wordpress-develop
wordpress-develop copied to clipboard
WordPress
WordPress Develop, Git-ified. Synced from git://develop.git.wordpress.org/, including branches and tags! This repository is just a mirror of the WordPress subversion repository. Please include a link...
Adds comprehensive sanitization to WP_Theme_JSON::compute_theme_vars() and WP_Theme_JSON::to_ruleset() to treat theme.json as user-supplied content. Security improvements: - Sanitizes CSS variable names (alphanumeric + hyphens only) - Sanitizes CSS selectors to prevent...
## What This PR fixes a bug in the `data_wp_bind_processor` method where a `return` statement inside a `foreach` loop was causing the function to exit entirely when encountering a bind...
Trac ticket: https://core.trac.wordpress.org/ticket/61175 This PR adds a PHPStan configuration along with error baselines through Level 6. The hope is the limited scope will make this easier to review/merge, with actual...
- Allow arbitrary text in Customizer custom CSS. - Protect the CSS data from mangling by KSES HTML filters. Under some circumstances KSES would run post content filters and change...
Deprecate `wp_sanitize_script_attributes()`. It is unused in Core and superseded by better alternatives like `wp_get_script_tag()` and `wp_get_inline_script_tag()`. Trac ticket: https://core.trac.wordpress.org/ticket/64511 --- **This Pull Request is for code review only. Please keep...
> [!NOTE] > The feature is still in an experiment in Gutenberg, so this PR is a placeholder for stabilization. See: https://github.com/WordPress/gutenberg/pull/73994 This PR syncs the changes in https://github.com/WordPress/gutenberg/pull/73994. It:...
## Description This Pull Request introduces the ability to download the currently selected theme as a ZIP file directly from the **Appearance > Theme File Editor** screen. This feature allows...
Trac ticket: https://core.trac.wordpress.org/ticket/40831 --- **This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See [GitHub Pull...
Support for non-HTML5 scripts has been removed in r61415. This PR removes obsolete tests and mentions of non-HTML5 script behaviors. Trac ticket: https://core.trac.wordpress.org/ticket/64442 --- **This Pull Request is for code...
## Changes This PR implements two minimal changes to resolve the issue: 1. Add date filter functions (`src/js/media/models/attachments.js`) Added `year` and `monthnum` filter functions to the static `Attachments.filters` object (lines...
