Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity
348148eee2
WordPress/wp-admin
History
John Blackbourn 3d3b4558d6 Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.1 branch.

Built from https://develop.svn.wordpress.org/branches/4.1@42296


git-svn-id: http://core.svn.wordpress.org/branches/4.1@42125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:36:28 +00:00
..
css Revert [31080] from the 4.1 branch and replace it with a small function in an already changed file. 2015-02-12 05:37:22 +00:00
images TwentyFifteen: 2014-11-25 06:12:22 +00:00
includes Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 2017-09-19 14:44:20 +00:00
js Customize: Ignore invalid customization sessions. 2017-05-16 12:20:25 +00:00
maint Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb 2014-06-29 14:10:15 +00:00
network Multisite: Improve escaping in network settings. 2016-03-30 16:05:21 +00:00
user Ensure the requires for the admin bootstrap are documented in all wp-admin/user/ files. 2014-11-04 16:32:22 +00:00
about.php Bump 4.1 branch to version 4.1.20. 2017-10-31 13:43:26 +00:00
admin-ajax.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
admin-footer.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
admin-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
admin-header.php Add a blank line preceding a Markdown-formatted ordered list in the DocBlock for the admin_body_class filter. 2014-12-06 23:21:24 +00:00
admin-post.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
admin.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
async-upload.php Prevent IE9 and lower displaying the download file dialogue when attempting 2015-02-12 01:33:24 +00:00
comment.php hackificator bails on this file because of mixed quote styles on some HTML attributes. 2014-05-18 21:47:14 +00:00
credits.php About page text, first pass. 2014-12-11 10:16:43 +00:00
custom-background.php Customizer: Add _wp_attachment_is_custom_background meta to uploaded background images. 2014-12-16 21:29:22 +00:00
custom-header.php Correctly capitalize JavaScript throughout core docs. 2014-12-02 00:31:22 +00:00
customize.php Customize: Ignore invalid customization sessions. 2017-05-16 12:20:25 +00:00
edit-comments.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
edit-form-advanced.php Do not autofocus text fields on page load on mobile devices. This is currently broken in many mobile browsers: 2014-12-16 15:52:23 +00:00
edit-form-comment.php Do not autofocus text fields on page load on mobile devices. This is currently broken in many mobile browsers: 2014-12-16 15:52:23 +00:00
edit-link-form.php In edit-link-form.php, hackificator bails because there is a </form> with no open <form>. It exists, but is needlessly constructed with PHP. It always returns a <form>, only the id and name are different. The dynamic piece just returns the ID now. 2014-05-18 22:07:15 +00:00
edit-tag-form.php Do not autofocus text fields on page load on mobile devices. This is currently broken in many mobile browsers: 2014-12-16 15:52:23 +00:00
edit-tags.php Do not autofocus text fields on page load on mobile devices. This is currently broken in many mobile browsers: 2014-12-16 15:52:23 +00:00
edit.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
export.php Improve some post_status-related documentation. 2014-11-01 20:20:23 +00:00
freedoms.php About page text, first pass. 2014-12-11 10:16:43 +00:00
import.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
index.php Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 2014-11-24 05:39:22 +00:00
install-helper.php Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 2014-11-24 05:47:23 +00:00
install.php No need for wp_get_password_hint() to be prefixed as if it is private. 2014-12-16 22:19:22 +00:00
link-add.php
link-manager.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
link-parse-opml.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
link.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
load-scripts.php Inline docs syntax fixes following [28978]. 2014-07-07 16:42:16 +00:00
load-styles.php Simplify the setup-config.php UI flow and load process. 2014-07-03 19:57:14 +00:00
media-new.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
media-upload.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
media.php Fix syntax for single- and multi-line comments in wp-admin-directory files. 2014-07-17 09:14:16 +00:00
menu-header.php Accessibility: hide admin menu separators from screen readers. 2014-11-19 19:37:21 +00:00
menu.php The menu items for users.php and profile.php that require the promote_users cap should be wrapped in an is_multisite() conditional a la user-new.php. 2014-11-30 19:18:23 +00:00
moderation.php
ms-admin.php
ms-delete-site.php Always decode special characters for email subjects. 2014-03-28 02:44:15 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
nav-menus.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
network.php Add line breaks at the end of network setup rules to avoid unintended merging with a subsequent line. 2014-10-15 14:13:20 +00:00
options-discussion.php Increase both mystery and humanism 2014-10-29 03:20:24 +00:00
options-general.php Admin help text changes for the General Settings screen, post editing screen, network settings screen, and user editing screen. 2014-12-02 05:15:23 +00:00
options-head.php
options-media.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-permalink.php Use home URL instead of example.org on Permalink Settings screen. 2014-09-07 09:44:15 +00:00
options-reading.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
options-writing.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
options.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:39:24 +00:00
plugin-install.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:39:24 +00:00
post-new.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
post.php Heartbeat: Ensure post locks are released. 2015-08-04 04:55:19 +00:00
press-this.php Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 2017-01-26 14:13:55 +00:00
profile.php
revision.php Revisions: Change the capability needed to view revision diffs to edit_post. 2016-06-21 14:46:22 +00:00
setup-config.php iOS: do not autofocus the readonly textarea with the code for wp-config.php in setup-config.php. 2014-12-16 15:53:21 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 13:39:24 +00:00
theme-install.php Tweak formatting in the DocBlock for the install_themes_tabs hook. 2014-12-07 18:41:21 +00:00
themes.php Remove a stray $ from [30793]. 2014-12-09 11:27:22 +00:00
tools.php Use SSL when linking to WordPress.org. see #27115. 2014-03-08 04:14:15 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:42:50 +00:00
update.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*. 2014-11-30 11:42:24 +00:00
upgrade-functions.php First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 2013-12-24 18:57:12 +00:00
upgrade.php Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb 2014-06-29 14:10:15 +00:00
upload.php Make sure we're on the media grid page before calling wp.media(). 2014-09-09 10:14:17 +00:00
user-edit.php Users: Use correct escaping function for URLs. 2017-09-19 21:39:26 +00:00
user-new.php Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 2017-11-29 16:36:28 +00:00
users.php Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors. 2014-11-16 06:16:22 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:50:26 +00:00