./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.9.4, Package name: wordpress-4.9.4, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [www/php-curl] [graphics/php-gd] [archivers/php-zlib] [archivers/php-zip] [databases/php-mysqli]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: ap-php

Master sites:

SHA1: 0e630bf940fd586b10e099cd9195b3e825fb194c
RMD160: de5ac34808c39de0b354c56c70414085842c1469
Filesize: 8364.771 KB

Version history: (Expand)


CVS history: (Expand)


   2018-02-12 09:33:19 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Update Wordpress to 4.9.4 which fixes an issue introduced in 4.9.3.
4.9.3 fixes 34 bugs:

https://codex.wordpress.org/Version_4.9.3
https://codex.wordpress.org/Version_4.9.4
   2018-01-20 12:58:01 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Update to version 4.9.2

CHanges:

XSS fixed in the Flash fallback files in MediaElement 4.x.

Bundled Theme
#42820 - Twenty Seventeen -watch that language

Customize
#42492 - Selecting menu location changes line height
#42871 - Features box textstrings in Feature Filter area need new linebreak

Database
#42812 - Use MySQLi when available by default

Editor
#42664 - Editor link autocomplete suggestions: no fallback title displayed for \ 
posts with no title
#43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript \ 
TypeErrors

External Libraries
#42439 - Update random_compat external library for PHP 7 linting failure

Formatting
#42578 - PHP functions inside <p> tags creates new <p> tag, breaking \ 
the parent tag into two.

Media
#42225 - Whitelist Flac Files
#42447 - Mark test_remove_orientation_data_on_rotate as skipped when \ 
exif_read_data isn't available
#42480 - Consistent suppression of `getimagesize()` errors
#42720 - Remove unnecessary MediaElement.js files

Plugins
#43082 - Add plugins search results: the plugin details modal opens in the \ 
thickbox modal

REST API
#42828 - Hard-coded 403 status in REST response should use \ 
`rest_authorization_required_code()`

Taxonomy
#42771 - WP_Term::get_instance() regression for non-category terms queried with \ 
'category' taxonomy
#42605 - category_description() does not work properly since 4.9
#42717 - get_category_link() accepting object but not id

TinyMCE
#42416 - Code assumes iframe mode, exception in inline mode

Upgrade/Install
#42963 - Improve deletion of $_old_files during upgrades

Widgets
#42603 - Widgets Warning after activating theme and on dashboard widgets page
#42719 - Always attempt to restore widgets' previous assignment
#42867 - HTML Widget: toggleClass() should be passed true/false as second param
   2017-12-03 18:06:37 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Update to newest version, 4.9.1

This version fixes 4 security bugs from earlier versions.

For details, head to https://codex.wordpress.org/Version_4.9.1
For 4.9 changes, head to https://codex.wordpress.org/Version_4.9
   2017-11-03 10:49:13 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Security update to version 4.8.3.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but we’ve added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.
   2017-09-21 21:24:46 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Security update to version 4.8.2

Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to \ 
potential SQL injection (SQLi). WordPress core is not directly vulnerable to \ 
this issue, but we’ve added hardening to prevent plugins and themes from \ 
accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed \ 
discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual \ 
editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. \ 
Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin \ 
editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by \ 
Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by \ 
Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. \ 
Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. \ 
Reported by Anas Roubi (qasuar).

And 6 other fixes:

* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.

*I18N
- #41794 - Support numbers in locales during installation

* Security
- #13377 - Add more sanitization in _cleanup_header_comment

*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when \ 
is_legacy_widget method is called

More on https://codex.wordpress.org/Version_4.8.2
   2017-09-06 11:03:07 by Thomas Klausner | Files touched by this commit (86)
Log message:
Follow some redirects.
   2017-08-07 22:12:14 by Daniel Horecki | Files touched by this commit (2) | Package updated
Log message:
Update to version 4.8.1.

WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 \ 
release series, chief among them are fixes to the rich Text widget and the \ 
introduction of the Custom HTML widget.

Administration
* #40982 - Permalink Settings: custom structure field keyboard trap

Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition

Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile

Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu \ 
because the "Delete Menu" link and the "Add Items" button \ 
are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business \ 
info" widget

Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` \ 
from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params

General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection

Media
* #41231 - media-views.js: Cannot read .length of undefined \ 
(this.controller.$uploaderToggler.length)

REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks \ 
aren't enabled

Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one \ 
taxonomy is given in args

TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when \ 
selected

Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the “Disable the visual \ 
editor when writing” setting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in \ 
accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on \ 
widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve \ 
back-compat for widget_text filters
   2017-06-18 20:01:42 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.