Mirrors/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-20 19:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,331 Commits 50 Branches 750 Tags 872 MiB
da7258cfef
Commit Graph

199 Commits

Author SHA1 Message Date
whyisjake
b9280a9b72 General: WordPress updates 
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.0 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.0@49406


git-svn-id: http://core.svn.wordpress.org/branches/4.0@49165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2020-10-29 19:13:14 +00:00
Pascal Birchler
f7259c14e2 Adjust post meta checks 
Merges [40692] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40700


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:53:37 +00:00
Pascal Birchler
f35de85c64 Whitelist post arguments in XML-RPC 
Merges [40677] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40685


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-05-16 08:27:19 +00:00
Dominik Schilling
b81cdd60a3 XMLRPC: Don't allow private posts to be sticky. 
Merge of [33325], [33612], and [34135] to the 4.0 branch.

See #20662.
Built from https://develop.svn.wordpress.org/branches/4.0@34154


git-svn-id: http://core.svn.wordpress.org/branches/4.0@34122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-14 23:01:37 +00:00
Sergey Biryukov
871d808588 XML-RPC: Avoid a PHP notice in pingback_ping() method. 
props jesin, simonp303.
fixes #29177.
Built from https://develop.svn.wordpress.org/trunk@29464


git-svn-id: http://core.svn.wordpress.org/trunk@29242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-11 15:19:18 +00:00
Peter Westwood
1f147d24b1 XMLRPC: Switch the file deletion alias to be deleteFile to more closely make uploadFile. 
Fixes #5310 props SergeyBiryukov.

Built from https://develop.svn.wordpress.org/trunk@29255


git-svn-id: http://core.svn.wordpress.org/trunk@29038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-20 14:02:15 +00:00
Drew Jaynes
3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524]. 
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-14 01:12:14 +00:00
Drew Jaynes
5f87736bc4 Fill out inline documentation for the __call() magic method added to the wp_xmlrpc_server class in [28515]. 
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29161


git-svn-id: http://core.svn.wordpress.org/trunk@28945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-14 00:46:15 +00:00
Peter Westwood
105d9ce9cc XMLRPC: Restore support in wp.newPost for dates to be supplied in the structured dateTime.iso8601 format as well as still supporting dates specified as strings. 
Fixes #28601.

Built from https://develop.svn.wordpress.org/trunk@29063


git-svn-id: http://core.svn.wordpress.org/trunk@28849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-10 14:17:15 +00:00
Sergey Biryukov
81b8b6cfbc XML-RPC: Make sure wp.newPost does not produce a fatal error when a post_date field is included in the data. 
props dllh.
fixes #28601.
Built from https://develop.svn.wordpress.org/trunk@28854


git-svn-id: http://core.svn.wordpress.org/trunk@28657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-26 17:43:14 +00:00
Sergey Biryukov
d7f9b38c3e XML-RPC: Add wp.deleteMediaItem as an alias to wp_deletePost. 
props fahmiadib.
fixes #5310.
Built from https://develop.svn.wordpress.org/trunk@28849


git-svn-id: http://core.svn.wordpress.org/trunk@28653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-26 15:21:15 +00:00
Scott Taylor
05eeb16e30 Replace all uses of like_escape() with $wpdb->esc_like(). 
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-10 00:44:15 +00:00
Scott Taylor
cd96841632 wp_xmlrpc_server::wp_getPage() should return new IXR_Error( instead of return(new IXR_Error(. One of the few places that is unparseable by static analysis. 
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28636


git-svn-id: http://core.svn.wordpress.org/trunk@28454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-30 19:22:13 +00:00
Scott Taylor
b8d469600b These functions import $wpdb but do not use it. 
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28539


git-svn-id: http://core.svn.wordpress.org/trunk@28365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-22 17:37:14 +00:00
Scott Taylor
25a70283e1 Add missing access modifiers to methods in wp_xmlrpc_server. Add a magic __call() method for BC. 
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28515


git-svn-id: http://core.svn.wordpress.org/trunk@28341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-19 06:09:13 +00:00
Scott Taylor
a25e03f833 In wp_xmlrpc_server::mw_editPost, also set $post_type = $postdata['post_type']. 
See #22400, [28448].


Built from https://develop.svn.wordpress.org/trunk@28453


git-svn-id: http://core.svn.wordpress.org/trunk@28280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-16 18:06:15 +00:00
Scott Taylor
463b7c4620 Eliminate use of extract() in wp_xmlrpc_server::mw_editPost() (MetaWeblog API, y'all). 
A lot of the extracted variables are overwritten by being explicitly set later. 
Only set variables that would otherwise not be present with `compact()` is called.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28448


git-svn-id: http://core.svn.wordpress.org/trunk@28275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-16 15:19:14 +00:00
Scott Taylor
4b94efd93b Eliminate use of extract() in wp_xmlrpc_server::blogger_editPost(). 
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28412


git-svn-id: http://core.svn.wordpress.org/trunk@28239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-15 03:25:15 +00:00
Drew Jaynes
5e51ea9940 Priority fixes for various existing hook documentation. 
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-12 00:01:15 +00:00
Andrew Nacin
58ca03f8ea XML-RPC: Fix bracing of conditionals around doc blocks. 
props redsweater, DrewAPicture.
fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@28065


git-svn-id: http://core.svn.wordpress.org/trunk@27897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-10 21:04:14 +00:00
Andrew Nacin
a177d8bf18 Don't pass variables by reference. 
props markjaquith.
fixes #27656.

Built from https://develop.svn.wordpress.org/trunk@27957


git-svn-id: http://core.svn.wordpress.org/trunk@27787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-05 18:17:14 +00:00
Andrew Nacin
d8622b39d6 Forward pingback IP during pingback verification. 
props tellyworth, nacin.
fixes #27613.

Built from https://develop.svn.wordpress.org/trunk@27872


git-svn-id: http://core.svn.wordpress.org/trunk@27703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-31 20:43:18 +00:00
Drew Jaynes
c2ebd66843 Inline documentation for hooks in wp-includes/class-wp-xmlrpc-server.php. 
Props kpdesign and DrewAPicture.
Fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@27730


git-svn-id: http://core.svn.wordpress.org/trunk@27567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-26 05:44:16 +00:00
Drew Jaynes
8efd225e4d Inline documentation for hooks in wp-admin/includes/file.php. 
Fixes #27429.

Built from https://develop.svn.wordpress.org/trunk@27672


git-svn-id: http://core.svn.wordpress.org/trunk@27515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-24 02:45:15 +00:00
Andrew Nacin
5d77f8a18a XML-RPC: In wp.editPost, Remove all terms in a taxonomy when an empty array is explicitly passed. 
props jstraitiff, maxcutler.
fixes #26686.

Built from https://develop.svn.wordpress.org/trunk@27554


git-svn-id: http://core.svn.wordpress.org/trunk@27397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-15 05:09:14 +00:00
Andrew Nacin
a9e69869c9 XML-RPC: Include 'sticky' in the struct returned from metaWeblog.getRecentPosts. 
Using wp.getPosts is preferred and non-WP XML-RPC APIs are no longer actively maintained. This is simply for parity with existing MW methods.

props soulseekah.
fixes #26679.

Built from https://develop.svn.wordpress.org/trunk@27553


git-svn-id: http://core.svn.wordpress.org/trunk@27396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-15 05:05:15 +00:00
Andrew Nacin
eb19a09f5b Avoid saving slashed data in XML-RPC's wp.setOptions. 
props danielbachhuber.
fixes #22936.

Built from https://develop.svn.wordpress.org/trunk@27551


git-svn-id: http://core.svn.wordpress.org/trunk@27394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-15 04:47:13 +00:00
Drew Jaynes
cb8951b0b3 Remove all @package and @subpackage PHPDoc tags not at the file- or class-levels in core. 
See #27200.

Built from https://develop.svn.wordpress.org/trunk@27262


git-svn-id: http://core.svn.wordpress.org/trunk@27119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-02-25 17:14:14 +00:00
Drew Jaynes
cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-12-24 18:57:12 +00:00
Sergey Biryukov
74f77b85a6 Use get_current_site() instead of the $current_site global when possible. 
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-13 03:23:10 +00:00
Dominik Schilling
8688857816 Introduce show_in_menu for register_taxonomy. 
Accepts boolean: true to show, false to hide. If not set, the default is inherited from show_ui.

fixes #20930.
Built from https://develop.svn.wordpress.org/trunk@25133


git-svn-id: http://core.svn.wordpress.org/trunk@25113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-08-26 22:35:10 +00:00
Andrew Nacin
21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true. 
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-31 06:52:13 +00:00
Andrew Nacin
7f12e16e47 Limit pingback response size. fixes #4137. for trunk. 
git-svn-id: http://core.svn.wordpress.org/trunk@24871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-29 18:00:06 +00:00
Andrew Nacin
929def2359 XML-RPC: Recursively escape arrays as before, to avoid stomping nested objects. fixes #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@24731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-18 14:31:25 +00:00
Andrew Nacin
44f89293f3 Update XML-RPC comment. props DrewAPicture, fixes #24751. 
git-svn-id: http://core.svn.wordpress.org/trunk@24721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-17 20:19:06 +00:00
Andrew Nacin
69dbdc4951 Use wp_slash() instead of the DB layer in XML-RPC. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@24716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-16 14:38:54 +00:00
Andrew Nacin
50d0428d42 Avoid notice in XML-RPC when attaching uploads, when attachments do not have a guid in the DB. props ericmann, markoheijnen. fixes #18310. 
git-svn-id: http://core.svn.wordpress.org/trunk@24639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-10 06:11:12 +00:00
Andrew Nacin
49bb647dda XML-RPC: Save enclosures with a trailing new line. fixes #23219. 
git-svn-id: http://core.svn.wordpress.org/trunk@24623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-10 03:34:35 +00:00
Andrew Nacin
b578f36b54 XML-RPC: For wp.getOptions, set readonly to true for writable options that the user does not have permission to edit. 
props westi.
fixes #20201.



git-svn-id: http://core.svn.wordpress.org/trunk@24597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-09 02:22:57 +00:00
Andrew Nacin
c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226. 
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-08 20:05:42 +00:00
Andrew Nacin
f3e96f0c60 Add strict check in wp_xmlrpc_server::set_custom_fields(). The slash strip ensures these values are the same data type, but it might not be that way forever. props xknown. 
git-svn-id: http://core.svn.wordpress.org/trunk@24521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-06-27 02:46:23 +00:00
Andrew Nacin
96ee267343 Better validation of the URL used in core HTTP requests. 
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-06-21 06:07:47 +00:00
Peter Westwood
34001cb325 XMLRPC: Expose the admin and login urls as read-only options over xml-rpc to make it easier to write rich clients. Fixes #23446 props daniloercoli. 
git-svn-id: http://core.svn.wordpress.org/trunk@24382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-05-29 11:01:32 +00:00
Sergey Biryukov
5679830030 Fix typos in comments. fixes #24337. 
git-svn-id: http://core.svn.wordpress.org/trunk@24255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-05-14 18:22:54 +00:00
Sergey Biryukov
57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714. 
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-05-08 21:27:31 +00:00
Sergey Biryukov
c955859738 Remove \s from regex in pingback_ping() to avoid UTF-8 issues. props tenpura. fixes #24001. 
git-svn-id: http://core.svn.wordpress.org/trunk@23952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-04-10 16:29:00 +00:00
Mark Jaquith
acfeb6f20f Take revision control out of the realm of a pure constant. Make it filterable. 
* New filter: wp_revisions_to_keep

props ethitter, SergeyBiryukov. fixes #22289.

git-svn-id: http://core.svn.wordpress.org/trunk@23818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-27 18:11:56 +00:00
Andrew Nacin
799ac18951 XML-RPC: Return an error for getRecentPosts (mw and blogger) if the user does not have edit_posts. 
props redsweater.
fixes #22320.



git-svn-id: http://core.svn.wordpress.org/trunk@23636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-07 06:52:37 +00:00
Ryan Boren
15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-03 16:30:38 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:28:40 +00:00