WordPress/wp-admin
Sergey Biryukov 2a4ac1ce68 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 4.6 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.6@45948


git-svn-id: http://core.svn.wordpress.org/branches/4.6@45759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:36:24 +00:00
..
css About Page: Updates for 4.6. 2016-08-10 23:57:30 +00:00
images Customize: Add a RTL version of "browser.png" for the site icon preview. 2016-07-05 11:32:29 +00:00
includes Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:36:24 +00:00
js Add nonce for updating file system credentials. 2017-05-16 14:53:33 +00:00
maint I18N: Make the translator comment added in [37858] more explicit and consistent with other similar instances. 2016-07-04 13:10:30 +00:00
network Network Admin: Replace "Options saved." notice with "Settings saved.". 2016-07-04 22:01:27 +00:00
user Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
about.php WordPress 4.6.14 2019-03-13 01:18:21 +00:00
admin-ajax.php TinyMCE, inline link: 2016-07-26 23:24:28 +00:00
admin-footer.php Docs: Improve usefulness of DocBlocks for ajax-actions.php functions introduced in 4.6. 2016-07-09 13:23:30 +00:00
admin-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
admin-header.php Docs: Standardize DocBlock summaries for hooks that serve to "print" something to use third-person singular verbs. 2016-05-25 16:05:27 +00:00
admin-post.php Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective). 2016-02-25 12:53:27 +00:00
admin.php Bootstrap: Enhance core's memory limit handling. 2016-07-08 14:37:30 +00:00
async-upload.php Escape the output in wp_ajax_upload_attachment(). 2019-09-04 16:36:24 +00:00
comment.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
credits.php About Page: Updates for 4.6. 2016-08-10 23:57:30 +00:00
custom-background.php Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide. 2016-07-10 00:51:30 +00:00
custom-header.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
customize.php Customize: Ignore invalid customization sessions. 2017-05-16 12:15:34 +00:00
edit-comments.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
edit-form-advanced.php Docs: Standardize references to "meta box" or "meta boxes" as two distinct words throughout core documentation per the core spelling guide. 2016-07-10 00:56:28 +00:00
edit-form-comment.php DOCS: Replace HTTP links with HTTPS. 2016-06-10 04:50:33 +00:00
edit-link-form.php Bump H3 headings to H2 on the legacy Link Manager screen for better accessibility. 2015-10-14 17:32:24 +00:00
edit-tag-form.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:28:32 +00:00
edit-tags.php Text Changes: Add a full stop to "Invalid taxonomy" and "Invalid term ID" strings, for consistency with similar post-related messages. 2016-07-17 16:15:34 +00:00
edit.php I18N: Combine two duplicate "Invalid post type" strings. 2016-07-17 16:05:31 +00:00
export.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
freedoms.php About Page: Updates for 4.6. 2016-08-10 23:57:30 +00:00
import.php Import: Enhance accessibility on the Import screen. 2016-07-17 15:32:30 +00:00
index.php Update/Install: Fix plugin updates from the details modal on the Dashboard. 2016-07-05 15:37:28 +00:00
install-helper.php Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places. 2015-10-14 23:44:25 +00:00
install.php I18N: Remove <code> tags from translatable strings in wp-admin/install.php. 2016-02-24 01:22:26 +00:00
link-add.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
link-manager.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
link-parse-opml.php Add @global annotations for wp-admin/*. 2015-05-28 21:41:30 +00:00
link.php Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide. 2016-07-10 00:51:30 +00:00
load-scripts.php Bootstrap/Load: Allow for ABSPATH to be defined outside of wp-load.php, e.g. in a script loaded via auto_prepend_file. 2016-04-14 17:53:28 +00:00
load-styles.php Bootstrap/Load: Allow for ABSPATH to be defined outside of wp-load.php, e.g. in a script loaded via auto_prepend_file. 2016-04-14 17:53:28 +00:00
media-new.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
media-upload.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
media.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
menu-header.php Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
menu.php Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs. 2016-05-13 18:41:31 +00:00
moderation.php
ms-admin.php
ms-delete-site.php Multisite: Use hash_equals() when comparing hashes to mitigate timing attacks. 2016-07-10 19:43:28 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
nav-menus.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
network.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
options-discussion.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
options-general.php Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email. 2016-07-07 17:13:27 +00:00
options-head.php Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs. 2016-05-13 18:41:31 +00:00
options-media.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
options-permalink.php Permalinks: Rename $usingpi to $using_index_permalinks for clarity. 2016-07-16 12:46:29 +00:00
options-reading.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
options-writing.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
options.php Multisite: Use hash_equals() when comparing hashes to mitigate timing attacks. 2016-07-10 19:43:28 +00:00
plugin-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:22:34 +00:00
plugin-install.php Plugins: Use install_plugins_upload action to print the upload form. 2016-07-31 18:11:29 +00:00
plugins.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:22:34 +00:00
post-new.php I18N: Combine two duplicate "Invalid post type" strings. 2016-07-17 16:05:31 +00:00
post.php Editor: Remove unwanted fields before saving posts. 2018-12-13 01:43:21 +00:00
press-this.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
profile.php
revision.php Revisions: Allow autosaves to be restored when revisions are disabled. 2016-07-08 01:16:31 +00:00
setup-config.php Setup: Sanity check for invalid table prefixes. 2016-05-27 01:54:28 +00:00
term.php On term.php, use $taxnow when fetching currently edited term. 2016-07-16 18:37:30 +00:00
theme-editor.php General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 2017-09-19 10:22:34 +00:00
theme-install.php I18N: After [38057], consistently use a context for other instances of Activate %s, Network Activate %s, and Delete %s strings. 2016-07-16 23:20:29 +00:00
themes.php I18N: After [38057], consistently use a context for other instances of Activate %s, Network Activate %s, and Delete %s strings. 2016-07-16 23:20:29 +00:00
tools.php Bump H3 headings to H2 on Tools screen for better accessibility. 2015-08-31 03:32:21 +00:00
update-core.php Updates: Translate plugin data on the Updates screen. 2017-01-11 11:40:06 +00:00
update.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
upgrade-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
upgrade.php Install/Upgrade: Keep indexing bots away until a site is ready to be seen. 2015-12-08 21:56:27 +00:00
upload.php Text Changes: Remove duplicate string, use the one we already have. 2016-07-04 21:48:28 +00:00
user-edit.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:28:32 +00:00
user-new.php Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 2017-11-29 16:21:34 +00:00
users.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
widgets.php Add nonce for widget accessibility mode. 2017-01-11 01:43:35 +00:00