This commit introduces the Docker-based local WordPress development environment to the 4.9 branch and converts the Travis test jobs to utilize this environment for easier and more consistent testing.
Until existing blockers with the PHP 5.2 Docker container can be solved, the PHP 5.2 test job will remain using the Travis `precise` image.
Merges [45745,45762,45783-45784,45800,45819,45885,46320,46999,47225,47912,48121,49335,49358,49360,49362] to the 4.9 branch.
See #48301, #47767.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49530 602fd350-edb4-49c9-b593-d223f7449a82
Fix off-by-one error in pixel color checks for rotate and flip image tests. Change to using PNG with single pixel to ensure that errors are caught in the future, rather than lost in JPEG noise.
Props Fuegas, mikeschroder.
Merges [45067] to the 4.9 branch.
See #46073, #48301.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49519 602fd350-edb4-49c9-b593-d223f7449a82
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.9 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49397 602fd350-edb4-49c9-b593-d223f7449a82
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.
Follow-up to [47951].
Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.9 branch.
Fixes#50392.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@48249 602fd350-edb4-49c9-b593-d223f7449a82
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47948-47951] to the 4.9 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@47967 602fd350-edb4-49c9-b593-d223f7449a82
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.9 branch.
Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@47648 602fd350-edb4-49c9-b593-d223f7449a82
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Brings r46893 to the 4.9 branch.
Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 4.9 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@46918 602fd350-edb4-49c9-b593-d223f7449a82
This removes the PHP 5.6 job which runs without an object cache in place as the likelihood of a change being backported that only breaks 5.6 environments without an object cache is small.
Merges [45005] into the 4.9 branch.
See #42387
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@45006 602fd350-edb4-49c9-b593-d223f7449a82
This switches to caching npm's local cache instead of `node_modules` in order to prevent issues caused by modules compiled using a different version of node.
Merges [44993] into the 4.9 branch.
See #46632
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44996 602fd350-edb4-49c9-b593-d223f7449a82
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44053 602fd350-edb4-49c9-b593-d223f7449a82
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.
Merges [44021] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44024 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.
Merges [44014] and [44017] to the `4.9` branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44020 602fd350-edb4-49c9-b593-d223f7449a82
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.
Merges [43994] to the 4.9 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43997 602fd350-edb4-49c9-b593-d223f7449a82
Reverts changes to the "Edit more details" link in the attachment details modal.
This is out of scope for 4.9.9 and will be re-introduced in 5.0.0.
Fixes#44620.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43948 602fd350-edb4-49c9-b593-d223f7449a82
