4.0 branch #6
Open
4.0 branch #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Built from https://develop.svn.wordpress.org/@29710 git-svn-id: http://core.svn.wordpress.org/branches/4.0@29484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29751] to the 4.0 branch. fixes #29518. Built from https://develop.svn.wordpress.org/branches/4.0@29761 git-svn-id: http://core.svn.wordpress.org/branches/4.0@29533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@30248 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…ut field. Merges [29829] to the 4.0 branch. props jesin, ocean90. fixes #18724. Built from https://develop.svn.wordpress.org/branches/4.0@30249 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…d of the code blocks. Merges [29884] to the 4.0 branch. Fixes a bug in Chrome where both the textarea and the window may auto-scroll to unexpected position on clicking a Quicktags button. props azaozz, avryl. fixes #29944. Built from https://develop.svn.wordpress.org/branches/4.0@30250 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29886] to the 4.0 branch. props azaozz. fixes #29952. Built from https://develop.svn.wordpress.org/branches/4.0@30251 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29733] to the 4.0 branch. Changes from 2.15.0: mediaelement/mediaelement@2.15.0...2.15.1 Continues to revert upstream commit b7f82b4 to restore the status quo for Chromium support. props wonderboymusic. fixes #29620. Built from https://develop.svn.wordpress.org/branches/4.0@30252 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…roxies which proxy from HTTPS to HTTP. Merges [30090] to the 4.0 branch. fixes #28610. Built from https://develop.svn.wordpress.org/branches/4.0@30253 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29725] to the 4.0 branch. props azaozz. fixes #29520. Built from https://develop.svn.wordpress.org/branches/4.0@30254 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…t() call Merges [30242] to the 4.0 branch. Our call to `$wp_roles->_init()` relied on the `__call()` method in `WP_Roles` to handle the link to the protected method. This works back to PHP 5.2.9, when a bug was fixed allowing access to protected methods through this exact approach. `install_blog()` needs a fresh `$wp_roles` object after `populate_roles()` resets everything in its path. We can create this new object from scratch, effectively doing the same thing with the call to `_init()` via the constructor. props jeremyfelt. fixes #29692. Built from https://develop.svn.wordpress.org/branches/4.0@30255 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29738] to the 4.0 branch. props avryl. see #29516. Built from https://develop.svn.wordpress.org/branches/4.0@30256 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
… paragraph above it and insert the content there. Merges [29766] to the 4.0 branch. props avryl. fixes #29380. Built from https://develop.svn.wordpress.org/branches/4.0@30257 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…as expected after [28579]. Merges [29745] to the 4.0 branch. props jesin, dikiy_forester. fixes #29646. Built from https://develop.svn.wordpress.org/branches/4.0@30258 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30258 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29724] to the 4.0 branch. props SergeyBiryukov. fixes #29566. Built from https://develop.svn.wordpress.org/branches/4.0@30259 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…when default permalinks are used. Merges [29765] to the 4.0 branch. props loushou. fixes #29615. Built from https://develop.svn.wordpress.org/branches/4.0@30260 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
… are booleans. Passing `'false'` to them will force them to be active, which is bad. Merges [30185] to the 4.0 branch. props wonderboymusic. fixes #29825. Built from https://develop.svn.wordpress.org/branches/4.0@30261 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…boxes and radio buttons. Merges [29727] to the 4.0 branch. props mlteal. fixes #29493. Built from https://develop.svn.wordpress.org/branches/4.0@30262 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…han term_taxonomy_id. Merges [30263] (and [30264] [30401]) to the 4.0 branch. props boonebgorges. fixes #29663, see #22112. Built from https://develop.svn.wordpress.org/branches/4.0@30405 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…tor(). Merges [29730] to the 4.0 branch. props azaozz. fixes #29592. Built from https://develop.svn.wordpress.org/branches/4.0@30406 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…`<textarea>` has focus. Merges [29777] (and [30378]) to the 4.0 branch. Props ryelle, adamsilverstein. Fixes #29725. Built from https://develop.svn.wordpress.org/branches/4.0@30407 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29723] to the 4.0 branch. props skaeser. fixes #29596. Built from https://develop.svn.wordpress.org/branches/4.0@30408 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [29755] to the 4.0 branch. props wonderboymusic. fixes #29597. Built from https://develop.svn.wordpress.org/branches/4.0@30409 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
see #29573 for 4.0. see #28350. Built from https://develop.svn.wordpress.org/branches/4.0@30410 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30412] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30413 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30417] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30418 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30422] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30423 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30425] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30426 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30430] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30431 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30435] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30436 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [30438] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30439 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@46034 git-svn-id: http://core.svn.wordpress.org/branches/4.0@45846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Query: Remove the static query property. - HTTP API: Protect against hex interpretation. - Filesystem API: Prevent directory travelersals when creating new folders. - Administration: Ensure that admin referer nonce is valid. - REST API: Send a Vary: Origin header on GET requests. - Customizer: Properly sanitize background images. Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@46502 git-svn-id: http://core.svn.wordpress.org/branches/4.0@46299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@46520 git-svn-id: http://core.svn.wordpress.org/branches/4.0@46317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…tes, `wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. Brings r46895 to the 4.0 branch. Props: xknown, nickdaugherty, peterwilsoncc. Built from https://develop.svn.wordpress.org/branches/4.0@46908 git-svn-id: http://core.svn.wordpress.org/branches/4.0@46708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@46933 git-svn-id: http://core.svn.wordpress.org/branches/4.0@46733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Query: Ensure that only a single post can be returned on date/time based queries. Cache API: Ensure proper escaping around the stats method in the cache API. Formatting: Expand `sanitize_file_name` to have better support for utf8 characters. Brings the changes in [47634], [47635], [47637], and [47638] to the 4.0 branch. Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown. Built from https://develop.svn.wordpress.org/branches/4.0@47659 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@47680 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@47688 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@47690 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds. - Editor: Prevent HTML decoding on by setting the proper editor context. - Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters. - Themes: Ensure a broken theme name is returned properly. - Administration: Add a new filter to extend set-screen-option. Merges [47947-47951] to the 4.0 branch. Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake. Built from https://develop.svn.wordpress.org/branches/4.0@47968 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Follow-up to [47968] for the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@47981 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@48003 git-svn-id: http://core.svn.wordpress.org/branches/4.0@47771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…new `set_screen_option_{$option}` filter to ensure backward compatibility.
Rename the `$keep` parameter of both filters to `$screen_option` for clarity, update the documentation to better reflect its purpose.
Follow-up to [47951].
Props Chouby, sswells, SergeyBiryukov.
Merges [48241] to the 4.0 branch.
Fixes #50392.
Built from https://develop.svn.wordpress.org/branches/4.0@48258
git-svn-id: http://core.svn.wordpress.org/branches/4.0@48027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users. * External Libraries: Disable deserialization in Requests_Utility_FilteredIterator * Embeds: Disable embeds on deactivated Multisite sites. * Coding standards: Modify escaping functions to avoid potential false positives. * XML-RPC: Return error message if attachment ID is incorrect. * Upgrade/install: Improve logic check when determining installation status. * Meta: Sanitize meta key before checking protection status. * Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page. Brings the changes from [49380,49382-49388] to the 4.0 branch. Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32. Built from https://develop.svn.wordpress.org/branches/4.0@49406 git-svn-id: http://core.svn.wordpress.org/branches/4.0@49165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@49424 git-svn-id: http://core.svn.wordpress.org/branches/4.0@49183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the 4.0 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy. Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401). This change also introduces a `packager-lock.json` file to the branch. In addition to backporting the package updates that happened after branching 4.0, dependencies that were removed in future releases have also been updated to their latest versions. Props desrosj, dd32, netweb, jorbin. Merges [30059-30063,30066-30067,31425,31504,31557,31648,31649-31650,32356-32357,32988,33726,35363,35513,35521,35538-35541,35859,36861-36865,37017,37019-37020,37212,37612,38111,39110,39113,39115-39117,39478,41835,42460-42461,42463,42887,43320,43323,43977,44219,44233,45321,45765,46404,46408-46409,47404,47867,47872-47873,48705,49636,49933,49937,49939,50126,50176,50185,50192] to the 4.0 branch. See #52341. Built from https://develop.svn.wordpress.org/branches/4.0@50218 git-svn-id: http://core.svn.wordpress.org/branches/4.0@49885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
…e 4.0 branch. This backports several build and test tool improvements to the 4.0 branch. Most notably, this includes: - The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590]. - Splitting single site and multisite tests into parallel jobs [50379]. - Split slow tests into separate, parallel jobs for PHP <= 5.6 [50444]. - Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479]. - Several `devDependency` updates. Merges [50379,50387,50416,50432,50435-50436,50444,50446,50473-50474,50476,50479,50485-50487,50545,50590] to the 4.0 branch. See #50401, #51801, #51802, #52548, #52612, #52624, #52625, #52645, #52653, #52658, #52660, #52667. Built from https://develop.svn.wordpress.org/branches/4.0@50644 git-svn-id: http://core.svn.wordpress.org/branches/4.0@50256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown. Partially merges [50799] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@50864 git-svn-id: http://core.svn.wordpress.org/branches/4.0@50473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@50886 git-svn-id: http://core.svn.wordpress.org/branches/4.0@50495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Query: Improve sanitization within `WP_Tax_Query`. - Upgrade/Install: Avoid using `unserialize()` unnecessarily. - Formatting: Correctly encode ASCII characters in post slugs. Merges [52454,52456-52457] to the 4.0 branch. Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn. Built from https://develop.svn.wordpress.org/branches/4.0@52483 git-svn-id: http://core.svn.wordpress.org/branches/4.0@52075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@52505 git-svn-id: http://core.svn.wordpress.org/branches/4.0@52097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the "jquery-query" library from version 2.1.7 to 2.2.3. Props jorbin, peterwilsoncc, xknown, audrasjb, jorgefilipecosta. Merges [52844] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@52866 git-svn-id: http://core.svn.wordpress.org/branches/4.0@52455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@52885 git-svn-id: http://core.svn.wordpress.org/branches/4.0@52474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Posts, Post Types: Escape output within `the_meta()`. - General: Ensure bookmark query limits are numeric. - Plugins: Escape output in error messages. Merges [53958-53960] to the 4.0 branch. Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs. Built from https://develop.svn.wordpress.org/branches/4.0@53983 git-svn-id: http://core.svn.wordpress.org/branches/4.0@53542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@54007 git-svn-id: http://core.svn.wordpress.org/branches/4.0@53566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress. Two strings are introduced: * indicating the version of WordPress is not receiving security updates, and, * indicating the version of WordPress will shortly stop receiving security updates. This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress. Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16. Merges [54322] to the 4.0 branch. See #56532. Built from https://develop.svn.wordpress.org/branches/4.0@54460 git-svn-id: http://core.svn.wordpress.org/branches/4.0@54019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Posts, Post types: Apply KSES to post-by-email content, - General: Validate host on "Are you sure?" screen, - Posts, Post types: Remove emails from post-by-email logs, - Pings/trackbacks: Apply KSES to all trackbacks, - Comments: Apply kses when editing comments, - Mail: Reset PHPMailer properties between use, - Widgets: Escape RSS error messages for display. Merges [54521], [54522], [54523], [54525], [54527], [54529], [54541] to the 4.0 branch. Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, davidbaumwald, tykoted, matveb, talldanwp. Built from https://develop.svn.wordpress.org/branches/4.0@54551 git-svn-id: http://core.svn.wordpress.org/branches/4.0@54106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@54579 git-svn-id: http://core.svn.wordpress.org/branches/4.0@54133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace update nag in WordPress 4.0 to indicate users need to update to a newer version of WordPress in order to continue receiving security updates. Props peterwilsoncc, audrasjb. Fixes #56786 for the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@54898 git-svn-id: http://core.svn.wordpress.org/branches/4.0@54450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Built from https://develop.svn.wordpress.org/branches/4.0@54905 git-svn-id: http://core.svn.wordpress.org/branches/4.0@54457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.