Mirrors/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-20 19:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
afc65069bb
WordPress/wp-includes/rest-api/endpoints
History
whyisjake ee92e93f79 Ensure that a user can publish_posts before making a post sticky. 
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent  stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize : on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.


Built from https://develop.svn.wordpress.org/branches/5.0@46915


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:52:47 +00:00
..
class-wp-rest-attachments-controller.php REST API: Remove a duplicate require_once(). 2018-12-15 11:17:31 +00:00
class-wp-rest-autosaves-controller.php REST API: Avoid using 'parent' as path argument name for autosaves. 2018-11-15 12:57:51 +00:00
class-wp-rest-block-renderer-controller.php REST API: Preserve unknown, respect null in server-side block rendering. 2018-11-21 14:44:48 +00:00
class-wp-rest-blocks-controller.php REST API: Always include title.raw/content.raw for Blocks in context=view. 2018-11-21 14:35:48 +00:00
class-wp-rest-comments-controller.php REST API: Fire actions after items are completely updated/inserted. 2018-10-17 11:20:26 +00:00
class-wp-rest-controller.php REST API: Include fields with null schema in get_fields_for_response(). 2018-11-19 14:10:50 +00:00
class-wp-rest-post-statuses-controller.php REST API: Fix permissions error message in post statuses controller. 2018-10-18 20:26:25 +00:00
class-wp-rest-post-types-controller.php REST API: Filter responses based on the _fields parameter, before data is processed. 2018-07-13 06:51:27 +00:00
class-wp-rest-posts-controller.php Ensure that a user can publish_posts before making a post sticky. 2019-12-12 18:52:47 +00:00
class-wp-rest-revisions-controller.php REST API: Support pagination, order, search and other common query parameters for revisions. 2018-10-11 07:16:46 +00:00
class-wp-rest-search-controller.php REST API: Fix version number in _doing_it_wrong() call. 2018-10-17 22:20:25 +00:00
class-wp-rest-settings-controller.php REST API: Don’t remove unregistered properties from objects in schema. 2017-10-24 21:05:49 +00:00
class-wp-rest-taxonomies-controller.php REST API: Define taxonomy visibility settings in schema 2018-10-08 13:50:27 +00:00
class-wp-rest-terms-controller.php REST API: Correct HTTP status code in error for requests to create a duplicate term. 2018-10-18 20:32:27 +00:00
class-wp-rest-themes-controller.php Themes: Remove a stray slash and gutenberg text domain. 2018-10-23 06:08:19 +00:00
class-wp-rest-users-controller.php REST API: Fire actions after items are completely updated/inserted. 2018-10-17 11:20:26 +00:00