Commit Graph

18840 Commits

Author SHA1 Message Date
audrasjb 47a43f3d94 WordPress 5.6.14.
Built from https://develop.svn.wordpress.org/branches/5.6@58512


git-svn-id: http://core.svn.wordpress.org/branches/5.6@57960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-24 16:25:13 +00:00
Joe McGill 6367bd749d WordPress 5.6.13.
Built from https://develop.svn.wordpress.org/branches/5.6@57430


git-svn-id: http://core.svn.wordpress.org/branches/5.6@56936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 16:29:03 +00:00
Aaron Jorbin cc30c42d72 Grouped Backports to the 5.6 branch
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.

Merges [57388] and [57389] to the 5.6 branch.

Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.

Built from https://develop.svn.wordpress.org/branches/5.6@57399


git-svn-id: http://core.svn.wordpress.org/branches/5.6@56905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 14:52:00 +00:00
audrasjb 8e2e64a896 WordPress 5.6.12.
Built from https://develop.svn.wordpress.org/branches/5.6@56888


git-svn-id: http://core.svn.wordpress.org/branches/5.6@56399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:34:49 +00:00
davidbaumwald d4c02d548e Grouped backports to the 5.6 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.

Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.6 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.6@56882


git-svn-id: http://core.svn.wordpress.org/branches/5.6@56393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:28:44 +00:00
audrasjb 172ba98d63 Grouped backports to the 5.6 branch.
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.
- I18N: Introduce sanitization function for locale.
- Editor: Ensure block comments are of a valid form.

Merges [55760-55764] to the 5.6 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.


Built from https://develop.svn.wordpress.org/branches/5.6@55781


git-svn-id: http://core.svn.wordpress.org/branches/5.6@55293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:42:08 +00:00
Peter Wilson 65e268d7c2 I18N: Add new strings to `about.php` for use with end-of-life updates.
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.

Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 5.6 branch.
Fixes #57216.


Built from https://develop.svn.wordpress.org/branches/5.6@55376


git-svn-id: http://core.svn.wordpress.org/branches/5.6@54909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-21 02:49:00 +00:00
audrasjb e3632749c7 WordPress 5.6.10.
Built from https://develop.svn.wordpress.org/branches/5.6@54586


git-svn-id: http://core.svn.wordpress.org/branches/5.6@54140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 19:50:22 +00:00
audrasjb 5d9e922dea Grouped backports to the 5.6 branch.
- Editor: Bump @wordpress packages for the branch,
- Media: Refactor search by filename within the admin,
- REST API: Lockdown post parameter of the terms endpoint,
- Customize: Escape blogname option in underscores templates,
- Query: Validate relation in `WP_Date_Query`,
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Comments: Apply kses when editing comments,
- Widgets: Escape RSS error messages for display.

Merges [54521-54530] to the 5.6 branch.
Props audrasjb, costdev, cu121, dd32, davidbaumwald, ehtis, johnbillion, johnjamesjacoby, martinkrcho, matveb, oztaser, paulkevan, peterwilsoncc, ravipatel, SergeyBiryukov, talldanwp, timothyblynjacobs, tykoted, voldemortensen, vortfu, xknown.

Built from https://develop.svn.wordpress.org/branches/5.6@54555


git-svn-id: http://core.svn.wordpress.org/branches/5.6@54110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 17:57:59 +00:00
Peter Wilson 313f7fcaae Security: Introduce strings to indicate support status.
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.6 branch.
See #56532.


Built from https://develop.svn.wordpress.org/branches/5.6@54434


git-svn-id: http://core.svn.wordpress.org/branches/5.6@53993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 04:55:07 +00:00
desrosj 7a74299bc9 WordPress 5.6.9.
Built from https://develop.svn.wordpress.org/branches/5.6@53991


git-svn-id: http://core.svn.wordpress.org/branches/5.6@53550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 17:29:11 +00:00
Sergey Biryukov d050700d62 Grouped backports to the 5.6 branch.
- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.
- Build/Test Tools: Allow the PHPCS plugin in Composer configuration.

Merges [52412,53958-53960] to the 5.6 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/5.6@53967


git-svn-id: http://core.svn.wordpress.org/branches/5.6@53526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-30 15:33:59 +00:00
davidbaumwald 749261dc05 WordPress 5.6.8.
Built from https://develop.svn.wordpress.org/branches/5.6@52870


git-svn-id: http://core.svn.wordpress.org/branches/5.6@52459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 21:54:10 +00:00
desrosj cac131923e WordPress 5.6.7.
Built from https://develop.svn.wordpress.org/branches/5.6@52489


git-svn-id: http://core.svn.wordpress.org/branches/5.6@52081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 18:48:01 +00:00
desrosj bbc7ab2628 Grouped backports to the 5.6 branch.
- Query: Improve sanitization within `WP_Tax_Query`.
- Query: Improve sanitization within `WP_Meta_Query`.
- Upgrade/Install: Avoid using `unserialize()` unnecessarily.
- Formatting: Correctly encode ASCII characters in post slugs.

Merges [52454-52457] to the 5.6 branch.
Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/branches/5.6@52467


git-svn-id: http://core.svn.wordpress.org/branches/5.6@52059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 17:58:00 +00:00
desrosj c587415c86 WordPress 5.6.6.
Built from https://develop.svn.wordpress.org/branches/5.6@52115


git-svn-id: http://core.svn.wordpress.org/branches/5.6@51707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-10 17:07:58 +00:00
desrosj 48a23d35e3 Grouped merges for 5.6.5.
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.

Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.6 branch.
Built from https://develop.svn.wordpress.org/branches/5.6@51751


git-svn-id: http://core.svn.wordpress.org/branches/5.6@51359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:13:23 +00:00
Peter Wilson 0bd759511d WordPress 5.6.4.
Built from https://develop.svn.wordpress.org/branches/5.6@50870


git-svn-id: http://core.svn.wordpress.org/branches/5.6@50479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:12:56 +00:00
desrosj c9370870af Grouped merges for 5.6.3.
* REST API: Allow authors to read their own password protected posts.
* About page update.

Merges [50717] to the 5.6 branch.

Built from https://develop.svn.wordpress.org/branches/5.6@50726


git-svn-id: http://core.svn.wordpress.org/branches/5.6@50335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:08:03 +00:00
desrosj e34fbe755d Build/Test Tools: Backport GitHub Action and build improvements to the 5.6 branch.
This backports several build and test tool improvements to the 5.6 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- The ability to run PHPUnit tests from `src` instead of `build` [50441-50443].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50267,50299,50379,50387,50413,50416,50432,50435-50436,50441-50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50592,50598] to the 5.6 branch.
See #50401, #51734, #51801, #51802, #52548, #52608, #52612, #52623, #52624, #52625, #52645, #52653, #52658, #52660, #52667, #52786.
Built from https://develop.svn.wordpress.org/branches/5.6@50602


git-svn-id: http://core.svn.wordpress.org/branches/5.6@50215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-26 17:23:20 +00:00
Sergey Biryukov a69e8f07e8 Help/About: Update the About page for 5.6.2.
Props audrasjb, desrosj, mukesh27.
Reviewed by desrosj, SergeyBiryukov.
Fixes #52557.
Built from https://develop.svn.wordpress.org/branches/5.6@50402


git-svn-id: http://core.svn.wordpress.org/branches/5.6@50013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-22 14:15:01 +00:00
Sergey Biryukov 6ae20f561e Filesystem API: Make sure to only call `fread()` on non-empty files in the PclZip library.
This avoids a fatal error on PHP 8 caused by passing a zero value to `fread()` as the `$length` argument, which must be greater than zero.

Props yakimun, fierevere, jrf, DavidAnderson, SergeyBiryukov.
Merges [50355] to the 5.6 branch.
Fixes #52018.
Built from https://develop.svn.wordpress.org/branches/5.6@50356


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-16 18:48:01 +00:00
desrosj 8cfd634243 Build/Test Tools: Replace node-sass with Dart Sass
Switch the Sass implementation used by Grunt to sass (the Dart version), since LibSass & node-sass have been deprecated.

Additionally, this updates the `uglify-js` dependency.

Merges [50126] and [50176] to the 5.6 branch.
See #51763, #51801.
Built from https://develop.svn.wordpress.org/branches/5.6@50184


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 02:23:18 +00:00
whyisjake d140645c95 Help/About: About page changes for 5.6.1.
Props ryelle, audrasjb.

Fixes #52346.

Built from https://develop.svn.wordpress.org/branches/5.6@50177


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 17:20:03 +00:00
whyisjake 3563d72455 Site Health: Update the language around how PHP should be updated.
Follow-up to [50042].

This is a backport of [50058] to the 5.6 branch.

Props SergeyBiryukov.

See #52327.

Built from https://develop.svn.wordpress.org/branches/5.6@50059


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 17:24:59 +00:00
Sergey Biryukov 746b34ecd5 Privacy: Add newlines to the `index.php` file in `wp-personal-data-exports` directory, for consistency with other similar files.
Follow-up to [50037].

Merges [50055] to the 5.6 branch.
See #52299.
Built from https://develop.svn.wordpress.org/branches/5.6@50056


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 13:00:59 +00:00
Sergey Biryukov 5ede137834 Coding Standards: Simplify a long condition in `WP_Site_Health_Auto_Updates::test_wp_version_check_attached()` for better readability.
Follow-up to [50035].

Merges [50049] to the 5.6 branch.
See #52135.
Built from https://develop.svn.wordpress.org/branches/5.6@50050


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 10:38:00 +00:00
whyisjake 8cf894710b App Passwords: Extract Basic Auth check into a reusable filterable function.
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.

This commit extracts the Basic Auth check into a reusable function, wp_is_site_protected_by_basic_auth(), which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.

In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a WWW-Authenticate header to make this detection more robust out of the box.

This brings the changes from [50006] to the 5.6 branch.

Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.

Fixes #52066.

Built from https://develop.svn.wordpress.org/branches/5.6@50044


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 00:28:58 +00:00
whyisjake 955c7aaf24 Site Health: Update php update strings to not overpromise performance.
This commit brings the changes from [40041] to the 5.6 branch.

Fixes #52327.

Props chanthaboune, SergeyBiryukov, audrasjb, Clorith, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.6@50042


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 00:18:56 +00:00
whyisjake afeec1960d Privacy: Ensure that exported user data reports can't be found with directory listings.
By moving from .html to .php files, we can prevent directory listings, and ensure that WordPress can load.

This brings the changes from [50037] to the 5.6 branch.

Fixes #52299.

Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.6@50038


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 23:48:58 +00:00
whyisjake 1073030b2e Site Health: Only run the version checks on the main site.
The version checks that are setup in wp-includes/update.php do set up the action, but only for the main site.

This brings the changes in [50035] to the 5.6 branch.

Fixes #52135.

Props audrasjb, SergeyBiryukov, maxpertici, aaribaud.

Built from https://develop.svn.wordpress.org/branches/5.6@50036


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 23:31:59 +00:00
whyisjake c02d41fd63 Editor: Fix improper triggering of the "Are you sure" prompt when navigating away from the old, "classic" Edit Post screen and there are no changes. Was triggered when there is an instance of TinyMCE in the Excerpt postbox.
This brings the changes from [49807] to the 5.6 branch.

Props rodrigosprimo, jonathanstegall, kevin940726, azaozz, metalandcoffee, ifnoob.

Fixes #52038.


Built from https://develop.svn.wordpress.org/branches/5.6@50031


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 19:52:00 +00:00
desrosj 1c26077cf1 Build/Test Tools: Update several dependencies in the 5.6 branch.
This backports several dependency updates to the 5.6 branch as a part of #52341 to allow all branches receiving security updates to run on NodeJS 14.x.

Backports [49933,49937,49939,49940,49983,49989,49990,50016,50017] to the 5.6 branch.
See #51801, #52341.
Built from https://develop.svn.wordpress.org/branches/5.6@50023


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-26 15:18:33 +00:00
Sergey Biryukov 06cd27f2e8 App Passwords: Use correct translation function for a heading on Authorize Application screen.
Props akramipro.
Merges [50003] to the 5.6 branch.
Fixes #52351.
Built from https://develop.svn.wordpress.org/branches/5.6@50004


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-23 13:14:56 +00:00
Sergey Biryukov abd4de1400 App Passwords: Ensure the Add New button isn't hidden on mobile.
Also removes an unnecessary `!important` rule introduced in [49772] when fixing a similar issue.

Props vladytimy, mukesh27.
Merges [49921] to the 5.6 branch.
Fixes #51980.
Built from https://develop.svn.wordpress.org/branches/5.6@49999


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 12:38:54 +00:00
Sergey Biryukov 9076f6bf5b App Passwords: Correct authorize app action names and signatures.
When App Passwords was introduced, the `wp_authorize_application_password_form` and `wp_application_passwords_approve_app_request_success` hooks were mistakenly duplicated and incorrectly documented. This commit corrects the hook names and ensures the correct parameters are passed.

Props johnbillion, engahmeds3ed.
Merges [49920] to the 5.6 branch.
Fixes #52013.
Built from https://develop.svn.wordpress.org/branches/5.6@49998


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 12:35:55 +00:00
Sergey Biryukov 62b2f7dd50 Site Health: Use a front-end URL for loopback tests.
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.

This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.

Props Clorith.
Merges [49917] to the 5.6 branch.
Fixes #52097.
See #48105.
Built from https://develop.svn.wordpress.org/branches/5.6@49997


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 12:32:54 +00:00
Sergey Biryukov afc1e56b2a Media: Use consistent method for instantiating an attachment author object in Media Library.
Previously, attachments without an author could cause a PHP fatal error due to calling the `::exists()` method on a `false` value.

Follow-up to [49207].

Props antpb, carloscastilloadhoc, hellofromTonya, garrett-eclipse.
Merges [49979] to the 5.6 branch.
Fixes #52030.
Built from https://develop.svn.wordpress.org/branches/5.6@49995


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 12:21:58 +00:00
Helen Hou-Sandí e0b55f4a75 Update `$_old_files` for 5.6.
See #39943.
Merges [49774] to the 5.6 branch.

Built from https://develop.svn.wordpress.org/branches/5.6@49775


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-08 21:52:05 +00:00
Helen Hou-Sandí 8c11a1e249 App Passwords: Ensure redirection description is shown on mobile devices.
Props TimothyBlynJacobs.
Fixes #51970.
Merges [49772] to the 5.6 branch.

Built from https://develop.svn.wordpress.org/branches/5.6@49773


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-08 20:31:04 +00:00
ryelle 2ee84b90e6 Help/About: Use CDN URLs for About page images.
Reviewed by ryelle, SergeyBiryukov.
Merges [49770] to the 5.6 branch.
Fixes #51415.


Built from https://develop.svn.wordpress.org/branches/5.6@49771


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-08 18:39:05 +00:00
Helen Hou-Sandí 35bf493381 App Passwords: Store the "in use" option in the main network options.
Whether App Passwords are being used is a global featurel, not a per-network feature. This fixes issues on Multi Network installs if App Passwords are used on a different network from where they were created.

Props spacedmonkey.
Fixes #51939.
See [49752].
Merges [49764] to the 5.6 branch.

Built from https://develop.svn.wordpress.org/branches/5.6@49765


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-07 20:01:06 +00:00
Helen Hou-Sandí 1fc7b75913 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Reviewed by TimothyBlynJacobs, helen.
Merges [49752] to the 5.6 branch.
Fixes #51939.

Built from https://develop.svn.wordpress.org/branches/5.6@49754


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:48:03 +00:00
Sergey Biryukov 9420b66fd0 App Passwords: Ensure the Created At and Last Used dates are properly translated.
The `date_i18n` function is now used when formatting the dates in PHP instead of `gmdate` which doesn't handle localization properly.

Additionally, we now use a translation to get the date format to use instead of pulling from the `date_format` option which is only supposed to affect the front-end.

Lastly, when passing the date format to the Backbone JS template, we now use `wp_json_encode()` to format the value for JavaScript. This ensures that backslashes are properly preserved which are used by some locales to escape date formatting control characters.

Props pedromendonca, TimothyBlynJacobs, ocean90, hellofromtonya, SergeyBiryukov, antpb.
Reviewed by TimothyBlynJacobs, SergeyBiryukov.
Merges [49746] to the 5.6 branch.
Fixes #51918.
See [35811].
Built from https://develop.svn.wordpress.org/branches/5.6@49747


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-03 21:09:01 +00:00
iandunn e0449d4a8e Multisite: Cache absolute `dirsize` paths to avoid PHP 8 fatal.
r49212 greatly improved the performance of `get_dirsize()`, but also changed the structure of the data stored in the `dirsize_cache` transient. It stored relative paths instead of absolute ones, and also removed the unnecessary `size` array.

That difference in data structures led to a fatal error in the following environment:

* PHP 8
* Multisite
* A custom `WP_CONTENT_DIR` which is not a child of WP's `ABSPATH` folder (e.g., [https://roots.io/bedrock/ Bedrock])
* The `upload_space_check_disabled` option set to `0`

After upgrading to WP 5.6, the `dirsize_cache` transient still had data in the old format. When `wp-admin.php/index.php` was visited, `get_space_used()` received an `array` instead of an `int`, and tried to divide it by another `int`. PHP 7 would silently cast the arguments to match data types, but [https://wiki.php.net/rfc/arithmetic_operator_type_checks PHP 8 throws a fatal error]: 

`Uncaught TypeError: Unsupported operand types: array / int`

`recurse_dirsize()` was using `ABSPATH` to convert the absolute paths to relative ones, but some upload locations are not located under `ABSPATH`. In those cases, `$directory` and `$cache_path` were identical, and that triggered the early return of the old `array`, instead of the expected `int`. 

In order to avoid that, this commit restores the absolute paths, but without the `size` array. It also adds a type check when returning cached values. Using absolute paths without `size` has the result of overwriting the old data, so that it matches the new format. The type check and upgrade routine are additional safety measures.

Props peterwilsoncc, janthiel, helen, hellofromtonya, francina, pbiron.
Reviewed by SergeyBiryukov, iandunn.
Merges [49744] to the 5.6 branch.
Fixes #51913. See #19879.


Built from https://develop.svn.wordpress.org/branches/5.6@49745


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-03 20:45:04 +00:00
Sergey Biryukov 632bed2793 Upgrade/Install: Check `$wp_version` global for displaying "You are using a development version" message in the admin footer.
This brings some consistency with the same check in `core_upgrade_preamble()` and avoids a PHP warning if `$cur->version` is not set.

Additionally, remove the check for `$cur->url` property, unused since [8595].

Follow-up to [49708], [49709].

Props pbiron, afragen, audrasjb.
Reviewed by azaozz, SergeyBiryukov.
Merges [49736] to the 5.6 branch.
Fixes #51892.
Built from https://develop.svn.wordpress.org/branches/5.6@49743


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-03 20:23:01 +00:00
John Blackbourn 670319d84d REST API: Pass the previous state of the post as a parameter to the `wp_after_insert_post` hook.
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.

This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.

This merges [45114] into the 5.6 branch

See #45114

Built from https://develop.svn.wordpress.org/branches/5.6@49732


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-01 20:57:05 +00:00
Sergey Biryukov 1857a746a5 Help/About: Move trailing punctuation in the jQuery Migrate Helper plugin link outside of the HTML tag.
Props psmits1567, audrasjb, tobifjellner, fierevere, markscottrobson.
Reviewed by desrosj, SergeyBiryukov.
Merges [49685] to the 5.6 branch.
Fixes #51813.
Built from https://develop.svn.wordpress.org/branches/5.6@49729


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-01 19:35:07 +00:00
Sergey Biryukov d65c9e08eb Administration: Make sure row actions for recent comments in Activity dashboard widget stay visible when a single row gets focus.
Follow-up to [49142].

Props sabernhardt, kebbet, hareesh-pillai, pbiron.
Reviewed by ryelle, SergeyBiryukov.
Merges [49725] to the 5.6 branch.
Fixes #51886. See #51516, #49715.
Built from https://develop.svn.wordpress.org/branches/5.6@49727


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-01 19:21:06 +00:00
Sergey Biryukov 4541784a4f Site Health, App Passwords: Ensure REST API responses are properly translated.
The REST API requests in Site Health and App Passwords now include `_locale=user` in the request URL to ensure the user's locale is used instead of the site locale. Additionally, the `apiRequest` library now sends a JSON `Accept` header which is required by `determine_locale()` to respect the `_locale` query parameter.

The Site Health REST API controllers now manually load the default admin textdomain if not `is_admin()`. This allows for the Site Health tests to be translated even though the translations are part of the administration project and the REST API is not.

Props oglekler, kebbet, Clorith, TimothyBlynJacobs, ocean90, SergeyBiryukov, adamsilverstein.
Reviewed by TimothyBlynJacobs, SergeyBiryukov.
Merges [49716] to the 5.6 branch.
Fixes #51871.
Built from https://develop.svn.wordpress.org/branches/5.6@49724


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-01 18:07:08 +00:00