WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/29/2020 06:50:55 PM (5 years ago)
Author:
whyisjake
Message:

General: WordPress updates

  • XML-RPC: Improve error messages for unprivileged users.
  • External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
  • Embeds: Disable embeds on deactivated Multisite sites.
  • Coding standards: Modify escaping functions to avoid potential false positives.
  • XML-RPC: Return error message if attachment ID is incorrect.
  • Upgrade/install: Improve logic check when determining installation status.
  • Meta: Sanitize meta key before checking protection status.
  • Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.0 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:
branches/5.0
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/5.0

  • branches/5.0/src/wp-admin/admin-header.php

    r43780 r49396  
    7676?>
    7777<script type="text/javascript">
    78 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
    79 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
    80     pagenow = '<?php echo $current_screen->id; ?>',
    81     typenow = '<?php echo $current_screen->post_type; ?>',
    82     adminpage = '<?php echo $admin_body_class; ?>',
    83     thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
    84     decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
     78addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
     79var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
     80    pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
     81    typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
     82    adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
     83    thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
     84    decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
    8585    isRtl = <?php echo (int) is_rtl(); ?>;
    8686</script>
Note: See TracChangeset for help on using the changeset viewer.