Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-04 18:01:42 +01:00
Code Issues Projects Releases Wiki Activity
606c9905ef
WordPress/wp-includes
History
Rachel Baker 606c9905ef REST API: Fix incorrect uses of rest_sanitize_value_from_schema(). 
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:12:41 +00:00
..
certificates
css TinyMCE: fix the styling of notices generated by the editor UI. 2016-11-29 04:59:29 +00:00
customize Customize: Fix handling of the nav menu item labels (titles) that match defaults (original titles) and fix the display of item type labels. 2016-11-30 23:36:42 +00:00
fonts
ID3
images
IXR XML-RPC: Fix truncated warning message added in [38883]. 2016-10-29 21:32:33 +00:00
js Trunk is really 4.8-alpha now. 2016-11-29 04:55:50 +00:00
pomo Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
random_compat
Requests HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. 2016-10-05 03:24:37 +00:00
rest-api REST API: Fix incorrect uses of rest_sanitize_value_from_schema(). 2016-12-01 02:12:41 +00:00
SimplePie
Text
theme-compat
widgets Docs: Fix an incorrect pseudo-parameter referenced in the hook doc for the widget_tag_cloud_args filter. 2016-10-31 06:40:49 +00:00
admin-bar.php Multisite: Use get_network() and get_current_network_id() for current network data. 2016-10-19 04:47:30 +00:00
atomlib.php General: Check to see that the PHP-XML module is enabled before using XML functions. 2016-10-24 04:45:31 +00:00
author-template.php I18N: Add translator comments for strings in wp-includes/author-template.php. 2016-08-23 23:18:29 +00:00
bookmark-template.php
bookmark.php Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters. 2016-11-09 23:00:32 +00:00
cache.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
canonical.php
capabilities.php Roles/Capabilities: Add meta-caps for comment, term, and user meta. 2016-11-09 03:42:30 +00:00
category-template.php Taxonomy: Prevent wp_list_categories() from producing not well-nested output if hide_title_if_empty is true. 2016-11-17 18:02:30 +00:00
category.php Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters. 2016-11-09 23:00:32 +00:00
class-http.php WP_HTTP: Map internal Requests hooks to WordPress actions. 2016-11-13 10:36:29 +00:00
class-IXR.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-json.php
class-oembed.php Embeds: Realign the provider list after [38693]. 2016-10-25 20:16:56 +00:00
class-phpass.php
class-phpmailer.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-pop3.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-requests.php HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. 2016-10-05 03:24:37 +00:00
class-simplepie.php
class-smtp.php
class-snoopy.php
class-walker-category-dropdown.php
class-walker-category.php
class-walker-comment.php I18N: Add translator comments for strings in wp-includes/class-walker-comment.php. 2016-08-23 23:33:28 +00:00
class-walker-nav-menu.php Menus: Fix notices thrown by classes extending Walker_Nav_Menu. 2016-09-08 07:06:30 +00:00
class-walker-page-dropdown.php
class-walker-page.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-wp-admin-bar.php Accessibility: Revert [38984] as it needs to be better communicated to plugin authors. 2016-11-05 16:28:33 +00:00
class-wp-ajax-response.php AJAX: add a new function, wp_doing_ajax(), which can replace... (wait for it...) DOING_AJAX checks via the constant. 2016-08-23 14:33:30 +00:00
class-wp-comment-query.php Comments: Query used to fill comment descendants should reset 'offset' and 'number' params. 2016-11-17 03:03:30 +00:00
class-wp-comment.php Don't improperly cast IDs when fetching post, user, or term objects. 2016-08-26 19:09:27 +00:00
class-wp-customize-control.php Customize: Clean up docs and code style for customize changes in 4.7. 2016-11-23 06:05:32 +00:00
class-wp-customize-manager.php Theme starter content: Add support for featured images and page templates. 2016-11-23 09:53:33 +00:00
class-wp-customize-nav-menus.php Theme starter content: Add support for featured images and page templates. 2016-11-23 09:53:33 +00:00
class-wp-customize-panel.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
class-wp-customize-section.php Customize: Introduce custom CSS for extending theme styles. 2016-10-19 18:15:31 +00:00
class-wp-customize-setting.php Customize: Ensure WP_Customize_Setting::value() returns previewed value for custom types utilizing the customize_value_{$id_base} filter. 2016-11-19 06:00:34 +00:00
class-wp-customize-widgets.php Customize: Implement customized state persistence with changesets. 2016-10-18 20:05:31 +00:00
class-wp-dependency.php Script Loader: move _WP_Dependency into its own file. 2016-08-26 18:06:39 +00:00
class-wp-editor.php TinyMCE: after chats in #core-editor and #desing on Slack, the decision is to not remove Heading 1 for beta1. 2016-10-26 22:01:33 +00:00
class-wp-embed.php Embed: wp-settings.php loads class-wp-embed.php, which currently produces side effects. Move the global instantiation to wp-settings.php. WP_Embed is then in a file by itself. 2016-08-26 09:53:28 +00:00
class-wp-error.php Load: move is_wp_error() to load.php so that WP_Error is in a file by itself. 2016-08-26 09:58:28 +00:00
class-wp-feed-cache-transient.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. 2016-08-25 18:18:39 +00:00
class-wp-feed-cache.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. 2016-08-25 18:18:39 +00:00
class-wp-hook.php Docs: Fix minor formatting for inline docs in WP_Hook following its introduction in [38571]. 2016-09-08 04:17:30 +00:00
class-wp-http-cookie.php
class-wp-http-curl.php
class-wp-http-encoding.php
class-wp-http-ixr-client.php
class-wp-http-proxy.php
class-wp-http-requests-hooks.php WP_HTTP: Map internal Requests hooks to WordPress actions. 2016-11-13 10:36:29 +00:00
class-wp-http-requests-response.php HTTP: Document that the return value of wp_remote_retrieve_headers() changed from a simple array to an object which implements ArrayAccess. 2016-10-05 03:51:28 +00:00
class-wp-http-response.php HTTP: in WP_HTTP_Response, the @param declarations for $status and $headers were swapped. Let us correct this. 2016-08-22 21:28:27 +00:00
class-wp-http-streams.php
class-wp-image-editor-gd.php
class-wp-image-editor-imagick.php Media: Allow override of PDF setup for multiple pages or DPI. 2016-11-18 22:22:32 +00:00
class-wp-image-editor.php Media: when calling pathinfo(), also pass a PATHINFO_* constant to avoid array notices for unset keys. 2016-08-20 23:36:28 +00:00
class-wp-list-util.php General: Introduce a wp_list_sort() helper function, v2. 2016-10-25 21:26:32 +00:00
class-wp-locale-switcher.php I18N: Add an additional caching layer for _load_textdomain_just_in_time(). 2016-11-21 16:07:33 +00:00
class-wp-locale.php General: use get_bloginfo( 'version' ) instead of global $wp_version in several locations - excluding those locations which reload version.php mid-flight. 2016-08-31 05:49:37 +00:00
class-wp-matchesmapregex.php Load: move WP_MatchesMapRegex into its own file. 2016-08-26 18:11:39 +00:00
class-wp-meta-query.php General: Restore usage of $wpdb, instead of $this->db. 2016-10-10 06:38:31 +00:00
class-wp-metadata-lazyloader.php
class-wp-network-query.php Cache API: introduce wp_cache_get_last_changed to improve DRY 2016-10-21 02:54:34 +00:00
class-wp-network.php
class-wp-oembed-controller.php
class-wp-post-type.php Docs: Use a third-person singular verb for register_post_type_args filter added in [34242]. 2016-09-14 21:58:29 +00:00
class-wp-post.php Posts, Post Types: Add support for post type templates. 2016-10-26 08:07:30 +00:00
class-wp-query.php Docs: Update the DocBlock description for WP_Query::is_single() to mention that it works for any post types excluding pages. 2016-10-31 06:34:34 +00:00
class-wp-rewrite.php Make sure rewrite rules are not written until wp_loaded has fired 2016-10-07 19:44:28 +00:00
class-wp-role.php
class-wp-roles.php Roles: Fix a PHP error introduced in [39082]. 2016-11-02 05:55:30 +00:00
class-wp-session-tokens.php Session: move WP_Session_Tokens and WP_User_Meta_Session_Tokens into their own files via svn cp. If we move forard with autoloading, session.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. 2016-08-25 17:44:31 +00:00
class-wp-simplepie-file.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. 2016-08-25 18:18:39 +00:00
class-wp-simplepie-sanitize-kses.php Feed: move 'WP_Feed_Cache', 'WP_Feed_Cache_Transient', WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. 2016-08-25 18:18:39 +00:00
class-wp-site-query.php Cache API: introduce wp_cache_get_last_changed to improve DRY 2016-10-21 02:54:34 +00:00
class-wp-site.php Multisite: Deprecate the blog_details filter. 2016-10-25 23:44:30 +00:00
class-wp-tax-query.php General: Restore usage of $wpdb, instead of $this->db. 2016-10-10 06:38:31 +00:00
class-wp-taxonomy.php Taxonomy: Introduce WP_Taxonomy and use it in register_taxonomy() and unregister_taxonomy(). 2016-10-07 17:12:29 +00:00
class-wp-term-query.php Taxonomy: Remove redundant 'get_terms_args' filter call from WP_Term_Query. 2016-10-31 15:47:33 +00:00
class-wp-term.php Don't improperly cast IDs when fetching post, user, or term objects. 2016-08-26 19:09:27 +00:00
class-wp-text-diff-renderer-inline.php Diff: move WP_Text_Diff_Renderer_inline (behold that lowercase "i") and WP_Text_Diff_Renderer_Table into their own files via svn cp. 2016-08-25 17:37:30 +00:00
class-wp-text-diff-renderer-table.php Diff: move WP_Text_Diff_Renderer_inline (behold that lowercase "i") and WP_Text_Diff_Renderer_Table into their own files via svn cp. 2016-08-25 17:37:30 +00:00
class-wp-theme.php Posts, Post Types: Improve sanitisation of templates' post types. 2016-11-15 03:37:31 +00:00
class-wp-user-meta-session-tokens.php Session: move WP_Session_Tokens and WP_User_Meta_Session_Tokens into their own files via svn cp. If we move forard with autoloading, session.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. 2016-08-25 17:44:31 +00:00
class-wp-user-query.php General: Restore usage of $wpdb, instead of $this->db. 2016-10-10 06:38:31 +00:00
class-wp-user.php General: Restore usage of $wpdb, instead of $this->db. 2016-10-10 06:38:31 +00:00
class-wp-walker.php
class-wp-widget-factory.php
class-wp-widget.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
class-wp-xmlrpc-server.php Text Changes: Merge strings referring to list_users capability. 2016-11-19 02:16:30 +00:00
class-wp.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
class.wp-dependencies.php Script Loader: move _WP_Dependency into its own file. 2016-08-26 18:06:39 +00:00
class.wp-scripts.php
class.wp-styles.php
comment-template.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
comment.php Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters. 2016-11-09 23:00:32 +00:00
compat.php
cron.php Cron: clarify descriptions for Cron API functions. 2016-08-26 09:22:30 +00:00
date.php General: Restore usage of $wpdb, instead of $this->db. 2016-10-10 06:38:31 +00:00
default-constants.php Themes: Twenty Seventeen is now the default theme. 2016-10-20 09:13:29 +00:00
default-filters.php Customize: Remove premature (and verbose) check of fresh_site option due to database not being ready on multisite. 2016-10-28 03:43:30 +00:00
default-widgets.php
deprecated.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
embed-template.php
embed.php Embeds: Correctly remove security attribute from iframes in IE 10 and IE 11. 2016-11-23 13:38:33 +00:00
feed-atom-comments.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
feed-atom.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed-rdf.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed-rss2-comments.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
feed-rss2.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed-rss.php Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds. 2016-10-25 20:48:29 +00:00
feed.php General: Check to see that the PHP-XML module is enabled before using XML functions. 2016-10-24 04:45:31 +00:00
formatting.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
functions.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
functions.wp-scripts.php Customize: Implement customized state persistence with changesets. 2016-10-18 20:05:31 +00:00
functions.wp-styles.php Script Loader: Correct default value for $src in wp_enqueue_script() and wp_enqueue_style(). 2016-09-04 04:09:28 +00:00
general-template.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
http.php Multisite: Use get_network() and get_current_network_id() for current network data. 2016-10-19 04:47:30 +00:00
kses.php KSES: Deprecate wp_kses_js_entities(). 2016-10-13 22:25:31 +00:00
l10n.php I18N: In wp_dropdown_languages() rename the new show_site_locale_default argument to show_option_site_default. 2016-11-21 16:14:30 +00:00
link-template.php Docs: Clarify descriptions for home_url() and get_home_url() on the true effect of the $scheme parameter. 2016-10-31 07:06:32 +00:00
load.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
media-template.php Media: Clearly indicate that PDF thumbnails are just document previews. 2016-11-13 16:39:31 +00:00
media.php Media: Fix regression with display of small images in media library. 2016-12-01 00:02:41 +00:00
meta.php Update link in register_meta about 4.6 changes 2016-11-01 06:54:34 +00:00
ms-blogs.php Roles/Capabilities: Add a new wp_roles_init filter. 2016-11-02 00:31:32 +00:00
ms-default-constants.php Multisite: Use get_network() and get_current_network_id() for current network data. 2016-10-19 04:47:30 +00:00
ms-default-filters.php
ms-deprecated.php Multisite: Replace get_blog_details() in inline documentation. 2016-10-26 03:39:29 +00:00
ms-files.php Multsite: Flush output buffer after readfile() in ms-files.php. 2016-09-27 20:05:28 +00:00
ms-functions.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
ms-load.php Multisite: Replace get_blog_details() in inline documentation. 2016-10-26 03:39:29 +00:00
ms-settings.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
nav-menu-template.php Menus: Add the menu-item-home class to the static front page item. 2016-10-26 01:58:30 +00:00
nav-menu.php General: Introduce a wp_list_sort() helper function, v2. 2016-10-25 21:26:32 +00:00
option.php Options: Pass the $passed_default parameter to the 'default_option_{$option} filter in add_option(). 2016-11-30 21:22:41 +00:00
pluggable-deprecated.php
pluggable.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
plugin.php Bootstrap: Use dirname() when loading class-wp-hook.php from plugin.php. 2016-09-12 01:50:30 +00:00
post-formats.php
post-template.php Posts, Post Types: Add support for post type templates. 2016-10-26 08:07:30 +00:00
post-thumbnail-template.php
post.php Theme starter content: Add support for featured images and page templates. 2016-11-23 09:53:33 +00:00
query.php Query: in wp_old_slug_redirect(), use get_query_var() instead of importing and touching the global $wp_query directly. 2016-08-31 06:21:41 +00:00
registration-functions.php
registration.php
rest-api.php REST API: Fix incorrect uses of rest_sanitize_value_from_schema(). 2016-12-01 02:12:41 +00:00
revision.php Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters. 2016-11-09 23:00:32 +00:00
rewrite.php
rss-functions.php
rss.php Docs: Fix multiple trivial typos throughout a variety of core files. 2016-10-31 06:28:32 +00:00
script-loader.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
shortcodes.php Docs: Add a missing changelog entry for the point where the $tagnames parameter was added to get_shortcode_regex(). 2016-11-23 17:35:32 +00:00
taxonomy.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
template-loader.php Themes: Remove paged.php from the theme template hierarchy. 2016-10-07 21:03:31 +00:00
template.php Posts, Post Types: Add support for post type templates. 2016-10-26 08:07:30 +00:00
theme.php Customize: Refactor logic for updating custom_css posts by introducing wp_update_custom_css_post() function and renaming update filter. 2016-11-23 17:34:31 +00:00
update.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
user.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
vars.php General: revert [38467], wp_is_IE() should not exist. 2016-08-31 15:22:31 +00:00
version.php REST API: Fix incorrect uses of rest_sanitize_value_from_schema(). 2016-12-01 02:12:41 +00:00
widgets.php I18N: Merge two 'RSS Error:' strings. 2016-11-19 01:56:31 +00:00
wlwmanifest.xml
wp-db.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
wp-diff.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00