WordPress/wp-admin
Sergey Biryukov 94aa7baeb2 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 4.9 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.9@45943


git-svn-id: http://core.svn.wordpress.org/branches/4.9@45754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:29:27 +00:00
..
css Dashboard: Remove the Try Gutenberg callout. 2018-12-13 09:07:26 +00:00
images Customize: Add a RTL version of "browser.png" for the site icon preview. 2016-07-05 11:32:29 +00:00
includes Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:29:27 +00:00
js Dashboard: Remove the Try Gutenberg callout. 2018-12-13 09:07:26 +00:00
maint I18N: Make the translator comment added in [37858] more explicit and consistent with other similar instances. 2016-07-04 13:10:30 +00:00
network General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
user Administration: Ensure the new Privacy Policy screen appears when within the Network Admin and User Admin. 2017-11-06 18:17:54 +00:00
about.php WordPress 4.9.10 2019-03-13 00:58:25 +00:00
admin-ajax.php Dashboard: Remove the Try Gutenberg callout. 2018-12-13 09:07:26 +00:00
admin-footer.php Docs: Remove incorrect @param tags for admin_print_footer_scripts-{$hook_suffix} and admin_footer-{$hook_suffix} dynamic actiona. 2017-01-09 14:38:41 +00:00
admin-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
admin-header.php I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment. 2016-11-21 02:46:30 +00:00
admin-post.php Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective). 2016-02-25 12:53:27 +00:00
admin.php Transients: After [41963], add missing cron task for delete_expired_transients(). 2017-10-24 23:00:47 +00:00
async-upload.php Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:29:27 +00:00
comment.php Accessibility: Remove target=_blank from the comment/edit-comments help tabs links. 2016-10-04 06:54:30 +00:00
credits.php Add Privacy Tools admin page under the Tools menu. 2018-05-02 02:46:25 +00:00
custom-background.php Docs: Remove @access notations from method DocBlocks in wp-admin/* classes. 2017-07-27 00:40:43 +00:00
custom-header.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
customize.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit-comments.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit-form-advanced.php Editor: Disable wp_keep_scroll_position in IE11 since buggy; fix matches polyfill conflict with ME.js by doing runtime feature detection in context window. 2017-11-15 19:00:38 +00:00
edit-form-comment.php Comments: Escape permalink values on edit screen to prevent XSS. 2018-05-21 12:40:26 +00:00
edit-link-form.php Accessibility: Remove inappropriate content from the Link Manager screens headings. 2016-12-07 20:18:46 +00:00
edit-tag-form.php Taxonomy: Introduce a back_to_items taxonomy label. 2017-09-27 14:39:45 +00:00
edit-tags.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
export.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
freedoms.php Add Privacy Tools admin page under the Tools menu. 2018-05-02 02:46:25 +00:00
import.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
index.php Dashboard: Remove the Try Gutenberg callout. 2018-12-13 09:07:26 +00:00
install-helper.php
install.php I18N: Allow numbers in locales during installation. 2017-09-04 19:30:43 +00:00
link-add.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
link-manager.php Accessibility: Remove inappropriate content from the Link Manager screens headings. 2016-12-07 20:18:46 +00:00
link-parse-opml.php General: Check to see that the PHP-XML module is enabled before using XML functions. 2016-10-24 04:45:31 +00:00
link.php Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide. 2016-07-10 00:51:30 +00:00
load-scripts.php Script loader: remove (PHP based) compression from load-styles.php and load-scripts.php. WIth the amount of scripts and stylesheets grown a lot over the years, it has become pretty slow and consumes a lot of server resources. Also, most servers are set to compress PHP output anyway. 2018-09-03 21:17:25 +00:00
load-styles.php Script loader: remove (PHP based) compression from load-styles.php and load-scripts.php. WIth the amount of scripts and stylesheets grown a lot over the years, it has become pretty slow and consumes a lot of server resources. Also, most servers are set to compress PHP output anyway. 2018-09-03 21:17:25 +00:00
media-new.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
media-upload.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
media.php Accessibility: Remove inappropriate content from the old Edit Media screen heading. 2016-12-07 23:30:40 +00:00
menu-header.php Administration: Admin menu: Use aria-current for the current active page. 2017-09-09 14:50:43 +00:00
menu.php Privacy: Replace intrusive policy update notice with menu bubbles. 2018-05-10 20:08:26 +00:00
moderation.php
ms-admin.php
ms-delete-site.php I18N: Unify permission error message in wp-admin/ms-delete-site.php. 2017-10-19 00:48:50 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Users: Remove some links to the dashboard from My Sites for users who cannot access it. 2017-10-09 15:22:46 +00:00
nav-menus.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
network.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
options-discussion.php Privacy: Revert [43525]. 2018-07-24 17:08:26 +00:00
options-general.php Role/Capability: Make install_languages capability check less restrictive. 2018-01-24 22:59:38 +00:00
options-head.php Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs. 2016-05-13 18:41:31 +00:00
options-media.php Media: On Media Settings screen, make the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens. 2018-03-20 22:49:39 +00:00
options-permalink.php Permalinks: Change mention of URI to URL in the description of %category% tag. 2017-10-25 11:11:45 +00:00
options-reading.php Customize: Rename "Static front page" to just "Homepage". 2017-09-10 16:20:44 +00:00
options-writing.php I18N: Remove <code> and <kbd> tags from translatable strings on Settings screens. 2017-10-24 10:51:52 +00:00
options.php Privacy: Revert [43525]. 2018-07-24 17:08:26 +00:00
plugin-editor.php Code Editors: Update copy in warning modals. 2017-10-24 18:47:47 +00:00
plugin-install.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
plugins.php Dashboard: Remove the Try Gutenberg callout. 2018-12-13 09:07:26 +00:00
post-new.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
post.php Editor: Remove unwanted fields before saving posts. 2018-12-13 01:38:25 +00:00
press-this.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
privacy.php Privacy: Improve grammar on Privacy Settings screen. 2018-07-19 20:16:26 +00:00
profile.php
revision.php I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment. 2016-11-21 01:22:32 +00:00
setup-config.php I18N: Replace hardcoded file name in translatable strings in wp-admin/setup-config.php with a placeholder. 2017-10-18 15:27:53 +00:00
term.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
theme-editor.php Theme Editor: Translate the URL to the Child Themes Codex page. 2017-11-27 03:53:40 +00:00
theme-install.php Themes: Improve line wrapping in feature filter on Theme Install screen and in the Customizer. 2018-01-15 19:30:40 +00:00
themes.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
tools.php Privacy: show the privacy policy guide and suggested content on a new page instead of a postbox. Then: 2018-05-09 21:00:28 +00:00
update-core.php Plugins: Tweak the plugin icons added in [41695]. 2017-10-04 23:43:46 +00:00
update.php Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in top window. 2017-10-09 16:04:48 +00:00
upgrade-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
upgrade.php
upload.php Accessibility: Improve the Media Library inline uploader accessibility. 2017-03-31 17:38:43 +00:00
user-edit.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:14:47 +00:00
user-new.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
users.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
widgets.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00