vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28,274 Commits 1 Branch 0 Tags 243 MiB
0216b01a69
Commit Graph

58 Commits

Author SHA1 Message Date
John Blackbourn
cedecf8033 Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters. 
Fixes #30308
Props voldemortensen


git-svn-id: https://develop.svn.wordpress.org/trunk@30684 602fd350-edb4-49c9-b593-d223f7449a82
 2014-12-01 03:20:13 +00:00
John Blackbourn
b57c4ae165 Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses. 
Fixes #17052
Props voldemortensen


git-svn-id: https://develop.svn.wordpress.org/trunk@30683 602fd350-edb4-49c9-b593-d223f7449a82
 2014-12-01 03:15:24 +00:00
Scott Taylor
4bf6ad11fb Improve the @param docs for src/wp-includes/pluggable*. 
See #30224.


git-svn-id: https://develop.svn.wordpress.org/trunk@30667 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-30 22:18:33 +00:00
Drew Jaynes (DrewAPicture)
f534936cfe Fix DocBlock formatting for wp_generate_password(). 
Props stevegrunwell for the initial patch.
Fixes #30509.


git-svn-id: https://develop.svn.wordpress.org/trunk@30580 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-26 20:37:36 +00:00
ocean90
ebfa390ea1 Type cast $nonce to string in wp_verify_nonce(). 
props jesin.
fixes #29542.

git-svn-id: https://develop.svn.wordpress.org/trunk@30576 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-26 19:18:02 +00:00
Drew Jaynes (DrewAPicture)
5f574c7ec8 Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`

Props rarst.
See #30473.


git-svn-id: https://develop.svn.wordpress.org/trunk@30544 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-24 06:04:10 +00:00
Andrew Nacin
cff531489f Use hash_equals() for old md5 hashes. 
git-svn-id: https://develop.svn.wordpress.org/trunk@30412 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-20 11:48:11 +00:00
Drew Jaynes (DrewAPicture)
239d04cfae Add missing documentation for the $password parameter, passed to the check_password hook. 
Props coffee2code.
Fixes #30311.


git-svn-id: https://develop.svn.wordpress.org/trunk@30381 602fd350-edb4-49c9-b593-d223f7449a82
 2014-11-18 18:55:01 +00:00
Drew Jaynes (DrewAPicture)
7cd15026bd Correct references of @uses $wpdb in core documentation to use @global. 
See #30191, [30105].
Fixes #30217.


git-svn-id: https://develop.svn.wordpress.org/trunk@30122 602fd350-edb4-49c9-b593-d223f7449a82
 2014-10-31 17:55:39 +00:00
Drew Jaynes (DrewAPicture)
3cc10d77a0 Remove redundant and erroneous @uses tag from most core inline documentation. 
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.


git-svn-id: https://develop.svn.wordpress.org/trunk@30105 602fd350-edb4-49c9-b593-d223f7449a82
 2014-10-30 01:04:55 +00:00
John Blackbourn
d033be1f9d Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture. 
git-svn-id: https://develop.svn.wordpress.org/trunk@30015 602fd350-edb4-49c9-b593-d223f7449a82
 2014-10-24 17:07:53 +00:00
Mark Jaquith
be8a0c6f89 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org) 
see #27115

git-svn-id: https://develop.svn.wordpress.org/trunk@29789 602fd350-edb4-49c9-b593-d223f7449a82
 2014-09-29 13:36:38 +00:00
Andrew Nacin
4c1462f2ff Add safeguards for when ext/hash is not compiled with PHP. 
see #29518, for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@29751 602fd350-edb4-49c9-b593-d223f7449a82
 2014-09-20 17:27:46 +00:00
Andrew Nacin
e3345398aa Rename the public methods in the session tokens API. 
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.


git-svn-id: https://develop.svn.wordpress.org/trunk@29635 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-27 02:06:53 +00:00
Andrew Nacin
bf0272c8b1 Require a non-empty $nonce value in wp_verify_nonce(). 
props ocean90.
fixes #29217.


git-svn-id: https://develop.svn.wordpress.org/trunk@29620 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-26 07:38:51 +00:00
Drew Jaynes (DrewAPicture)
e8adffff96 s/does/does not in wp_set_password() docblock. 
See [29461]. See #28316.


git-svn-id: https://develop.svn.wordpress.org/trunk@29462 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-10 02:43:07 +00:00
Drew Jaynes (DrewAPicture)
5aef1c5aa5 Improve the wp_set_password() PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file. 
See #28316.


git-svn-id: https://develop.svn.wordpress.org/trunk@29461 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-10 02:38:52 +00:00
Andrew Nacin
4984b04b81 Escape late in get_avatar(). 
git-svn-id: https://develop.svn.wordpress.org/trunk@29397 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-06 07:49:30 +00:00
Andrew Nacin
b2d8983dcc Constant time for wp_verify_nonce(). 
git-svn-id: https://develop.svn.wordpress.org/trunk@29382 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-06 05:25:03 +00:00
Andrew Nacin
97fcbef707 Tie cookies and nonces to user sessions so they may be invalidated upon logout. 
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.


git-svn-id: https://develop.svn.wordpress.org/trunk@29221 602fd350-edb4-49c9-b593-d223f7449a82
 2014-07-18 09:12:05 +00:00
Sergey Biryukov
92a7523362 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect(). 
fixes #28362.

git-svn-id: https://develop.svn.wordpress.org/trunk@28939 602fd350-edb4-49c9-b593-d223f7449a82
 2014-07-01 15:55:04 +00:00
Scott Taylor
dcd7ff837d Use the WPINC constant when loading class-phpass.php 
Props wojtek.szkutnik
See #14157.


git-svn-id: https://develop.svn.wordpress.org/trunk@28903 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-29 22:11:44 +00:00
Andrew Nacin
18d069703b Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once. 
git-svn-id: https://develop.svn.wordpress.org/trunk@28793 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-20 20:46:13 +00:00
Scott Taylor
0675902ec8 Don't use variable variables in wp_salt(). 
See #27881.


git-svn-id: https://develop.svn.wordpress.org/trunk@28741 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-11 18:35:42 +00:00
Drew Jaynes (DrewAPicture)
1da8a18e5f Update the $secure_logged_in_cookie variable in the 'secure_logged_in_cookie' hook docs following [28627]. 
See #15330.


git-svn-id: https://develop.svn.wordpress.org/trunk@28628 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-30 15:19:29 +00:00
Andrew Nacin
8d980de0ee Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954). 
see #15330.


git-svn-id: https://develop.svn.wordpress.org/trunk@28627 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-30 15:07:18 +00:00
Scott Taylor
6dd449551e Eliminate the use of extract() in wp_mail(). Check the filtered array for each value before re-setting variables. 
See #22400.


git-svn-id: https://develop.svn.wordpress.org/trunk@28425 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-15 06:16:34 +00:00
Scott Taylor
3c418d4b57 Eliminate the use of extract() in wp_validate_auth_cookie(). 
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.


git-svn-id: https://develop.svn.wordpress.org/trunk@28424 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-15 06:10:21 +00:00
Andrew Nacin
3234ade164 Harden HMAC verification. props duck_. 
git-svn-id: https://develop.svn.wordpress.org/trunk@28053 602fd350-edb4-49c9-b593-d223f7449a82
 2014-04-08 18:05:42 +00:00
Drew Jaynes (DrewAPicture)
c765ed8832 Inline documentation fixes related to the determine_current_user filter 
See #26706, #27700.


git-svn-id: https://develop.svn.wordpress.org/trunk@28007 602fd350-edb4-49c9-b593-d223f7449a82
 2014-04-07 21:17:44 +00:00
Drew Jaynes (DrewAPicture)
57f3e4ca3c Inline documentation for hooks in wp-includes/pluggable.php. 
Props kpdesign for some cleanup.
Fixes #26888.


git-svn-id: https://develop.svn.wordpress.org/trunk@27825 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-28 21:20:08 +00:00
Andrew Nacin
98ac075d8b Always decode special characters for email subjects. 
props tlovett1, jeremyfelt.
fixes #25346.


git-svn-id: https://develop.svn.wordpress.org/trunk@27801 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-28 02:43:04 +00:00
Andrew Nacin
2e9869e49a Avoid notices in wp_notify_postauthor() when a post has no author. 
props drozdz.
fixes #26659.


git-svn-id: https://develop.svn.wordpress.org/trunk@27568 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-17 20:30:04 +00:00
Andrew Nacin
7fa7c1340e Use get_comment_link() in wp_notify_postauthor(). 
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.


git-svn-id: https://develop.svn.wordpress.org/trunk@27567 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-17 20:19:29 +00:00
Andrew Nacin
517de7ea31 Allow for custom authentication handlers for all requests. 
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.


git-svn-id: https://develop.svn.wordpress.org/trunk@27484 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-09 15:22:13 +00:00
Drew Jaynes
d670819b03 Improve inline documentation for wp_new_user_notification(). 
Props antorome for the initial patch.
Fixes #26703.


git-svn-id: https://develop.svn.wordpress.org/trunk@27149 602fd350-edb4-49c9-b593-d223f7449a82
 2014-02-09 21:07:01 +00:00
Sergey Biryukov
ab112fecb8 Fix typo in wp_set_auth_cookie() description. 
props drozdz.
fixes #27046.

git-svn-id: https://develop.svn.wordpress.org/trunk@27116 602fd350-edb4-49c9-b593-d223f7449a82
 2014-02-07 09:46:19 +00:00
Drew Jaynes
bd39e26032 First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.


git-svn-id: https://develop.svn.wordpress.org/trunk@26868 602fd350-edb4-49c9-b593-d223f7449a82
 2013-12-24 18:56:05 +00:00
Drew Jaynes
a736126e83 Inline documentation for the following filter hooks in wp-includes/pluggable.php: 
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.


git-svn-id: https://develop.svn.wordpress.org/trunk@26388 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-26 04:09:30 +00:00
Mark Jaquith
9cbffc9222 Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author 
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699


git-svn-id: https://develop.svn.wordpress.org/trunk@26367 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-25 01:46:49 +00:00
Peter Westwood
92ee005ea0 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic. 
git-svn-id: https://develop.svn.wordpress.org/trunk@26358 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-24 16:25:44 +00:00
Sergey Biryukov
a6f9656497 Remove redundant cleanup of PHPMailer addresses in wp_mail(). 
props bananastalktome.
fixes #25789.

git-svn-id: https://develop.svn.wordpress.org/trunk@26121 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 03:44:16 +00:00
Sergey Biryukov
7cd8d225a3 Use case-insensitive comparison for email addresses. fixes #25779. 
git-svn-id: https://develop.svn.wordpress.org/trunk@26115 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 02:40:28 +00:00
Sergey Biryukov
c7c382b077 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type. 
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.

git-svn-id: https://develop.svn.wordpress.org/trunk@26114 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 02:31:15 +00:00
Sergey Biryukov
acc8ac64b8 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists. 
props mauryaratan, lite3.
fixes #25803.

git-svn-id: https://develop.svn.wordpress.org/trunk@26000 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-02 12:19:43 +00:00
Andrew Nacin
ceaf87ff2d Maintain the same output for get_avatar() as 3.6. see [25895]. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25899 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-24 19:31:06 +00:00
Andrew Nacin
31e45a7aeb Always escape URLs at the last possible moment. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25895 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-24 18:51:59 +00:00
Andrew Nacin
fc1438c8bc Move the trim() from wp_set_password() to inside wp_hash_password(). 
props rpattillo, joehoyle.
fixes #24973. see #23494.


git-svn-id: https://develop.svn.wordpress.org/trunk@25709 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-07 13:53:09 +00:00
Scott Taylor
825faf32da Use elseif when slurping the nonce in check_ajax_referer() to avoid accidentally overwriting it. 
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].



git-svn-id: https://develop.svn.wordpress.org/trunk@25550 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-21 16:25:57 +00:00
Scott Taylor
402e61f269 Fix some undefined index notices related to Comment unit tests: 
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.



git-svn-id: https://develop.svn.wordpress.org/trunk@25433 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-13 22:17:51 +00:00