* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.6 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.6@49400
git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most users don't realize that the Featured Image meta box exists; if they do, few use it.
Restores the old meta box UI, including the admin_post_thumbnail_html filter. If a plugin is using _wp_post_thumbnail_html() in conjunction with Thickbox elsewhere, it will also magically still work.
Specific underlying changes:
* Converts the modal view to use the view manager, which means that a call to open() will automatically call render and attach if necessary.
* Doesn't automatically set a state in wp.media, to allow code to customize the states to be added before activation.
props koopersmith.
fixes#21776.
git-svn-id: http://core.svn.wordpress.org/trunk@22979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* This moves our "development" versions from .dev.js to .js (same for css).
* The compressed version then moves from .js to .min.js (same for css).
By switching to the standard .min convention, it sets expectations for developers,
and works nicely with existing tools such as ack.
fixes#21633.
git-svn-id: http://core.svn.wordpress.org/trunk@21592 1a063a9b-81f0-0310-95a4-ce76da25c4cd