HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc800115a76c461cd3c5527a1fd1289bd8498795
wordpress/wp-includes
History
iandunn fc800115a7 Privacy: Escape comment URLs in personal export file to prevent XSS. 
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Fixes #44054.

Built from https://develop.svn.wordpress.org/trunk@43245


git-svn-id: http://core.svn.wordpress.org/trunk@43074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 15:56:21 +00:00
..
certificates
css
Privacy: Reposition admin pointer to avoid covering collapsed menu.
2018-05-10 03:03:20 +00:00
customize
Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
2018-05-05 09:45:22 +00:00
fonts
ID3
images
IXR
XML-RPC: Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings.
2018-02-06 02:56:32 +00:00
js
Privacy: change how the default text for privacy policy is added:
2018-05-03 17:13:21 +00:00
pomo
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
random_compat
External Libraries: Update Random_Compat from 1.2.1 to 2.0.11.
2017-11-08 11:48:49 +00:00
Requests
rest-api
REST API: When handling who=authors query parameter for GET wp/v2/users, only check edit_posts for post types that support author.
2018-05-03 06:52:21 +00:00
SimplePie
Text
External Libraries: Remove usage of each() from the Text_Diff_Engine_native class.
2017-10-26 12:52:53 +00:00
theme-compat
Code is Poetry.
2017-11-30 23:11:00 +00:00
widgets
Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
2018-05-05 09:45:22 +00:00
admin-bar.php
Pinking shears.
2018-03-18 14:23:33 +00:00
atomlib.php
author-template.php
Pinking shears.
2018-03-18 14:23:33 +00:00
bookmark-template.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
bookmark.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
cache.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
canonical.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
capabilities.php
Privacy: rename manage_privacy_policy to manage_privacy_options.
2018-05-03 19:31:21 +00:00
category-template.php
Taxonomy: In category_description(), don't pass the $taxonomy parameter to term_description().
2018-03-28 23:25:29 +00:00
category.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-feed.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-http.php
Docs: Correct and improve various inline documentation.
2018-03-25 19:35:29 +00:00
class-IXR.php
class-json.php
class-oembed.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-phpass.php
class-phpmailer.php
class-pop3.php
class-requests.php
class-simplepie.php
class-smtp.php
class-snoopy.php
class-walker-category-dropdown.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-walker-category.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-walker-comment.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-walker-nav-menu.php
Docs: Correct and improve various inline documentation.
2018-03-25 19:35:29 +00:00
class-walker-page-dropdown.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-walker-page.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-wp-admin-bar.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-ajax-response.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-comment-query.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-wp-comment.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-customize-control.php
Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes.
2018-02-25 20:32:30 +00:00
class-wp-customize-manager.php
Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
2018-05-05 09:45:22 +00:00
class-wp-customize-nav-menus.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-wp-customize-panel.php
Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes.
2018-02-25 20:32:30 +00:00
class-wp-customize-section.php
Docs: Remove @static notations from property DocBlocks in wp-admin/* and wp-includes/* classes.
2018-02-25 20:32:30 +00:00
class-wp-customize-setting.php
General: Introduce WP_Error::has_errors() method and use it where appropriate.
2018-02-27 02:31:31 +00:00
class-wp-customize-widgets.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 18:10:32 +00:00
class-wp-dependency.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-editor.php
TinyMCE: switch off concatenation when a custom TinyMCE theme is used. Prevents conflict with the default theme as it loads first.
2018-05-10 19:50:21 +00:00
class-wp-embed.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-error.php
General: Introduce WP_Error::has_errors() method and use it where appropriate.
2018-02-27 02:31:31 +00:00
class-wp-feed-cache-transient.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-feed-cache.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-hook.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-http-cookie.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-http-curl.php
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
2018-03-11 16:44:34 +00:00
class-wp-http-encoding.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-http-ixr-client.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-http-proxy.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-http-requests-hooks.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-http-requests-response.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-http-response.php
HTTP API: Use WP_HTTP_Response::set_data() in ::__construct() instead of directly accessing the $data property.
2017-10-03 15:18:46 +00:00
class-wp-http-streams.php
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
2018-03-11 16:44:34 +00:00
class-wp-image-editor-gd.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-image-editor-imagick.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-image-editor.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-list-util.php
General: Allow wp_list_pluck() to operate on arrays of references without overwriting the referenced items.
2018-01-18 05:18:31 +00:00
class-wp-locale-switcher.php
Docs: Add @since version for WP_Locale_Switcher::init().
2017-12-15 00:32:46 +00:00
class-wp-locale.php
I18N: Remove unused $start_of_week property from WP_Locale.
2018-02-18 16:32:34 +00:00
class-wp-matchesmapregex.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-meta-query.php
Docs: Correct and improve various inline documentation.
2018-03-25 19:35:29 +00:00
class-wp-metadata-lazyloader.php
Docs: Correct and improve various inline documentation.
2018-03-25 19:35:29 +00:00
class-wp-network-query.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-network.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-oembed-controller.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-post-type.php
class-wp-post.php
Docs: Update and correct various inline documentation.
2018-05-07 17:20:22 +00:00
class-wp-query.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-rewrite.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-role.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-roles.php
Docs: Document WP_Roles properties with typed array notation.
2018-03-22 18:56:33 +00:00
class-wp-session-tokens.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-simplepie-file.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-simplepie-sanitize-kses.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-site-query.php
Multisite: Add meta query functionality to WP_Site_Query.
2018-04-27 11:41:22 +00:00
class-wp-site.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-tax-query.php
Docs: Remove erroneous @static notation from WP_Tax_Query::get_sql(), added in [32627].
2018-02-25 21:45:30 +00:00
class-wp-taxonomy.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-term-query.php
Taxonomy: Ensure that invalid term objects are discarded in WP_Term_Query.
2018-04-30 21:08:22 +00:00
class-wp-term.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-text-diff-renderer-inline.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-text-diff-renderer-table.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-theme.php
Docs: Update @since version for theme_templates filter added in [43025].
2018-04-29 22:42:22 +00:00
class-wp-user-meta-session-tokens.php
Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
2018-02-25 20:22:30 +00:00
class-wp-user-query.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-user.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class-wp-walker.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-widget-factory.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-widget.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
class-wp-xmlrpc-server.php
XML-RPC: Unify permission error messages in wp_xmlrpc_server.
2018-02-28 03:19:31 +00:00
class-wp.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class.wp-dependencies.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class.wp-scripts.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
class.wp-styles.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
comment-template.php
Comments: Move comment consent input outside the label for a11y.
2018-05-02 22:00:49 +00:00
comment.php
Privacy: Escape comment URLs in personal export file to prevent XSS.
2018-05-12 15:56:21 +00:00
compat.php
General: In the is_countable() polyfill, if the provided object implements SimpleXMLElement or ResourceBundle, consider it countable.
2018-05-10 17:58:22 +00:00
cron.php
Cron API: Return meaningful values from cron functions.
2018-05-01 02:05:23 +00:00
date.php
Docs: Correct and improve various inline documentation.
2018-03-25 19:35:29 +00:00
default-constants.php
Docs: Fix a copy paste error in the DocBlock summary for wp_ssl_constants(), see [13062].
2018-02-09 18:21:31 +00:00
default-filters.php
Privacy: Update request confirmation notice text for clarity.
2018-05-10 20:53:21 +00:00
default-widgets.php
Widgets: Introduce Gallery widget for displaying image galleries.
2017-09-25 06:28:45 +00:00
deprecated.php
Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
2018-05-05 09:45:22 +00:00
embed-template.php
embed.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
feed-atom-comments.php
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
2018-03-11 16:44:34 +00:00
feed-atom.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
feed-rdf.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
feed-rss2-comments.php
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
2018-03-11 16:44:34 +00:00
feed-rss2.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
feed-rss.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
feed.php
Docs: Remove erroneous zero-width space before URL in fetch_feed() DocBlock.
2017-12-21 02:40:54 +00:00
formatting.php
I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
2018-03-11 16:44:34 +00:00
functions.php
Privacy: Replace intrusive policy update notice with menu bubbles.
2018-05-10 19:52:21 +00:00
functions.wp-scripts.php
Pinking shears.
2018-03-18 14:23:33 +00:00
functions.wp-styles.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
general-template.php
Template: Make sure the version string is correctly escaped for use in attributes.
2018-04-03 14:59:31 +00:00
http.php
HTTP: Don't treat localhost as same host by default.
2018-04-03 15:00:31 +00:00
kses.php
Formatting: Begin the process of improving the docs for KSES related functions.
2018-04-28 13:58:21 +00:00
l10n.php
Docs: Document more parameters and properties using typed array notation.
2018-03-25 19:33:31 +00:00
link-template.php
Privacy: Add template tags for building link to privacy policy page.
2018-04-25 15:55:21 +00:00
load.php
Docs: Add missing verb in is_admin(), is_blog_admin(), is_network_admin(), is_user_admin() descriptions.
2018-04-29 21:14:22 +00:00
locale.php
media-template.php
Media: avoid page scrolling when opening the media modal.
2018-01-31 17:03:33 +00:00
media.php
Privacy: Store plugin callbacks in associative array for flexibility.
2018-05-03 19:28:21 +00:00
meta.php
Docs: Update the inline docs for is_protected_meta().
2018-04-30 14:39:21 +00:00
ms-blogs.php
Multisite: Introduce metadata for sites.
2018-03-16 02:15:31 +00:00
ms-default-constants.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
ms-default-filters.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
ms-deprecated.php
Docs: Correct some @since MU notation that was broken in [41200].
2017-10-03 17:44:48 +00:00
ms-files.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
ms-functions.php
Multisite: Verify the signup nonce using wp_verify_nonce() in signup_nonce_check().
2018-04-13 15:30:20 +00:00
ms-load.php
Networks and Sites: In get_site_by_path(), use single domain and path parameters if there's only one item to look for.
2018-02-11 17:09:31 +00:00
ms-settings.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
nav-menu-template.php
Menus: When checking if a Custom Link matches the current URL to add the current-menu-item class, check for decoded URL as well.
2018-02-24 13:44:31 +00:00
nav-menu.php
Menus: Remove $_menu_item_sort_prop global reference from wp_get_nav_menu_items(), unused since [38928].
2018-02-01 15:42:31 +00:00
option.php
Multisite: Ensure the {$network_id}:notoptions array is set in cache in get_network_option().
2018-03-13 15:37:33 +00:00
pluggable-deprecated.php
pluggable.php
Pinking shears.
2018-03-18 14:23:33 +00:00
plugin.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
post-formats.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
post-template.php
Docs: Update and correct various inline documentation.
2018-05-07 17:20:22 +00:00
post-thumbnail-template.php
Pinking shears.
2018-03-18 14:23:33 +00:00
post.php
Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
2018-04-27 17:31:22 +00:00
query.php
Pinking shears.
2018-03-18 14:23:33 +00:00
registration-functions.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
registration.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
rest-api.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
revision.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
rewrite.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
rss-functions.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
rss.php
script-loader.php
Privacy: Use the terms "erase"/"erasure" instead of "remove"/"removal" for personal data.
2018-05-07 16:45:22 +00:00
session.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
shortcodes.php
Coding Standards: Fix code indent in unescape_invalid_shortcodes().
2018-02-25 16:36:30 +00:00
spl-autoload-compat.php
taxonomy.php
Docs: Update and correct various inline documentation.
2018-05-07 17:20:22 +00:00
template-loader.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
template.php
Docs: Add missing code formatting to various @since entries.
2018-02-09 16:55:31 +00:00
theme.php
Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
2018-04-30 04:51:22 +00:00
update.php
Docs: Document many more parameters and properties using typed array notation.
2018-03-22 20:27:32 +00:00
user.php
Privacy: Expose erasure notification recipient to filter callbacks.
2018-05-10 21:20:22 +00:00
vars.php
Code is Poetry.
2017-11-30 23:11:00 +00:00
version.php
Privacy: Escape comment URLs in personal export file to prevent XSS.
2018-05-12 15:56:21 +00:00
widgets.php
Pinking shears.
2018-03-18 14:23:33 +00:00
wlwmanifest.xml
wp-db.php
Docs: Correct the possible return types for the wpdb::query() method.
2018-04-28 14:44:23 +00:00
wp-diff.php
Code is Poetry.
2017-11-30 23:11:00 +00:00