sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
23,934 Commits 2 Branches 473 Tags 137 MiB
35395ceb83
Commit Graph

23934 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aaron D. Campbell
35395ceb83 Database: Hardening to bring wpdb::prepare() inline with documentation. 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41508 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 18:45:16 +00:00
Aaron D. Campbell
9e776bde3c Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare(). 
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 3.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41495 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 16:29:39 +00:00
Aaron D. Campbell
f44ebb448c Database: Hardening for wpdb::prepare() 
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 3.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41482 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 15:05:16 +00:00
John Blackbourn
bfe7972e31 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues. 
Merges [41457] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41469 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 14:46:55 +00:00
John Blackbourn
6cea6efb38 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area. 
Merges [41434] with changes to the 3.7 branch.

See #13377


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41456 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 13:50:05 +00:00
Dominik Schilling (ocean90)
3301f1981d Users: Provide a fallback for incorrect HTTP referrers. 
Merge of [41398] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41428 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 11:10:54 +00:00
Dominik Schilling (ocean90)
1c40c593b9 Editor: Prevent adding javascript: and data: URLs through the inline link dialog. 
Merge of [41393] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@41411 602fd350-edb4-49c9-b593-d223f7449a82
 2017-09-19 10:15:44 +00:00
Aaron D. Campbell
6df8c76e2a Bump 3.7 branch to version 3.7.21. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40758 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 21:52:57 +00:00
Pascal Birchler
5f3dd7f4a8 Media: Simplify upload error message construction. 
Merges [40736] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40747 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 18:03:10 +00:00
Aaron D. Campbell
23bbd57674 Add nonce for updating file system credentials. 
Merges [40723] to 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40734 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 14:57:07 +00:00
Dominik Schilling (ocean90)
8e817bbd77 Customize: Ignore invalid customization sessions. 
Merge of [40704] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40715 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 12:22:15 +00:00
Pascal Birchler
54fe548c9a Adjust post meta checks 
Merges [40692] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40703 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:53:28 +00:00
Pascal Birchler
c947aeef35 Whitelist post arguments in XML-RPC 
Merges [40677] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40688 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-16 08:30:47 +00:00
Pascal Birchler
33900f488b Bump 3.7 branch to version 3.7.20. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40497 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-20 16:29:17 +00:00
Pascal Birchler
445f1755dc Fix broken audio/video functions when sanitizing ID3 data 
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40470 602fd350-edb4-49c9-b593-d223f7449a82
 2017-04-17 13:47:40 +00:00
James Nylen
834d6fb3e1 Bump 3.7 branch to version 3.7.19. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40212 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 16:49:04 +00:00
Aaron D. Campbell
9183d7cb2d Strip control characters before validating redirect. 
Merges [40183] to 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40194 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:46:01 +00:00
Aaron D. Campbell
4bf790c2a6 Plugins: Add file check to plugin deletions. 
Merges [40169] to 3.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40180 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 13:05:30 +00:00
Jeremy Felt
75cb2182f4 Validate video and audio metadata. 
Merge of [40148] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40159 602fd350-edb4-49c9-b593-d223f7449a82
 2017-03-06 08:13:07 +00:00
Aaron D. Campbell
c0a9ba9df5 Bump 3.7 branch to version 3.7.18. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@40006 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 18:30:27 +00:00
John Blackbourn
0f7ae65487 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. 
Merges [39956] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39989 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 14:23:26 +00:00
Dominik Schilling (ocean90)
b65af71928 Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways. 
Merge of [39968] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39982 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 14:12:32 +00:00
Dominik Schilling (ocean90)
1e910223e6 Query: Ensure that queries work correctly with post type names with special characters. 
Merge of [39952] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39966 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-26 13:51:31 +00:00
Aaron D. Campbell
f7614d614b Bump 3.7 branch to version 3.7.17. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39870 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 16:59:34 +00:00
Joe McGill
dfdefb1ded Media: Fix exif_imagetype check in wp_get_image_mime 
This is a follow up to [39831].

Merges [39850] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39861 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 16:45:57 +00:00
Joe McGill
4990532160 Media: Improve image filetype checking. 
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39842 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 13:21:01 +00:00
Dominik Schilling (ocean90)
402dcf536b Updates: Translate plugin data on the Updates screen. 
Merge of [39808] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39830 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 11:41:05 +00:00
Dominik Schilling (ocean90)
8f50fbd88d Themes: Fix markup for theme name fallbacks. 
Merge of [39807] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39819 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 11:10:11 +00:00
Jeremy Felt
558abe3328 Multisite: Use wp_rand() in signup key creation. 
Merges [39795] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39806 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 05:35:01 +00:00
Dion Hulse
e309f96eb1 Update PHPMailer to 5.2.22. 
The full list of changes is available here:
https://github.com/PHPMailer/PHPMailer/compare/v5.2.21...v5.2.22

Merges [39759] to the 3.7 branch.
Fixes #37210 for 3.7.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39794 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 05:27:09 +00:00
Jeremy Felt
a944dd0b5d Mail: Disable wp-mail.php when mailserver_url is mail.example.com. 
Merges [39772] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39784 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 05:20:28 +00:00
Aaron D. Campbell
d12ec69c8c Add nonce for widget accessibility mode. 
Props vortfu.

See #23328.

Merges [39765] to 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39771 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-11 01:53:51 +00:00
Dion Hulse
2c0dfc3018 Mail: Upgrade PHPMailer to 5.2.21. 
Merges [39645], [36083], [33142], [33124], [29783], [27385] to the 3.7 branch.
See #37210.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39731 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-06 06:09:36 +00:00
Joe McGill
10b9277f37 Media: Improved media titles when created from filename. 
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 3.7 branch.

Fixes #37989.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39719 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-05 16:25:43 +00:00
Dion Hulse
dc4d413886 General: Update copyright year to 2017 in license.txt. 
Props Nikschavan.
Merges [39659] to the 3.7 branch.
Fixes #39433.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@39707 602fd350-edb4-49c9-b593-d223f7449a82
 2017-01-05 08:49:16 +00:00
Jeremy Felt
9b1f51bf0d Bump 3.7 branch to 3.7.16. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@38558 602fd350-edb4-49c9-b593-d223f7449a82
 2016-09-07 15:00:52 +00:00
Jeremy Felt
ce75adb4e0 Media: Sanitize upload filename. 
Merge of [38538] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@38548 602fd350-edb4-49c9-b593-d223f7449a82
 2016-09-07 14:00:57 +00:00
Pascal Birchler
0e74e33725 Upgrade/Install: Sanitize file name in File_Upload_Upgrader. 
Merge of [38524] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@38534 602fd350-edb4-49c9-b593-d223f7449a82
 2016-09-06 18:06:56 +00:00
Boone Gorges
34a388e4b8 Bump 3.7 branch to 3.7.15. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37836 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 16:51:06 +00:00
Joe McGill
71d3cd298e Media: Improve handling of extensionless filenames. 
Merge of [37756] to the 3.7 branch.

See #37111.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37825 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 15:01:26 +00:00
Nikolay Bachiyski
fd3703563e Admin: escape URL-encoded permalinks 
Merge of [37801] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37823 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:59:08 +00:00
Rachel Baker
2b08eab706 Revisions: Change the capability needed to view revision diffs to edit_post. 
Merge of [37779] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37808 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:49:46 +00:00
Nikolay Bachiyski
92957ea924 Admin: Escape attachment name in case it contains special characters 
Merge of [37774] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37795 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:29:18 +00:00
Boone Gorges
e41b5e43e9 Taxonomy: More specific cap check when processing category data on post save. 
Ports [37691] to the 3.7 branch.

Props dlh.
Fixes #36379.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37788 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:24:03 +00:00
Dominik Schilling (ocean90)
0f37ba3495 Customize: Make sure that preview and return URLs are URLs. 
Merge of [37527] to the 3.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37780 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:19:42 +00:00
Jeremy Felt
391a81646e Admin: Allow for the consistent filtering of auth_redirect_scheme 
Merge of [37651] to the 3.7 branch.

See #37047.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37766 602fd350-edb4-49c9-b593-d223f7449a82
 2016-06-21 14:12:45 +00:00
Dominik Schilling (ocean90)
0ba5b18de4 Bump 3.7 branch to 3.7.14. 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37392 602fd350-edb4-49c9-b593-d223f7449a82
 2016-05-06 18:15:36 +00:00
Nikolay Bachiyski
14d5d5720c External Libaries: missed SWF file changes from [37368] 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37369 602fd350-edb4-49c9-b593-d223f7449a82
 2016-05-06 17:50:13 +00:00
Nikolay Bachiyski
b9350b1955 External Libraries: Disable Flash backend for Plupload 
git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37368 602fd350-edb4-49c9-b593-d223f7449a82
 2016-05-06 17:35:33 +00:00
Nikolay Bachiyski
b9f2fad109 Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters 
The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 3.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/3.7@37142 602fd350-edb4-49c9-b593-d223f7449a82
 2016-03-30 17:42:44 +00:00