mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 21:08:44 +01:00
Code Issues Actions 99 Packages Projects Releases Wiki Activity
30,919 Commits 50 Branches 750 Tags
Commit Graph

30919 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Blackbourn
786ca60751 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42290 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:30:06 +00:00
John Blackbourn
ef20417bf3 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42289 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:29:35 +00:00
John Blackbourn
9ecf1ec6ba Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42288 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:29:06 +00:00
Dion Hulse
c60e988ffb WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42235 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-27 01:10:13 +00:00
John Blackbourn
c4d712b498 General: Remove the version number from the readme file in the 4.3 branch. 
See #42386


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42093 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 17:43:17 +00:00
Gary Pendergast
3b90965b99 Bump 4.3 branch to version 4.3.13. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42074 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 13:32:49 +00:00
Gary Pendergast
df74cf1a48 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.3 branch.
See #41925.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42062 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 12:48:20 +00:00
Dominik Schilling (ocean90)
5ea16786bc Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41528 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 21:37:43 +00:00
Dominik Schilling (ocean90)
94f13ff58f Bump 4.3 branch to version 4.3.12. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41515 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 20:01:36 +00:00
Aaron D. Campbell
a9693ba63b Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41502 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 18:27:47 +00:00
Aaron D. Campbell
80879ca17b Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41489 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 16:23:20 +00:00
Aaron D. Campbell
2fe5bc9cb3 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41476 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 15:00:59 +00:00
John Blackbourn
73bd3846f5 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41463 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 14:41:23 +00:00
John Blackbourn
0affa539ea General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41434] with changes to the 4.3 branch.

See #13377


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41444 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 13:19:20 +00:00
Dominik Schilling (ocean90)
a6037e1979 TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41440 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 12:40:22 +00:00
Dominik Schilling (ocean90)
7de576a2f1 Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41422 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 11:10:35 +00:00
Dominik Schilling (ocean90)
ea0311f7cb Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41405 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 10:15:11 +00:00
John Blackbourn
9f07ed775f Build/Test tools: Use the latest in the 4.x and 5.x branches of PHPUnit when running tests on Travis for the 4.3 branch. 
See #41472


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41300 602fd350-edb4-49c9-b593-d223f7449a82
 2017-08-22 17:25:06 +00:00
John Blackbourn
55a9198c2c Build: Switch PHP 5.2 to Travis' Ubuntu precise image for the 4.3 branch. 
See #41292


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41079 602fd350-edb4-49c9-b593-d223f7449a82
 2017-07-18 14:48:09 +00:00
John Blackbourn
f3e03ed654 Build/Test Tools: Remove mentions of HHVM from the test infrastructure on Travis for the 4.3 branch. 
See #40548


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40830 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-24 14:31:39 +00:00
Aaron D. Campbell
5b2c8b54f2 Bump 4.3 branch to version 4.3.11. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40752 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 21:49:57 +00:00
Pascal Birchler
209c4435fa Media: Simplify upload error message construction. 
Merges [40736] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40741 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 18:01:26 +00:00
Aaron D. Campbell
e454fe38f2 Add nonce for updating file system credentials. 
Merges [40723] to 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40728 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:53:33 +00:00
Weston Ruter
ff4f97ce12 Customize: Fix phpunit tests after [40704] due to logic inversion error. 
Merge of [40716] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40721 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:43:48 +00:00
Dominik Schilling (ocean90)
8f1b6dc4be Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.3 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40709 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 12:17:10 +00:00
Pascal Birchler
01feae0075 Adjust post meta checks 
Merges [40692] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40697 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:51:07 +00:00
Pascal Birchler
85789fc185 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40682 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:21:23 +00:00
Aaron Jorbin
16f10a09e5 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop 
Backports [40604] to 4.3

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

See #40712.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40620 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-11 00:35:12 +00:00
John Blackbourn
640e7edcae Build/Test Tools: Add Composer files to the cache on Travis. 
The Travis cache is specific to the branch and language version (PHP version), so this should speed up each subsequent build once the cache is primed.

See #40539

Merges [40538] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40551 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-24 00:44:13 +00:00
Pascal Birchler
844f2e8b37 Bump 4.3 branch to version 4.3.10. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40491 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-20 16:24:09 +00:00
Pascal Birchler
ffe5f349ca Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40464 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-17 13:18:30 +00:00
John Blackbourn
2bf72873ca Build/Test tools: Reverse the order in which the Travis jobs run on the 4.3 branch. 
See #39705


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40439 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-15 17:50:27 +00:00
John Blackbourn
53c5eeb5cb Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.3 branch build. 
This removes all allowed failure jobs, plus PHP 5.3, 5.4, and 5.5 jobs.

See #40407


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40409 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-10 23:25:44 +00:00
Dominik Schilling (ocean90)
93bea01eae Build/Test Tools: Allow Travis CI to cache the node_modules directory. 
Merge of [37058] and [36490] to the 4.3 branch.

See #36291, #36490.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40281 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-11 17:18:14 +00:00
John Blackbourn
559e0b2c97 Build/Test tools: Update .travis.yml to include latest improvements from trunk. 
* Explicitly use PHPUnit 5.7 for the PHP 7 builds on Travis.
* On Travis CI install and use the node version which is specified in package.json.
* Add some more debugging to Travis and bring the format of the Xdebug fix inline with branches.
* Get Travis builds working on HHVM again.
* In addition, brings the Slack notification settings up to date.

Merges [40255], [40257], [40258], [40259], [40269], and [40271] to the 4.3 branch.

See #35105, #40100, #30755


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40277 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-11 02:43:29 +00:00
John Blackbourn
00b1aadc8e Build/Test tools: In Travis, skip some tests when not on trunk. 
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin

Fixes #39486

Merges [40241] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40244 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-08 00:38:38 +00:00
John Blackbourn
66145944be Build/Test Tools: Disable Xdebug when testing on Travis to increase performance. 
See #39978


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40229 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-07 01:10:46 +00:00
James Nylen
b81820e354 Bump 4.3 branch to version 4.3.9. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40206 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 16:27:26 +00:00
John Blackbourn
9dbcf203bb Press This: Verify intent before fetching in-page resources using Press This. 
Props vortfu

Merges [40195] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40200 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 14:02:35 +00:00
Aaron D. Campbell
29c97cb0bc Strip control characters before validating redirect. 
Merges [40183] to 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40188 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:42:01 +00:00
Aaron D. Campbell
55663f87f7 Plugins: Add file check to plugin deletions. 
Merges [40169] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40174 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:01:32 +00:00
Dominik Schilling (ocean90)
a8957bb665 Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40165 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 12:04:53 +00:00
Jeremy Felt
2809daadd2 Validate video and audio metadata. 
Merge of [40148] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40153 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 08:07:46 +00:00
Aaron D. Campbell
bef83719fb Bump 4.3 branch to version 4.3.8. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40000 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 18:23:32 +00:00
John Blackbourn
bc063c614f Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. 
Merges [39956] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39983 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 14:12:46 +00:00
Dominik Schilling (ocean90)
b7022895a9 Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 
Merge of [39968] to the 4.3 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39974 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 14:10:32 +00:00
Dominik Schilling (ocean90)
44b310e210 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 4.3 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39960 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 13:49:43 +00:00
Aaron D. Campbell
cdc0b3aa11 Bump 4.3 branch to version 4.3.7. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39864 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 16:56:35 +00:00
Joe McGill
43c69bdb79 Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39855 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 16:41:50 +00:00
Joe McGill
0b02483afd Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39836 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 13:16:32 +00:00