* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 3.8 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@49408 602fd350-edb4-49c9-b593-d223f7449a82
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.
Follow-up to [47951].
Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 3.8 branch.
Fixes#50392.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@48260 602fd350-edb4-49c9-b593-d223f7449a82
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 3.8 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@47965 602fd350-edb4-49c9-b593-d223f7449a82
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47634], [47635], [47637], and [47638] to the 3.8 branch.
Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@47661 602fd350-edb4-49c9-b593-d223f7449a82
microtime is by default a string. Doing a greater then or less than check of that string is a bad idea since it uses the first part (the micro part of microtime) rather then the actual time. This adds a helper to convert microtime output into a float which we can then use to properly compare the output of microtime.
This fixes an intermittent test failure.
Props jorbin.
Merges [30337] to the 3.8 branch.
See #30336, #49485.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@47491 602fd350-edb4-49c9-b593-d223f7449a82
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 3.8 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@46904 602fd350-edb4-49c9-b593-d223f7449a82
When jumping between branches, it would be nice to have the correct node version for the older versions of WordPress. Let's add .nvmrc files to these older branches for the supported versions.
Merges [46295] to the 3.8 branch.
Fixes#48140
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@46306 602fd350-edb4-49c9-b593-d223f7449a82
The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.
Merges [44047] to the 3.8 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@44074 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.
Merges [44014] and [44017] to the `3.8` branch.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@44046 602fd350-edb4-49c9-b593-d223f7449a82
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.
Merges [44021] to the 3.8 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@44039 602fd350-edb4-49c9-b593-d223f7449a82
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.
Merges [43994] to the 3.8 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/3.8@44018 602fd350-edb4-49c9-b593-d223f7449a82
Jonathan Desrosiers
Jake Spurlock
Sergey Biryukov
Gary Pendergast
Jeremy Felt
Peter Wilson
Ian Dunn
Aaron D. Campbell
John Blackbourn
Dominik Schilling (ocean90)
Dion Hulse