Permalink
Commits on Jul 5, 2018
  1. Media: Limit thumbnail file deletions to the same directory as the or…

    johnbillion committed Jul 5, 2018
    …iginal file.
    
    Merges [43393] into the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@43401
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@43229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Apr 3, 2018
  1. Template: Make sure the version string is correctly escaped for use i…

    ocean90 committed Apr 3, 2018
    …n attributes.
    
    Merge of [42893] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42925
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  2. Login: Use `wp_safe_redirect()` when redirecting the login page if fo…

    ocean90 committed Apr 3, 2018
    …rced to use HTTPS.
    
    Merge of [42892] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42903
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Jan 23, 2018
  1. General: Update copyright year to 2018 in license.txt.

    SergeyBiryukov committed Jan 23, 2018
    Props rachelbaker.
    Merges [42424] to the 4.1 branch.
    Fixes #43007.
    Built from https://develop.svn.wordpress.org/branches/4.1@42560
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Jan 16, 2018
  1. Bump the 4.1 branch to 4.1.22.

    dd32 committed Jan 16, 2018
  2. External Libraries: Remove unnecessary / obsoleted MediaElement.js fi…

    dd32 committed Jan 16, 2018
    …les.
    
    Merges [42478] to the 4.1 branch.
    Fixes #42720 for 4.1.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42485
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  3. Upgrade: When deleting old files, if deletion fails attempt to empty …

    dd32 committed Jan 16, 2018
    …the file instead.
    
    Props joemcgill, dd32.
    Merges [42434] to the 4.1 branch.
    Fixes #42963 for 4.1.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42473
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Nov 29, 2017
  1. Hardening: Remove the ability to upload JavaScript files for users wh…

    johnbillion committed Nov 29, 2017
    …o do not have the `unfiltered_html` capability.
    
    Merges [42261] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42299
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  2. Hardening: Ensure the attributes of enclosures are correctly escaped …

    johnbillion committed Nov 29, 2017
    …in RSS and Atom feeds.
    
    Merges [42260] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42298
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  3. Hardening: Add escaping to the language attributes used on `html` ele…

    johnbillion committed Nov 29, 2017
    …ments.
    
    Merges [42259] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42297
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  4. Hardening: Use a properly generated hash for the `newbloguser` key in…

    johnbillion committed Nov 29, 2017
    …stead of a determinate substring.
    
    Merges [42258] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42296
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Nov 27, 2017
  1. WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUT…

    dd32 committed Nov 27, 2017
    …H_SALT` is undefined.
    
    Props jsonfry, mkomar, pento.
    Merges [42119] and [42120] to the 4.1 branch.
    Fixes #42431 and #42401 for 4.1.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42237
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@42066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Oct 31, 2017
  1. Database: Restore numbered placeholders in `wpdb::prepare()`.

    pento committed Oct 31, 2017
    [41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
    
    This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
    
    Merges [41662], [42056] to the 4.2 branch.
    See #41925.
    
    
    Built from https://develop.svn.wordpress.org/branches/4.1@42064
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Sep 19, 2017
  1. Users: Use correct escaping function for URLs.

    ocean90 committed Sep 19, 2017
    Merge of [41522] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41530
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  2. Database: Hardening to bring `wpdb::prepare()` inline with documentat…

    aaroncampbell committed Sep 19, 2017
    …ion.
    
    `wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
    
    Merges [41496] to 4.1 branch.
    
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41504
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  3. Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb:…

    aaroncampbell committed Sep 19, 2017
    …:prepare()`.
    
    While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.
    
    Merges [41483] to 4.1 branch.
    
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41491
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  4. Database: Hardening for `wpdb::prepare()`

    aaroncampbell committed Sep 19, 2017
    Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
    
    Merges [41470] to 4.1 branch.
    
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41478
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  5. Filesystem API: Ensure filenames are valid before attempting to unzip…

    johnbillion committed Sep 19, 2017
    … them to ensure malformed file paths don't cause issues.
    
    Merges [41457] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41465
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  6. General: Add missing URL-encoding and add extra hardening to plugin a…

    johnbillion committed Sep 19, 2017
    …nd template names when they're displayed in the admin area.
    
    Merges [41434] with changes to the 4.1 branch.
    
    See #13377
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41446
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  7. TinyMCE: Improve the previews for shortcodes.

    ocean90 committed Sep 19, 2017
    Merge of [41395] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41442
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  8. Users: Provide a fallback for incorrect HTTP referrers.

    ocean90 committed Sep 19, 2017
    Merge of [41398] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41424
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  9. Editor: Prevent adding `javascript:` and `data:` URLs through the inl…

    ocean90 committed Sep 19, 2017
    …ine link dialog.
    
    Merge of [41393] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@41407
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@41240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on May 16, 2017
  1. Media: Simplify upload error message construction.

    swissspidy committed May 16, 2017
    Merges [40736] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@40743
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@40601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  2. Add nonce for updating file system credentials.

    aaroncampbell committed May 16, 2017
    Merges [40723] to 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@40730
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@40588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  3. Customize: Ignore invalid customization sessions.

    ocean90 committed May 16, 2017
    Merge of [40704] to the 4.1 branch.
    Built from https://develop.svn.wordpress.org/branches/4.1@40711
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@40574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  4. Adjust post meta checks

    swissspidy committed May 16, 2017
    Merges [40692] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@40699
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@40562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  5. Whitelist post arguments in XML-RPC

    swissspidy committed May 16, 2017
    Merges [40677] to the 4.1 branch.
    
    Built from https://develop.svn.wordpress.org/branches/4.1@40684
    
    
    git-svn-id: http://core.svn.wordpress.org/branches/4.1@40547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Commits on Apr 20, 2017