[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.6 branch.
See #41925.
Built from https://develop.svn.wordpress.org/branches/4.6@42059
git-svn-id: http://core.svn.wordpress.org/branches/4.6@41888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.
`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.
If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.
Merges [39831] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@39833
git-svn-id: http://core.svn.wordpress.org/branches/4.6@39771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38727] to the 4.6 branch.
Fixes#38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes#37992 allowing for connecting to SSL resources on ports other than 443.
Fixes#37991 by not sending default ports in the `Host:` header.
Fixes#37839 to match and decode Chunked responses correctly.
Fixes#38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.
Built from https://develop.svn.wordpress.org/branches/4.6@38728
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, `DB_CHARSET` will be set to `utf8mb4`, even if the current setup doesn't support `utf8mb4`. After [38442], this can cause significant character set failures, causing the connection to fall back to `latin1`.
Instead of doing this, we now check that the connection supports `utf8mb4` before trying to use it, and fall back to `utf8` when we need to.
Merge of [38580] to the 4.6 branch.
Fixes#37982.
Built from https://develop.svn.wordpress.org/branches/4.6@38581
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The SQL query was built using the clauses compiled when querying for
top-level comments. But in cases where the top-level comment query
results are already in the cache, the SQL clauses are not built, and
so are unavailable for `fill_descendants()`. Instead, we call
`get_comments()`, using modified versions of the parameters passed
to the main `WP_Comment_Query` class.
Merge of [38446] to the 4.6 branch.
Props boonebgorges, Akeif, Rarst for testing.
Fixes#37696.
Built from https://develop.svn.wordpress.org/branches/4.6@38497
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures `_wp_preview_post_thumbnail_filter()`
is only applied if the `$post_id` of the post meta being filtered is
equal to the post or page being previewed.
Merge of [38433] to the 4.6 branch.
Props swissspidy, joemcgill.
Fixes#37697.
Built from https://develop.svn.wordpress.org/branches/4.6@38476
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.
Merge of [38415] to the 4.6 branch.
Props ionutst, gitlost, swissspidy.
Fixes#37731.
Built from https://develop.svn.wordpress.org/branches/4.6@38475
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37320] corrected some behaviour in how PHP and MySQL character sets are matched up. This was correct, but had the side effect of causing some incorrectly configured sites to start failing.
Prior to [37320], if `DB_CHARSET` was set to `utf8mb4`, but the PHP version didn't support `utf8mb4`, it would fall back to the default character set - usually `latin1`. After [37320], the `SET NAMES` query would force MySQL to treat the connection character set as `utf8mb4`, even if PHP wasn't able to understand it.
By checking if `mysqli_set_charset()` succeeded, we can simulate the old behaviour, while maintaining the fix in [37320].
Merge of [38441] to the 4.6 branch.
Props danielkanchev fo helping to diagnose this issue.
Fixes#37689.
Built from https://develop.svn.wordpress.org/branches/4.6@38442
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress maintains the minified version of jquery.masonry.js since there is no official build, however it has been excluded from grunt's minification process. This adds a minification task to grunt, adds it to the precommit hook for JS, minifies the file, and bumps the version on jquery.masonry.min.js. The change to the non minified version was introduced in [38261].
Merge of [38276] and [38281] to the 4.6 branch.
Fixes#37720. See #37666.
Built from https://develop.svn.wordpress.org/branches/4.6@38339
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38058] changed `wp_mail()` so that it used PHPMailer's `setFrom()`
method rather than setting the From and FromName headers directly. See
behavior of setting the `Sender` field. This causes `mail` to be
called with the `-f` flag, which causes outgoing email to fail on some
server environments.
Merges [38286] to the 4.6 branch.
Props Clorith, iandunn, DrewAPicture.
Fixes#37736.
Built from https://develop.svn.wordpress.org/branches/4.6@38287
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow to add/remove a featured image to `attachment:audio` and `attachment:video` post types, see [27657].
* Change conditionals to check for theme OR post type support.
* Add tests for #12922.
Broken in [37658].
Merge of [38263] to the 4.6 branch.
Props flixos90, joemcgill, DrewAPicture, wonderboymusic.
See #12922.
See #37658.
Built from https://develop.svn.wordpress.org/branches/4.6@38264
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add `srcset` and `sizes` to the mobile image for streamlined updates.
* Modify the order of image candidate strings in each `srcset` to address a bug in iOS8 where the first candidate will always be selected when using `w` descriptors, see #35030.
Merge of [38257] to the 4.6 branch.
Props joemcgill.
See #37246.
Built from https://develop.svn.wordpress.org/branches/4.6@38258
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_resource_hints()` parses the URL for the `preconnect` and `dns-prefetch` relation types to ensure correct values for both. While protocol-relative URLs are supported for `dns-prefetch`, the double slash was lost for `preconnect`.
Merge of [38255] to the 4.6 branch.
Props swissspidy, peterwilsoncc.
Props azaozz for review.
See #37652.
Built from https://develop.svn.wordpress.org/branches/4.6@38256
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38251] to the 4.6 branch.
First added in [37588] and later modified in [38224], the idea was to ensure that filters/actions added before `advance-cache.php` would not disappear if `advance-cache.php` overloaded the filters/actions with code such as `$wp_filter = array()`. This is an edge case and one that there is no documented case of existing.
This restores the behavior from WordPress 4.5 and before. It is strongly encouraged that developers using `advance-cache.php` to use the Plugins API that is available before the loading of `advance-cache.php` rather than directly interacting with any of the globals.
Props azaozz, jorbin, dd32 for review, pento for review, westi for investigation, ipstenu for research.
See #36819.
Built from https://develop.svn.wordpress.org/branches/4.6@38252
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change restores only the margin and padding styles for the `.update-message` class when used by plugins in the context of adding arbitrary rows to the list table. The inline-update colors and icon styles were not restored, expressly with a wide variety of plugin use-cases in mind.
Merge of [38237] to the 4.6 branch.
Props ovann86, rahulsprajapati, ocean90, DrewAPicture.
Props helen for review.
Fixes#37504.
Built from https://develop.svn.wordpress.org/branches/4.6@38238
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning: Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.
To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.
Merge of [38235] to the 4.6 branch.
Props jbrinley.
Props jorbin for review.
See #37570.
Built from https://develop.svn.wordpress.org/branches/4.6@38236
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This corrects the selector for the delete link in `wp.updates.deletePlugin()` so the text can be changed to 'Deleting…'. `wp.updates.deleteTheme()` already worked on wp-admin/themes.php but not on wp-admin/network/themes.php because the network screen is similar to the plugins list table, this is now fixed too.
The `credential-modal-cancel` handler has been updated to support canceled delete jobs.
Merge of [38227] to the 4.6 branch.
Props swissspidy.
Props jorbin for review.
See #37603.
Built from https://develop.svn.wordpress.org/branches/4.6@38228
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37588] added methods to backup the plugin globals, for ensuring that advanced cache drop-ins don't overwrite hooks that've been added earlier in the load process.
The method for restoring the plugin globals wasn't compatible with the implementation of `WP_Hook` in #17817. `WP_Hook` implements `ArrayAccess`, so `_restore_plugin_globals()` was treating it as an array, and inadvertantly overwriting the `WP_Hook` object with a plain array.
To avoid having to re-write this code as part of #17817, we now use `add_filter()` to restore any hooks that were added by cache drop-ins, which `WP_Hook` correctly supports.
Merge of [38223] with the 4.6 branch.
Props pento, jorbin.
Fixes#36819.
Built from https://develop.svn.wordpress.org/branches/4.6@38224
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38221] to the 4.6 branch.
Before this change, when a bulk update was canceled due dismissing the FTP credentials modal, part of the actions didn't get canceled. This meant the "There is a new version of…” notices become blank and the updates you had checked became unchecked. Now, the notices remain and you are essentially returned to the screen you had before. Strings are also updated to improve ARIA usage.
Fixes#37563.
Props ocean90, swissspidy, obenland, afercia.
Built from https://develop.svn.wordpress.org/branches/4.6@38222
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37262] changed a check in `redirect_canonical()` so that it checked
categories in the object cache rather than querying the database. However,
the check was based on the identity of `WP_Term` objects, which in
certain cases can be augmented by the main WP query routine, causing
failures of the `in_array()` check. This caused unnecessary redirects
for URLs where `is_single()` is true, but the URL is different from the
post permalink, such as the `embed` endpoint.
`has_term()` also checks the cache, but does not sufer from this bug.
Merges [38216] to the 4.6 branch.
Props cmillerdev.
Fixes#36602.
Built from https://develop.svn.wordpress.org/branches/4.6@38220
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38218] in to 4.6 branch.
Custom JS events are triggered on the document in order for plugins to have something to hook into. The standard began in #31819 is dash separated and begins with wp to signify the namespace, followed by the subject of our action ( "theme", "plugin", etc.) followed by the action and an optional indicator of status ( "install-success", "deleting" ).
This brings some of the theme hooks in line with the standard. As of now, all plugin actions in src/wp-admin/js/updates.js have an equal corresponding theme action.
Fixes#37598.
See #37512, #37216, #31819.
Props olarmarius, ocean90.
Built from https://develop.svn.wordpress.org/branches/4.6@38219
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* "-1" is an invalid nonce error, show 'An error has occurred. Please reload the page and try again.'.
* "error" means that the connection to the server was lost, show 'Connection lost or the server is busy. Please try again later.'.
* Escape the message in `wp-updates-admin-notice` because the response may include HTML.
* Remove HTML tags in `wp.updates.isValidResponse()` to make PHP's error messages more readable.
Merge of [38205] to the 4.6 branch.
Props azaozz for review.
See #37583.
Built from https://develop.svn.wordpress.org/branches/4.6@38206
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dominik Schilling
Dion Hulse
John Blackbourn
Gary Pendergast
Aaron Campbell
Pascal Birchler
James Nylen
Joe McGill
Jeremy Felt
Boone Gorges
Aaron Jorbin
Andrew Ozz
Drew Jaynes