:38 +00:00
revision.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
rewrite.php Code is Poetry. 2017-11-30 23:11:00 +00:00
rss-functions.php Code is Poetry. 2017-11-30 23:11:00 +00:00
rss.php
script-loader.php REST API: Render response in user locale with ?_locale=user. 2018-12-14 01:32:39 +00:00
session.php Code is Poetry. 2017-11-30 23:11:00 +00:00
shortcodes.php Docs: Correct parameter name in strip_shortcodes_tagnames filter DocBlock. 2018-08-02 15:13:27 +00:00
spl-autoload-compat.php
taxonomy.php REST API: Move object type-specific metadata integrations from the wrapper functions to the low-level Meta API functions. 2018-12-12 03:02:24 +00:00
template-loader.php Code is Poetry. 2017-11-30 23:11:00 +00:00
template.php Docs: Add missing code formatting to various @since entries. 2018-02-09 16:55:31 +00:00
theme.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
update.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
user.php Privacy: When clicking a confirmation link for a privacy request, return a WP_Error object if the link has expired. 2018-09-03 21:44:24 +00:00
vars.php Code is Poetry. 2017-11-30 23:11:00 +00:00
version.php KSES: Allow url() to be used in inline CSS. 2018-12-14 01:41:36 +00:00
widgets.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
wlwmanifest.xml
wp-db.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
wp-diff.php Code is Poetry. 2017-11-30 23:11:00 +00:00