Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-23 21:34:57 +02:00
Code Issues Projects Releases Wiki Activity
6ee378fa7a
WordPress/wp-includes/rest-api
History
whyisjake e391320b73 Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent  stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize : on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.

Built from https://develop.svn.wordpress.org/branches/5.1@46907


git-svn-id: http://core.svn.wordpress.org/branches/5.1@46707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:37:53 +00:00
..
endpoints Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:37:53 +00:00
fields REST API: Slash existing meta values when comparing with incoming meta upates. 2018-12-13 16:30:37 +00:00
search REST API: Introduce rest_post_search_query filter. 2019-01-08 21:45:48 +00:00
class-wp-rest-request.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-rest-response.php Docs: Correct and improve various inline documentation. 2018-08-27 14:28:26 +00:00
class-wp-rest-server.php Docs: Correct and improve various inline documentation. 2018-08-27 14:28:26 +00:00