Commit Graph

948 Commits

Author SHA1 Message Date
whyisjake abc5355d75 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.6 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.6@49400


git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:00:24 +00:00
John Blackbourn f12b16a291 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41413] to the 4.6 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.6@41414


git-svn-id: http://core.svn.wordpress.org/branches/4.6@41247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:22:34 +00:00
Dominik Schilling 8631cb86cf Dashboard: Don't escape widget titles in screen reader text.
Introduced in [37972]. The title for the Quick Draft widget contains HTML to provide a JS/no-JS version.

Merge of [38225] to the 4.6 branch.

Props SergeyBiryukov for review.
See #37595.
See #37594.
Built from https://develop.svn.wordpress.org/branches/4.6@38226


git-svn-id: http://core.svn.wordpress.org/branches/4.6@38167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 09:09:32 +00:00
Drew Jaynes 6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Sergey Biryukov 139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for `_doing_it_wrong()`, `_deprecated_function()`, `_deprecated_argument()`, and `_deprecated_file()` throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Dominik Schilling 3d6fc45834 Dashboard: Don't add a "Configure" link to the toggle button.
The HTML for the toggle gets appended to the widget name which is later used for the widget title and the screen reader text of the toggle button. Storing the original widget name in the arguments allows us to use the name without the HTML for the screen reader text and doesn't require further changes by plugin developers.

Props nicholas_io, swissspidy.
Fixes #35021.
Built from https://develop.svn.wordpress.org/trunk@37972


git-svn-id: http://core.svn.wordpress.org/trunk@37913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-05 15:22:29 +00:00
Andrew Ozz c8d203e1a3 Autosave: improve the notice when the sessionStorage autosave is different than the content.
- Make it higher priority than the server autosave.
- Change it so the editors undo and redo can be used.
- Replace the restore link with a button.
- Add better explanation/help.

See #37025.
Built from https://develop.svn.wordpress.org/trunk@37737


git-svn-id: http://core.svn.wordpress.org/trunk@37702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-17 03:02:29 +00:00
Boone Gorges 253686fae6 Store only term IDs in object term relationships caches.
Previously, objects containing all data about a term were stored in each
object's term cache. Besides being wasteful, this approach caused invalidation
issues, as when a modified term count required a flush for all objects
belonging to the term.

Backward compatibility is maintained for plugins that continue to put object
data directly into the `{$taxonomy}_relationships` cache bucket.

Fixes #36814.
Built from https://develop.svn.wordpress.org/trunk@37573


git-svn-id: http://core.svn.wordpress.org/trunk@37541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-26 04:50:27 +00:00
Drew Jaynes 6d7abb8fd3 Docs: The `$context` parameter in `remove_meta_box()` is not optional.
Fixes a copy pasta error introduced in [34952].

Props travisnorthcutt.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@37545


git-svn-id: http://core.svn.wordpress.org/trunk@37513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 20:57:28 +00:00
Drew Jaynes 1947f4d17c Docs: Apply inline `@see` tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Drew Jaynes a54c2a7279 Docs: Remove/replace invalid inline `@link` tags from DocBlocks in wp-admin/includes/*.
See #36910.

Built from https://develop.svn.wordpress.org/trunk@37485


git-svn-id: http://core.svn.wordpress.org/trunk@37453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 17:22:27 +00:00
Drew Jaynes fe3b007fdd Docs: Remove inline `@see` tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Andrea Fercia 93c8cdbaed Accessibility: improve the Star Ratings hiding empty elements for assistive technologies.
Fixes #36725.
Built from https://develop.svn.wordpress.org/trunk@37330


git-svn-id: http://core.svn.wordpress.org/trunk@37296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-30 14:33:29 +00:00
Sergey Biryukov 1bd88850f7 Administration: Introduce `admin_print_footer_scripts-$hook_suffix"`, a dynamic version of the `admin_print_footer_scripts` hook.
This is now more consistent with the generic `admin_print_scripts` and the dynamic `admin_print_scripts-$hook_suffix` hooks fired in `wp-admin/admin-header.php`.

Props tfrommen.
Fixes #34334.
Built from https://develop.svn.wordpress.org/trunk@37279


git-svn-id: http://core.svn.wordpress.org/trunk@37245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 15:17:27 +00:00
Andrea Fercia 26148850c5 Accessibility: change the close "X" in the Media "Attach to existing content" modal in a button.
Props joedolson.

Fixes #36554.
Built from https://develop.svn.wordpress.org/trunk@37231


git-svn-id: http://core.svn.wordpress.org/trunk@37197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-17 16:58:26 +00:00
Nikolay Bachiyski 9b7a775413 Add nonce to AJAX action for script compression setting
Built from https://develop.svn.wordpress.org/trunk@37143


git-svn-id: http://core.svn.wordpress.org/trunk@37110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 18:21:25 +00:00
Konstantin Obenland 237f6a0e58 Customize: Introduce Logo support for themes.
Allows a common theme feature to have a common implementation provided by core and available in a consistent location for users.
See https://make.wordpress.org/core/2016/02/24/theme-logo-support/

Props kwight, enejb, jeherve, bhubbard, samhotchkiss, zinigor, eliorivero, adamsilverstein, melchoyce, ryan, mikeschroder, westonruter, pento, karmatosed, celloexpressions, obenland. 
See #33755.


Built from https://develop.svn.wordpress.org/trunk@36698


git-svn-id: http://core.svn.wordpress.org/trunk@36665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 22:10:26 +00:00
Drew Jaynes e66a510e0c Docs: Update the type for `$callback` parameters to `callable` in DocBlocks for `add_settings_section()` and `add_settings_field()`.
Props aidanlane.
Fixes #35772.

Built from https://develop.svn.wordpress.org/trunk@36642


git-svn-id: http://core.svn.wordpress.org/trunk@36609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 18:05:27 +00:00
Dominik Schilling 3b3ded01a0 Media: Update some attach/detach strings in the columns view.
* Show a "Media attachment reattached."/"Media attachment detached." message when only one attachment was attached/detached. 
* Use the string placeholder as `number_format_i18n()` returns a string.
* Add translator comments.
* Update help text to refer to the new dropdown menus.
* Add a more generic title to the attach modal.

Fixes #33237.
Built from https://develop.svn.wordpress.org/trunk@36328


git-svn-id: http://core.svn.wordpress.org/trunk@36295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 22:29:25 +00:00
Sergey Biryukov 7270205975 Remove redundant title attribute from `wp_star_rating()`. Hide the visible number of ratings from assistive technologies.
This data is redundant, as the same information is already conveyed by the text hidden with `.screen-reader-text` class.

Props afercia.
Fixes #35141.
Built from https://develop.svn.wordpress.org/trunk@36092


git-svn-id: http://core.svn.wordpress.org/trunk@36057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-26 00:48:27 +00:00
Sergey Biryukov d5d5d64e3d I18N: Use better context for post statuses.
See #35054.
Built from https://develop.svn.wordpress.org/trunk@35903


git-svn-id: http://core.svn.wordpress.org/trunk@35867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-13 19:18:26 +00:00
Helen Hou-Sandí e24681632e Avoid potential fatal errors after [35718].
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.

In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)

fixes #33413.

Built from https://develop.svn.wordpress.org/trunk@35740


git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Helen Hou-Sandí 2cdeac7cf6 Pass the `$post` object as context to `postmeta_form_keys`.
see #33885, #18979.

Built from https://develop.svn.wordpress.org/trunk@35730


git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Sergey Biryukov bc1e479fd0 After [35718], update the location of some files in `This filter is documented in` docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor 1e3807c10d `wp-admin/includes/template.php` is now a loader for 3 files made via `svn cp`:
* `Walker_Category_Checklist` class
* `WP_Internal_Pointers` class
* `template-functions.php`

This is BC for plugins that are loading `wp-admin/includes/template.php` for fun.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@34241


git-svn-id: http://core.svn.wordpress.org/trunk@34205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 15:35:23 +00:00
Scott Taylor ecc4106ed1 Add an argument to `parent_dropdown()`, `$post`, to allow it to be called for an arbitrary post.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34111


git-svn-id: http://core.svn.wordpress.org/trunk@34079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:20:25 +00:00
Helen Hou-Sandí 7f772bdaff Comments: Fix inline edit/reply on small screens.
props ocean90, SergeyBiryukov.
fixes #33596.

Built from https://develop.svn.wordpress.org/trunk@34094


git-svn-id: http://core.svn.wordpress.org/trunk@34062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 12:47:27 +00:00
Scott Taylor 821939d6d1 Quick Edit: fix an ID attribute name collision by renaming one of the author fields `author-name`.
Props afercia.
Fixes #33770.

Built from https://develop.svn.wordpress.org/trunk@34070


git-svn-id: http://core.svn.wordpress.org/trunk@34038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 02:35:25 +00:00
Drew Jaynes 55f3b892fb Docs: Add a changelog entry to the DocBlock for `touch_time()` to mention the shift from accessing the global `$comment` to using `get_comment()`.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33979


git-svn-id: http://core.svn.wordpress.org/trunk@33948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 15:48:25 +00:00
Scott Taylor 246f2a6bd9 Use `get_comment()` instead of a global in `touch_time()`.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33965


git-svn-id: http://core.svn.wordpress.org/trunk@33934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:05:24 +00:00
Boone Gorges cc5eddda74 Allow `wp_terms_checklist()` to return markup rather than echoing it.
Props kevinlangleyjr.
Fixes #33720.
Built from https://develop.svn.wordpress.org/trunk@33904


git-svn-id: http://core.svn.wordpress.org/trunk@33873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-04 21:25:25 +00:00
Scott Taylor e73ee5ac98 Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Helen Hou-Sandí 1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
Sergey Biryukov fc9961ca22 Make post meta box toggles accessible.
props joedolson.
fixes #33544.
Built from https://develop.svn.wordpress.org/trunk@33762


git-svn-id: http://core.svn.wordpress.org/trunk@33730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 15:23:24 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
John Blackbourn 6bd6069fc0 Remove all existing internal feature pointers.
Fixes #33289
Props obenland, ocean90, SergeyBiryukov

Built from https://develop.svn.wordpress.org/trunk@33593


git-svn-id: http://core.svn.wordpress.org/trunk@33560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-07 00:59:24 +00:00
Dion Hulse 765714ac0b Switch to a more performant query in meta_form().
Props lumaraf, swissspidy, rarylson, pento
Fixes #24498

Built from https://develop.svn.wordpress.org/trunk@33390


git-svn-id: http://core.svn.wordpress.org/trunk@33358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 05:17:25 +00:00
Ella Iseulde Van Dorpe 262c1a7e54 Publish box: fix strange date format after change
Part props tyxla.
Fixes #30716.

Built from https://develop.svn.wordpress.org/trunk@33340


git-svn-id: http://core.svn.wordpress.org/trunk@33312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-21 11:40:25 +00:00
Konstantin Obenland c56a8ae0f7 Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.

Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.


Built from https://develop.svn.wordpress.org/trunk@32994


git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 12:58:25 +00:00
Scott Taylor a0e373ef80 For doc block types, favor `bool` over the few remaining `boolean`s
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32964


git-svn-id: http://core.svn.wordpress.org/trunk@32935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 01:03:25 +00:00
Scott Taylor 587c570efa After [32796], improve the accessibility and markup for instances of `touch_time()`.
Props rianrietveld, afercia.
Fixes #31714.

Built from https://develop.svn.wordpress.org/trunk@32945


git-svn-id: http://core.svn.wordpress.org/trunk@32916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-25 19:30:25 +00:00
Helen Hou-Sandí 5a07e4bba4 Add "Scheduled" to post states.
props rclations.
fixes #32131.

Built from https://develop.svn.wordpress.org/trunk@32902


git-svn-id: http://core.svn.wordpress.org/trunk@32873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-22 16:07:26 +00:00
Scott Taylor c6a4512b1b Add missing doc blocks to `wp-admin/includes/*`.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Scott Taylor a51dfa3971 In the style of #30947 and `default-filters.php`, add 2 new files to `wp-admin/includes`:
`admin-filters.php`
`ms-admin-filters.php`

There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.

See #32529.

Built from https://develop.svn.wordpress.org/trunk@32653


git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 17:04:26 +00:00
Scott Taylor 19a3aacc94 Add `@static*` annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor 282e28ad81 Add `@global` annotations to (the rest of the?) `wp-admin/*` files.
Does not include list table file changes.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32643


git-svn-id: http://core.svn.wordpress.org/trunk@32613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 02:06:31 +00:00
Gary Pendergast e3f1f8fed1 Ensure post titles are correctly escaped on the Dashboard.
Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/trunk@32175


git-svn-id: http://core.svn.wordpress.org/trunk@32150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 07:39:25 +00:00
Sergey Biryukov 247fdbfe19 Remove hidden `user_id` input from `wp_comment_reply()`.
Since [31172], it caused the comment's `user_id` field to be unexpectedly changed to the user who edits the comment.

See [31776] for Edit Comment screen.

props dllh.
fixes #30307.
Built from https://develop.svn.wordpress.org/trunk@31999


git-svn-id: http://core.svn.wordpress.org/trunk@31978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-03 13:28:26 +00:00