./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.8.2, Package name: wordpress-4.8.2, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [www/php-curl] [graphics/php-gd] [archivers/php-zlib] [archivers/php-zip] [databases/php-mysqli]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: ap-php

Master sites:

SHA1: a99115b3b6d6d7a1eb6c5617d4e8e704ed50f450
RMD160: 7098a1c7f353238d40f4d56934351c867226636f
Filesize: 7992.007 KB

Version history: (Expand)


CVS history: (Expand)


   2017-09-21 21:24:46 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Security update to version 4.8.2

Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to \ 
potential SQL injection (SQLi). WordPress core is not directly vulnerable to \ 
this issue, but we’ve added hardening to prevent plugins and themes from \ 
accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed \ 
discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual \ 
editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. \ 
Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin \ 
editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by \ 
Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by \ 
Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. \ 
Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. \ 
Reported by Anas Roubi (qasuar).

And 6 other fixes:

* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.

*I18N
- #41794 - Support numbers in locales during installation

* Security
- #13377 - Add more sanitization in _cleanup_header_comment

*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when \ 
is_legacy_widget method is called

More on https://codex.wordpress.org/Version_4.8.2
   2017-09-06 11:03:07 by Thomas Klausner | Files touched by this commit (86)
Log message:
Follow some redirects.
   2017-08-07 22:12:14 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Update to version 4.8.1.

WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 \ 
release series, chief among them are fixes to the rich Text widget and the \ 
introduction of the Custom HTML widget.

Administration
* #40982 - Permalink Settings: custom structure field keyboard trap

Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition

Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile

Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu \ 
because the "Delete Menu" link and the "Add Items" button \ 
are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business \ 
info" widget

Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` \ 
from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params

General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection

Media
* #41231 - media-views.js: Cannot read .length of undefined \ 
(this.controller.$uploaderToggler.length)

REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks \ 
aren't enabled

Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one \ 
taxonomy is given in args

TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when \ 
selected

Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the “Disable the visual \ 
editor when writing” setting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in \ 
accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on \ 
widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve \ 
back-compat for widget_text filters
   2017-06-18 20:01:42 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.
   2017-05-30 09:20:15 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Security update 4.7.5. Bugs fixed:

Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.
   2017-04-15 17:46:29 by Takahiro Kambe | Files touched by this commit (1)
Log message:
PKGREVISION was too high, 1 is enough.
   2017-04-15 17:44:50 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
Switch to use php-mysqli.

Bump PKGREVISION.
   2017-04-15 17:05:29 by Takahiro Kambe | Files touched by this commit (1)
Log message:
WordPress 4.7 suggests using PHP 7, so remove PHP's version restriction to
56 now.