WordPress/wp-includes
Konstantin Obenland c9a29b0123 Check for all required caps before (un)sticking a post.
In cases where a user has the `edit_others_posts` capability but not
`publish_posts`, it was possible for that user to unstick a post after editing,
since the input field was never made available in that context.

Props ericmann, chriscct7.
Fixes #24153.


Built from https://develop.svn.wordpress.org/trunk@33096


git-svn-id: http://core.svn.wordpress.org/trunk@33067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-06 22:41:25 +00:00
..
certificates
css Toolbar: Allow submenus to be closed with a second tap on touch devices. 2015-07-03 03:29:25 +00:00
fonts
ID3 Update getID3 to 1.9.9 2015-06-28 00:17:25 +00:00
images Smilies: Update our few remaining smilies to better align with Twemoji, and add frownie.png until Twemoji provide a build containing it. 2015-04-10 06:20:26 +00:00
js In wp.media.model.Attachments.filters.type(), return true earlier if type isn't set. 2015-07-06 15:34:26 +00:00
pomo Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
SimplePie
Text Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
theme-compat Don't capitalize words in a sentence after comma. 2015-07-04 00:50:25 +00:00
admin-bar.php Correct the title used on the user dashboard. 2015-06-24 00:37:28 +00:00
atomlib.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
author-template.php Pass the original $user_id variable to the filter in get_the_author_meta(). 2015-05-25 13:06:25 +00:00
bookmark-template.php Sanitize the class passed to wp_list_bookmarks() and allow passing an array. 2015-06-22 20:55:28 +00:00
bookmark.php In bookmark.php, clarify some return docs. 2015-05-21 20:13:25 +00:00
cache.php Add/standardize missing doc blocks for cache.php. 2015-05-22 04:24:26 +00:00
canonical.php Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it. 2015-05-24 05:40:25 +00:00
capabilities.php Ensure the create_users capability check checks the super admin status of the user in question, rather than the current user. 2015-06-17 00:03:27 +00:00
category-template.php Introduce 'wp_generate_tag_cloud_data' filter. 2015-06-29 14:16:26 +00:00
category.php Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it. 2015-05-24 05:40:25 +00:00
class-feed.php After [32656], add @access annotations to methods that have no doc block in wp-includes/*. 2015-05-29 21:37:24 +00:00
class-http.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
class-IXR.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
class-json.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
class-oembed.php YouTube oEmbed parsing: support the m subdomain. 2015-06-24 21:06:26 +00:00
class-phpass.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
class-phpmailer.php
class-pop3.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
class-simplepie.php
class-smtp.php
class-snoopy.php
class-wp-admin-bar.php After [32656], add @access annotations to methods that have no doc block in wp-includes/*. 2015-05-29 21:37:24 +00:00
class-wp-ajax-response.php
class-wp-customize-control.php Merge two class attributes in WP_Customize_Media_Control::content_template() and wp_print_media_templates(). 2015-07-06 14:19:26 +00:00
class-wp-customize-manager.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
class-wp-customize-nav-menus.php Customizer: Register controls and settings for nav_menu_locations even when there are no menus yet. 2015-07-06 19:13:25 +00:00
class-wp-customize-panel.php ob_get_contents() followed by ob_end_clean() can be replaced by ob_get_clean(). 2015-06-27 01:12:24 +00:00
class-wp-customize-section.php Customizer: Remove HTML tags from two translatable strings. 2015-07-03 22:29:25 +00:00
class-wp-customize-setting.php Customizer: Fix saving menus with empty names or names that are already used. 2015-07-03 20:47:25 +00:00
class-wp-customize-widgets.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
class-wp-editor.php Make "Preformatted" string in TinyMCE translatable. 2015-07-02 12:01:24 +00:00
class-wp-embed.php When calling unset(), it is unnecessary to immediately precede it with a call to isset(). 2015-05-22 05:47:25 +00:00
class-wp-error.php Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it. 2015-05-24 05:40:25 +00:00
class-wp-http-ixr-client.php Add missing doc blocks to wp-image-editor*.php. 2015-05-22 06:18:25 +00:00
class-wp-image-editor-gd.php Replace @returns with @return in PHP docblocks. 2015-07-02 21:05:24 +00:00
class-wp-image-editor-imagick.php Replace @returns with @return in PHP docblocks. 2015-07-02 21:05:24 +00:00
class-wp-image-editor.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
class-wp-theme.php Add @static* annotations where they are missing. 2015-05-29 15:43:29 +00:00
class-wp-walker.php Cleanup missing doc blocks for class-wp-walker.php. 2015-05-22 17:59:25 +00:00
class-wp-xmlrpc-server.php Use get_default_comment_status() globally. 2015-07-02 22:32:25 +00:00
class-wp.php Parse request: Quote regular expression characters in home path. 2015-06-08 13:29:26 +00:00
class.wp-dependencies.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
class.wp-scripts.php After [32656], add @access annotations to methods that have no doc block in wp-includes/*. 2015-05-29 21:37:24 +00:00
class.wp-styles.php Pass stylesheet URL as an argument to 'style_loader_tag' filter. 2015-06-21 19:35:26 +00:00
comment-template.php Restore rel='nofollow' for comment reply links to reduce extra crawling by search engines. 2015-07-02 11:09:25 +00:00
comment.php Allow 'comment_agent' and 'comment_author_IP' to be set via wp_new_comment(). 2015-07-01 12:08:25 +00:00
compat.php Add doc blocks to functions that are missing them. 2015-05-31 03:18:25 +00:00
cron.php Fix inline documentation syntax in wp_xmlrpc_server. 2015-05-25 06:25:25 +00:00
date.php Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:29:32 +00:00
default-constants.php New password change/set UI. 2015-07-01 14:48:24 +00:00
default-filters.php Revert [33038] because of objections raised on #22889 and #31590 2015-07-02 00:47:24 +00:00
default-widgets.php Add a label to the content field in the Text Widget for screen readers. 2015-06-22 21:22:26 +00:00
deprecated.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
feed-atom-comments.php if is a statment, not a function. 2015-06-16 20:01:25 +00:00
feed-atom.php
feed-rdf.php
feed-rss2-comments.php Improve lastBuildDate timestamp in rss feeds 2015-06-14 18:37:24 +00:00
feed-rss2.php Improve lastBuildDate timestamp in rss feeds 2015-06-14 18:37:24 +00:00
feed-rss.php Serve RSS feeds with the proper mime-type: application/rss+xml. The reason for hacking around browsers by using text/xml appears to no longer be relevant. 2015-05-09 06:39:24 +00:00
feed.php Introducing Site Icon, favicon management for WordPress. 2015-06-29 12:58:25 +00:00
formatting.php Don't strip newline in esc_url() when protocol is mailto: 2015-07-03 14:28:23 +00:00
functions.php Add Deprecated Constructor Function 2015-06-28 14:56:24 +00:00
functions.wp-scripts.php After [32596] and [32597], ensure that wp_scripts|styles() is called to ensure an instance is created of WP_Scripts|Styles() before calling ->do_items(). 2015-06-12 16:54:24 +00:00
functions.wp-styles.php After [32596] and [32597], ensure that wp_scripts|styles() is called to ensure an instance is created of WP_Scripts|Styles() before calling ->do_items(). 2015-06-12 16:54:24 +00:00
general-template.php Introducing Site Icon, favicon management for WordPress. 2015-06-29 12:58:25 +00:00
http.php Add @static* annotations where they are missing. 2015-05-29 15:43:29 +00:00
kses.php Don't strip \0 (backslash+zero) from post content for users without "unfiltered_html" 2015-06-19 18:47:27 +00:00
l10n.php l10n: Update wp_get_installed_translations() to support variants of a language. 2015-07-01 15:43:24 +00:00
link-template.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
load.php Add missing doc blocks to load.php 2015-05-26 18:53:27 +00:00
locale.php Make WP_Locale::rtl_src_admin_notice() translatable. 2015-06-30 20:21:24 +00:00
media-template.php Merge two class attributes in WP_Customize_Media_Control::content_template() and wp_print_media_templates(). 2015-07-06 14:19:26 +00:00
media.php wp_audio|video_shortcode() doesn't allow you to pass id, the docs shall reflect that. 2015-07-01 15:01:26 +00:00
meta.php Avoid returning duplicate matches when using a meta query in WP_User_Query. 2015-06-09 17:42:28 +00:00
ms-blogs.php Fix doc blocks for ms-*.php files. 2015-05-26 21:51:31 +00:00
ms-default-constants.php Fix doc blocks for ms-*.php files. 2015-05-26 21:51:31 +00:00
ms-default-filters.php Fix doc blocks for ms-*.php files. 2015-05-26 21:51:31 +00:00
ms-deprecated.php $status shouldn't be loosely compared to true in wp_xmlrpc_server::wp_deleteComment(). 2015-06-12 17:48:26 +00:00
ms-files.php if is a statment, not a function. 2015-06-16 20:01:25 +00:00
ms-functions.php Usernames in multisite should be restricted to 60 characters or fewer. 2015-07-04 05:53:24 +00:00
ms-load.php Fix doc blocks for ms-*.php files. 2015-05-26 21:51:31 +00:00
ms-settings.php
nav-menu-template.php Customizer: Avoid PHP notices after [32806]. 2015-07-01 19:08:24 +00:00
nav-menu.php Customizer: Improve handling of posts with no title. 2015-06-20 19:50:26 +00:00
option.php In get_site_option() and get_option(), ensure that $notoptions is an array before writing to it. Prevents a flood of Cannot use a scalar value as an array, because $notoptions is otherwise set to the result of wp_cache_get(), which returns mixed. 2015-06-25 19:01:26 +00:00
pluggable-deprecated.php
pluggable.php New password change/set UI. 2015-07-01 14:48:24 +00:00
plugin.php For doc block types, favor bool over the few remaining booleans 2015-06-27 01:03:25 +00:00
post-formats.php Add missing doc blocks to post-formats.php. 2015-05-27 16:06:25 +00:00
post-template.php Customizer: Improve handling of posts with no title. 2015-06-20 19:50:26 +00:00
post-thumbnail-template.php Add missing doc blocks to post-thumbnail-template.php. 2015-05-27 16:29:28 +00:00
post.php Use get_default_comment_status() globally. 2015-07-02 22:32:25 +00:00
query.php In WP_Query::parse_tax_query(), allow taxonomy querystring to be formatted as an array. 2015-07-06 20:37:24 +00:00
registration-functions.php
registration.php
revision.php if is a statment, not a function. 2015-06-16 20:01:25 +00:00
rewrite.php WP_Rewrite::add_rule() should strictly check against false when using strpos(). 2015-06-25 16:56:25 +00:00
rss-functions.php
rss.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
script-loader.php New password change/set UI. 2015-07-01 14:48:24 +00:00
session.php
shortcodes.php Check is_callable() in do_shortcode_tag(), not add_shortcode(). 2015-06-19 21:33:25 +00:00
taxonomy.php Don't allow $field param to be passed to get_term_link(). 2015-07-01 12:54:25 +00:00
template-loader.php Add singular.php to template hierarchy 2015-06-18 19:01:26 +00:00
template.php Add singular.php to template hierarchy 2015-06-18 19:01:26 +00:00
theme.php Provide alt text for uploaded header images. 2015-06-29 21:32:26 +00:00
update.php Add missing doc blocks to update.php: 2015-05-28 15:29:28 +00:00
user.php New password change/set UI. 2015-07-01 14:48:24 +00:00
vars.php Some doc blocks should use bool instead of true|false 2015-06-27 00:45:24 +00:00
version.php Check for all required caps before (un)sticking a post. 2015-07-06 22:41:25 +00:00
widgets.php Deprecate php4 style constructors 2015-06-28 15:27:24 +00:00
wlwmanifest.xml
wp-db.php Enable utf8mb4 for MySQL extension users. Previously utf8mb4 was limited to MySQLi users only unintentionally. 2015-07-03 03:26:24 +00:00
wp-diff.php Add a missing description for the $_diff_threshold property in the WP_Text_Diff_Renderer_Table class. 2015-01-29 11:36:22 +00:00