WordPress/wp-admin
Sergey Biryukov 65d87ce862 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 4.5 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.5@45950


git-svn-id: http://core.svn.wordpress.org/branches/4.5@45761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:37:09 +00:00
..
css Use px instead of in in device preview 2016-04-19 20:54:28 +00:00
images Add grunt prerelease task 2016-03-10 05:37:27 +00:00
includes Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:37:09 +00:00
js Add nonce for updating file system credentials. 2017-05-16 14:54:03 +00:00
maint Install/Upgrade: Keep indexing bots away until a site is ready to be seen. 2015-12-08 21:56:27 +00:00
network Multisite: Improve escaping in network settings. 2016-03-30 15:59:26 +00:00
user
about.php WordPress 4.5.17 2019-03-13 01:25:20 +00:00
admin-ajax.php Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective). 2016-02-25 12:53:27 +00:00
admin-footer.php
admin-functions.php
admin-header.php Correct the title used on the user dashboard. 2015-06-24 00:37:28 +00:00
admin-post.php Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective). 2016-02-25 12:53:27 +00:00
admin.php Taxonomy: After [36874], run the correct load-edit-tags.php hook on the new term edit page. 2016-03-27 15:16:29 +00:00
async-upload.php Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:37:09 +00:00
comment.php Make Moderate Comment Screen Great Again by showing links 2016-04-06 00:35:27 +00:00
credits.php 4.5 About Page, second round. 2016-04-10 02:03:29 +00:00
custom-background.php callback is not a valid type in PHP, PSR-5, or phpDocumentor. callable should be used instead. 2015-09-25 23:58:25 +00:00
custom-header.php I18N: Remove <strong> tags from translatable strings in wp-admin/custom-header.php. 2016-02-23 23:43:26 +00:00
customize.php Customize: Ignore invalid customization sessions. 2017-05-16 12:16:31 +00:00
edit-comments.php Allow searching for 0 throughout the admin. 2016-01-14 20:06:25 +00:00
edit-form-advanced.php Editor: Remove trailing space from a help text string. 2016-04-05 10:54:29 +00:00
edit-form-comment.php Comments: On the Edit Comment screen do not show the permalink for unapproved comments. 2016-03-10 21:18:27 +00:00
edit-link-form.php Bump H3 headings to H2 on the legacy Link Manager screen for better accessibility. 2015-10-14 17:32:24 +00:00
edit-tag-form.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:30:32 +00:00
edit-tags.php Taxonomy: Introduce wp-admin/term.php for editing single terms. 2016-01-15 08:27:27 +00:00
edit.php Allow searching for 0 throughout the admin. 2016-01-14 20:06:25 +00:00
export.php Export: Add a missing Oxford comma. 2015-12-31 19:33:25 +00:00
freedoms.php 4.5 About Page, second round. 2016-04-10 02:03:29 +00:00
import.php Accessibility: Improve accessibility for the Plugin details modal. 2016-03-10 22:37:26 +00:00
index.php Accessibility: Remove title attributes from the Admin Dashboard. 2016-01-05 14:19:28 +00:00
install-helper.php Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
install.php I18N: Remove <code> tags from translatable strings in wp-admin/install.php. 2016-02-24 01:22:26 +00:00
link-add.php
link-manager.php Allow searching for 0 throughout the admin. 2016-01-14 20:06:25 +00:00
link-parse-opml.php
link.php
load-scripts.php Script Loader: Add Etag: $wp_version header in load-scripts.php and load-styles.php. 2016-01-15 10:23:25 +00:00
load-styles.php CSS: Stop using wp-admin.min.css and instead queue the individual stylesheets up through load-styles.php. 2016-01-18 09:57:29 +00:00
media-new.php media-new.php, when using the browser uploader, if the result of uploading is a WP_Error - wp_die() with the error, instead of redirecting with a generic error. 2015-09-10 17:18:24 +00:00
media-upload.php Provide more helful feedback than just "Cheatin' uh?" for permission errors in wp-admin/media-upload.php. 2015-09-02 16:21:21 +00:00
media.php Media: Change wording for media files which aren't attached. 2016-03-08 17:43:25 +00:00
menu-header.php Docs: Correct grammar when referring to "a URL" vs "an URL" in several places. 2016-03-12 12:39:27 +00:00
menu.php Docs: Add a missing DocBlock for the private _add_themes_utility_last() function. 2016-02-03 20:07:27 +00:00
moderation.php
ms-admin.php
ms-delete-site.php Trim trailing space from string in site delete confirmation 2015-07-01 16:31:25 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective). 2016-02-25 12:53:27 +00:00
nav-menus.php Menus: Support nested array variables in POST data when saving menus. 2016-06-20 19:50:30 +00:00
network.php Network Setup: don't use <code> in translation strings in wp-admin/network files. 2015-09-18 18:18:27 +00:00
options-discussion.php Don't force comment pagination. 2015-10-21 16:26:42 +00:00
options-general.php I18N: Remove <a> tag from translatable string in wp-admin/options-general.php. 2016-02-23 23:28:25 +00:00
options-head.php
options-media.php Remove <code> tag from translatable string in wp-admin/options-media.php. 2015-11-06 00:28:25 +00:00
options-permalink.php Accessibility: Don't mark up "URL" as an abbreviation. 2016-01-01 12:10:26 +00:00
options-reading.php Move ad hoc Options functions to wp-admin/includes/options.php: 2015-09-10 21:45:24 +00:00
options-writing.php Accessibility: Don't mark up "URL" as an abbreviation. 2016-01-01 12:10:26 +00:00
options.php Media: Remove medium_large size from $whitelist_options['media'] in options.php. 2016-05-17 20:40:29 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:32:31 +00:00
plugin-install.php List Tables/WP_Screen: in WP_Screen, add methods to store, retrieve, and render screen reader text, primarily used by list table screens. 2015-10-07 01:28:25 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:32:31 +00:00
post-new.php Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/post-new.php. 2015-09-02 18:36:22 +00:00
post.php Editor: Remove unwanted fields before saving posts. 2018-12-13 01:45:20 +00:00
press-this.php Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/press-this.php. 2015-09-02 18:38:21 +00:00
profile.php
revision.php Revisions: Change the capability needed to view revision diffs to edit_post. 2016-06-21 14:27:33 +00:00
setup-config.php Setup config: Generate the default secret keys & salts from the local CSPRNG if available, falling back to the WordPress.org API and a backup psuedo random source. 2016-03-07 06:32:29 +00:00
term.php Taxonomy: After [36874], rename $term_id to $tag_ID in wp-admin/edit-tag-form.php. 2016-03-11 08:52:29 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:32:31 +00:00
theme-install.php Add Nonce to updating wporg_favorites user meta field 2016-03-30 18:36:26 +00:00
themes.php I18N: Remove <a> tags from translatable strings in wp-admin/themes.php. 2016-02-23 23:39:25 +00:00
tools.php Bump H3 headings to H2 on Tools screen for better accessibility. 2015-08-31 03:32:21 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:40:38 +00:00
update.php Plugins: Don't request all fields via plugins_api( 'plugin_information' ) for plugin installs and update checks. 2015-09-26 15:50:25 +00:00
upgrade-functions.php
upgrade.php Install/Upgrade: Keep indexing bots away until a site is ready to be seen. 2015-12-08 21:56:27 +00:00
upload.php Media: Fix typo introduced in [36887]. 2016-03-14 09:00:28 +00:00
user-edit.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:30:32 +00:00
user-new.php Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 2017-11-29 16:25:07 +00:00
users.php Use admin_url() for "Add New" links in wp-admin/users.php. 2016-03-09 19:09:50 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:44:31 +00:00