Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-15 07:05:37 +01:00
Code Issues Projects Releases Wiki Activity
d07e548037
WordPress/wp-includes/rest-api
History
whyisjake ee92e93f79 Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent  stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize : on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.


Built from https://develop.svn.wordpress.org/branches/5.0@46915


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:52:47 +00:00
..
endpoints Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:52:47 +00:00
fields REST API: Slash existing meta values when comparing with incoming meta upates. 2018-10-17 20:10:25 +00:00
search REST API: Introduce controller for searching across post types. 2018-10-17 17:03:26 +00:00
class-wp-rest-request.php Docs: Replace HTTP links to stackoverflow.com in DocBlocks with HTTPS. 2017-07-30 14:52:44 +00:00
class-wp-rest-response.php Docs: Remove @access notations from method DocBlocks in wp-includes/* classes. 2017-07-27 00:41:44 +00:00
class-wp-rest-server.php REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch(). 2017-12-30 20:49:40 +00:00