Commit Graph

36237 Commits

Author SHA1 Message Date
Dion Hulse
698a3fb29c External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.7 branch.
Fixes #42720 for 4.7.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42479 602fd350-edb4-49c9-b593-d223f7449a82
2018-01-16 08:05:00 +00:00
Dion Hulse
5018b6595c Upgrade: When deleting old files, if deletion fails attempt to empty the file instead.
Props joemcgill, dd32.
Merges [42434] to the 4.7 branch.
Fixes #42963 for 4.7.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42467 602fd350-edb4-49c9-b593-d223f7449a82
2018-01-16 06:52:42 +00:00
John Blackbourn
e80bdf5116 Bump 4.7 branch to 4.7.8.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42318 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 18:57:45 +00:00
John Blackbourn
87ac33af45 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Merges [42261] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42275 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 16:19:42 +00:00
John Blackbourn
662033dc14 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42274 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 16:18:56 +00:00
John Blackbourn
2700e8e672 Hardening: Add escaping to the language attributes used on html elements.
Merges [42259] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42273 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 16:17:04 +00:00
John Blackbourn
c30d484e4f Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring.
Merges [42258] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42272 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 16:16:03 +00:00
John Blackbourn
2844aa499e Users: Correct the value of the lang attribute in the admin area.
This corrects the value when the user's language is set to `English (United States)` but the site language is not.

Props ocean90, afercia

See #42242

Merges [42220] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42263 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 16:05:10 +00:00
Dion Hulse
eeb633b797 WPDB: Check that AUTH_SALT is not empty, Fix a PHP notice when AUTH_SALT is undefined.
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 4.7 branch.
Fixes #42431 and #42401 for 4.7.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42231 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 01:07:45 +00:00
John Blackbourn
4e26af05f6 General: Remove the version number from the readme file in the 4.7 branch.
See #42386


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42100 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 18:05:59 +00:00
Gary Pendergast
0c987581fe Bump 4.7 branch to version 4.7.7.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42070 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 13:12:09 +00:00
Gary Pendergast
16a56fae1f Database: Restore numbered placeholders in wpdb::prepare().
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.7 branch.
See #41925.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42058 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 12:33:25 +00:00
Gary Pendergast
dc63393569 Build/Test Tools: Pass correct $message argument to WP_UnitTestCase::setExpectedException() in Tests_Ajax_CompressionTest::test_logged_out() and Tests_Ajax_TagSearch::test_no_results().
PHPUnit 6.4.1 and earlier versions ignored the `'0'` value, causing the issue to go unnoticed.

Merge of [41870] to the 4.7 branch.

Props SergeyBiryukov.
See #42232.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42052 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 06:19:42 +00:00
Dominik Schilling (ocean90)
ed053e1cd6 Taxonomy/Users: Use correct escaping function for URLs.
Merge of [41522] to the 4.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41524 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 21:20:09 +00:00
Dominik Schilling (ocean90)
71cf727550 Bump 4.7 branch to version 4.7.6.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41511 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 19:55:25 +00:00
Dominik Schilling (ocean90)
065a0ac2f4 Bump 4.7 branch to version 4.7.3.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41510 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 19:50:22 +00:00
Aaron D. Campbell
c134dea3b6 Database: Hardening to bring wpdb::prepare() inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41498 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 18:11:46 +00:00
Aaron D. Campbell
48d3ca8825 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare().
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41485 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 16:18:58 +00:00
Aaron D. Campbell
66f675be1c Database: Hardening for wpdb::prepare()
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41472 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:58:49 +00:00
John Blackbourn
1dcdbc9d60 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41459 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:38:01 +00:00
Aaron D. Campbell
61c059d708 oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
Merges [41448] to 4.7 branch.




git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41451 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 13:47:30 +00:00
Dominik Schilling (ocean90)
f97c9838d5 TinyMCE: Improve the previews for shortcodes.
Merge of [41395] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41436 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 12:40:10 +00:00
Dominik Schilling (ocean90)
55f0d1aeb1 Customize: Ensure valid themes in the preview.
Merge of [41397] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41430 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 11:49:40 +00:00
Dominik Schilling (ocean90)
b7b7358c90 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41418 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 11:10:23 +00:00
John Blackbourn
db84ba77ad General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41412] to the 4.7 branch

See #13377


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41413 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 10:17:44 +00:00
Dominik Schilling (ocean90)
dd44bf6b4c Editor: Prevent adding javascript: and data: URLs through the inline link dialog.
Merge of [41393] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41401 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 10:14:45 +00:00
John Blackbourn
597a88861b Build/Test tools: Trim the test matrix on Travis in order to speed up the 4.7 branch build.
This removes the PHP 7.0, 5.5, 5.4, 5.3, and nightly jobs.

Fixes #41707


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41307 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-22 21:40:43 +00:00
John Blackbourn
f780dd4734 Build/Test Tools: Remove ancient UT ticket handling for the 4.7 branch.
See #40533

Merges [40523] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41305 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-22 19:58:16 +00:00
John Blackbourn
0935a18cc7 Build/Test tools: Use the latest in the 4.x and 6.x branches of PHPUnit when running tests on Travis for the 4.7 branch.
See #41472

Merges [41294] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41296 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-22 17:10:00 +00:00
John Blackbourn
d18912d27f Build: Switch PHP 5.2 and 5.3 to Travis' Ubuntu precise image
Starting today, Travis will begin switching the default image to `trusty`, which does not support PHP 5.2 or 5.3.

This is not a full fix, because Travis will be dropping `precise` support entirely in September (https://github.com/travis-ci/travis-ci/issues/8072).  However, it buys us some time until then.

See #41292

Merges [41072] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41074 602fd350-edb4-49c9-b593-d223f7449a82
2017-07-18 13:05:09 +00:00
John Blackbourn
f58726da4b Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised.
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.

See #39822

Merges [40872] and [40873] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40876 602fd350-edb4-49c9-b593-d223f7449a82
2017-06-05 10:41:02 +00:00
Konstantin Obenland
98e9eaa3e1 Import Twenty Sixteen for the 4.7 branch.
See #36497.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40855 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-30 22:56:39 +00:00
John Blackbourn
a10eba08e9 Build/Test Tools: Add a missing class to the PHPUnit 6 back compat.
See #39822

Merges [40853] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40854 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-30 22:07:59 +00:00
Aaron D. Campbell
20b5d4a4e0 Post-4.7.5 version bump for 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40770 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 23:00:35 +00:00
Aaron D. Campbell
7719ada25f Bump 4.7 branch to version 4.7.5.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40748 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 21:47:01 +00:00
Pascal Birchler
f5bc3b5a12 Media: Simplify upload error message construction.
Merges [40736] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40737 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 17:59:37 +00:00
Pascal Birchler
f54b1461ac REST API: JS Client - Enable connecting to multiple endpoints.
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of 
connected endpoints is stored in `wp.api.endpoints`.

Props lucasstark.
Fixes #39683.

Merges [40364] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40735 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 16:34:22 +00:00
Aaron D. Campbell
38b02ca333 Add nonce for updating file system credentials.
Merges [40723] to 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40724 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 14:50:27 +00:00
Weston Ruter
76b080defd Customize: Fix phpunit tests after [40704] due to logic inversion error.
Merge of [40716] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40717 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 14:36:53 +00:00
Dominik Schilling (ocean90)
85bc8c5dc3 Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.7 branch.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40705 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 12:13:07 +00:00
Pascal Birchler
8c2038b21f Adjust post meta checks
Merges [40692] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40693 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 08:47:33 +00:00
Pascal Birchler
8a28180db9 Improve redirect handling
Merges[40689] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40690 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 08:39:47 +00:00
Pascal Birchler
40ece6751b Whitelist post arguments in XML-RPC
Merges [40677] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40678 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 08:16:13 +00:00
Aaron Jorbin
4326500e82 Build/Test: Post Travis results to Slack from WordPress/wordpress-develop
Backports [40604] to 4.7

Now that the WordPress/wordpress-develop GitHub repo is syncing correctly, we can use it for Travis integration.

Props jorbin for getting the ball rolling so long ago, unprops jorbin because his Travis build can finally be retired. Props Pento.

Fixes #40712.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40616 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-11 00:30:29 +00:00
John Blackbourn
8cbc520a94 Build/Test Tools: Backport various recent changes to the 4.7 branch.
* Add support for PHPUnit 6+.
* Add Composer files to the cache on Travis.
* Remove HHVM from the test infrastructure on Travis.

Merges [40536], [40538], [40539], and [40546] to the 4.7 branch.

See #40539
Fixes #39822, #40548


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40547 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-24 00:37:19 +00:00
Boone Gorges
a82fe2b598 Restore support for taxonomy 'args' override when querying object terms.
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.

The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.

Ports [40513] to the 4.7 branch.

Props danielbachhuber.
Fixes #40496.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40514 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-21 19:18:00 +00:00
Dion Hulse
2c0ecb234a List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again.
Unprop afercia.
Merges [40268] to the 4.7 branch.
Fixes #40056.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40512 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-21 07:35:13 +00:00
Pascal Birchler
97f31221c1 Post-4.7.4 version bump for 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40509 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-20 18:53:04 +00:00
Pascal Birchler
986f929a4d Bump 4.7 branch to version 4.7.4.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40487 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-20 16:20:22 +00:00
Andrew Ozz
16b1859218 TinyMCE: Fix cursor position after updating a wpview node. Fix hiding the inline toolbar on editor blur.
Props iseulde, azaozz.

Merges [40481] to the 4.7 branch.
Fixes #40480.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40482 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-19 22:17:25 +00:00