./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.8.3, Package name: wordpress-4.8.3, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [archivers/php-zlib] [archivers/php-zip]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: ap-php

Master sites:

SHA1: 8efc0b9f6146e143ed419b5419d7bb8400a696fc
RMD160: 264d1e87fc1d732627f021e81d3fbe754f5cfa0e
Filesize: 7993.126 KB

Version history: (Expand)


CVS history: (Expand)


   2017-11-03 10:49:13 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Security update to version 4.8.3.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but we’ve added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.
   2017-09-21 21:24:46 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Security update to version 4.8.2

Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to \ 
potential SQL injection (SQLi). WordPress core is not directly vulnerable to \ 
this issue, but we’ve added hardening to prevent plugins and themes from \ 
accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed \ 
discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual \ 
editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. \ 
Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin \ 
editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by \ 
Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by \ 
Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. \ 
Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. \ 
Reported by Anas Roubi (qasuar).

And 6 other fixes:

* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.

*I18N
- #41794 - Support numbers in locales during installation

* Security
- #13377 - Add more sanitization in _cleanup_header_comment

*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when \ 
is_legacy_widget method is called

More on https://codex.wordpress.org/Version_4.8.2
   2017-09-06 11:03:07 by Thomas Klausner | Files touched by this commit (86)
Log message:
Follow some redirects.
   2017-08-07 22:12:14 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Update to version 4.8.1.

WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 \ 
release series, chief among them are fixes to the rich Text widget and the \ 
introduction of the Custom HTML widget.

Administration
* #40982 - Permalink Settings: custom structure field keyboard trap

Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition

Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile

Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu \ 
because the "Delete Menu" link and the "Add Items" button \ 
are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business \ 
info" widget

Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` \ 
from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params

General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection

Media
* #41231 - media-views.js: Cannot read .length of undefined \ 
(this.controller.$uploaderToggler.length)

REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks \ 
aren't enabled

Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one \ 
taxonomy is given in args

TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when \ 
selected

Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the “Disable the visual \ 
editor when writing” setting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in \ 
accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on \ 
widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve \ 
back-compat for widget_text filters
   2017-06-18 20:01:42 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.
   2017-05-30 09:20:15 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Security update 4.7.5. Bugs fixed:

Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.
   2017-04-15 17:46:29 by Takahiro Kambe | Files touched by this commit (1)
Log message:
PKGREVISION was too high, 1 is enough.
   2017-04-15 17:44:50 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
Switch to use php-mysqli.

Bump PKGREVISION.