mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 12:58:25 +01:00
Code Issues Actions 98 Packages Projects Releases Wiki Activity
30,988 Commits 50 Branches 750 Tags
Commit Graph

30988 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey Biryukov
7f00dfaa36 Comments: Improve comment content filtering. 
Merges [44842] to the 4.3 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44851 602fd350-edb4-49c9-b593-d223f7449a82
 2019-03-12 22:40:30 +00:00
Jeremy Felt
b73d26f031 Bump 4.3 branch to version 4.3.18. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44084 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-13 02:13:08 +00:00
Gary Pendergast
f1b2bfebba Editor: Remove unwanted fields before saving posts. 
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

Merges [44047] to the 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44064 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-13 01:50:03 +00:00
Peter Wilson
d56a06f954 Multisite: Validate activation links. 
Merges [44048] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44063 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-13 01:48:48 +00:00
Ian Dunn
5b282b8cd7 KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.3` branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44041 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-13 01:13:46 +00:00
Peter Wilson
7195a2c8ca Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44033 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-13 00:53:12 +00:00
Gary Pendergast
95bf8bc711 KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@44005 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-12 23:36:48 +00:00
Jeremy Felt
bb03adb1b5 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@43996 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-12 23:16:07 +00:00
Aaron D. Campbell
beee8e687a Bump 4.3 branch to version 4.3.17 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@43413 602fd350-edb4-49c9-b593-d223f7449a82
 2018-07-05 16:10:44 +00:00
John Blackbourn
bad264e665 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@43399 602fd350-edb4-49c9-b593-d223f7449a82
 2018-07-05 15:02:04 +00:00
Aaron D. Campbell
7882cfbf99 Bump 4.3 branch to version 4.3.16 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42939 602fd350-edb4-49c9-b593-d223f7449a82
 2018-04-03 20:27:47 +00:00
Dominik Schilling (ocean90)
3f56622c55 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42923 602fd350-edb4-49c9-b593-d223f7449a82
 2018-04-03 16:05:56 +00:00
Dominik Schilling (ocean90)
893762f7c4 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42901 602fd350-edb4-49c9-b593-d223f7449a82
 2018-04-03 15:28:58 +00:00
Sergey Biryukov
d96c5664d1 General: Update copyright year to 2018 in license.txt. 
Props rachelbaker.
Merges [42424] to the 4.3 branch.
Fixes #43007.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42558 602fd350-edb4-49c9-b593-d223f7449a82
 2018-01-23 11:26:00 +00:00
Dion Hulse
fdd08af1ed Bump the 4.3 branch to 4.3.15. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42500 602fd350-edb4-49c9-b593-d223f7449a82
 2018-01-16 21:41:24 +00:00
Dion Hulse
e5de1841f1 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.3 branch.
Fixes #42720 for 4.3.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42483 602fd350-edb4-49c9-b593-d223f7449a82
 2018-01-16 08:09:13 +00:00
Dion Hulse
a91a669874 Upgrade: When deleting old files, if deletion fails attempt to empty the file instead. 
Props joemcgill, dd32.
Merges [42434] to the 4.3 branch.
Fixes #42963 for 4.3.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42471 602fd350-edb4-49c9-b593-d223f7449a82
 2018-01-16 06:55:18 +00:00
John Blackbourn
3b9ea18ecd Bump 4.3 branch to version 4.3.14. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42322 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 19:00:36 +00:00
John Blackbourn
be2fc6b3e4 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42291 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:30:42 +00:00
John Blackbourn
786ca60751 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42290 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:30:06 +00:00
John Blackbourn
ef20417bf3 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42289 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:29:35 +00:00
John Blackbourn
9ecf1ec6ba Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring. 
Merges [42258] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42288 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-29 16:29:06 +00:00
Dion Hulse
c60e988ffb WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.3 branch.
Fixes #42431 and #42401 for 4.3.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42235 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-27 01:10:13 +00:00
John Blackbourn
c4d712b498 General: Remove the version number from the readme file in the 4.3 branch. 
See #42386


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42093 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 17:43:17 +00:00
Gary Pendergast
3b90965b99 Bump 4.3 branch to version 4.3.13. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42074 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 13:32:49 +00:00
Gary Pendergast
df74cf1a48 Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.3 branch.
See #41925.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42062 602fd350-edb4-49c9-b593-d223f7449a82
 2017-10-31 12:48:20 +00:00
Dominik Schilling (ocean90)
5ea16786bc Users: Use correct escaping function for URLs. 
Merge of [41522] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41528 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 21:37:43 +00:00
Dominik Schilling (ocean90)
94f13ff58f Bump 4.3 branch to version 4.3.12. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41515 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 20:01:36 +00:00
Aaron D. Campbell
a9693ba63b Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41502 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 18:27:47 +00:00
Aaron D. Campbell
80879ca17b Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41489 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 16:23:20 +00:00
Aaron D. Campbell
2fe5bc9cb3 Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.3 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41476 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 15:00:59 +00:00
John Blackbourn
73bd3846f5 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41463 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 14:41:23 +00:00
John Blackbourn
0affa539ea General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41434] with changes to the 4.3 branch.

See #13377


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41444 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 13:19:20 +00:00
Dominik Schilling (ocean90)
a6037e1979 TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41440 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 12:40:22 +00:00
Dominik Schilling (ocean90)
7de576a2f1 Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41422 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 11:10:35 +00:00
Dominik Schilling (ocean90)
ea0311f7cb Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41405 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 10:15:11 +00:00
John Blackbourn
9f07ed775f Build/Test tools: Use the latest in the 4.x and 5.x branches of PHPUnit when running tests on Travis for the 4.3 branch. 
See #41472


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41300 602fd350-edb4-49c9-b593-d223f7449a82
 2017-08-22 17:25:06 +00:00
John Blackbourn
55a9198c2c Build: Switch PHP 5.2 to Travis' Ubuntu precise image for the 4.3 branch. 
See #41292


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41079 602fd350-edb4-49c9-b593-d223f7449a82
 2017-07-18 14:48:09 +00:00
John Blackbourn
f3e03ed654 Build/Test Tools: Remove mentions of HHVM from the test infrastructure on Travis for the 4.3 branch. 
See #40548


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40830 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-24 14:31:39 +00:00
Aaron D. Campbell
5b2c8b54f2 Bump 4.3 branch to version 4.3.11. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40752 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 21:49:57 +00:00
Pascal Birchler
209c4435fa Media: Simplify upload error message construction. 
Merges [40736] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40741 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 18:01:26 +00:00
Aaron D. Campbell
e454fe38f2 Add nonce for updating file system credentials. 
Merges [40723] to 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40728 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:53:33 +00:00
Weston Ruter
ff4f97ce12 Customize: Fix phpunit tests after [40704] due to logic inversion error. 
Merge of [40716] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40721 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:43:48 +00:00
Dominik Schilling (ocean90)
8f1b6dc4be Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.3 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40709 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 12:17:10 +00:00
Pascal Birchler
01feae0075 Adjust post meta checks 
Merges [40692] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40697 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:51:07 +00:00
Pascal Birchler
85789fc185 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40682 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:21:23 +00:00
Aaron Jorbin
16f10a09e5 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop 
Backports [40604] to 4.3

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

See #40712.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40620 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-11 00:35:12 +00:00
John Blackbourn
640e7edcae Build/Test Tools: Add Composer files to the cache on Travis. 
The Travis cache is specific to the branch and language version (PHP version), so this should speed up each subsequent build once the cache is primed.

See #40539

Merges [40538] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40551 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-24 00:44:13 +00:00
Pascal Birchler
844f2e8b37 Bump 4.3 branch to version 4.3.10. 
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40491 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-20 16:24:09 +00:00
Pascal Birchler
ffe5f349ca Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40464 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-17 13:18:30 +00:00