WordPress/wp-includes
John Blackbourn 2916cd9417 Media: bring the capability check in wp_ajax_crop_image() inline with those in wp_ajax_imgedit_preview() and wp_ajax_image_editor().
This change means that a user can crop an image if they have the ability to edit its attachment post, without requiring the ability to access the Customizer.

Fixes #40193

Built from https://develop.svn.wordpress.org/trunk@41270


git-svn-id: http://core.svn.wordpress.org/trunk@41110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-19 13:30:43 +00:00
..
certificates
css Update autoprefixer browser support matrix 2017-07-16 01:15:46 +00:00
customize Customize: Harden color control's logic for obtaining default value to prevent JS error when non-string default supplied. 2017-08-16 19:04:47 +00:00
fonts
ID3 Media: update the getID3 library to version 1.9.14 to avoid fatal errors in PHP7. 2017-07-31 19:50:45 +00:00
images
IXR XML-RPC: Fix truncated warning message added in [38883]. 2016-10-29 21:32:33 +00:00
js Docs: Improve JavaScript documentation in autosave.js. 2017-08-18 14:24:45 +00:00
pomo General: Correctly detect trailing newline when prepending. 2016-12-13 02:48:41 +00:00
random_compat
Requests
rest-api REST API: Allow site administrators to edit user roles in multisite. 2017-08-03 21:59:44 +00:00
SimplePie
Text
theme-compat
widgets Widgets: Prevent visual Text widget from decoding encoded HTML. 2017-08-17 23:37:43 +00:00
admin-bar.php Toolbar: Add View User and Edit User links to the admin toolbar to ease navigation between a user's archives and the user editing screen. 2017-07-26 16:45:44 +00:00
atomlib.php General: Remove most uses of create_function() 2016-12-13 01:49:39 +00:00
author-template.php Docs: List out accepted values for the $field parameter in get_the_author_meta(). 2017-06-26 18:24:40 +00:00
bookmark-template.php
bookmark.php General: Use interpolation instead of concatenation for all dynamic hook names. 2016-12-14 04:18:42 +00:00
cache.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
canonical.php Canonical: Check first before attempting to include a 'path' value in the URL in strip_fragment_from_url(). 2017-08-16 21:11:43 +00:00
capabilities.php Role/Capability: Introduce capabilities dedicated to installing and updating language files. 2017-08-18 18:31:44 +00:00
category-template.php General: Fix more instances of inconsistent parameters passed to various filters, plus fix some filter docs. 2017-08-03 16:13:44 +00:00
category.php I18N: Merge similar strings in _deprecated_argument() calls. 2017-01-29 11:50:41 +00:00
class-feed.php Load: Re-add class-feed.php. 2016-12-03 03:30:42 +00:00
class-http.php Docs: Add missing documentation for the $data parameter for WP_Http::browser_redirect_compatibility(). 2017-08-03 15:24:44 +00:00
class-IXR.php
class-json.php
class-oembed.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-phpass.php
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 01:23:41 +00:00
class-pop3.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-requests.php
class-simplepie.php
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 01:23:41 +00:00
class-snoopy.php
class-walker-category-dropdown.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-walker-category.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-walker-comment.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-walker-nav-menu.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-walker-page-dropdown.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-walker-page.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-admin-bar.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-ajax-response.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-comment-query.php Docs: Fix various filter documentation. 2017-08-03 14:34:44 +00:00
class-wp-comment.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-customize-control.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-customize-manager.php Customize: Fix PHP warning raised when deleting a setting from changeset via passing null as params in WP_Customize_Manager::save_changeset_post(). 2017-08-12 21:21:48 +00:00
class-wp-customize-nav-menus.php Map nav menu locations on theme switch 2017-08-09 21:04:47 +00:00
class-wp-customize-panel.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-customize-section.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-customize-setting.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-customize-widgets.php Customize: Introduce settings_previewed arg and getter on WP_Customize_Manager which controls whether WP_Customize_Setting::preview() should be called on settings. 2017-08-02 05:35:41 +00:00
class-wp-dependency.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-editor.php I18N: Use a consistent context for Visual and Text editor tab labels. 2017-07-25 22:58:41 +00:00
class-wp-embed.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-error.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-feed-cache-transient.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-feed-cache.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-hook.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-http-cookie.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-http-curl.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
class-wp-http-requests-hooks.php Docs: Remove superfluous @package WordPress and @subpackage notations used outside of file headers in a variety of core files. 2017-07-01 16:58:42 +00:00
class-wp-http-requests-response.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-http-response.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-http-streams.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-image-editor-gd.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-image-editor-imagick.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-image-editor.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-list-util.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-locale-switcher.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-locale.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-matchesmapregex.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-meta-query.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-metadata-lazyloader.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-network-query.php Docs: Fix various filter documentation. 2017-08-03 14:34:44 +00:00
class-wp-network.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-oembed-controller.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-post-type.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-post.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-query.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-rewrite.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-role.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-roles.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-session-tokens.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-simplepie-file.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-simplepie-sanitize-kses.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-site-query.php Docs: Fix various filter documentation. 2017-08-03 14:34:44 +00:00
class-wp-site.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-tax-query.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-taxonomy.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-term-query.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-term.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-text-diff-renderer-inline.php
class-wp-text-diff-renderer-table.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-theme.php Docs: Reduce confusion in @since MU notationss by indicating the WP version (3.0.0) the code was merged into core while retaining the original context. 2017-08-01 20:44:43 +00:00
class-wp-user-meta-session-tokens.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-user-query.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-user.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-walker.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-widget-factory.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-widget.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-xmlrpc-server.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class.wp-dependencies.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class.wp-scripts.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class.wp-styles.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
comment-template.php General: Add missing parameters to instances of the the_permalink filter. 2017-08-03 14:59:44 +00:00
comment.php Allow metadata to be updated via wp_update_comment(). 2017-07-01 13:36:41 +00:00
compat.php General: Move the __autoload() compat function into its own file to prevent deprecated notices being thrown by the compiler in PHP 7.2. 2017-07-28 01:15:52 +00:00
cron.php Docs: Use third-person singular verbs in the summaries for wp_unschedule_hook() and wp_clear_scheduled_hook(). 2017-06-30 04:54:41 +00:00
date.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
default-constants.php Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the siteurl network option. 2017-03-23 19:01:42 +00:00
default-filters.php Role/Capability: Introduce capabilities dedicated to installing and updating language files. 2017-08-18 18:31:44 +00:00
default-widgets.php Widgets: Rename "HTML Code" widget to "Custom HTML" widget. 2017-06-24 00:00:45 +00:00
deprecated.php Docs: Add a missing docblock for the the_content_rss filter. 2017-08-03 14:46:43 +00:00
embed-template.php
embed.php Update autoprefixer browser support matrix 2017-07-16 01:15:46 +00:00
feed-atom-comments.php Feeds: Do not translate the lastBuildDate field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-atom.php Feeds: Do not translate the lastBuildDate field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-rdf.php
feed-rss2-comments.php Feeds: Do not translate the lastBuildDate field in RSS feeds. 2016-12-16 06:39:41 +00:00
feed-rss2.php Feeds: Replace the RSS2 lastBuildDate date field with the r date specifier. 2016-12-16 06:42:40 +00:00
feed-rss.php
feed.php Feeds: Don't override the Content-Type header inside fetc_feed() 2017-01-05 03:06:42 +00:00
formatting.php Docs: Add @staticvar entries for get_html_split_regex() and _get_wptexturize_split_regex(). 2017-07-20 13:38:44 +00:00
functions.php Customize: Prevent _delete_option_fresh_site() from hitting DB if fresh_site flag already cleared. 2017-08-13 00:57:43 +00:00
functions.wp-scripts.php
functions.wp-styles.php
general-template.php Formatting: Introduce get_the_post_type_description() to allow post type archive descriptions to be formatted the same as author and term archives. 2017-08-04 23:01:44 +00:00
http.php Docs: Replace a variety of http links referenced in inline docs with their https counterparts (where possible). 2017-06-25 22:06:41 +00:00
kses.php Docs: Adjust notation for the $context parameter in the DocBlocks for the wp_kses_allowed_html() function and its associated wp_kses_allowed_html filter. 2017-06-25 22:16:40 +00:00
l10n.php Docs: Clarify the description for esc_html__() to note that the original text will be escaped on return if there is no translation, or the text domain isn't loaded. 2017-06-25 06:41:41 +00:00
link-template.php Link Template: Allow the type argument to be passed through get_the_comments_pagination() as long as its value isn't array. 2017-08-09 04:07:43 +00:00
load.php Docs: Add a @global entry for $wp_filter in wp_start_object_cache(). 2017-07-01 22:13:41 +00:00
locale.php Load: No-op locale.php 2016-12-03 04:16:38 +00:00
media-template.php Widgets: Introduce media widgets for images, audio, and video with extensible base for additional media widgets in the future. 2017-05-11 21:11:44 +00:00
media.php Media: Pass shortcode attributes to wp_audio_shortcode_class and wp_video_shortcode_class filters. 2017-08-05 16:42:45 +00:00
meta.php Options/Meta: Document valid types for registration. 2017-05-10 06:10:43 +00:00
ms-blogs.php Multisite: Remove references to $wpdb->siteid and use get_current_network_id() instead. 2017-08-12 13:11:43 +00:00
ms-default-constants.php
ms-default-filters.php Multisite: Fix filter hooks for the updating network count functions. 2017-05-09 17:15:43 +00:00
ms-deprecated.php Multisite: Remove references to $wpdb->siteid and use get_current_network_id() instead. 2017-08-12 13:11:43 +00:00
ms-files.php
ms-functions.php Multisite: Remove references to $wpdb->siteid and use get_current_network_id() instead. 2017-08-12 13:11:43 +00:00
ms-load.php
ms-settings.php
nav-menu-template.php Menus: Make sure current-menu-parent and current-menu-ancestor classes are properly set for parent items of post type archive submenu items. 2017-07-05 21:31:44 +00:00
nav-menu.php Map nav menu locations on theme switch 2017-08-09 21:04:47 +00:00
option.php Multisite: Remove references to $wpdb->siteid and use get_current_network_id() instead. 2017-08-12 13:11:43 +00:00
pluggable-deprecated.php
pluggable.php Users: Switch to using array style filters for the newly introduced filters in wp_password_change_notification() and wp_new_user_notification(). 2017-08-03 13:21:46 +00:00
plugin.php
post-formats.php
post-template.php Docs: Correct a typo in the sort_column argument description for wp_page_menu(). 2017-06-13 01:11:43 +00:00
post-thumbnail-template.php Post Thumbnails: Pass post ID to post_thumbnail_size filter. 2017-08-18 18:19:44 +00:00
post.php Docs: Use a hash notation for the $args parameter to describe the fields argument in the DocBlock for wp_get_post_terms(). 2017-07-12 22:21:41 +00:00
query.php Docs: Remove some more top-level @aacess tags from function DocBlocks. 2017-07-27 08:19:43 +00:00
registration-functions.php
registration.php
rest-api.php REST API: Always call rest_get_server() instead of accessing the $wp_rest_server global. 2017-08-10 01:38:43 +00:00
revision.php Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters. 2016-11-09 23:00:32 +00:00
rewrite.php
rss-functions.php
rss.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
script-loader.php Media: Upgrade MediaElement.js from 4.2.3 to 4.2.5. 2017-08-12 06:20:44 +00:00
session.php Load: Re-add session.php. 2016-12-03 03:51:41 +00:00
shortcodes.php Shortcodes: Allow using single quotes for empty value attributes. 2017-07-11 00:54:41 +00:00
spl-autoload-compat.php General: Move the __autoload() compat function into its own file to prevent deprecated notices being thrown by the compiler in PHP 7.2. 2017-07-28 01:15:52 +00:00
taxonomy.php Docs: Correct @param type for $term_id in get_term_children(). 2017-08-08 20:53:46 +00:00
template-loader.php
template.php Docs: Don't reference non-existent hooks inline in the DocBlock descriptions for the following template functions: 2017-06-29 16:05:41 +00:00
theme.php Map nav menu locations on theme switch 2017-08-09 21:04:47 +00:00
update.php Cron API: Add a new wp_doing_cron() helper function. 2017-05-06 14:30:40 +00:00
user.php Docs: Correct and improve the documentation for the send_confirmation_on_profile_email() function and the new_user_email_content filter. 2017-08-02 20:43:44 +00:00
vars.php General: Introduce a wp_is_mobile filter for controlling whether a request should be treated as coming from a mobile device. 2017-06-15 12:05:42 +00:00
version.php Media: bring the capability check in wp_ajax_crop_image() inline with those in wp_ajax_imgedit_preview() and wp_ajax_image_editor(). 2017-08-19 13:30:43 +00:00
widgets.php Widgets: Rename "HTML Code" widget to "Custom HTML" widget. 2017-06-24 00:00:45 +00:00
wlwmanifest.xml
wp-db.php Multisite: Rename internal $site_id variables referencing networks to $network_id. 2017-08-12 12:48:47 +00:00
wp-diff.php