Mirrors/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-20 19:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,302 Commits 50 Branches 750 Tags 872 MiB
c19efc0288
Commit Graph

14706 Commits

Author SHA1 Message Date
Peter Wilson
c19efc0288 Multisite: Validate activation links. 
Merges [44048] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44069


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:56:13 +00:00
iandunn
4b02fb050d KSES: Make the URI attributes DRY. 
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to the `4.0` branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44044


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:19:13 +00:00
Peter Wilson
82c3aff4a6 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44037


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 01:01:13 +00:00
Gary Pendergast
a887beaab6 KSES: Conditionally remove the <form> element from $allowedposttags. 
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

Merges [43994] to the 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@44015


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:55:15 +00:00
Jeremy Felt
4bf1e12be7 Media: Improve verification of MIME file types. 
Merges [43988] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@44009


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-12 23:43:14 +00:00
Aaron Campbell
e0669df10b Bump 4.0 branch to version 4.0.24 
Built from https://develop.svn.wordpress.org/branches/4.0@43416


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 16:13:59 +00:00
John Blackbourn
5d0d03c979 Media: Limit thumbnail file deletions to the same directory as the original file. 
Merges [43393] into the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@43402


git-svn-id: http://core.svn.wordpress.org/branches/4.0@43230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-07-05 15:11:16 +00:00
Aaron Campbell
47734f66c8 Bump 4.0 branch to version 4.0.23 
Built from https://develop.svn.wordpress.org/branches/4.0@42942


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 20:32:10 +00:00
Dominik Schilling
b7ad4d7fe4 Template: Make sure the version string is correctly escaped for use in attributes. 
Merge of [42893] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42926


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 16:11:09 +00:00
Dion Hulse
31b12793ea Bump the 4.0 branch to 4.0.22. 
Built from https://develop.svn.wordpress.org/branches/4.0@42503


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 21:46:19 +00:00
Dion Hulse
d6fc54f0f0 External Libraries: Remove unnecessary / obsoleted MediaElement.js files. 
Merges [42478] to the 4.0 branch.
Fixes #42720 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@42486


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-01-16 08:14:22 +00:00
John Blackbourn
dcff9fb48a Bump 4.0 branch to version 4.0.21. 
Built from https://develop.svn.wordpress.org/branches/4.0@42325


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 19:03:19 +00:00
John Blackbourn
80aef7ba67 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. 
Merges [42261] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42303


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:40:35 +00:00
John Blackbourn
a44ccc633f Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. 
Merges [42260] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42302


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:40:18 +00:00
John Blackbourn
5532a29f59 Hardening: Add escaping to the language attributes used on html elements. 
Merges [42259] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@42301


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-29 16:39:05 +00:00
Dion Hulse
6105b0dedb WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined. 
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.0 branch.
Fixes #42431 and #42401 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@42238


git-svn-id: http://core.svn.wordpress.org/branches/4.0@42067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-11-27 01:14:18 +00:00
Gary Pendergast
a9c82ac560 Bump 4.0 branch to version 4.0.20. 
Built from https://develop.svn.wordpress.org/branches/4.0@42077


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 13:44:19 +00:00
Gary Pendergast
907fe8136e Database: Restore numbered placeholders in wpdb::prepare(). 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.0 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/4.0@42065


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-10-31 12:55:20 +00:00
Aaron Campbell
42af396f21 Bump 4.0 branch to version 4.0.19. 
Built from https://develop.svn.wordpress.org/branches/4.0@41518


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 20:10:20 +00:00
Aaron Campbell
f10a53cf41 Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41505


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 18:42:19 +00:00
Aaron Campbell
a133648403 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41492


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 16:26:35 +00:00
Aaron Campbell
f80bd53e4b Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.0 branch.


Built from https://develop.svn.wordpress.org/branches/4.0@41479


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 15:04:19 +00:00
Dominik Schilling
4c6018f7ea TinyMCE: Improve the previews for shortcodes. 
Merge of [41395] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41443


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 12:45:12 +00:00
Dominik Schilling
5fc965b084 Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@41408


git-svn-id: http://core.svn.wordpress.org/branches/4.0@41241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 10:20:09 +00:00
Aaron Campbell
395d3d7bfc Bump 4.0 branch to version 4.0.18. 
Built from https://develop.svn.wordpress.org/branches/4.0@40755


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 21:53:42 +00:00
Pascal Birchler
8f69071d2d Media: Simplify upload error message construction. 
Merges [40736] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40744


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 18:05:18 +00:00
Dominik Schilling
89a35259c0 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 4.0 branch.
Built from https://develop.svn.wordpress.org/branches/4.0@40712


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 12:20:43 +00:00
Pascal Birchler
f7259c14e2 Adjust post meta checks 
Merges [40692] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40700


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:53:37 +00:00
Pascal Birchler
f35de85c64 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40685


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:27:19 +00:00
Pascal Birchler
7b33a67b95 Bump 4.0 branch to version 4.0.17. 
Built from https://develop.svn.wordpress.org/branches/4.0@40494


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-04-20 16:27:43 +00:00
James Nylen
a40fe1c493 Bump 4.0 branch to version 4.0.16. 
Built from https://develop.svn.wordpress.org/branches/4.0@40209


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 16:39:19 +00:00
Aaron Campbell
cd7144b8cd Strip control characters before validating redirect. 
Merges [40183] to 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40191


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 13:45:44 +00:00
Dominik Schilling
706528048b Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40168


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 12:08:43 +00:00
Aaron Campbell
25e87a205e Bump 4.0 branch to version 4.0.15. 
Built from https://develop.svn.wordpress.org/branches/4.0@40003


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 18:28:20 +00:00
Dominik Schilling
98590a9c90 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 4.0 branch.
Built from https://develop.svn.wordpress.org/branches/4.0@39963


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-26 13:52:45 +00:00
Aaron Campbell
39566256f7 Bump 4.0 branch to version 4.0.14. 
Built from https://develop.svn.wordpress.org/branches/4.0@39867


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:59:18 +00:00
Joe McGill
b236cbe16d Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@39858


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 16:44:41 +00:00
Joe McGill
d94f5603fa Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@39839


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 13:19:18 +00:00
Dominik Schilling
d8e0c202c5 Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 4.0 branch.
Built from https://develop.svn.wordpress.org/branches/4.0@39816


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 11:12:39 +00:00
Jeremy Felt
af786324a1 Multisite: Use wp_rand() in signup key creation. 
Merges [39795] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@39803


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:36:18 +00:00
Dion Hulse
d04147c2d3 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 4.0 branch.
Fixes #37210 for 4.0.

Built from https://develop.svn.wordpress.org/branches/4.0@39791


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-11 05:26:18 +00:00
Dion Hulse
918f720050 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645], [36083], [33142], [33124], [29783] to the 4.0 branch.
See #37210.

Built from https://develop.svn.wordpress.org/branches/4.0@39728


git-svn-id: http://core.svn.wordpress.org/branches/4.0@39668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-01-06 22:06:41 +00:00
Jeremy Felt
b79f440e16 Bump 4.0 branch to 4.0.13. 
Built from https://develop.svn.wordpress.org/branches/4.0@38555


git-svn-id: http://core.svn.wordpress.org/branches/4.0@38498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-09-07 15:01:17 +00:00
Boone Gorges
7f457eaddd Bump 4.0 branch to 4.0.12. 
Built from https://develop.svn.wordpress.org/branches/4.0@37833


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 16:42:17 +00:00
Joe McGill
a6b669c65d Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 4.0 branch.

See #37111.
Built from https://develop.svn.wordpress.org/branches/4.0@37819


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:58:18 +00:00
Nikolay Bachiyski
4c2ff51802 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@37792


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:27:49 +00:00
Jeremy Felt
2a56c9cbff Admin: Allow for the consistent filtering of auth_redirect_scheme 
Merge of [37651] to the 4.0 branch.

See #37047.

Built from https://develop.svn.wordpress.org/branches/4.0@37763


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-21 14:13:39 +00:00
Dominik Schilling
7277742a5d Bump 4.0 branch to 4.0.11. 
Built from https://develop.svn.wordpress.org/branches/4.0@37389


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 18:15:17 +00:00
Nikolay Bachiyski
909877540e External Libraries: Update plupload from upstream 
Built from https://develop.svn.wordpress.org/branches/4.0@37377


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-06 17:56:30 +00:00
Nikolay Bachiyski
217fe37a0f Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@37139


git-svn-id: http://core.svn.wordpress.org/branches/4.0@37106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 17:36:16 +00:00