sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
34,435 Commits 2 Branches 473 Tags 137 MiB
PHP 76.7%
CSS 10.9%
JavaScript 9.2%
Modelica 2.4%
HTML 0.6%
Other 0.2%
Go to file
Rachel Baker 25c3618138 REST API: Create the general `wp_check_jsonp_callback()` function for validating JSONP callback functions. 
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.

git-svn-id: https://develop.svn.wordpress.org/trunk@37646 602fd350-edb4-49c9-b593-d223f7449a82
 		2016-06-06 21:33:30 +00:00
src REST API: Create the general `wp_check_jsonp_callback()` function for validating JSONP callback functions. 2016-06-06 21:33:30 +00:00
tests REST API: Create the general `wp_check_jsonp_callback()` function for validating JSONP callback functions. 2016-06-06 21:33:30 +00:00
tools/i18n i18n tools: In `StringExtractor` don't strip slashes from URLs. 2016-02-29 20:44:31 +00:00
.editorconfig Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:28:58 +00:00
.gitignore Remove accidental .svn addition to .gitignore 2015-12-12 18:26:22 +00:00
.jshintrc Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files. 2015-11-12 12:04:55 +00:00
.travis.yml Tests: Upgrade the HHVM job to use Ubuntu Trusty, and a more recent version of HHVM. 2016-05-25 06:11:20 +00:00
Gruntfile.js Build/Test Tools: Run image tasks only if there are changes 2016-04-15 10:18:03 +00:00
package.json Update grunt-patch-wordpress to 0.4.0 2016-06-01 21:24:09 +00:00
phpunit.xml.dist Set a whitelist for PHPUnit code coverage. 2016-05-17 20:22:57 +00:00
wp-cli.yml Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development. 2015-11-28 18:36:06 +00:00
wp-config-sample.php Lightly clean up and improve inline documentation in wp-config-sample.php. 2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php Unit Tests: Correct comment in `wp-tests-config-sample.php`. 2016-01-21 20:24:12 +00:00