Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-27 14:53:08 +02:00
Code Issues Projects Releases Wiki Activity
7bfe4a912f
WordPress/wp-includes
History
Sergey Biryukov 7bfe4a912f Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.2 branch.

Props: xknown, nickdaugherty, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/4.2@46910


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:41:21 +00:00
..
certificates
css WordPress 4.2 2015-04-23 16:26:10 +00:00
fonts
ID3
images Smilies: Update our few remaining smilies to better align with Twemoji, and add frownie.png until Twemoji provide a build containing it. 2015-04-10 06:20:26 +00:00
js Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
pomo Replace array_shift() with reset() where appropriate for performance. 2015-03-19 03:56:27 +00:00
SimplePie
Text
theme-compat Theme Compat: Make string translatable and add translator comments. Added in [31941]. 2015-04-08 18:15:28 +00:00
admin-bar.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
atomlib.php
author-template.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
bookmark-template.php
bookmark.php
cache.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
canonical.php If the URL being visited has non-breaking spaces at the end of it, they were probably inserted by an errant URL copy/paste. Instead of showing a 404 for no obvious reason, let's just trim them. 2015-03-20 01:02:28 +00:00
capabilities.php Capabilities: Fall back to the edit_posts capability for orphaned comments. 2015-09-09 06:01:28 +00:00
category-template.php Fix description alignment for the category_css_class filter docs. 2015-04-05 14:49:27 +00:00
category.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
class-feed.php
class-http.php self should be used for accessing local static members. 2015-03-09 02:22:26 +00:00
class-IXR.php
class-json.php
class-oembed.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
class-phpass.php
class-phpmailer.php Update PHPMailer to 5.2.22. 2017-01-11 05:25:28 +00:00
class-pop3.php
class-simplepie.php
class-smtp.php Update PHPMailer to 5.2.22. 2017-01-11 05:25:28 +00:00
class-snoopy.php Snoopy: use escapeshellarg instead of escapeshellcmd 2016-03-30 14:08:28 +00:00
class-wp-admin-bar.php Accessibility: Add landmark roles to WordPress admin areas. 2015-04-01 13:17:27 +00:00
class-wp-ajax-response.php
class-wp-customize-control.php Theme Switcher: Provide an easier way to reset back to the current active theme. 2015-04-22 16:15:27 +00:00
class-wp-customize-manager.php Customize: Ignore invalid customization sessions. 2017-05-16 12:19:29 +00:00
class-wp-customize-panel.php Add a missing file header to wp-includes/class-wp-customize-panel.php, separate out the class DocBlock for WP_Customize_Panel. 2015-02-25 08:09:25 +00:00
class-wp-customize-section.php Customizer Theme Switcher: Use text input for the search field to prevent double tap issues for Preview and Customize buttons on iOS. 2015-04-14 17:45:27 +00:00
class-wp-customize-setting.php Add missing @access tags to two DocBlocks in WP_Customize_Setting. 2015-04-05 15:17:27 +00:00
class-wp-customize-widgets.php Customizer: Use hash_equals() for widgets. 2015-08-04 04:52:16 +00:00
class-wp-editor.php Remove some old backwards compatilibity code from TinyMCE. 2015-04-20 05:50:27 +00:00
class-wp-embed.php Backport r33469 and r33470 to 4.2. 2015-07-30 19:41:27 +00:00
class-wp-error.php
class-wp-http-ixr-client.php
class-wp-image-editor-gd.php In the ->multi_resize() method of the WP_Image_Editor subclasses, when looping through potential crops, we need to make sure the crop isn't the exact same dimensions as the original image before copying it as a new crop. 2015-02-27 19:38:27 +00:00
class-wp-image-editor-imagick.php In the ->multi_resize() method of the WP_Image_Editor subclasses, when looping through potential crops, we need to make sure the crop isn't the exact same dimensions as the original image before copying it as a new crop. 2015-02-27 19:38:27 +00:00
class-wp-image-editor.php
class-wp-theme.php Themes: Fix markup for theme name fallbacks. 2017-01-11 11:11:56 +00:00
class-wp-walker.php
class-wp-xmlrpc-server.php Adjust post meta checks 2017-05-16 08:52:55 +00:00
class-wp.php Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
class.wp-dependencies.php
class.wp-scripts.php Revert [31030] and [31033]. Incidentally, there is no lazy-loading happening here anyway. 2015-04-14 15:13:28 +00:00
class.wp-styles.php
comment-template.php In comment_form(), ensure that filtered arguments contain all required default values. 2015-07-17 06:14:26 +00:00
comment.php WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion. 2015-05-06 03:30:30 +00:00
compat.php WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion. 2015-05-06 03:30:30 +00:00
cron.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
date.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
default-constants.php
default-filters.php Clean up wp_staticize_emoji() and friends. 2015-04-20 04:15:26 +00:00
default-widgets.php Nav menus: Consistent titles in widgets. 2015-08-03 20:57:42 +00:00
deprecated.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss2-comments.php
feed-rss2.php
feed-rss.php
feed.php Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 2017-11-29 16:34:32 +00:00
formatting.php Media: Improve handling of extensionless filenames. 2016-06-21 14:56:48 +00:00
functions.php Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
functions.wp-scripts.php Revert [31030] and [31033]. Incidentally, there is no lazy-loading happening here anyway. 2015-04-14 15:13:28 +00:00
functions.wp-styles.php Add a missing return description for wp_styles(). 2015-04-05 15:56:26 +00:00
general-template.php Multisite: Improve messaging for previously activated users. 2018-12-13 00:56:19 +00:00
http.php Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
kses.php Update wp_kses_bad_protocol() to recognize : on uri attributes, 2019-12-12 18:41:21 +00:00
l10n.php Don't blindly trust the output of glob() to be an array. 2015-07-29 06:53:28 +00:00
link-template.php Press This: check the bookmarklet version and add the update notice from PHP. 2015-04-10 21:08:29 +00:00
load.php
locale.php
media-template.php Revert editing of video embed parameters in the media modal, [31620] and [31626] for now. Plan on revisiting in 4.3. 2015-04-21 22:41:26 +00:00
media.php Embeds: URL encode YouTube video IDs for broader compatibility. 2017-03-06 12:07:35 +00:00
meta.php Add a missing @access tag to the DocBlock for the WP_Meta_Query->$clauses property. 2015-04-05 16:11:27 +00:00
ms-blogs.php
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php Multisite: Validate activation links. 2018-12-13 01:51:37 +00:00
ms-files.php
ms-functions.php Multisite: Use wp_rand() in signup key creation. 2017-01-11 05:34:56 +00:00
ms-load.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
ms-settings.php
nav-menu-template.php
nav-menu.php Nav menus: Return to calling links "Custom Links". 2015-03-12 06:15:27 +00:00
option.php Allow $autoload setting to be changed for existing options using update_option(). 2015-03-06 13:57:26 +00:00
pluggable-deprecated.php
pluggable.php Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
plugin.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
post-formats.php Replace array_shift() with reset() where appropriate for performance. 2015-03-19 03:56:27 +00:00
post-template.php Remove _convert_urlencoded_to_entities() from the get_the_content() callback. 2019-09-04 16:43:20 +00:00
post-thumbnail-template.php Adjust DocBlocks for get_|the_post_thumbnail() to clarify the difference between the 'thumbnail' and 'post-thumbnail' image sizes. 2015-03-20 19:57:26 +00:00
post.php Media: Limit thumbnail file deletions to the same directory as the original file. 2018-07-05 15:06:23 +00:00
query.php Backporting several bug fixes. 2019-10-14 19:15:22 +00:00
registration-functions.php
registration.php
revision.php
rewrite.php When shifting WP_Rewrite::flush_rules() to a later action if it was called too early, make sure to do a hard flush if requested. 2015-04-01 19:06:29 +00:00
rss-functions.php
rss.php
script-loader.php TinyMCE: Improve the previews for shortcodes. 2017-09-19 12:44:31 +00:00
session.php
shortcodes.php Shortcodes: don't allow unclosed HTML elements in attributes 2015-09-14 22:48:27 +00:00
taxonomy.php Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 2016-03-30 17:29:28 +00:00
template-loader.php
template.php
theme.php Themes: Fix some broken links in the legacy theme preview. 2015-08-04 04:56:47 +00:00
update.php Background Updates: Remove the 7am/7pm background update check. 2016-01-06 13:24:33 +00:00
user.php Ensure that 'who' param is respected when generating meta_query in WP_User_Query. 2015-04-20 15:16:27 +00:00
vars.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
version.php WordPress 4.2.25. 2019-10-14 20:15:21 +00:00
widgets.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
wlwmanifest.xml
wp-db.php WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 2017-11-27 01:12:56 +00:00
wp-diff.php