Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-24 21:32:51 +02:00
Code Issues Projects Releases Wiki Activity
3d3eb43612
WordPress/wp-includes
History
davidbaumwald 3d3eb43612 Grouped backports to the 4.4 branch. 
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.4 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.4@56855


git-svn-id: http://core.svn.wordpress.org/branches/4.4@56366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:09:23 +00:00
..
certificates HTTP: Partially revert [34283] which removed the 1024bit certificates from our trust store. 2015-12-14 05:25:26 +00:00
css Build/Test Tools: Backport GitHub Action and build improvements to the 4.4 branch. 2021-04-02 15:43:22 +00:00
customize Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
fonts Dashicons: Fix font ID in SVG file. 2015-07-23 10:03:24 +00:00
ID3 Update getID3 to 1.9.9 2015-06-28 00:17:25 +00:00
images Embeds: Revert [35083], as the PNG files ended up not being used in [35466]. 2015-10-31 04:42:25 +00:00
js Grouped backports to the 4.4 branch. 2023-05-16 15:38:21 +00:00
pomo Merge the changes to GlotPress's POMO from upstream to WordPress's copy. 2015-11-20 04:34:25 +00:00
random_compat Random_Compat: The version included with 4.4 only supports the PHP 5.2+ namespace version of libsodium, don't attempt to use it with PHP 5.2 or old libsodium versions. 2016-01-11 04:38:28 +00:00
rest-api Grouped backports to the 4.4 branch. 2023-10-12 18:09:23 +00:00
SimplePie Feeds: add CEST to $timezone in SimplePie_Parse_Date. 2015-10-20 05:57:24 +00:00
Text Fix the @author doc param encoding in Text/Diff/Engine/string so the file is recognized as UTF-8, not ISO-8859-1. 2015-10-24 22:45:25 +00:00
theme-compat Don't use <a> in translatable strings in theme-compat/sidebar.php. 2015-10-30 10:40:26 +00:00
widgets Widgets: Remove extra quotes from widget title in WP_Widget_RSS, accidentally added in [33814]. 2015-12-23 02:00:23 +00:00
admin-bar.php Do not pass FALSE as second parameter in variable class_exists() checks 2015-11-30 04:15:27 +00:00
atomlib.php
author-template.php
bookmark-template.php
bookmark.php Grouped backports to the 4.4 branch. 2022-08-30 15:50:21 +00:00
cache.php User: Invalidate user_activation_key on password update. 2020-04-29 16:39:23 +00:00
canonical.php Canonical: introduce strip_fragment_from_url() and use when comparing URLs in redirect_canonical(). 2015-12-04 23:11:26 +00:00
capabilities.php When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it. 2015-11-29 02:27:18 +00:00
category-template.php Ensure that wp_list_categories() supports comma-separated lists for 'exclude' and 'exclude_tree'. 2015-12-18 18:14:21 +00:00
category.php Simplify the include graph after work to split out classes. 2015-11-20 07:24:30 +00:00
class-feed.php Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload(). 2015-09-20 03:52:25 +00:00
class-http.php Docs: Syntax fixes for deprecating WP_Http::parse_url(). 2015-10-23 15:43:24 +00:00
class-IXR.php XMLRPC: Revert [35509] which caused a change of behviour in at least one XMLRPC client. 2015-12-31 04:07:22 +00:00
class-json.php Docs: Put "it's" in its place (again). 2015-09-16 12:46:28 +00:00
class-oembed.php General: Backport PHP 7.1 fixes to the 4.4 branch to avoid fatal errors and warnings. 2017-07-24 22:27:31 +00:00
class-phpass.php Remove closing PHP tag from wp-includes/class-phpass.php. 2015-10-06 23:45:25 +00:00
class-phpmailer.php External libraries: Improve attachment handling in PHPMailer 2021-05-12 22:34:20 +00:00
class-pop3.php
class-simplepie.php
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 05:24:00 +00:00
class-snoopy.php Snoopy: use escapeshellarg instead of escapeshellcmd 2016-03-30 14:03:28 +00:00
class-walker-category-dropdown.php Docs: Clarify the file header for wp-includes/class-walker-category-dropdown.php, introduced in [34110]. 2015-09-22 14:03:25 +00:00
class-walker-category.php
class-walker-comment.php
class-walker-page-dropdown.php
class-walker-page.php
class-wp-admin-bar.php
class-wp-ajax-response.php WP_Ajax_Response has one property only, $responses. It was public until [28508], when it became private in name only. Is it worth 4 magic methods to pretend that this property is private? It is not. 2015-01-11 00:13:23 +00:00
class-wp-comment-query.php Comments: Respect all post-related filters in WP_Comment_Query. 2016-01-20 08:02:26 +00:00
class-wp-comment.php Prevent extra db queries in WP_Comment::get_children(). 2015-10-01 03:58:23 +00:00
class-wp-customize-control.php Customize: move WP_Customize_Control subclasses to wp-includes/customize, they load in the exact same place. 2015-10-24 18:57:25 +00:00
class-wp-customize-manager.php Customize: Ensure valid themes in the preview. 2017-09-19 11:52:37 +00:00
class-wp-customize-nav-menus.php Customizer: Use correct context and translator comments for menu location strings. 2015-11-20 17:46:25 +00:00
class-wp-customize-panel.php
class-wp-customize-section.php Customize: move WP_Customize_Section subclasses to wp-includes/customize, they load in the exact same place. 2015-10-24 18:21:25 +00:00
class-wp-customize-setting.php Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after preview() is invoked. 2015-11-21 02:52:27 +00:00
class-wp-customize-widgets.php Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after preview() is invoked. 2015-11-21 02:52:27 +00:00
class-wp-editor.php Correct the parameter type for the $stylesheet parameter in the mce_css filter documentation. 2015-11-18 17:07:37 +00:00
class-wp-embed.php Embeds: Remove the allow_insecure_embeds filter. 2015-11-19 05:02:27 +00:00
class-wp-error.php Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it. 2015-05-24 05:40:25 +00:00
class-wp-http-cookie.php
class-wp-http-curl.php
class-wp-http-encoding.php Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748]. 2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php Docs: Update the hook doc summary for the wp_http_ixr_client_headers filter, introduced in [34164]. 2015-09-15 16:16:43 +00:00
class-wp-http-proxy.php
class-wp-http-response.php HTTP/REST API: move WP_HTTP_Response to wp-includes/ with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically. 2015-10-08 19:27:28 +00:00
class-wp-http-streams.php
class-wp-image-editor-gd.php
class-wp-image-editor-imagick.php
class-wp-image-editor.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-meta-query.php Grouped backports to the 4.4 branch. 2022-01-06 18:19:21 +00:00
class-wp-network.php Multisite: Clarify documentation for WP_Network::get_by_path(). 2015-11-08 02:25:25 +00:00
class-wp-oembed-controller.php
class-wp-post.php Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
class-wp-rewrite.php
class-wp-role.php Docs: The Users subpackage is plural. 2015-09-22 13:46:25 +00:00
class-wp-roles.php
class-wp-tax-query.php Grouped backports to the 4.4 branch. 2022-01-06 18:19:21 +00:00
class-wp-term.php Make get_term() behave more consistently in the context of shared terms. 2015-11-05 16:45:25 +00:00
class-wp-theme.php Grouped backports to the 4.4 branch. 2023-10-12 18:09:23 +00:00
class-wp-user-query.php
class-wp-user.php
class-wp-walker.php
class-wp-widget-factory.php Docs: The Widgets subpackage is plural. 2015-09-22 13:48:25 +00:00
class-wp-widget.php
class-wp-xmlrpc-server.php General: WordPress updates 2020-10-29 19:04:23 +00:00
class-wp.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
class.wp-dependencies.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class.wp-scripts.php
class.wp-styles.php
comment-template.php Comments: Ignore hierarchy in pagination calculation when comment threading is disabled. 2016-01-20 08:32:27 +00:00
comment.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
compat.php Use PHP7's random_int() CSPRNG functionality in wp_rand() with a fallback to the random_compat library for PHP 5.x. 2015-10-09 04:28:24 +00:00
cron.php Cron: In spawn_cron(), when using ALTERNATE_WP_CRON, return early for any non-GET, instead of naively checking ! empty( $_POST ). 2015-09-26 04:51:26 +00:00
date.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
default-constants.php Set Twenty Sixteen as the default theme. 2015-11-25 21:52:26 +00:00
default-filters.php Embeds: Improve performance when embedding a post from the current site. 2016-06-21 14:42:29 +00:00
default-widgets.php Docs: Clarify the file header summary for wp-includes/default-widgets.php, the top-level file for bringing in the core widget classes. 2015-09-22 13:36:25 +00:00
deprecated.php
embed-template.php Embeds: Change attachment metadata condition to prevent a warning in the embeds template. 2016-01-02 03:36:21 +00:00
embed.php Grouped backports to the 4.4 branch. 2023-05-16 15:38:21 +00:00
feed-atom-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-atom.php
feed-rdf.php
feed-rss2-comments.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed-rss2.php Feeds: <comments> is optional in RSS2, so don't include it when comments aren't present or open. Same for <wfw:commentRss> and <slash:comments> 2015-11-04 17:47:25 +00:00
feed-rss.php Themes: Improve document title output. 2015-10-20 16:21:25 +00:00
feed.php Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 2017-11-29 16:29:31 +00:00
formatting.php Grouped backports to the 4.4 branch. 2022-01-06 18:19:21 +00:00
functions.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
functions.wp-scripts.php After [32596] and [32597], ensure that wp_scripts|styles() is called to ensure an instance is created of WP_Scripts|Styles() before calling ->do_items(). 2015-06-12 16:54:24 +00:00
functions.wp-styles.php After [32596] and [32597], ensure that wp_scripts|styles() is called to ensure an instance is created of WP_Scripts|Styles() before calling ->do_items(). 2015-06-12 16:54:24 +00:00
general-template.php Multisite: Improve messaging for previously activated users. 2018-12-13 00:50:20 +00:00
http.php Backporting several bug fixes. 2019-10-14 19:09:23 +00:00
kses.php Update wp_kses_bad_protocol() to recognize &colon; on uri attributes, 2019-12-12 18:44:21 +00:00
l10n.php Revert [34778], continue using _site_option() for the current network. 2015-10-07 17:11:25 +00:00
link-template.php Canonical: Output correct canonical links for paged posts when not using pretty permalinks. 2015-12-27 02:12:23 +00:00
load.php Multisite: The networks group should be global. 2016-01-11 05:06:27 +00:00
locale.php Revert [35336] and [35337]. 2015-11-18 20:30:25 +00:00
media-template.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
media.php Grouped backports to the 4.4 branch. 2023-10-12 18:09:23 +00:00
meta.php General: WordPress updates 2020-10-29 19:04:23 +00:00
ms-blogs.php Multisite: Add the global cache group networks to restore_current_blog(). 2016-01-27 13:48:27 +00:00
ms-default-constants.php Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
ms-default-filters.php Move new user notification emails to add_action() callbacks. 2015-09-16 22:19:24 +00:00
ms-deprecated.php Multisite: Validate activation links. 2018-12-13 01:47:21 +00:00
ms-files.php if is a statment, not a function. 2015-06-16 20:01:25 +00:00
ms-functions.php Multisite: Use wp_rand() in signup key creation. 2017-01-11 05:34:02 +00:00
ms-load.php
ms-settings.php
nav-menu-template.php Menus: Bring back line break between menu items. 2015-12-24 00:26:22 +00:00
nav-menu.php
option.php Rename internal variable in set_transient(). 2015-10-29 11:52:28 +00:00
pluggable-deprecated.php Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload(). 2015-09-20 03:52:25 +00:00
pluggable.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
plugin.php callback is not a valid type in PHP, PSR-5, or phpDocumentor. callable should be used instead. 2015-09-25 23:58:25 +00:00
post-formats.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-template.php Grouped backports to the 4.4 branch. 2022-08-30 15:50:21 +00:00
post-thumbnail-template.php Docs: Adjust documentation for the $size parameter in the_post_thumbnail_url() to clarify the required order of width and height values when passing an array. 2015-10-12 17:00:26 +00:00
post.php Grouped backports to the 4.4 branch. 2022-01-06 18:19:21 +00:00
query.php User: Invalidate user_activation_key on password update. 2020-04-29 16:39:23 +00:00
registration-functions.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
registration.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
rest-api.php Grouped backports to the 4.4 branch. 2023-10-12 18:09:23 +00:00
revision.php Docs: Correct description for _wp_post_revision_fields() arguments. 2015-10-22 12:17:28 +00:00
rewrite.php
rss-functions.php
rss.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
script-loader.php External Librairies: Update jQuery.query to version 2.2.3. 2022-03-10 21:39:21 +00:00
session.php
shortcodes.php Grouped backports to the 4.4 branch. 2023-10-12 18:09:23 +00:00
taxonomy.php Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 2016-03-30 17:17:28 +00:00
template-loader.php Embeds: Add oEmbed provider support. 2015-10-07 10:36:25 +00:00
template.php List the possible values for the dynamic portion of the {type}_template hook. 2015-10-28 14:06:27 +00:00
theme.php Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining CORE_UPGRADE_SKIP_NEW_BUNDLED as false. 2015-11-25 21:45:25 +00:00
update.php Background Updates: Remove the 7am/7pm background update check. 2016-01-06 13:24:33 +00:00
user.php User: Invalidate user_activation_key on password update. 2020-04-29 16:39:23 +00:00
vars.php Introduce a new $is_edge global for the Microsoft Edge browser. 2015-09-05 22:33:23 +00:00
version.php Grouped backports to the 4.4 branch. 2023-05-16 15:38:21 +00:00
widgets.php Grouped backports to the 4.4 branch. 2022-10-17 18:01:21 +00:00
wlwmanifest.xml The Pinking Shears stir from their slumber, awakened by what may seem, to those 2013-12-11 19:49:11 +00:00
wp-db.php WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 2017-11-27 01:11:03 +00:00
wp-diff.php