vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
40,036 Commits 1 Branch 0 Tags 243 MiB
da411cd17a
Commit Graph

20 Commits

Author SHA1 Message Date
Gary Pendergast
c6c78490e2 Coding Standards: Fix the remaining issues in /tests. 
All PHP files in `/tests` now conform to the PHP coding standards, or have exceptions appropriately marked.

Travis now also runs `phpcs` on the `/tests` directory, any future changes to these files must conform entirely to the WordPress PHP coding standards. 🎉

See #47632.



git-svn-id: https://develop.svn.wordpress.org/trunk@45607 602fd350-edb4-49c9-b593-d223f7449a82
 2019-07-08 00:55:20 +00:00
Gary Pendergast
fe28df65e3 Coding Standards: Fix the Squiz.PHP.DisallowMultipleAssignments violations in tests. 
See #47632.



git-svn-id: https://develop.svn.wordpress.org/trunk@45588 602fd350-edb4-49c9-b593-d223f7449a82
 2019-07-02 04:43:01 +00:00
Peter Wilson
b9e6f18350 KSES: Add flex and related long form properties to safe CSS. 
Allow `flex`, `flex-grow`, `flex-shrink` and `flex-basis` to be used in inline CSS. As of WordPress 5.3 the block editor is expected to use `flex-basis` inline to set the width in the column block.

Props aduth.
Fixes #47281.
See #37248.



git-svn-id: https://develop.svn.wordpress.org/trunk@45363 602fd350-edb4-49c9-b593-d223f7449a82
 2019-05-18 04:33:27 +00:00
Gary Pendergast
524f5be4c6 KSES: Allow the download attribute on <a> tags. 
To avoid this being a vector for bypassing the filetypes that are allowed to be uploaded, this attribute is only allowed to be added without a value.

Merges [43813] from the 5.0 branch to trunk.

Props kalpshit, arshidkv12, welcher, peterwilsoncc, marina_wp, pento.
Fixes #44724.



git-svn-id: https://develop.svn.wordpress.org/trunk@44156 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-14 03:27:55 +00:00
Gary Pendergast
79486d7656 KSES: Allow url() to be used in inline CSS. 
The cover image block uses the `url()` function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the `url()` function, too.

Merges [43781] from the 5.0 branch to core.

Props peterwilsoncc, azaozz, pento, dd32.
Fixes #45067.



git-svn-id: https://develop.svn.wordpress.org/trunk@44136 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-14 01:40:50 +00:00
Jeremy Felt
1c9f359857 KSES: Allow HTML data-* attributes. 
Add global support for HTML attributes prefixed `data-` for authors and contributors, as required by the new editor.

Merges [43727] to trunk.

Props azaozz, peterwilsoncc.
Fixes #33121.


git-svn-id: https://develop.svn.wordpress.org/trunk@43981 602fd350-edb4-49c9-b593-d223f7449a82
 2018-12-12 02:38:14 +00:00
Sergey Biryukov
c8fa6497aa Formatting: Permit use of text-transform in safecss_filter_attr(). 
Add unit tests for `safecss_filter_attr()`.

Props birgire, juiiee8487, danielbachhuber.
Fixes #42729.

git-svn-id: https://develop.svn.wordpress.org/trunk@42880 602fd350-edb4-49c9-b593-d223f7449a82
 2018-03-27 00:53:20 +00:00
Sergey Biryukov
db606c9bb2 Formatting: Avoid a PHP 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value. 
Props andrei0x309, soulseekah, SergeyBiryukov.
Fixes #43312.

git-svn-id: https://develop.svn.wordpress.org/trunk@42860 602fd350-edb4-49c9-b593-d223f7449a82
 2018-03-20 21:34:15 +00:00
Gary Pendergast
8f95800d52 Code is Poetry. 
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
 2017-11-30 23:09:33 +00:00
Dominik Schilling (ocean90)
d880e60f11 KSES: Support 'tag' => true as a shorthand for 'tag' => array() in wp_kses_attr(). 
`Automatic_Upgrader_Skin::feedback()` had always assumed that this is already the case, now it is.

See #20017.
Fixes #40680.

git-svn-id: https://develop.svn.wordpress.org/trunk@40637 602fd350-edb4-49c9-b593-d223f7449a82
 2017-05-11 19:22:17 +00:00
Gary Pendergast
595c76de1a KSES: Deprecate wp_kses_js_entities(). 
This function was originally introduced to fix an XSS attack in Netscape 4, which never affected any other browsers, or later versions of Netscape.

I'm willing to go out on a limb, and say that we've officially dropped security support for Netscape 4.

Props dmsnell, desrosj.
Fixes #33848.



git-svn-id: https://develop.svn.wordpress.org/trunk@38785 602fd350-edb4-49c9-b593-d223f7449a82
 2016-10-13 22:24:27 +00:00
Aaron Jorbin
4484e2d2c3 Formatting: Allow KSES custom elements with hyphens 
The W3C Custom Elements spec (http://www.w3.org/TR/custom-elements/#concepts) allows you to use your own custom DOM elements/tags. One of the main requirements is that the tag name "must contain a U+002D HYPHEN-MINUS character". This adjusts KSES to allow it.

Fixes #34105.
Props batmoo.



git-svn-id: https://develop.svn.wordpress.org/trunk@38511 602fd350-edb4-49c9-b593-d223f7449a82
 2016-09-02 04:16:00 +00:00
Sergey Biryukov
d727e3b516 KSES: Allow the reversed attribute for <ol>. 
Props lancewillett.
Fixes #35079.

git-svn-id: https://develop.svn.wordpress.org/trunk@35960 602fd350-edb4-49c9-b593-d223f7449a82
 2015-12-16 09:53:18 +00:00
Scott Taylor
16b02b6768 KSES: have you ever heard of the <bdo> HTML tag? Same. http://www.w3schools.com/tags/tag_bdo.asp 
Adds unit test.

Props iandunn.
Fixes #34063.


git-svn-id: https://develop.svn.wordpress.org/trunk@35141 602fd350-edb4-49c9-b593-d223f7449a82
 2015-10-13 17:17:13 +00:00
Gary Pendergast
7b41adf712 Shortcodes: Improve the reliablity of shortcodes inside HTML tags. 
Props miqrogroove.

See #15694.



git-svn-id: https://develop.svn.wordpress.org/trunk@33359 602fd350-edb4-49c9-b593-d223f7449a82
 2015-07-22 05:14:50 +00:00
Scott Taylor
a06f5f6d90 Don't strip \0 (backslash+zero) from post content for users without "unfiltered_html" 
Adds unit tests.

Props miqrogroove.
Fixes #28699.


git-svn-id: https://develop.svn.wordpress.org/trunk@32860 602fd350-edb4-49c9-b593-d223f7449a82
 2015-06-19 18:46:11 +00:00
Sergey Biryukov
99d75b6acb Make wp_kses_no_null() remove any invalid control characters in a string. 
props mauteri, miqrogroove.
fixes #28506.

git-svn-id: https://develop.svn.wordpress.org/trunk@28942 602fd350-edb4-49c9-b593-d223f7449a82
 2014-07-01 18:00:50 +00:00
Peter Westwood
be669106d5 Unit Tests: Add the ticket number to the new tests. See #26290 
git-svn-id: https://develop.svn.wordpress.org/trunk@26431 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-27 14:47:03 +00:00
Peter Westwood
02ab2c69bb Unit Tests: Add some simple test cases to highlight the types of html entity that kses currently blocks. See #26290 
git-svn-id: https://develop.svn.wordpress.org/trunk@26430 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-27 14:44:57 +00:00
Andrew Nacin
8045afd81b Move PHPUnit tests into a tests/phpunit directory. 
wp-tests-config.php can/should reside in the root of a develop checkout. `phpunit` should be run from the root.

see #25088.


git-svn-id: https://develop.svn.wordpress.org/trunk@25165 602fd350-edb4-49c9-b593-d223f7449a82
 2013-08-29 18:39:34 +00:00