vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-05 05:04:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
32,825 Commits 1 Branch 0 Tags
dedff8fd0e199332dcabea5597e1f0e4556853e1
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Scott Taylor dedff8fd0e WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances. 
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.


git-svn-id: https://develop.svn.wordpress.org/trunk@35761 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-03 20:16:28 +00:00
src
WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
2015-12-03 20:16:28 +00:00
tests
Route HEAD API requests through the GET callback method
2015-12-03 16:34:00 +00:00
tools/i18n
i18n tools: Use https for msgid-bugs-address URLs.
2015-07-27 19:37:13 +00:00
.editorconfig
Use HTTPS URLs for codex.wordpress.org.
2015-04-12 21:28:58 +00:00
.gitignore
Remove an IDE-specific rule in .gitignore. These should be managed in the user's ~/.gitignore_global file.
2015-10-18 00:15:23 +00:00
.jshintrc
Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files.
2015-11-12 12:04:55 +00:00
.travis.yml
Remove PHP 7 from allowed failures list
2015-11-12 21:44:24 +00:00
Gruntfile.js
Build: Update source for includes:embed after [35718].
2015-11-20 15:36:21 +00:00
package.json
Build Tools: Update autoprefixer to 0.6.1.
2015-11-07 11:56:26 +00:00
phpunit.xml.dist
Unit Tests: add SpeedTrapListener to phpunit/includes and add the config node to phpunit.xml.dist.
2015-10-16 00:27:28 +00:00
wp-cli.yml
Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
2015-11-28 18:36:06 +00:00
wp-config-sample.php
Lightly clean up and improve inline documentation in wp-config-sample.php.
2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php
Update wp-tests-config-sample.php to run with WP_DEBUG by default. see #25282.
2013-09-23 16:17:59 +00:00
Description
No description provided
243 MiB
Languages
PHP 80.5%
CSS 9.4%
JavaScript 8.5%
SCSS 0.9%
HTML 0.7%