Props: danielbachhuber, whyisjake, peterwilson, xknown.
Brings r46893 to the 4.9 branch.
Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 4.9 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@46918 602fd350-edb4-49c9-b593-d223f7449a82
This removes the PHP 5.6 job which runs without an object cache in place as the likelihood of a change being backported that only breaks 5.6 environments without an object cache is small.
Merges [45005] into the 4.9 branch.
See #42387
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@45006 602fd350-edb4-49c9-b593-d223f7449a82
This switches to caching npm's local cache instead of `node_modules` in order to prevent issues caused by modules compiled using a different version of node.
Merges [44993] into the 4.9 branch.
See #46632
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44996 602fd350-edb4-49c9-b593-d223f7449a82
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44053 602fd350-edb4-49c9-b593-d223f7449a82
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.
Merges [44021] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44024 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.
Merges [44014] and [44017] to the `4.9` branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44020 602fd350-edb4-49c9-b593-d223f7449a82
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.
Merges [43994] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43997 602fd350-edb4-49c9-b593-d223f7449a82
Reverts changes to the "Edit more details" link in the attachment details modal.
This is out of scope for 4.9.9 and will be re-introduced in 5.0.0.
Fixes#44620.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43948 602fd350-edb4-49c9-b593-d223f7449a82
Correct an issue where the layout of the "Try Gutenberg" callout added in #41316 falls apart under IE11.
Props kjellr, ianbelanger, pbiron, Luciano Croce, belcherj, ryansommers.
Fixes#44742.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43674 602fd350-edb4-49c9-b593-d223f7449a82
In addition to the merge noted below, includes important brackets added in [42343].
Props dhanendran, gnif, sergey.
Merges [42695] and [42702] to the 4.9 branch.
Fixes#43255.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43649 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 4.9 branch.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43648 602fd350-edb4-49c9-b593-d223f7449a82
Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.
Props timmydcrawford.
Merges [43567] to the 4.9 branch.
See #39122.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43646 602fd350-edb4-49c9-b593-d223f7449a82
Adjust it to handle more types of timeouts, e.g. "Resolving timed out", "Connection timed out".
Merges [43511] to the 4.9 branch.
See #44613.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43625 602fd350-edb4-49c9-b593-d223f7449a82
Returning a string caused a success message to be displayed instead of the correct error message.
Props desrosj.
Merges [43623] to the 4.9 branch.
Fixes#44685.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43624 602fd350-edb4-49c9-b593-d223f7449a82