Commit Graph

12145 Commits

Author SHA1 Message Date
Andrew Nacin
6894354b9b Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.
* Check if the host is considered a safe redirect host.
 * Check if the host is another domain in a multisite installation.
 * Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.



git-svn-id: https://develop.svn.wordpress.org/trunk@24915 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-31 06:44:57 +00:00
bumpbot
abf081b02a Compress scripts/styles: 3.7-alpha-24912.
git-svn-id: https://develop.svn.wordpress.org/trunk@24912 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-31 04:58:59 +00:00
Andrew Nacin
911b0b4fb7 New build of MediaElement.js SWF. see #24183.
git-svn-id: https://develop.svn.wordpress.org/trunk@24910 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-31 04:38:34 +00:00
Andrew Nacin
61405b9934 Heartbeat: Reduce the heartbeat from 120 sec to 100 sec when the window doesn't have the focus, to be shorter than the post lock expiration window.
props azaozz.
fixes #24894.



git-svn-id: https://develop.svn.wordpress.org/trunk@24908 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-31 03:23:22 +00:00
Michael Adams (mdawaffe)
755d98f7dc Improved XML handling for oEmbed.
git-svn-id: https://develop.svn.wordpress.org/trunk@24902 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-30 21:57:27 +00:00
Andrew Nacin
dbe4197dd3 Add missing documentation from [24894]. see #24646.
git-svn-id: https://develop.svn.wordpress.org/trunk@24895 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-30 18:39:57 +00:00
Andrew Nacin
84255b0e03 Introduce wp_safe_remote_request(). Also wp_safe_remote_head(), wp_safe_remote_get(), wp_safe_remote_post().
Reverts [24482].

see #24646.



git-svn-id: https://develop.svn.wordpress.org/trunk@24894 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-30 15:37:01 +00:00
Dion Hulse
6ceefc0e26 WP_HTTP: PHPDoc updates for WP_Http::handle_redirects(). Props DrewAPicture. Fixes #16889
git-svn-id: https://develop.svn.wordpress.org/trunk@24890 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-30 06:47:03 +00:00
Andrew Nacin
d3363d11bf New build of SWFUpload that ignores URL query strings.
git-svn-id: https://develop.svn.wordpress.org/trunk@24880 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 19:15:00 +00:00
bumpbot
b3c1e7a5d4 Compress scripts/styles: 3.7-alpha-24877.
git-svn-id: https://develop.svn.wordpress.org/trunk@24877 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 18:58:59 +00:00
Jon Cave
707bd3ae4a Fix potential SQLi through improper use of API functions.
git-svn-id: https://develop.svn.wordpress.org/trunk@24875 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 18:16:47 +00:00
Andrew Nacin
16adf7644b Reset $wpdb->insert_id on a failed INSERT or REPLACE. See [24459] [24494].
git-svn-id: https://develop.svn.wordpress.org/trunk@24872 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 18:14:05 +00:00
Andrew Nacin
5a0e739cc7 Limit pingback response size. fixes #4137. for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@24871 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 18:00:06 +00:00
Andrew Nacin
241ca959be Update MediaElement.js SWF file from upstream. Fixes issues with controls. fixes #24183.
git-svn-id: https://develop.svn.wordpress.org/trunk@24861 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 09:16:02 +00:00
Andrew Nacin
50a1ab0c8e Update HTML classes in the audio and video shortcodes. props rfair404. fixes #24820.
git-svn-id: https://develop.svn.wordpress.org/trunk@24857 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 06:51:46 +00:00
bumpbot
9aca968cab Compress scripts/styles: 3.7-alpha-24851.
git-svn-id: https://develop.svn.wordpress.org/trunk@24851 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 04:58:59 +00:00
Andrew Nacin
86661dc523 Don't override an existing WP_Error object in wp_authenticate_username_password().
props willnorris.
fixes #19714.



git-svn-id: https://develop.svn.wordpress.org/trunk@24850 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 03:43:22 +00:00
Andrew Nacin
4da2cb6d51 Avoid racing TinyMCE, which avoids the creation of unnecessary autosaves. props azaozz. see #7392.
git-svn-id: https://develop.svn.wordpress.org/trunk@24849 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 03:37:14 +00:00
Andrew Nacin
949c53cae1 Remove "special" multisite spam check in the authentication API.
The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.



git-svn-id: https://develop.svn.wordpress.org/trunk@24848 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 03:23:51 +00:00
bumpbot
6bd6a8f136 Compress scripts/styles: 3.7-alpha-24847.
git-svn-id: https://develop.svn.wordpress.org/trunk@24847 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 02:58:58 +00:00
Dion Hulse
8f4c113718 WP_HTTP: When multiple location headers are specified, use the last specified location url as the redirect location. Fixes #16890
git-svn-id: https://develop.svn.wordpress.org/trunk@24846 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 02:11:46 +00:00
Dion Hulse
9ebe1e049b WP_HTTP: Fsockopen: Respect a specified Host header in the Fsockopen WP_HTTP transport. Fixes #24182
git-svn-id: https://develop.svn.wordpress.org/trunk@24845 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 01:47:01 +00:00
Andrew Nacin
685fd7fdea If wp-login.php is accessed over HTTPS, get_home_url() should not return HTTPS. This is the same assumption we use in the admin.
props willnorris.
fixes #16822.



git-svn-id: https://develop.svn.wordpress.org/trunk@24844 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 01:21:27 +00:00
Dion Hulse
8d07217b58 WP_HTTP: Abstract out the Redirection handling code into it's own method and fix a bunch of redirection edgecases at the same time.
Fixes #17588
Fixes 16889
Props wonderboymusic and kovshenin for initial patches


git-svn-id: https://develop.svn.wordpress.org/trunk@24843 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 01:19:54 +00:00
Helen Hou-Sandi
a7de44b373 Set the default internal search value for the link dialog to be the text that is highlighted in the editor. props greuben. fixes #16276.
git-svn-id: https://develop.svn.wordpress.org/trunk@24841 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 01:01:33 +00:00
bumpbot
a98c1ad91e Compress scripts/styles: 3.7-alpha-24839.
git-svn-id: https://develop.svn.wordpress.org/trunk@24839 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 00:58:57 +00:00
Mark Jaquith
3723898d5b Fix a variable typo in get_post_gallery_images().
props rodrigosprimo. Fixes #24202 for trunk.

git-svn-id: https://develop.svn.wordpress.org/trunk@24837 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-29 00:52:31 +00:00
Andrew Nacin
6f3d2e4e93 Add description argument to register_taxonomy().
props aaronholbrook.
fixes #24808.



git-svn-id: https://develop.svn.wordpress.org/trunk@24833 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 23:01:56 +00:00
Andrew Nacin
828514ac0b When registering a post type, pass the correct argument for feeds to add_permastruct().
props butuzov, johnpbloch.
fixes #23302.



git-svn-id: https://develop.svn.wordpress.org/trunk@24830 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 22:28:18 +00:00
Andrew Nacin
434066573b Add $taxonomy to edit_terms and edited_terms actions. props SergeyBiryukov, fixes #22542.
git-svn-id: https://develop.svn.wordpress.org/trunk@24829 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 22:15:03 +00:00
Andrew Nacin
e09aaf8cf5 Return an empty stdClass from wp_count_posts() when a nonexistent post type is requested.
props johnpbloch.
fixes #24803.



git-svn-id: https://develop.svn.wordpress.org/trunk@24826 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 21:38:00 +00:00
Andrew Nacin
ec1ae2334a Inline documentation for esc_attr_x() and esc_html_x(). props fjarrett, fixes #24212.
git-svn-id: https://develop.svn.wordpress.org/trunk@24825 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 21:26:10 +00:00
Andrew Nacin
f05e592506 Pass $update to the save_post and wp_insert_post hooks in wp_insert_post(). props ericmann, fixes #21450.
git-svn-id: https://develop.svn.wordpress.org/trunk@24823 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 21:05:25 +00:00
bumpbot
d1a8fdb58b Compress scripts/styles: 3.7-alpha-24822.
git-svn-id: https://develop.svn.wordpress.org/trunk@24822 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 20:58:51 +00:00
Andrew Ozz
50b8437d59 Add "experimental" to heartbeat phpdoc, fixes #24855 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@24818 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 20:54:48 +00:00
Andrew Nacin
7eda325f58 Allow has_post_format() to accept an array of formats to check. props ericmann. fixes #17320.
git-svn-id: https://develop.svn.wordpress.org/trunk@24817 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 20:48:09 +00:00
Jon Cave
0a7dbdc284 Introduce a new endpoint mask for all archives, fixes #16303.
git-svn-id: https://develop.svn.wordpress.org/trunk@24812 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 19:18:19 +00:00
Michael Adams (mdawaffe)
fc20fc9ebb Allow HTTPS URL enclosures.
Props markjaquith with a patch that predates all WordCamps.

Fixes #2875.


git-svn-id: https://develop.svn.wordpress.org/trunk@24810 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 19:07:43 +00:00
Jon Cave
7b0a5e5240 Drop leading / by retrieving the inner subpattern when matching attachment endpoints.
Fixes #22619


git-svn-id: https://develop.svn.wordpress.org/trunk@24809 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 19:02:08 +00:00
Michael Adams (mdawaffe)
9de8ab8274 Fix inline docs for posts functions that no longer use $wpdb.
Props jdgrimes, JustinSainton.


git-svn-id: https://develop.svn.wordpress.org/trunk@24807 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 18:52:56 +00:00
Andrew Nacin
80b1716bf9 Trunk is now 3.7-alpha.
git-svn-id: https://develop.svn.wordpress.org/trunk@24806 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-28 18:48:36 +00:00
bumpbot
d42756992c Compress scripts/styles: 3.6-RC2-24803.
git-svn-id: https://develop.svn.wordpress.org/trunk@24803 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-27 12:16:23 +00:00
bumpbot
6f5eeb5498 Compress scripts/styles: 3.6-RC2-24801.
git-svn-id: https://develop.svn.wordpress.org/trunk@24801 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-27 08:58:53 +00:00
Mark Jaquith
9d2e982a79 Parse attrs before comparing to attachment.attributes. Small efficiency gain.
Props garyc40. Fixes #24753.

git-svn-id: https://develop.svn.wordpress.org/trunk@24800 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-27 07:09:05 +00:00
Mark Jaquith
a91b02322e 3.6-RC2
git-svn-id: https://develop.svn.wordpress.org/trunk@24794 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 07:15:05 +00:00
bumpbot
48889c8a8a Compress scripts/styles: 3.6-RC1-24793.
git-svn-id: https://develop.svn.wordpress.org/trunk@24793 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 06:57:40 +00:00
Mark Jaquith
77873dedcc Oops. Forgot that we support a PHP version from 2007. Either that or I've been doing a lot of JS.
Props kovshenin. See [24789].

git-svn-id: https://develop.svn.wordpress.org/trunk@24792 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 06:36:29 +00:00
Andrew Nacin
8a54be6786 jQuery.noConflict(). see [24781]. see #24821.
git-svn-id: https://develop.svn.wordpress.org/trunk@24791 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 06:33:54 +00:00
Andrew Nacin
5ca8aa7447 Revisions changes.
* Eliminates the bloated Revisions meta box in favor of 'Revisions: #' in the publish box.
 * Adds ability to compare autosave to current post, when revisions are disabled.
 * Makes autosaves stand out visually, including "Restore This Autosave".

Also:
 * Adds missing capability check for restoring a revision.
 * When no revision matches the post's current modified time, avoid marking an autosave as 'current'.
 * Fixes wp_get_post_autosave() to return an autosave even when revisions are disabled.
 * Add 'check_enabled' arg to wp_get_post_revisions(); false avoids the wp_revisions_enabled() check.
 * Adds a responsive slider that is narrower for fewer versions. props markjaquith.

see #24804.



git-svn-id: https://develop.svn.wordpress.org/trunk@24790 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 06:08:14 +00:00
Mark Jaquith
2b63b67768 Fix some sizing issues with video embeds, and improve video/audio embed shortcode flexibility.
* `loop`, `autoplay`, and `preload` are now available via the shortcode. Use them non-annoyingly, please!
* Attributes that pass through the filters are now proper key/value pairs, not an array of `key="value"` strings.
* `preload` defaults to `metadata` for videos. This fixes the vertical video preview and Safari ogv/webm playback issues.
* Wrap a div around video embeds to combat a ME.js issue with responsive width=100% themes. Props kovshenin.

Fixes #24134, #24798.

git-svn-id: https://develop.svn.wordpress.org/trunk@24789 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-24 05:52:49 +00:00