HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7a0a07d69156aba316d566f37dcdd498f59d138d
wordpress/wp-includes
History
johnjamesjacoby 7a0a07d691 Admin/HTTP API: add suggested filename support to download_url(). 
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.

If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.

If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.

Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.

Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.

Fixes #38231.
Built from https://develop.svn.wordpress.org/trunk@51939


git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:00:01 +00:00
..
assets
Editor: Update block editor packages for WordPress 5.8.1.
2021-09-01 19:08:24 +00:00
block-patterns
Block Editor: Backport fixes targetted for WordPress 5.8 RC4.
2021-07-15 18:55:29 +00:00
block-supports
Coding Standards: Use static closures when not using $this.
2021-08-26 12:59:02 +00:00
blocks
Build: Split packages and blocks to their webpack configs
2021-07-28 10:06:59 +00:00
certificates
HTTP: Remove the DST Root CA X3 certificate expired on September 30, 2021.
2021-10-03 17:51:06 +00:00
css
Coding Standards: Apply coding standards on CSS.
2021-09-02 22:18:00 +00:00
customize
Code Modernization: Fix parameter name mismatch with parent in WP_Customize_Custom_CSS_Setting::validate().
2021-09-09 15:18:55 +00:00
fonts
ID3
External Libraries: Revert [51900] for now to investigate test failures.
2021-10-10 01:16:57 +00:00
images
IXR
XML-RPC: Set HTTP status code in accordance with the spec.
2021-05-24 02:18:58 +00:00
js
External Libraries: Update jQuery UI to 1.13.0 final.
2021-10-08 18:06:00 +00:00
php-compat
Docs: Improve documentation for a few functions per the documentation standards.
2021-08-10 13:45:57 +00:00
PHPMailer
External Libraries: Restore the phpcs:ignore statements in PHPMailer.
2021-08-18 14:08:56 +00:00
pomo
Coding Standards: Add public visibility to methods in src directory.
2021-10-18 17:52:58 +00:00
random_compat
Requests
External Libraries: Update the Requests library to version 1.8.0.
2021-05-11 19:42:02 +00:00
rest-api
REST API: Correct the order of the parameters documented for WP_REST_Server::respond_to_request().
2021-10-18 11:14:57 +00:00
SimplePie
sitemaps
Code Modernization: Fix parameter name mismatches for parent/child classes in WP_Sitemaps_Provider::get_max_num_pages().
2021-09-09 19:42:56 +00:00
sodium_compat
Upgrade/Install: Update sodium_compat to v1.17.0.
2021-08-10 13:04:57 +00:00
Text
theme-compat
widgets
Docs: Miscellaneous docblock corrections and improvements.
2021-09-22 21:23:00 +00:00
admin-bar.php
Docs: Improve various inline documentation for admin bar functions and hooks.
2021-10-04 20:46:59 +00:00
atomlib.php
author-template.php
Users: Escape get_author_posts_url() link in wp_list_authors().
2021-06-21 06:06:57 +00:00
block-editor.php
Docs: Fix typo in the get_block_editor_settings() description.
2021-08-15 12:45:59 +00:00
block-i18n.json
Blocks: Add support for variations in block.json` file
2021-08-11 09:08:01 +00:00
block-patterns.php
Editor: Ensure the Query block pattern category is translatable.
2021-07-02 14:35:58 +00:00
block-template-utils.php
Docs: Descriptive improvements and corrections for various docblocks.
2021-07-01 21:12:58 +00:00
block-template.php
Coding Standards: Use static closures when not using $this.
2021-08-26 12:59:02 +00:00
blocks.php
Docs: Add a @since note for the new $parent_block parameter of several filters:
2021-10-07 13:15:59 +00:00
bookmark-template.php
bookmark.php
General: Ensure consistent type for integer properties of a bookmark object.
2021-05-20 00:04:56 +00:00
cache-compat.php
cache.php
canonical.php
Permalinks: Revert the changes stemming from pagination limits.
2021-06-08 23:32:56 +00:00
capabilities.php
category-template.php
Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
2021-09-21 18:21:00 +00:00
category.php
class-feed.php
class-http.php
Coding Standards: Use strict comparison in wp-includes/class-http.php.
2021-09-30 14:05:02 +00:00
class-IXR.php
class-json.php
class-oembed.php
class-phpass.php
External Libraries: Update the phpass library to version 0.5.
2021-05-25 18:47:59 +00:00
class-phpmailer.php
class-pop3.php
class-requests.php
External Libraries: Update the Requests library to version 1.8.1.
2021-06-06 14:05:56 +00:00
class-simplepie.php
class-smtp.php
class-snoopy.php
class-walker-category-dropdown.php
Code Modernization: Fix last parameter name mismatches for parent/child classes in Walker::start_el().
2021-09-09 12:39:59 +00:00
class-walker-category.php
Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in Walker::end_el().
2021-09-09 13:03:55 +00:00
class-walker-comment.php
Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in Walker::end_el().
2021-09-09 13:03:55 +00:00
class-walker-nav-menu.php
Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in Walker::end_el().
2021-09-09 13:03:55 +00:00
class-walker-page-dropdown.php
Code Modernization: Fix last parameter name mismatches for parent/child classes in Walker::start_el().
2021-09-09 12:39:59 +00:00
class-walker-page.php
Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in Walker::end_el().
2021-09-09 13:03:55 +00:00
class-wp-admin-bar.php
Docs: Improve documentation for WP_Admin_Bar methods.
2021-09-29 13:39:59 +00:00
class-wp-ajax-response.php
class-wp-application-passwords.php
Application Passwords: Improve various user-facing and developer-facing terminology.
2021-07-19 21:14:57 +00:00
class-wp-block-editor-context.php
Editor: Add missing class WP_Block_Editor_Context
2021-05-24 07:38:58 +00:00
class-wp-block-list.php
Code Modernization: Silence the deprecation warnings for missing return type in WP_Block_List.
2021-08-03 11:12:55 +00:00
class-wp-block-parser.php
class-wp-block-pattern-categories-registry.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
class-wp-block-patterns-registry.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
class-wp-block-styles-registry.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
class-wp-block-supports.php
class-wp-block-template.php
Block Editor: Introduce block templates for classic themes.
2021-05-25 14:20:57 +00:00
class-wp-block-type-registry.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
class-wp-block-type.php
Build: Split packages and blocks to their webpack configs
2021-07-28 10:06:59 +00:00
class-wp-block.php
Apply the pre_render_block, render_block_data, and render_block_context filters when rendering inner/nested blocks. Introdices another param to these filters: $parent_block that is the "parent" WP_Block instance for nested blocks and null for top level blocks. Adds unit tests for the filters.
2021-10-06 18:49:01 +00:00
class-wp-comment-query.php
Code Modernization: Fix "passing null to non-nullable" deprecation notice in WP_Comment_Query::get_comment_ids().
2021-09-13 18:54:59 +00:00
class-wp-comment.php
class-wp-customize-control.php
Coding Standards: Escape id attributes in WP_Customize_Control::render_content() and ::print_template().
2021-10-22 16:09:59 +00:00
class-wp-customize-manager.php
Coding Standards: Add public visibility to methods in src directory.
2021-10-18 17:52:58 +00:00
class-wp-customize-nav-menus.php
Docs: Miscellaneous inline documentation improvements, including:
2021-10-04 20:44:02 +00:00
class-wp-customize-panel.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-customize-section.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-customize-setting.php
Coding Standards: Add public visibility to methods in src directory.
2021-10-18 17:52:58 +00:00
class-wp-customize-widgets.php
Widgets: Revert [51705].
2021-09-09 21:40:57 +00:00
class-wp-date-query.php
Docs: Update WP_Date_Query documentation to reflect changes in accepted column names.
2021-10-14 18:05:04 +00:00
class-wp-dependency.php
class-wp-editor.php
Editor: Revert [51748] and [51649]. They intorduced a bug where wp.editor may be replaced with wp.oldEditor in certain cases.
2021-09-08 23:29:58 +00:00
class-wp-embed.php
Administration: Consistently escape admin_url() links.
2021-06-17 14:37:00 +00:00
class-wp-error.php
class-wp-fatal-error-handler.php
Booststrap/Load: Only reference recovery mode email when it can be sent.
2021-06-05 15:46:57 +00:00
class-wp-feed-cache-transient.php
class-wp-feed-cache.php
class-wp-hook.php
Code Modernization: Silence the deprecation warnings for missing return type in WP_Hook.
2021-08-03 11:02:00 +00:00
class-wp-http-cookie.php
Docs: Miscellaneous docblock corrections and improvements.
2021-09-22 21:23:00 +00:00
class-wp-http-curl.php
Coding Standards: Rename $theHeaders variable to $processed_headers in WP_Http_Curl::request().
2021-10-25 16:20:00 +00:00
class-wp-http-encoding.php
class-wp-http-ixr-client.php
Coding Standards: Use strict comparison in wp-includes/class-wp-http-ixr-client.php.
2021-10-01 15:00:58 +00:00
class-wp-http-proxy.php
class-wp-http-requests-hooks.php
Docs: Descriptive improvements and corrections for various docblocks.
2021-07-01 21:12:58 +00:00
class-wp-http-requests-response.php
class-wp-http-response.php
class-wp-http-streams.php
Coding Standards: Rename the $arrHeaders variable to $processed_headers in WP_Http_Streams::request().
2021-10-24 19:23:00 +00:00
class-wp-image-editor-gd.php
Code Modernization: Fix parameter name mismatches for parent/child classes in WP_Image_Editor::save().
2021-09-09 20:39:58 +00:00
class-wp-image-editor-imagick.php
Code Modernization: Fix parameter name mismatches for parent/child classes in WP_Image_Editor::save().
2021-09-09 20:39:58 +00:00
class-wp-image-editor.php
Code Modernization: Fix parameter name mismatches for parent/child classes in WP_Image_Editor::save().
2021-09-09 20:39:58 +00:00
class-wp-list-util.php
Docs: Improve documentation for wp_list_filter() and wp_filter_object_list().
2021-05-28 18:04:57 +00:00
class-wp-locale-switcher.php
class-wp-locale.php
class-wp-matchesmapregex.php
class-wp-meta-query.php
Code Modernization: Fix null to non-nullable deprecations in WP_Meta_Query::get_sql_for_clause().
2021-09-10 16:01:03 +00:00
class-wp-metadata-lazyloader.php
class-wp-network-query.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-network.php
class-wp-object-cache.php
class-wp-oembed-controller.php
Docs: Document the usage of $wp_embed global in WP_oEmbed_Controller::get_proxy_item().
2021-06-15 10:24:57 +00:00
class-wp-oembed.php
Embeds: Add Wolfram Notebook as a trusted oEmbed provider.
2021-10-15 05:04:56 +00:00
class-wp-paused-extensions-storage.php
class-wp-post-type.php
class-wp-post.php
class-wp-query.php
Docs: Miscellaneous inline documentation improvements, including:
2021-10-04 20:44:02 +00:00
class-wp-recovery-mode-cookie-service.php
class-wp-recovery-mode-email-service.php
Coding Standards: Move some translator comments to the correct place.
2021-04-04 18:30:05 +00:00
class-wp-recovery-mode-key-service.php
class-wp-recovery-mode-link-service.php
class-wp-recovery-mode.php
class-wp-rewrite.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-role.php
class-wp-roles.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-session-tokens.php
class-wp-simplepie-file.php
Docs: Miscellaneous DocBlock corrections.
2021-05-15 17:38:05 +00:00
class-wp-simplepie-sanitize-kses.php
class-wp-site-query.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-site.php
class-wp-tax-query.php
class-wp-taxonomy.php
class-wp-term-query.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class-wp-term.php
class-wp-text-diff-renderer-inline.php
class-wp-text-diff-renderer-table.php
class-wp-theme-json-resolver.php
Coding Standards: Apply some minor alignment fixes.
2021-08-30 14:09:58 +00:00
class-wp-theme-json.php
Coding Standards: Use static closures when not using $this.
2021-08-26 12:59:02 +00:00
class-wp-theme.php
Code Modernization: Silence the deprecation warnings for missing return type in WP_Theme.
2021-08-02 22:31:56 +00:00
class-wp-user-meta-session-tokens.php
class-wp-user-query.php
class-wp-user-request.php
class-wp-user.php
Docs: Miscellaneous docblock corrections and improvements.
2021-09-22 21:23:00 +00:00
class-wp-walker.php
Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in Walker::end_el().
2021-09-09 13:03:55 +00:00
class-wp-widget-factory.php
Widgets: Fix widget preview not working if widget registered via a instance
2021-06-23 01:34:58 +00:00
class-wp-widget.php
Coding Standards: Simplify the logic in WP_Widget::get_field_name() and ::get_field_id().
2021-06-04 10:47:58 +00:00
class-wp-xmlrpc-server.php
Docs: Add a @see reference to the xmlrpc_enabled filter in wp_xmlrpc_server::set_is_enabled().
2021-08-10 12:54:56 +00:00
class-wp.php
Code Modernization: Check the return type of parse_url() in WP::parse_request().
2021-08-16 20:17:57 +00:00
class.wp-dependencies.php
Docs: Miscellaneous docblock corrections and improvements.
2021-09-22 21:23:00 +00:00
class.wp-scripts.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
class.wp-styles.php
Docs: Replace $this in hook param docs with more appropriate names.
2021-07-30 19:35:58 +00:00
comment-template.php
Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
2021-09-21 18:21:00 +00:00
comment.php
Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
2021-09-21 18:21:00 +00:00
compat.php
Code Modernization: Fix "passing null to non-nullable" deprecation in _mb_substr().
2021-09-22 23:34:57 +00:00
cron.php
Cron: Fix malformed cron array in wp_schedule_single_event() when _get_cron_array() returns false.
2021-10-18 12:51:58 +00:00
date.php
default-constants.php
default-filters.php
Widgets: Warn when wp-editor script or wp-edit-post style is enqueued in widgets editor
2021-07-09 01:18:57 +00:00
default-widgets.php
REST API: Add widget endpoints
2021-05-25 08:27:57 +00:00
deprecated.php
General: Restore (un-deprecate) the sanitize_url() function.
2021-08-10 19:44:59 +00:00
embed-template.php
embed.php
Coding Standards: Apply coding standards on CSS.
2021-09-02 22:18:00 +00:00
error-protection.php
feed-atom-comments.php
feed-atom.php
Coding Standards: Add a space before / character in some self-closing HTML tags.
2021-03-20 18:30:08 +00:00
feed-rdf.php
feed-rss2-comments.php
feed-rss2.php
feed-rss.php
feed.php
Docs: Miscellaneous DocBlock corrections.
2021-05-15 17:38:05 +00:00
formatting.php
Coding Standards: Add a leading zero in the CSS declarations printed by the print_emoji_styles() function.
2021-10-18 16:53:57 +00:00
functions.php
FileSystem API: Fix autovivification deprecation notice in recurse_dirsize().
2021-10-15 22:53:58 +00:00
functions.wp-scripts.php
Docs: Provide a more accurate description for a few script and style functions.
2021-09-02 08:30:58 +00:00
functions.wp-styles.php
Docs: Provide a more accurate description for a few script and style functions.
2021-09-02 08:30:58 +00:00
general-template.php
Coding Standards: Improve escaping in wp_login_form().
2021-10-21 18:19:00 +00:00
http.php
https-detection.php
Docs: Miscellaneous DocBlock corrections.
2021-05-15 17:38:05 +00:00
https-migration.php
kses.php
Docs: Move @since notes from the safe_style_css filter to the safecss_filter_attr() function.
2021-09-03 01:37:57 +00:00
l10n.php
Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
2021-09-21 18:21:00 +00:00
link-template.php
Coding Standards: Remove redundant type casting to array in WP_Query::get_posts().
2021-06-30 17:44:58 +00:00
load.php
Multisite: Log error/warnings/notices from ms-files.php.
2021-07-06 20:21:57 +00:00
locale.php
media-template.php
Media: Add / character to <img> tag in wp_print_media_templates().
2021-08-04 14:25:58 +00:00
media.php
I18N: Add context for some Media Library filter strings:
2021-10-12 16:44:01 +00:00
meta.php
Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
2021-09-21 18:21:00 +00:00
ms-blogs.php
ms-default-constants.php
Code Modernization: Check the return type of parse_url() in ms_cookie_constants().
2021-08-17 22:08:57 +00:00
ms-default-filters.php
ms-deprecated.php
ms-files.php
Multisite: Log error/warnings/notices from ms-files.php.
2021-07-06 20:21:57 +00:00
ms-functions.php
Networks and Sites: Replace two remaining occurrences of "blog" with "site" in user-facing strings.
2021-07-28 10:02:00 +00:00
ms-load.php
ms-network.php
ms-settings.php
ms-site.php
Docs: Add a reference to WP_Site_Query::__construct() for information on accepted arguments in get_sites().
2021-06-19 20:57:01 +00:00
nav-menu-template.php
nav-menu.php
Docs: Undo the accidental revert of [51299] made in [51300].
2021-07-01 21:29:56 +00:00
option.php
Docs: Add @since notes to register_setting() for the deprecated misc and privacy option groups.
2021-09-21 13:22:01 +00:00
pluggable-deprecated.php
pluggable.php
Docs: Undo the accidental revert of [51299] made in [51300].
2021-07-01 21:29:56 +00:00
plugin.php
Docs: Further synchronize documentation for some Plugin API functions.
2021-05-04 15:01:58 +00:00
post-formats.php
post-template.php
Posts, Post Types: Pass the post object to the_password_form filter.
2021-04-26 15:38:05 +00:00
post-thumbnail-template.php
post.php
Docs: Improve documentation for the tax_input parameter of wp_insert_post().
2021-10-16 02:38:58 +00:00
query.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
registration-functions.php
registration.php
rest-api.php
REST API: Add text-field and textarea-field as available schema formats for string sanitization.
2021-10-15 02:04:56 +00:00
revision.php
Docs: Add and correct examples of common names for various dynamic hooks.
2021-07-03 21:42:59 +00:00
rewrite.php
robots-template.php
Robots: Remove contradictory directive check in wp_robots().
2021-03-23 23:02:05 +00:00
rss-functions.php
rss.php
script-loader.php
External Libraries: Update jQuery UI to 1.13.0 final.
2021-10-08 18:06:00 +00:00
session.php
shortcodes.php
Coding Standards: Remove a one-time $message variable in some _doing_it_wrong() calls.
2021-06-15 15:22:58 +00:00
sitemaps.php
Docs: Miscellaneous DocBlock corrections.
2021-05-15 17:38:05 +00:00
spl-autoload-compat.php
taxonomy.php
Docs: Miscellaneous inline documentation improvements, including:
2021-10-04 20:44:02 +00:00
template-canvas.php
Block Editor: Introduce block templates for classic themes.
2021-05-25 14:20:57 +00:00
template-loader.php
template.php
Block Editor: Introduce block templates for classic themes.
2021-05-25 14:20:57 +00:00
theme-i18n.json
Block Editor: Add Global Settings support using theme.json file.
2021-05-24 08:37:55 +00:00
theme-templates.php
Block Editor: Package updates for Beta 3.
2021-06-22 10:00:50 +00:00
theme.json
Block Editor: Add missing border setting on button block.
2021-08-03 18:14:58 +00:00
theme.php
Widgets: Revert [51705].
2021-09-09 21:40:57 +00:00
update.php
Coding Standards: Use static closures when not using $this.
2021-08-26 12:59:02 +00:00
user.php
Users: Introduce a meta_input argument for wp_insert_user().
2021-09-07 21:31:55 +00:00
vars.php
version.php
Admin/HTTP API: add suggested filename support to download_url().
2021-10-27 15:00:01 +00:00
widgets.php
General: Fix code quality issues which were identified by static analysis.
2021-09-22 21:01:00 +00:00
wlwmanifest.xml
wp-db.php
Coding Standards: Add public visibility to methods in src directory.
2021-10-18 17:52:58 +00:00
wp-diff.php