Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-29 15:47:38 +02:00
Code Issues Projects Releases Wiki Activity
c0a0d4ba50
WordPress/wp-includes
History
Boone Gorges c0a0d4ba50 Use stricter sanitization for meta query clause keys. 
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.
Built from https://develop.svn.wordpress.org/trunk@34090


git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:06:24 +00:00
..
certificates
css Grunt RTL CSS: swap-dashicons-left-right-arrows in rtlcss:properties expects double-quoted content strings in CSS. It doesn't swap single-quoted values. 2015-09-10 20:22:25 +00:00
fonts Dashicons: Fix font ID in SVG file. 2015-07-23 10:03:24 +00:00
ID3
images
js Settings, password field: fix placement of the error icon and removal of the error class. 2015-09-12 00:10:25 +00:00
pomo
SimplePie
Text
theme-compat After [33961], pass $comment to get_comment_date() where possible to avoid extra cache/db lookups. 2015-09-11 06:15:24 +00:00
widgets After [33961], pass $comment to get_comment_link() where possible to avoid extra cache/db lookups. 2015-09-11 06:21:25 +00:00
admin-bar.php Fix the summary and parameter description for wp_admin_bar_customize_menu() added in 4.3. 2015-07-13 19:58:25 +00:00
atomlib.php
author-template.php
bookmark-template.php
bookmark.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
cache.php Clarify wp-includes/cache.php docs with some more precise language. 2015-09-10 18:24:24 +00:00
canonical.php Avoid PHP notices in redirect_canonical() and _wp_menu_item_classes_by_context() if $_SERVER['HTTP_HOST'] is not set. 2015-08-28 03:31:20 +00:00
capabilities-functions.php Multisite: Allow users with manage_network_users to edit network users. 2015-09-10 03:34:23 +00:00
capabilities.php Roles: move classes into their own file. capbilities.php loads the new files, so this is 100% BC if someone is loading capbilities.php directly. New files created using svn cp. 2015-08-26 04:58:21 +00:00
category-template.php In wp_list_categories(), 'current_category' should accept an array of values. 2015-08-29 19:46:23 +00:00
category.php
class-feed.php
class-http.php Docs: Add a missing file header for wp-includes/class-http.php. 2015-09-03 03:39:21 +00:00
class-IXR.php
class-json.php
class-oembed.php Space out. 2015-08-31 21:25:21 +00:00
class-phpass.php
class-phpmailer.php Remove debug cruft from [33124]. 2015-07-09 07:56:24 +00:00
class-pop3.php
class-simplepie.php
class-smtp.php Update PHPMailer to 5.2.10 from 5.2.7. 2015-07-08 17:16:25 +00:00
class-snoopy.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
class-walker-comment.php After [33961], pass $comment to get_comment_link() where possible to avoid extra cache/db lookups. 2015-09-11 06:21:25 +00:00
class-wp-admin-bar.php Toolbar: Disambiguate links to the dashboard vs. to the customizer. 2015-07-08 20:03:24 +00:00
class-wp-ajax-response.php
class-wp-comment-query.php Docs: Add a missing file header for wp-includes/class-wp-comment-query.php, introduced in [33750]. 2015-09-04 01:38:24 +00:00
class-wp-comment.php Docs: Add complete file, class, property, and method documentation for the new WP_Comment class, introduced in [33891]. 2015-09-03 19:58:24 +00:00
class-wp-customize-control.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-customize-manager.php Revert [34013] and parts of [33970]. 2015-09-12 20:03:24 +00:00
class-wp-customize-nav-menus.php Customizer: Use existing decoupled strings in Menu Locations section. See [31941] and [31951]. 2015-08-25 21:53:20 +00:00
class-wp-customize-panel.php Customizer: Switch buttons to match the focus order with the visual order. 2015-07-29 22:10:24 +00:00
class-wp-customize-section.php Round 2 of: We should use ellipses … / … instead of three dots/periods ... e.g Loading… not Loading... 2015-09-09 04:39:25 +00:00
class-wp-customize-setting.php Add Customizer docs. 2015-09-05 19:53:24 +00:00
class-wp-customize-widgets.php Customizer: Use hash_equals() for widgets. 2015-08-04 04:51:50 +00:00
class-wp-editor.php Revert [34013] and parts of [33970]. 2015-09-12 20:03:24 +00:00
class-wp-embed.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-error.php
class-wp-http-cookie.php Docs: Add a missing file header to wp-includes/class-wp-http-cookie.php, introduced in [33748]. 2015-09-03 03:19:21 +00:00
class-wp-http-curl.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
class-wp-http-encoding.php Docs: Add a missing file header for wp-includes/class-wp-http-encoding.php, introduced in [33748]. 2015-09-03 03:28:21 +00:00
class-wp-http-ixr-client.php
class-wp-http-proxy.php Docs: Add a missing file header to wp-includes/class-wp-http-proxy.php, introduced in [33748]. 2015-09-03 03:30:21 +00:00
class-wp-http-streams.php Docs: Add a missing file header to wp-includes/class-wp-http-streams.php, introduced in [33748]. 2015-09-03 03:33:21 +00:00
class-wp-image-editor-gd.php
class-wp-image-editor-imagick.php
class-wp-image-editor.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class-wp-meta-query.php Use stricter sanitization for meta query clause keys. 2015-09-12 21:06:24 +00:00
class-wp-post.php Posts: move WP_Post into its own file. post.php loads the new files, so this is 100% BC if someone is loading post.php directly. New files created using svn cp. 2015-08-26 12:40:21 +00:00
class-wp-rewrite.php Rewrite: move WP_Rewrite into its own file. rewrite.php loads the new files, so this is 100% BC if someone is loading rewrite.php directly. New files created using svn cp. 2015-08-26 04:42:20 +00:00
class-wp-role.php Roles: move classes into their own file. capbilities.php loads the new files, so this is 100% BC if someone is loading capbilities.php directly. New files created using svn cp. 2015-08-26 04:58:21 +00:00
class-wp-roles.php Ensure that role is not empty before adding it in add_role() function and methods. 2015-09-09 03:42:25 +00:00
class-wp-tax-query.php Taxonomy: move WP_Tax_Query into its own file. taxonomy.php loads the new files, so this is 100% BC if someone is loading taxonomy.php directly. New files created using svn cp. 2015-08-26 12:49:21 +00:00
class-wp-theme.php WP_Theme has an ad hoc property in WP_MS_Themes_List_Table, $update. This can be set to a default value on the class, as it's not obtained via __get(). 2015-09-09 01:02:24 +00:00
class-wp-user-query.php Docs: Add a missing file header for wp-includes/class-wp-user-query.php, introduced in [33749]. 2015-09-04 01:26:25 +00:00
class-wp-user.php Ensure that role is not empty before adding it in add_role() function and methods. 2015-09-09 03:42:25 +00:00
class-wp-walker.php Docs: Add a missing summary to the DocBlock for Walker::get_number_of_root_elements(). 2015-09-02 19:51:21 +00:00
class-wp-widget-factory.php Docs: Clarify the file header summary for class-wp-widget-factory.php, introduced in [33746]. 2015-09-03 02:54:22 +00:00
class-wp-widget.php Docs: Improve the file header for class-wp-widget.php to describe what the file contains. 2015-09-03 02:50:21 +00:00
class-wp-xmlrpc-server.php Introduce WP_Comment class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity. 2015-09-03 18:17:24 +00:00
class-wp.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class.wp-dependencies.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
class.wp-scripts.php
class.wp-styles.php Add a missing $html parameter variable in the hook docs for the style_loader_tag filter. 2015-07-13 21:03:24 +00:00
comment-functions.php In WP_Comments_List_Table, favor passing WP_Comment instances instead of $comment_ID to template functions. This allows us to bypass unnecessary cache lookups and simply pass the object through when it is set. 2015-09-09 03:00:24 +00:00
comment-template.php Comments: get_comments_link() should return a link with #respond as the hash instead of #comments if get_comments_number() returns 0. 2015-09-12 07:36:25 +00:00
comment.php Walker_Comment should be in its own file. Loaded now via wp-includes/comment.php, which makes it 100% BC. 2015-09-09 02:41:24 +00:00
compat.php
cron.php Document @return value for wp_unschedule_event(). 2015-09-11 11:35:24 +00:00
date.php Simplify the weeks-per-year calculation WP_Date_Query::validate_date_values(). 2015-08-29 01:47:21 +00:00
default-constants.php After [33698], wrap the time constants in a DocBlock template. 2015-08-25 21:21:21 +00:00
default-filters.php Term splitting routine should be run in a separate process, triggered via wp-cron. 2015-08-14 03:59:26 +00:00
default-widgets.php Move widget classes to their own files in wp-includes/widgets: 2015-09-01 13:49:21 +00:00
deprecated.php Deprecate wp_get_http() - function isn't used anywhere (apart from itself). 2015-09-09 04:26:25 +00:00
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss2-comments.php Feeds: Revert [32765] because of objections raised in #4575. 2015-07-15 19:58:24 +00:00
feed-rss2.php Feeds: Revert [32765] because of objections raised in #4575. 2015-07-15 19:58:24 +00:00
feed-rss.php
feed.php Comments: comment_link() currently takes no arguments, yet get_comment_link() does. Allow comment_link() to optionally take the same arguments. 2015-09-12 03:16:23 +00:00
formatting.php Formatting: maintain the content of HTML comments when they contain <object> tags. Add more tests for wpaitop(). 2015-09-08 22:55:24 +00:00
functions.php Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types. 2015-09-11 21:08:26 +00:00
functions.wp-scripts.php
functions.wp-styles.php
general-template.php Remove the 'Site Admin' link from the Meta widget if the user doesn't have access to the admin area. 2015-09-05 23:25:24 +00:00
http-functions.php Docs: Clarify the file header summary for wp-includes/http-functions.php, introduced in [33748]. 2015-09-03 03:37:20 +00:00
http.php Docs: Add inline DocBlocks for the require_once() calls that now bring in top-level HTTP API functionality and HTTP API classes. 2015-09-03 04:36:30 +00:00
kses.php Allow these CSS properties in KSES: min-height', 'max-height', 'min-width', 'max-width' 2015-08-25 21:46:20 +00:00
l10n.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
link-template.php Remove extraneous table join in get_adjacent_post(). 2015-09-12 20:34:24 +00:00
load.php Favicon: Do not specify a Content-Length: 0 header for our "empty" response to fail more gracefully on environments with extra whitespace on output. 2015-09-07 02:18:26 +00:00
locale.php Use _x() instead of string hacks for weekday and month abbreviations. 2015-09-11 15:36:25 +00:00
media-template.php After [34048], restore the else statement for h (height of video) in wp_underscore_video_template(). 2015-09-11 18:30:26 +00:00
media.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
meta-functions.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
meta.php Meta: move WP_Meta_Query into its own file. meta.php loads the new files, so this is 100% BC if someone is loading meta.php directly. New files created using svn cp. 2015-08-26 13:02:21 +00:00
ms-blogs.php
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php Docs: Standardize @deprecated tag formatting and add missing summaries to deprecated functions in wp-includes/ms-deprecated.php. 2015-08-20 22:36:25 +00:00
ms-files.php
ms-functions.php Multisite: Don't allow sites to be created with the following reserved slugs: wp-admin, wp-content, wp-includes 2015-09-08 19:32:24 +00:00
ms-load.php Multisite: Correct ms_not_installed() @since version for new parameters 2015-09-10 16:21:26 +00:00
ms-settings.php Multisite: Add action to handle network not found 2015-09-10 05:06:24 +00:00
nav-menu-template.php Avoid PHP notices in redirect_canonical() and _wp_menu_item_classes_by_context() if $_SERVER['HTTP_HOST'] is not set. 2015-08-28 03:31:20 +00:00
nav-menu.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
option.php Update the length limit in set_transient() docs after [34030]. 2015-09-11 15:10:27 +00:00
pluggable-deprecated.php Docs: Standardize @deprecated tag formatting for deprecated functions in wp-includes/pluggable-deprecated.php. 2015-08-20 22:15:25 +00:00
pluggable.php Users: Import the global var $wp_hasher in wp_new_user_notification(). 2015-09-11 19:10:26 +00:00
plugin.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-formats.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
post-functions.php In wp_insert_post(), when setting $post_author, use isset() instead of ! empty() to allow 0 to be passed as the value for $post_author. 2015-09-12 18:54:25 +00:00
post-template.php In wp_get_attachment_link(), accept an id or WP_Post as the first parameter. 2015-08-20 20:32:26 +00:00
post-thumbnail-template.php
post.php Posts: move WP_Post into its own file. post.php loads the new files, so this is 100% BC if someone is loading post.php directly. New files created using svn cp. 2015-08-26 12:40:21 +00:00
query.php Use stricter sanitization for meta query clause keys. 2015-09-12 21:06:24 +00:00
registration-functions.php
registration.php
revision.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
rewrite-constants.php Docs: Clarify the file header summary for wp-includes/rewrite-constants.php, introduced in [33751]. 2015-09-04 01:52:24 +00:00
rewrite-functions.php Rewrite: move WP_Rewrite into its own file. rewrite.php loads the new files, so this is 100% BC if someone is loading rewrite.php directly. New files created using svn cp. 2015-08-26 04:42:20 +00:00
rewrite.php Rewrite: move WP_Rewrite into its own file. rewrite.php loads the new files, so this is 100% BC if someone is loading rewrite.php directly. New files created using svn cp. 2015-08-26 04:42:20 +00:00
rss-functions.php
rss.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
script-loader.php Revert [34013] and parts of [33970]. 2015-09-12 20:03:24 +00:00
session.php
shortcodes.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
taxonomy-functions.php Docs: Fix DocBlock formatting for wp_insert_term(). 2015-09-11 18:48:24 +00:00
taxonomy.php Taxonomy: move WP_Tax_Query into its own file. taxonomy.php loads the new files, so this is 100% BC if someone is loading taxonomy.php directly. New files created using svn cp. 2015-08-26 12:49:21 +00:00
template-loader.php
template.php Docs: Update the DocBlock descriptions for a variety of template functions to better reflect that the dynamic $type_template hook can be used to filter the template path. 2015-07-14 22:27:24 +00:00
theme.php Flush rewrite rules upon theme switch 2015-09-10 23:50:24 +00:00
update.php Add missing doc blocks to update.php: 2015-05-28 15:29:28 +00:00
user-functions.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
user.php Docs: Clarify the file header summary for wp-includes/user.php, the top-level file for the core Users API. 2015-09-04 01:33:24 +00:00
vars.php Introduce a new $is_edge global for the Microsoft Edge browser. 2015-09-05 22:33:23 +00:00
version.php Use stricter sanitization for meta query clause keys. 2015-09-12 21:06:24 +00:00
widget-functions.php After [33843], update the location of some files in This filter is documented in docs 2015-09-08 22:17:26 +00:00
widgets.php Docs: Clarify the file header summary for wp-includes/widgets.php, the top-level file for the core Widgets API. 2015-09-03 03:14:20 +00:00
wlwmanifest.xml
wp-db.php In wpdb::get_col_length(), the final return false is unreachable since the default switch case returns. 2015-09-09 00:48:26 +00:00
wp-diff.php