- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.7 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.7@56886
git-svn-id: http://core.svn.wordpress.org/branches/5.7@56397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
Built from https://develop.svn.wordpress.org/trunk@50133
git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
Built from https://develop.svn.wordpress.org/trunk@49215
git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These days there are often 2 posts published close to each other, like a release announcement and a Month In WordPress post. When that happens, the earlier post is often pushed out of the widget before many people have had a chance to see it.
Ideally, the number of total items would remain at `4`, to reduce visual clutter. Implementing a conditional item would require a significant refactor, though. Increasing the total number of items to `5` is a practical compromise.
Props hlashbrooke, tellyworth.
Fixes#43441.
Built from https://develop.svn.wordpress.org/trunk@49114
git-svn-id: http://core.svn.wordpress.org/trunk@48876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove duplicate variables and DocBlocks.
* Add missing description for the `$mode` global.
* Use sentence case for "Compact view" and "Extended view" labels.
Follow-up to [48398], [48423].
Props afercia, Offereins, SergeyBiryukov.
See #49715.
Built from https://develop.svn.wordpress.org/trunk@48424
git-svn-id: http://core.svn.wordpress.org/trunk@48193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the link still makes sense when read out of context by assistive technologies.
Additionally, underline the link per the accessibility coding standards.
Props samful, afercia, williampatton, audrasjb.
Fixes#50338.
Built from https://develop.svn.wordpress.org/trunk@48146
git-svn-id: http://core.svn.wordpress.org/trunk@47915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- makes the "Search engines discouraged" message on the Dashboard more prominent
- adds "Search engine visibility" information under Site Health > Info > WordPress
- removes title case in favor of sentence case in all the related strings
Props audrasjb, swissspidy, emanuel_blagonic, Presskopp, karmatosed, valentinbora, melchoyce.
Fixes#35288.
Built from https://develop.svn.wordpress.org/trunk@47859
git-svn-id: http://core.svn.wordpress.org/trunk@47635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Repeated containers used for custom fields have duplicate ID attributes. Duplicate IDs are incorrect HTML, and will also cause unexpected results when trying to manipulate using JS. Duplicate IDs are changed to matching classes; CSS & JS updated to match.
Props jankimoradiya, audrasjb, donmhico, afercia.
Fixes#46964.
Built from https://develop.svn.wordpress.org/trunk@47222
git-svn-id: http://core.svn.wordpress.org/trunk@47022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The widget informs administrators of any potential issues that should be addressed to improve the performance or security of their website, and directs them to the Site Health screen for more details.
Props Clorith, hedgefield, guddu1315.
See #47606.
Built from https://develop.svn.wordpress.org/trunk@47063
git-svn-id: http://core.svn.wordpress.org/trunk@46863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd