Commit Graph

148 Commits

Author SHA1 Message Date
davidbaumwald 69e59764eb Grouped backports to the 4.6 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.6 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.6@56859


git-svn-id: http://core.svn.wordpress.org/branches/4.6@56370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:10:52 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Rachel Baker d287f19a0f Comments: Remove debugging code left in `WP_Comments_List_Table->get_views()`.
Originally introduced in [9556] and leftover from [15578].

Props dabnpits.
Fixes #36938.
Built from https://develop.svn.wordpress.org/trunk@37624


git-svn-id: http://core.svn.wordpress.org/trunk@37592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-02 15:07:28 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Rachel Baker f99ec3db18 Comments: In the comments list table, only link rows inside the “Submitted On” column to the comment if it is publicly viewable.
The date within the comments list table “Submitted On” column will only be wrapped in `get_comment_link()` if the comment is approved and associated with a valid `comment_post_ID`.

Fixes #35279.
Built from https://develop.svn.wordpress.org/trunk@36521


git-svn-id: http://core.svn.wordpress.org/trunk@36488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-12 21:43:26 +00:00
Boone Gorges b5d12e130c Comments: Restore the ability to bypass post_id filter using 0 or '0'.
The changes introduced in [36381], while logical and clearly awesome, introduce
the potential for much breakage. Those who want to query for comments with a
null `comment_post_ID` should use `'post_in' => array( 0 )` instead.

Reverts [36381], [36387].
See #35090.

Built from https://develop.svn.wordpress.org/trunk@36480


git-svn-id: http://core.svn.wordpress.org/trunk@36447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-05 18:50:25 +00:00
Boone Gorges 00cf77999d In comments list table, `$post_id` should default to `false` rather than 0.
After [36381], the default value of `0` was causing the list table at
edit-comments.php to be empty. `false` prevents this.

This fix is likely temporary, while more research is done into the backward
compatibility concerns tied to [36381].

See #35090.
Built from https://develop.svn.wordpress.org/trunk@36387


git-svn-id: http://core.svn.wordpress.org/trunk@36354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-23 22:16:26 +00:00
Rachel Baker 9065794462 List Tables: Use the $GLOBALS array when unsetting the global post and comment in `WP_Comments_List_Table::single_row()`.
In r35674 only the local variables were unset, when using `unset()` with a global variable the `$GLOBALS` array must be used.


Fixes #35506.

Built from https://develop.svn.wordpress.org/trunk@36339


git-svn-id: http://core.svn.wordpress.org/trunk@36306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-18 02:50:27 +00:00
Andrea Fercia 2d76f3cb83 Accessibility: Remove title attributes from the Comments screen.
Fixes #35304.
Built from https://develop.svn.wordpress.org/trunk@36298


git-svn-id: http://core.svn.wordpress.org/trunk@36265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-14 16:04:27 +00:00
John Blackbourn f63dc802cb Comments: Correct the docblocks for various methods in the comment list table class.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36248


git-svn-id: http://core.svn.wordpress.org/trunk@36215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-10 00:52:25 +00:00
Ella Iseulde Van Dorpe 657d3b50af Make date format consistent across the admin
The 'date_format' and 'time_format' options shouldn't affect the backend.

See #30864


Built from https://develop.svn.wordpress.org/trunk@35811


git-svn-id: http://core.svn.wordpress.org/trunk@35775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 04:26:27 +00:00
John Blackbourn ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
Sergey Biryukov ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to `moderated`.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Scott Taylor 838592c1ba List Tables: because we can never eradicate the existence of globals, ensure that `$comment` is hoisted into the global space inside `WP_Comments_List_Table::single_row()`.
Fixes #34654.

Built from https://develop.svn.wordpress.org/trunk@35674


git-svn-id: http://core.svn.wordpress.org/trunk@35638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:05:30 +00:00
Sergey Biryukov bc41f44158 I18N: After [34424], replace the placeholder with comments count after `translate_nooped_plural()` runs, not before.
Props hnle.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35670


git-svn-id: http://core.svn.wordpress.org/trunk@35634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 18:04:28 +00:00
Sergey Biryukov 0d4cf36199 I18N: Remove `<a>` tag from translatable string in `wp-admin/includes/class-wp-comments-list-table.php`.
Props ramiy.
Fixes #34686.
Built from https://develop.svn.wordpress.org/trunk@35666


git-svn-id: http://core.svn.wordpress.org/trunk@35630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 17:34:27 +00:00
Drew Jaynes 64f5e0683a Docs: Document use of the `$comment_status` global in the DocBlock for `WP_Comments_List_Table::handle_row_actions()`.
Props shimakyohsuke.
Fixes #34425.

Built from https://develop.svn.wordpress.org/trunk@35490


git-svn-id: http://core.svn.wordpress.org/trunk@35454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-02 21:33:27 +00:00
Dion Hulse d2aca078b6 Comments: Use a full URL rather than a relative one for links which can contain IPv6 addresses to avoid an issue where the URL was being eaten by escaping functions.
See #34407, #34202
Fixes #34054

Built from https://develop.svn.wordpress.org/trunk@35368


git-svn-id: http://core.svn.wordpress.org/trunk@35332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 05:14:25 +00:00
Drew Jaynes 8a386cb24f Docs: Add missing file headers to the list table classes and adjust class DocBlocks accordingly.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@35241


git-svn-id: http://core.svn.wordpress.org/trunk@35207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 15:13:25 +00:00
Scott Taylor 0c2b2a0e3d List Tables/WP_Screen: in `WP_Screen`, add methods to store, retrieve, and render screen reader text, primarily used by list table screens.
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all

Props afercia.
Fixes #32147.

Built from https://develop.svn.wordpress.org/trunk@34891


git-svn-id: http://core.svn.wordpress.org/trunk@34856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 01:28:25 +00:00
Andrea Fercia 6fdd384fe0 Comments List Table: fix the translators comment for all count after [34506].
See #17275.
Built from https://develop.svn.wordpress.org/trunk@34508


git-svn-id: http://core.svn.wordpress.org/trunk@34472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 18:40:24 +00:00
Scott Taylor 4671e03766 Comments List Table: include count for "All". Dynamically update.
Fixes #17275.

Built from https://develop.svn.wordpress.org/trunk@34506


git-svn-id: http://core.svn.wordpress.org/trunk@34470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 17:57:25 +00:00
Scott Taylor bc5eb3a623 Comments: add `date` column to `WP_Comments_List_Table` to allow sorting and to break out the date/time from the comment content column.
Props jshreve.
Fixes #15520.

Built from https://develop.svn.wordpress.org/trunk@34504


git-svn-id: http://core.svn.wordpress.org/trunk@34468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 17:27:26 +00:00
Sergey Biryukov 8db1c75a7e Remove extra HTML from translatable strings in `WP_Comments_List_Table::get_views()`.
Add a context and translator comments.

Props Tmeister for initial patch.
Fixes #31859.
Built from https://develop.svn.wordpress.org/trunk@34424


git-svn-id: http://core.svn.wordpress.org/trunk@34388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 14:33:25 +00:00
Scott Taylor f9c2a88a8a List Tables: when comparing string literals (non-numeric in nature) against vars, strict comparison can/should be used.
Props wonderboymusic, Viper007Bond.
Fixes #21249.

Built from https://develop.svn.wordpress.org/trunk@34383


git-svn-id: http://core.svn.wordpress.org/trunk@34347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 06:06:25 +00:00
Sergey Biryukov 7adaef50bb Include placeholders in translator comments.
See #31857.
Built from https://develop.svn.wordpress.org/trunk@34304


git-svn-id: http://core.svn.wordpress.org/trunk@34268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:58:24 +00:00
Scott Taylor ec01716bb2 Don't use HTML tags in translation strings for "In Reply To" links for comments in the admin.
Props ramiy.
Fixes #31857.

Built from https://develop.svn.wordpress.org/trunk@34297


git-svn-id: http://core.svn.wordpress.org/trunk@34261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:36:24 +00:00
Scott Taylor 5920e8eb13 Move `WP_Post_Comments_List_Table` to its own file.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34223


git-svn-id: http://core.svn.wordpress.org/trunk@34187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 06:53:24 +00:00
Scott Taylor 98acab10ea Comments/PHP Notices: check that a parent comment exists before displaying an orphan's link to it in the admin.
Props rachelbaker.
Fixes #33710.

Built from https://develop.svn.wordpress.org/trunk@34015


git-svn-id: http://core.svn.wordpress.org/trunk@33984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 20:51:23 +00:00
Scott Taylor 52516a68ab After the `global` churn in [33964], also set `$post` to `null` at the end of `WP_Comments_List_Table::single_row()` to ensure that an orphaned comment doesn't inherit the previous row's `$post` context.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33986


git-svn-id: http://core.svn.wordpress.org/trunk@33955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:12:23 +00:00
Scott Taylor 71f955dc84 In `WP_Comments_List_Table`, favor passing `WP_Comment` instances instead of `$comment_ID` to template functions. This allows us to bypass unnecessary cache lookups and simply pass the object through when it is set.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33964


git-svn-id: http://core.svn.wordpress.org/trunk@33933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:00:24 +00:00
Scott Taylor 80a20e5c3d Handle more cases (`untrailingslashit`, HTTPS urls) for sanitizing an author URL for display in the comments list table.
Props afercia, mehulkaklotar, swissspidy, johnbillion.
Fixes #33291.

Built from https://develop.svn.wordpress.org/trunk@33894


git-svn-id: http://core.svn.wordpress.org/trunk@33863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 23:23:24 +00:00
Drew Jaynes 375d30f699 Docs: Add a duplicate filter comment to the `comment_email` filter call in `WP_Comments_List_Table`, introduced in [33829].
See #11566.

Built from https://develop.svn.wordpress.org/trunk@33830


git-svn-id: http://core.svn.wordpress.org/trunk@33798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 21:22:21 +00:00
Scott Taylor a5b157ffde Remove the hamburger global'ing from [33828]: since no args are passed to `comment_author_email_link()`, the internals can be simplified and applied inline.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33829


git-svn-id: http://core.svn.wordpress.org/trunk@33797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 21:09:21 +00:00
Scott Taylor d0a1a47708 Fix warnings after [33826]. Only only one function call needs a global `$comment`, we shall hamburger it.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33828


git-svn-id: http://core.svn.wordpress.org/trunk@33796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:59:21 +00:00
Scott Taylor 7ab015c5ab `WP_Comments_List_Table::single_row()` has no reason to set the `$comment` global. No other methods use it, and we are not in template/loop context. This can mess with the response of `get_comment()` elsewhere, since `get_comment()` internally bypasses the cache/db when a global is set.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33826


git-svn-id: http://core.svn.wordpress.org/trunk@33794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:42:21 +00:00
Sergey Biryukov 8b1fe986c3 Use `wp_html_excerpt()` to properly cut comment author URL for display on Comments screen.
props brettz95, solarissmoke.
fixes #15659.
Built from https://develop.svn.wordpress.org/trunk@33825


git-svn-id: http://core.svn.wordpress.org/trunk@33793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:41:21 +00:00
Scott Taylor 20f6db2b18 Comment List Tables:
* Ensure that dynamic bubble counts are in sync by `comment_post_ID`
* Scope `:animated` to `#the-comment-list`

See #11200.


Built from https://develop.svn.wordpress.org/trunk@33662


git-svn-id: http://core.svn.wordpress.org/trunk@33629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 16:36:25 +00:00
Scott Taylor 2e2223ae74 Comments List Table:
* In a view that initially has comments, but they get removed due to user actions: show the `No Items` row instead of bombing out and showing nothing (which looks broken)
* To accomplish this, in `WP_Comments_List_Table::display()`: call `->display_rows_or_placeholder()` instead of `->display()`
* Listen for the end of row `.fadeOut()`s if necessary using jQuery Promises

Fixes #11200.

Built from https://develop.svn.wordpress.org/trunk@33657


git-svn-id: http://core.svn.wordpress.org/trunk@33624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 05:54:25 +00:00
Scott Taylor df618f3461 Comments List Table:
* Show count next to "Approved"
* Properly increment/decrement counts when row actions are clicked
* In `_wp_ajax_delete_comment_response()`, return the comment's `status` with the `supplemental` data
* Handle counts properly on each scenario of `undo`

See #11200.

Built from https://develop.svn.wordpress.org/trunk@33655


git-svn-id: http://core.svn.wordpress.org/trunk@33622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 02:51:25 +00:00
Dominik Schilling f74a907eac Capabilities: Fall back to the `edit_posts` capability for orphaned comments.
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.

props pento, dd32.
fixes #33154.
Built from https://develop.svn.wordpress.org/trunk@33614


git-svn-id: http://core.svn.wordpress.org/trunk@33581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 22:31:24 +00:00
Helen Hou-Sandí 7b7ae2ee25 Comments list table: Display that cute lil comment bubble.
The comments list table suffers from "wall of text" problems, which the two plain text links compounded.

props obenland. fixes #33149.

Built from https://develop.svn.wordpress.org/trunk@33490


git-svn-id: http://core.svn.wordpress.org/trunk@33457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 18:08:25 +00:00
Sergey Biryukov 48a1c86245 Comment string tweaks:
* Merge two strings about an invalid comment ID.
* Add missing context to 'Mark as Spam' string.
* Merge two 'In Response To' strings, replace redundant context with a translator comment.

props pavelevap.
fixes #32334.
Built from https://develop.svn.wordpress.org/trunk@33436


git-svn-id: http://core.svn.wordpress.org/trunk@33403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 23:36:24 +00:00
Scott Taylor 4d34e37311 List Tables:
* In `->handle_row_actions()`, bail immediately if `$primary` and `$column_name` do not match. Saves us a nesting level and avoids declaring code that is unusable.
* In `WP_List_Table::single_row_columns()`, allow `_column_{$name}` to be called dynamically by core to avoid having to override the entirety of `->single_row_columns()` in `WP_MS_Users_List_Table` and `WP_Posts_List_Table`
* In `WP_MS_Sites_List_Table`, `id` is not a column.

Props wonderboymusic, paulwilde.
Fixes #29881.

Built from https://develop.svn.wordpress.org/trunk@33270


git-svn-id: http://core.svn.wordpress.org/trunk@33242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-14 17:47:24 +00:00
Helen Hou-Sandí 6e73f1282e List tables: Better accessibility and design for the comments bubble.
It is now plain text in the comments list table's "In Response To" column, where it was visually a bit confusing to have the bubble. For other list tables, it now shows a little notification bubble with the number of pending comments. The bubble and notification become plain text in the responsive list table view. It also shows no bubble when there are no comments at all, reducing some of the visual noise.

props picard102, afercia, karinchristen.
fixes #32152.

Built from https://develop.svn.wordpress.org/trunk@33155


git-svn-id: http://core.svn.wordpress.org/trunk@33127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-10 21:44:25 +00:00
Helen Hou-Sandí df220685a0 List tables: Account for comments being reused on the post edit screen.
Adding the `.wp-list-table` class gets us a few responsive goodies for free. And now it won't show a strange button outline.

see #32395.

Built from https://develop.svn.wordpress.org/trunk@33101


git-svn-id: http://core.svn.wordpress.org/trunk@33072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-07 00:09:24 +00:00
Helen Hou-Sandí 8eb7f71e6b List tables: A better responsive view.
Instead of truncating columns, the data that's already in the markup can now be toggled into view. Only seems appropriate to celebrate four years of contributing by finally doing the first thing I ever mocked up.

Known issues / concerns:
* Custom list tables that don't define a primary column will show nothing at all. These are not extremely common, as `WP_List_Table` isn't really recommended for plugin consumption, but it happens. We need to come up with some kind of fallback.
* Some visual elements, particularly whitespace, could use refining.
* Needs a11y review.
* Touch performance on iOS feels sluggish - is there anything we can do about that?
* Would this be better accordion-style (only one expanded at a time)?
* Is `wp_strip_all_tags()` good enough for column titles that have HTML in them? It's essentially a workaround for the fact that core's comments column does that for the icon, which maybe it shouldn't. Perhaps worth another ticket, as a markup change would be fairly independent.
* Visual hierarchy is not great when expanded (also worthy of another ticket).
* Quick edit now becomes noticeably more annoying to cancel out of, as you have to scroll all the way down and you lose your position from before it was opened. Again, worthy of another ticket.

props Michael Arestad, helen.
see #32395.

Built from https://develop.svn.wordpress.org/trunk@33016


git-svn-id: http://core.svn.wordpress.org/trunk@32987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 01:31:25 +00:00
Scott Taylor 5c6b63d3a6 `if` is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor f88b42be94 In `WP_Comments_List_Table::column_comment()`, `$post` and `$the_comment_status` are unused, as is the `$comment_status` global.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32736


git-svn-id: http://core.svn.wordpress.org/trunk@32707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:39:25 +00:00
Drew Jaynes 5457eb4933 Add missing return descriptions and fix formatting of inline documentation introduced in [32644].
See #25408. See #32246.

Built from https://develop.svn.wordpress.org/trunk@32660


git-svn-id: http://core.svn.wordpress.org/trunk@32630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-31 01:18:26 +00:00