sergiotarxz/Wordpress
sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
33,074 Commits 2 Branches 473 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sergey Biryukov c8a62fa989 Update wp_kses_bad_protocol() to recognize : on uri attributes, 
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.4 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

git-svn-id: https://develop.svn.wordpress.org/branches/4.4@46912 602fd350-edb4-49c9-b593-d223f7449a82
2019-12-12 18:43:41 +00:00
src
Update wp_kses_bad_protocol() to recognize : on uri attributes,
2019-12-12 18:43:41 +00:00
tests
Update wp_kses_bad_protocol() to recognize : on uri attributes,
2019-12-12 18:43:41 +00:00
tools/i18n
i18n tools: Use https for msgid-bugs-address URLs.
2015-07-27 19:37:13 +00:00
.editorconfig
Use HTTPS URLs for codex.wordpress.org.
2015-04-12 21:28:58 +00:00
.gitignore
Remove an IDE-specific rule in .gitignore. These should be managed in the user's ~/.gitignore_global file.
2015-10-18 00:15:23 +00:00
.jshintrc
Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files.
2015-11-12 12:04:55 +00:00
.nvmrc
Add .nvmrc files to older versions of WordPress
2019-09-25 21:00:04 +00:00
.travis.yml
Build/Test tools: Further trimming of CI jobs on the 4.4 branch.
2019-03-25 16:30:14 +00:00
Gruntfile.js
Build: Update source for includes:embed after [35718].
2015-11-20 15:36:21 +00:00
npm-shrinkwrap.json
Add npm-shrinkwrap.json for 4.4
2016-01-03 22:36:43 +00:00
package.json
WordPress 4.4.20.
2019-10-14 20:11:31 +00:00
phpunit.xml.dist
Unit Tests: add SpeedTrapListener to phpunit/includes and add the config node to phpunit.xml.dist.
2015-10-16 00:27:28 +00:00
wp-cli.yml
Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
2015-11-28 18:36:06 +00:00
wp-config-sample.php
Lightly clean up and improve inline documentation in wp-config-sample.php.
2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php
Database: Restore numbered placeholders in wpdb::prepare().
2017-10-31 12:45:48 +00:00
Description
No description provided
137 MiB
Languages
PHP 76.7%
CSS 10.9%
JavaScript 9.2%
Modelica 2.4%
HTML 0.6%
Other 0.2%