- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.6 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.6@56882
git-svn-id: http://core.svn.wordpress.org/branches/5.6@56393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, attachments without an author could cause a PHP fatal error due to calling the `::exists()` method on a `false` value.
Follow-up to [49207].
Props antpb, carloscastilloadhoc, hellofromTonya, garrett-eclipse.
Merges [49979] to the 5.6 branch.
Fixes#52030.
Built from https://develop.svn.wordpress.org/branches/5.6@49995
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an error on PHP 8 caused by calling `wp_imagecreatetruecolor()` with inputs that aren't numeric, or are less than 0.
Props hellofromtonya, Boniu91, metalandcoffee, SergeyBiryukov.
Reviewed by SergeyBiryukov, iandunn.
Merges [49751] to the 5.6 branch.
Fixes#51937.
Built from https://develop.svn.wordpress.org/branches/5.6@49753
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 8, the GD extension uses `GdImage` objects instead of resources for its underlying data structures.
This updates the existing `is_resource()` calls for image resources in core to accomodate for `GdImage` instances as well.
Props ayeshrajans, jrf.
Fixes#50833.
Built from https://develop.svn.wordpress.org/trunk@48798
git-svn-id: http://core.svn.wordpress.org/trunk@48560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Introduce `wp_image_file_matches_image_meta()` utility function to check whether the image meta (retrieved by attachment ID) matches an image path or URI. A mismatch may happen in some cases, for example after the posts have been exported from one website and imported in another.
- Add unit tests for the new function.
- Improve `wp_image_src_get_dimensions()` a bit and use the new function to prevent these edge cases.
Fixes#50543.
Built from https://develop.svn.wordpress.org/trunk@48329
git-svn-id: http://core.svn.wordpress.org/trunk@48098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With this changeset, in addition to the already present `wp_lazy_loading_enabled` filter, developers can now opt out of lazy-loading template images via `wp_get_attachment_image()` by passing a `loading` attribute with boolean value `false`. This can be used e.g. by theme developers on images which are very likely to be in the initial viewport.
This changeset also improves related test coverage.
Props adamsilverstein, azaozz, joemcgill, johnbillion.
See #50425, #44427.
Built from https://develop.svn.wordpress.org/trunk@48272
git-svn-id: http://core.svn.wordpress.org/trunk@48041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following up on [48170], this changeset moves the new logic to add missing `img` dimension attributes into a separate function that is run first within `wp_filter_content_tags()`. It also adds a utility function `wp_image_src_get_dimensions()` with logic reused from `wp_image_add_srcset_and_sizes()`, and it ensures that `width` and `height` attributes only get added if both of the attributes are missing on the original `img` tag.
This changeset furthermore improves test coverage and separates tests for the different aspects of `img` tag modification.
Props azaozz.
Fixes#50367. See #44427.
Built from https://develop.svn.wordpress.org/trunk@48237
git-svn-id: http://core.svn.wordpress.org/trunk@48006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures that attachment images which are inserted without `width` and `height` attributes still receive them in the frontend, to reduce cumulative layout shift. Adding the dimensions happens as part of the logic for adding `srcset` and `sizes` attributes, which already assume the specific width and height of the respective image.
Images are now only lazy-loaded if they have `width` and `height` attributes present. While missing these attributes itself is what causes layout shifts, lazy-loading such images can make this problem more apparent to the user.
Props adamsilverstein, westonruter.
Fixes#50367. See #44427.
Built from https://develop.svn.wordpress.org/trunk@48170
git-svn-id: http://core.svn.wordpress.org/trunk@47939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The array returned by this function previously included a fourth element only when an intermediate image size was used. This change ensures a consistent structure in the returned array regardless of the function's internal behaviour.
Props wido, joemcgill, johnbillion
Fixes#46113
Built from https://develop.svn.wordpress.org/trunk@47748
git-svn-id: http://core.svn.wordpress.org/trunk@47524 1a063a9b-81f0-0310-95a4-ce76da25c4cd