mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-29 10:38:22 +01:00
Code Issues Actions 23 Packages Projects Releases Wiki Activity
35,004 Commits 50 Branches 750 Tags
Commit Graph

35004 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Blackbourn
24842a5d25 Bump 4.6 branch to version 4.6.9. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42319 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 18:58:26 +00:00
John Blackbourn
4a5cb38358 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42279 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:22:46 +00:00
John Blackbourn
fd15f48deb Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42278 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:21:59 +00:00
John Blackbourn
cb705bbf18 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42277 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:21:22 +00:00
John Blackbourn
e9daf798c8 Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42276 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:20:50 +00:00
Dion Hulse
6358c93356 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.6 branch.
Fixes #42431 and #42401 for 4.6.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42232 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-27 01:08:25 +00:00
John Blackbourn
9a6de1db91 General: Remove the version number from the readme file in the 4.6 branch. 
See #42386


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42101 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 18:06:26 +00:00
Gary Pendergast
74a2c0432f Bump 4.6 branch to version 4.6.8. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42071 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 13:14:04 +00:00
Gary Pendergast
b55674a862 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.6 branch.
See #41925.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42059 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 12:40:24 +00:00
Gary Pendergast
b6aa15830e Build/Test Tools: Pass correct $message argument to WP_UnitTestCase::setExpectedException() in Tests_Ajax_CompressionTest::test_logged_out() and Tests_Ajax_TagSearch::test_no_results(). 
PHPUnit 6.4.1 and earlier versions ignored the `'0'` value, causing the issue to go unnoticed.

Merge of [41870] to the 4.6 branch.

Props SergeyBiryukov.
See #42232.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42053 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 09:09:18 +00:00
Dominik Schilling (ocean90)
7a2aad435c Taxonomy/Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.6 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41525 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 21:27:29 +00:00
Dominik Schilling (ocean90)
8ce2e10f4c Bump 4.6 branch to version 4.6.7. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41512 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 19:58:55 +00:00
Aaron D. Campbell
f6b2b0e105 Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.6 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41499 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 18:12:56 +00:00
Aaron D. Campbell
27ac9bb14d Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.6 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41486 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 16:19:49 +00:00
Aaron D. Campbell
eb67e43301 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.6 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41473 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 14:59:26 +00:00
John Blackbourn
2e2017a654 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41460 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 14:38:40 +00:00
Aaron D. Campbell
a228fa9128 oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 
Merges [41448] to 4.6 branch.




git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41453 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 13:48:13 +00:00
Dominik Schilling (ocean90)
01db63f13f TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41437 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 12:40:14 +00:00
Dominik Schilling (ocean90)
0edb4d5916 Customize: Ensure valid themes in the preview. 
Merge of [41397] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41431 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 11:49:44 +00:00
Dominik Schilling (ocean90)
5285eb2c07 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41419 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 11:10:26 +00:00
John Blackbourn
870f253f3c General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41413] to the 4.6 branch

See #13377


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41414 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 10:21:45 +00:00
Dominik Schilling (ocean90)
2cee7d9f68 Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41402 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 10:14:53 +00:00
John Blackbourn
aa021b3298 Build/Test tools: Use the latest in the 4.x and 5.x branches of PHPUnit when running tests on Travis for the 4.6 branch. 
See #41472


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41297 602fd350-edb4-49c9-b593-d223f7449a82
 2017-08-22 17:14:15 +00:00
John Blackbourn
0a52cab48d Build: Switch PHP 5.2 to Travis' Ubuntu precise image. 
See #41292


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41075 602fd350-edb4-49c9-b593-d223f7449a82
 2017-07-18 13:10:40 +00:00
Konstantin Obenland
b1c5bc1c32 Travis: After [40857], stop cloning Twenty Sixteen 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40859 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-31 01:31:14 +00:00
Konstantin Obenland
67f3184626 Import Twenty Sixteen for the 4.6 branch. 
See #36497.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40857 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-31 01:12:48 +00:00
John Blackbourn
79b7665def Build/Test Tools: Remove mentions of HHVM from the test infrastructure on Travis for the 4.6 branch. 
Props netweb

See #40548


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40818 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-22 20:52:47 +00:00
Aaron D. Campbell
0aa1da935b Bump 4.7 branch to version 4.6.6. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40749 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 21:48:35 +00:00
Pascal Birchler
c2a79d49d4 Media: Simplify upload error message construction. 
Merges [40736] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40738 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 17:59:57 +00:00
Aaron D. Campbell
b0b5476b48 Add nonce for updating file system credentials. 
Merges [40723] to 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40725 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:52:18 +00:00
Weston Ruter
0fa19fef4d Customize: Fix phpunit tests after [40704] due to logic inversion error. 
Merge of [40716] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40718 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:39:33 +00:00
Dominik Schilling (ocean90)
70c3214766 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.6 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40706 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 12:14:07 +00:00
Pascal Birchler
a48d0ae521 Adjust post meta checks 
Merges [40692] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40694 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:48:16 +00:00
Pascal Birchler
605ec5f4b8 Improve redirect handling 
Merges[40689] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40691 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:40:15 +00:00
Pascal Birchler
161badca5e Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40679 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:18:49 +00:00
Aaron Jorbin
5598a65865 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop 
Backports [40604] to 4.6

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

See #40712.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40617 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-11 00:32:32 +00:00
John Blackbourn
e5825335aa Build/Test Tools: Add Composer files to the cache on Travis. 
The Travis cache is specific to the branch and language version (PHP version), so this should speed up each subsequent build once the cache is primed.

See #40539

Merges [40538] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40548 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-24 00:40:31 +00:00
Pascal Birchler
5f991a4c4e Bump 4.6 branch to version 4.6.5. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40488 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-20 16:21:34 +00:00
Pascal Birchler
3679c59d4f Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40461 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-17 13:06:47 +00:00
John Blackbourn
750343b607 Build/Test tools: Reverse the order in which the Travis jobs run on the 4.6 branch. 
See #39705


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40436 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-15 17:46:42 +00:00
John Blackbourn
0db92f8444 Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.6 branch build. 
This removes all allowed failure jobs, plus PHP 5.3, 5.4, and 5.5 jobs.

See #40407


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40412 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-10 23:29:17 +00:00
John Blackbourn
d8be09bcb6 Build/Test tools: Don't install PHPUnit on the travis:js builds. Saves a couple of minutes of build time. 
See #40100

Merges [40269] and [40271] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40273 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-11 00:09:28 +00:00
Dominik Schilling (ocean90)
902dbfb04a Build/Test Tools: Update .travis.yml to include latest improvements from trunk. 
* Explicitly use PHPUnit 5.7 for the PHP 7 builds on Travis.
* On Travis CI install and use the node version which is specified in package.json.
* Add some more debugging to Travis and bring the format of the Xdebug fix inline with branches.

Merge of [40255] and [40257-40259] to the 4.6 branch.

Props netweb, johnbillion.
See #35105, #39822, #40086.

git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40261 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-09 22:05:04 +00:00
John Blackbourn
dfdb88fe1f Build/Test tools: In Travis, skip some tests when not on trunk. 
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin

Fixes #39486

Merges [40241] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40249 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-08 00:50:43 +00:00
John Blackbourn
802946ebf3 Build/Test Tools: Disable Xdebug when testing on Travis to increase performance. 
See #39978


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40226 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-07 01:06:24 +00:00
James Nylen
c0cfd4da44 Bump 4.6 branch to version 4.6.4. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40203 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 16:07:45 +00:00
John Blackbourn
b7ab0276bd Press This: Verify intent before fetching in-page resources using Press This. 
Props vortfu

Merges [40195] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40197 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:57:21 +00:00
Aaron D. Campbell
893f5ba0ba Strip control characters before validating redirect. 
Merges [40183] to 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40185 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:40:20 +00:00
Aaron D. Campbell
3c7cef64f3 Plugins: Add file check to plugin deletions. 
Merges [40169] to 4.6 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40171 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 12:58:50 +00:00
Dominik Schilling (ocean90)
3ee664dad0 Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.6 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40162 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 12:04:23 +00:00