Commit Graph

121 Commits

Author SHA1 Message Date
whyisjake abc5355d75 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.6 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.6@49400


git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:00:24 +00:00
Drew Jaynes 6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
John Blackbourn aa35e473f7 `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Drew Jaynes caf3df03bc Docs: Add a summary, version, and `@access` tag to the property DocBlock for `Custom_Background->updated`.
See [13765] for where the property was initially introduced.
See [30186] for where the property was actually declared.

Props brentvr.
See #30224. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34490


git-svn-id: http://core.svn.wordpress.org/trunk@34454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 13:34:24 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor f61501f57f The `query-attachments` AJAX action immediately errors out if the user doesn't have the `upload_files` cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.
See #32654.

Built from https://develop.svn.wordpress.org/trunk@32913


git-svn-id: http://core.svn.wordpress.org/trunk@32884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-23 18:20:27 +00:00
Scott Taylor ab66fc95bc Fix some malformed doc blocks in `Custom_Background`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32734


git-svn-id: http://core.svn.wordpress.org/trunk@32705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:25:25 +00:00
Scott Taylor c6a4512b1b Add missing doc blocks to `wp-admin/includes/*`.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor 7f8b548df1 In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Scott Taylor 61f5cc459e In `Custom_Background`:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` value
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 2 properties marked `private`, `$page` and `$updated` - `$page` is never used and `$updated` was added by me in [30186] during 4.1

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31133


git-svn-id: http://core.svn.wordpress.org/trunk@31114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:59:22 +00:00
Scott Taylor aaae4e9df0 Since `get_theme_mod()` returns `false` on failure, `$background_image_thumb` can be set to it and checked instead of calling `get_background_image()` 3 times in `Custom_Background->admin_page()`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31129


git-svn-id: http://core.svn.wordpress.org/trunk@31110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 20:44:22 +00:00
Scott Taylor da99d29a59 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value - anything that is returned is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31125


git-svn-id: http://core.svn.wordpress.org/trunk@31106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:13:22 +00:00
Scott Taylor 709698a579 In `Custom_Background` and `Custom_Header`:
* In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. 
* Bail if `add_theme_page()` returns `false`
* `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31116


git-svn-id: http://core.svn.wordpress.org/trunk@31097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:07:22 +00:00
Dominik Schilling fcb00b75e2 Customizer: Add `_wp_attachment_is_custom_background` meta to uploaded background images.
Adds `$type` property to `WP_Customize_Background_Image_Control` (PHP) and introduces `wp.customize.BackgroundControl` (JS).

see #30707.
Built from https://develop.svn.wordpress.org/trunk@30885


git-svn-id: http://core.svn.wordpress.org/trunk@30873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 23:28:23 +00:00
Dominik Schilling 15df631e76 Make notices added in [30459] less ugly.
see #25569, #25571, [30505].
Built from https://develop.svn.wordpress.org/trunk@30657


git-svn-id: http://core.svn.wordpress.org/trunk@30647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:21:22 +00:00
Dominik Schilling cffba3c1ba Customizer: Use deep-links for Backgrounds, Headers, and Widgets.
Replace links in admin menu and toolbar to Custom Background/Header screen with deep-links to the Customizer section.
On the Widgets screen display a link to the Customizer widgets panel.

props topher1kenobe, rzen, celloexpressions, westonruter
fixes #25569, #25571, #28032.
Built from https://develop.svn.wordpress.org/trunk@30459


git-svn-id: http://core.svn.wordpress.org/trunk@30450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 15:29:23 +00:00
Dominik Schilling 120cb5e6ef Improve keyboard accessibility on Custom Header and Custom Background screen.
props florianziegler.
fixes #29289.
Built from https://develop.svn.wordpress.org/trunk@30327


git-svn-id: http://core.svn.wordpress.org/trunk@30326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:00:57 +00:00
Scott Taylor a14a4fc9a5 In `Custom_Background`, declare `$updated` as a property.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30186


git-svn-id: http://core.svn.wordpress.org/trunk@30186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 05:08:22 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes 5752274fc2 Fill out inline documentation for magic methods added to the `Custom_Background` class in [28481], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29149


git-svn-id: http://core.svn.wordpress.org/trunk@28933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:58:15 +00:00
Scott Taylor 85f73cf458 Classes that have `__set()` also need `__isset()` and `__unset()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28524


git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
Scott Taylor 821246b4ae Some classes with `__get()` method also need `__set()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28521


git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
Scott Taylor 2e912d3108 Use proper access modifiers and add a magic `__get()` method to `Custom_Background` and `Custom_Image_Header`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28481


git-svn-id: http://core.svn.wordpress.org/trunk@28307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 21:31:16 +00:00
Andrew Nacin dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Andrew Ozz eb1d21d782 Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712.
Built from https://develop.svn.wordpress.org/trunk@27029


git-svn-id: http://core.svn.wordpress.org/trunk@26905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-24 19:06:15 +00:00
Sergey Biryukov 2f3ebce172 Always show Background Image section heading and the opening table tag on Custom Background screen, to make in consistent with Custom Header and avoid broken markup.
props obenland.
fixes #26731.
Built from https://develop.svn.wordpress.org/trunk@26878


git-svn-id: http://core.svn.wordpress.org/trunk@26761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-29 08:06:11 +00:00
Andrew Nacin 9be4bd5720 Rename the new custom-background arguments passed to add_theme_support().
* background-position becomes default-position-x
 * background-attachment becomes default-attachment
 * background-repeat becomes default-repeat

These are in line with existing default-image and default-color arguments, and also makes the position argument unambiguous and forwards compatible.

fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26594


git-svn-id: http://core.svn.wordpress.org/trunk@26484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 21:36:10 +00:00
Andrew Ozz 8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Jon Cave fd14a5df71 Allow customisation of theme mod defaults via custom-background theme support.
Give the power to theme authors to select defaults when registering
custom-background support.

Props obenland. Fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26352


git-svn-id: http://core.svn.wordpress.org/trunk@26253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 14:05:10 +00:00
Andrew Nacin 5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Andrew Nacin e17beb58f7 Mark the hooks in custom-background.php as duplicates.
* image_size_names_choose should be documented in wp-includes/media.php
 * wp_create_file_in_uploads should be documented in custom-header.php

see #25229.

Built from https://develop.svn.wordpress.org/trunk@25283


git-svn-id: http://core.svn.wordpress.org/trunk@25247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 17:05:09 +00:00
Scott Taylor 31f26dc3ce Remove lingering instances of call time pass-by-reference, limited to instances of `callable` - use `$this` instead of `&$this`.
Props jdgrimes.
See #25160.


Built from https://develop.svn.wordpress.org/trunk@25254


git-svn-id: http://core.svn.wordpress.org/trunk@25222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:34:09 +00:00
Andrew Nacin 043f19b1dc When generating a background image thumbnail URL, escape percent signs for the eventual sprintf() call inside get_theme_mod().
props cfinke.
fixes #21241.



git-svn-id: http://core.svn.wordpress.org/trunk@24630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 04:42:03 +00:00
Andrew Nacin e6afcb4aa2 Context for 'Attachment' when referring to the background image attachment. props xibe, fixes #23433.
git-svn-id: http://core.svn.wordpress.org/trunk@24621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 03:07:53 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin 9bba27f4e5 Fix various typos and omissions across a number of help tabs. props DrewAPicture, Ipstenu. see #22451.
git-svn-id: http://core.svn.wordpress.org/trunk@22812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-22 08:45:15 +00:00
Andrew Nacin dfb844b64b Remove legacy media uploader bits from custom-header.php and custom-background.php. see #22186, #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@22778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 17:44:49 +00:00
Andrew Nacin e14ff50cfb Don't allow non-image uploads for custom headers and backgrounds. props kovshenin. fixes #22149.
git-svn-id: http://core.svn.wordpress.org/trunk@22521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-10 05:36:37 +00:00
Daryl Koopersmith bda841315a Custom Background: Remove dead code for thickbox. see #21818, #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@22503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-09 11:48:33 +00:00
Daryl Koopersmith 15a749c6fd Integrate media with the custom background page. fixes #21818, see #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@22502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-09 11:37:24 +00:00
Ryan Boren b8140cf35e Update help text for color picker in custom header and background screens.
Props DrewAPicture
fixes #22393


git-svn-id: http://core.svn.wordpress.org/trunk@22470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-08 19:32:49 +00:00
Andrew Nacin f466722928 Proper button heights on the custom header and background pages. props johnbillion. fixes #22385.
git-svn-id: http://core.svn.wordpress.org/trunk@22462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-08 01:51:05 +00:00
Andrew Nacin b9b9ebeeae Forms with the class .wp-upload-form will now have their submit button disabled until a file is selected. props kovshenin, helenyhou, lessbloat, SergeyBiryukov, tommcfarlin. fixes #20855.
git-svn-id: http://core.svn.wordpress.org/trunk@22459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 23:54:03 +00:00
Andrew Nacin 0b6cf76853 New color picker, props mattwiebe. see #21206.
Replaces Farbtastic. May change further in response to user testing.



git-svn-id: http://core.svn.wordpress.org/trunk@22030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 01:57:38 +00:00