There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props 1naveengiri, joyously.
Fixes#44115.
git-svn-id: https://develop.svn.wordpress.org/trunk@43290 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42228 602fd350-edb4-49c9-b593-d223f7449a82
The `submitdelete` CSS class is used in various places across the admin for some
"red" action links. It is worth simplifying this rule for further improvements
related to color contrast.
- simplifies a non-standard styling for the "Remove/Cancel" links in the Menus screen
- underlines all the "Move to trash/Delete" red links in all the Publish meta boxes
- fixes CSS classes usage for all the Publish meta boxes primary buttons
- fixes broken layout for the old Link Manager publish meta box
Props karmatosed, hugobaeta, monikarao, afercia.
Fixes#37969, #37018. See #37448, #37138, #27314.
git-svn-id: https://develop.svn.wordpress.org/trunk@38616 602fd350-edb4-49c9-b593-d223f7449a82
Replaces unsecure links in documentation and translator comments with their secure versions.
Props johnpgreen, netweb
Fixes#36993
git-svn-id: https://develop.svn.wordpress.org/trunk@37674 602fd350-edb4-49c9-b593-d223f7449a82
The current orange and red used for the radio button labels in the Edit Comment
"Status" box don't have a sufficient color contrast ratio with the background.
Removing the colors improves accessibility and consistency.
See #35659, #35622.
Fixes#36967.
git-svn-id: https://develop.svn.wordpress.org/trunk@37611 602fd350-edb4-49c9-b593-d223f7449a82
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619.
git-svn-id: https://develop.svn.wordpress.org/trunk@33891 602fd350-edb4-49c9-b593-d223f7449a82
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.
props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes#26156.
git-svn-id: https://develop.svn.wordpress.org/trunk@33774 602fd350-edb4-49c9-b593-d223f7449a82
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes#31650.
git-svn-id: https://develop.svn.wordpress.org/trunk@32974 602fd350-edb4-49c9-b593-d223f7449a82
Also, remove from `edit-form-comment.php` and add a new filter: `edit_comment_misc_actions`.
Props ozh, joedolson, rachelbaker.
Fixes#15281.
git-svn-id: https://develop.svn.wordpress.org/trunk@32929 602fd350-edb4-49c9-b593-d223f7449a82
Previously there were no labels, and since labels can't contain links and the links were of dubious value, we've removed those.
props afercia, DrewAPicture.
fixes#31326.
git-svn-id: https://develop.svn.wordpress.org/trunk@32796 602fd350-edb4-49c9-b593-d223f7449a82
Since [31172], it caused the comment's `user_id` field to be unexpectedly changed to the user who edits the comment.
fixes#30307.
git-svn-id: https://develop.svn.wordpress.org/trunk@31776 602fd350-edb4-49c9-b593-d223f7449a82
Attempting to moderate comments without context about the post is more difficult than necessary. The comment moderation screen you are sent to via email link was also in need of some better visual treatment.
props thaicloud, seanchayes, adamsilverstein.
see #23988.
git-svn-id: https://develop.svn.wordpress.org/trunk@31641 602fd350-edb4-49c9-b593-d223f7449a82
- iOS Safari opens the keyboard and auto-scrolls on the first tap anywhere on the screen triggering the click at an unexpected place. That makes it impossible to follow links or press buttons.
- Chrome on iOS opens the keyboard on load and may scroll the focused field off screen.
- The Android 4.4 browser only highlights the field, the user has to tap it to open the keyboard and type.
See #30703.
git-svn-id: https://develop.svn.wordpress.org/trunk@30842 602fd350-edb4-49c9-b593-d223f7449a82
* All WordPress files move to a src/ directory.
* New task runner (Grunt), configured to copy a built WordPress to build/.
* svn:ignore and .gitignore for Gruntfile.js, wp-config.php, and node.js.
* Remove Akismet external from develop.svn. Still exists in core.svn.
* Drop minified files from src/. The build process will now generate these.
props koop.
see #24976.
and see http://wp.me/p2AvED-1AI.
git-svn-id: https://develop.svn.wordpress.org/trunk@25001 602fd350-edb4-49c9-b593-d223f7449a82
