[58069] introduced calling `sanitize_text_field()` with `$_REQUEST['autofocus']` (which is an array) and setting its default to a `string`. This fix restores the `array` data type for `autofocus`.
The fix also relocates the unsplash for `url`, `return`, and `autofocus` before sanitizing.
Follow-up to [58069], [34269], [29026], [21028].
Props jamesros161, swissspidy, dlh, audrasjb, hellofromTonya, ironprogrammer.
Fixes#61561.
Built from https://develop.svn.wordpress.org/trunk@58804
git-svn-id: http://core.svn.wordpress.org/trunk@58200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.
This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input.
Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes#38073.
Built from https://develop.svn.wordpress.org/trunk@58069
git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds an information notice to the customizer when a block theme is active and the customizer is also available (for example when a plugin activates it), to encourage people to use the Site Editor for the best full site customization experience.
Props ironprogrammer, antonvlasenko, Clorith, audrasjb, psmits1567, tobifjellner, costdev, webcommsat.
Fixes#54939.
Built from https://develop.svn.wordpress.org/trunk@53024
git-svn-id: http://core.svn.wordpress.org/trunk@52613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change intends to better guide users towards many of the useful resources available on WordPress.org.
* Appearance/Customizer - Add link to Customizer docs.
* Appearance/Editor - Improve link text & destination.
* Privacy Settings - Link to Privacy Settings docs.
* Site Health - Link to Site Health docs.
Props audrasjb, jdy68, webcommsat.
Fixes#54357.
Built from https://develop.svn.wordpress.org/trunk@52053
git-svn-id: http://core.svn.wordpress.org/trunk@51645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These checks were added in [51193] and [51197] as a temporary measure to prevent a site owner from activating a Full Site Editing theme when Gutenberg plugin was not active.
Because Core only had partial support for the features required for FSE, the front end of the site would display a white screen or error message to visitors. Unless the site owner visited the front end, there would be no indication that there was a problem.
Since 5.9 will include the remaining features required for FSE, these checks can be removed.
Props poena, jffng.
Fixes#54366. See #534190.
Built from https://develop.svn.wordpress.org/trunk@52044
git-svn-id: http://core.svn.wordpress.org/trunk@51636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Appends the wp-embed-responsive class to the body if the widgets block editor is
enabled. This fixes a bug preventing embeds (e.g. YouTube embeds) appearing in
the widgets block editor.
Fixes#53609.
Props walbo, kevin940726.
Built from https://develop.svn.wordpress.org/trunk@51716
git-svn-id: http://core.svn.wordpress.org/trunk@51322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Account for sites enabling Gutenberg as an mu-plugin when determining whether full-site-editing themes can be enabled. This replaces the check the plugin is active with a check whether the function `gutenberg_is_fse_theme()` is defined.
Follow up to [51193].
Props noisysocks, peterwilsoncc, SergeyBiryukov.
See #53410.
Built from https://develop.svn.wordpress.org/trunk@51197
git-svn-id: http://core.svn.wordpress.org/trunk@50806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a theme that uses the Full Site Editing feature is activated and the Gutenberg plugin is not present, the site will currently show a text notice on the front end. The user is not made aware of this unless they visit the front end of their site.
This adds a check that will prevent a theme from being activated when the `full-site-editing` tag is present in the theme’s `style.css` header and the Gutenberg plugin is not active to prevent this scenario.
These checks can be removed once Full Site Editing is completely merged into Core.
Props desrosj, marybaum, chanthaboune.
See #53410.
Built from https://develop.svn.wordpress.org/trunk@51193
git-svn-id: http://core.svn.wordpress.org/trunk@50802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are a few instances where two separate functions are used for both escaping and translating output. This change combines the two functions into the appropriate Core helper function.
Props dimadin, SergeyBiryukov.
Fixes#53153.
Built from https://develop.svn.wordpress.org/trunk@50931
git-svn-id: http://core.svn.wordpress.org/trunk@50540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In addition, add the `wp_admin_viewport_meta()` function, paired to the `admin_viewport_meta` filter to control attributes of the meta tag.
Fixes#47369.
Props BettyJJ, mukesh27, SergeyBiryukov, ajayghaghretiya1, msaggiorato, talldanwp, davidbaumwald, donmhico, audrasjb.
Built from https://develop.svn.wordpress.org/trunk@48412
git-svn-id: http://core.svn.wordpress.org/trunk@48181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.
Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes#38332.
Built from https://develop.svn.wordpress.org/trunk@42648
git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When just doing `wp_publish_post()` for the changeset from `customize.php`, any option-based settings will fail to get saved because `WP_Customize_Manager` would have already been loaded with `settings_previewed`, resulting in `update_option()` calls being short-circuited. So an admin-ajax request to `customize_save` is used to work around this.
Props westonruter, jeremyfelt, dlh for testing, LittleBigThing for testing.
Amends [41626].
See #28721, #39221.
Fixes#42457 for trunk.
Built from https://develop.svn.wordpress.org/trunk@42138
git-svn-id: http://core.svn.wordpress.org/trunk@41969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Customization locking is checked when changesets are saved and when heartbeat ticks.
* Lock is lifted immediately upon a user closing the Customizer.
* Heartbeat is introduced into Customizer.
* Changes made to user after it was locked by another user are stored as an autosave revision for restoration.
* Lock notification displays link to preview the other user's changes on the frontend.
* A user loading a locked Customizer changeset will be presented with an option to take over.
* Autosave revisions attached to a published changeset are converted into auto-drafts so that they will be presented to users for restoration.
* Focus constraining is improved in overlay notifications.
* Escape key is stopped from propagating in overlay notifications, and it dismisses dismissible overlay notifications.
* Introduces `changesetLocked` state which is used to disable the Save button and suppress the AYS dialog when leaving the Customizer.
* Fixes bug where users could be presented with each other's autosave revisions.
Props sayedwp, westonruter, melchoyce.
See #31436, #31897, #39896.
Fixes#42024.
Built from https://develop.svn.wordpress.org/trunk@41839
git-svn-id: http://core.svn.wordpress.org/trunk@41673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Unify the theme-browsing and theme-customization experiences by introducing a comprehensive theme browser and installer directly accessible in the customizer. Replaces the customizer theme switcher with a full-screen panel for discovering/browsing and installing themes available on WordPress.org. Themes can now be installed and previewed directly in the customizer without entering the wp-admin context. Also includes an extensible framework for browsing and installing themes from other sources.
Also includes CSS auto-prefixing added via `grunt precommit:css`.
For details, see: https://make.wordpress.org/core/2016/10/03/feature-proposal-a-new-experience-for-discovering-installing-and-previewing-themes-in-the-customizer/
Previously [38813] but reverted in [39140].
Fixes#37661, #34843, #38666.
Props celloexpressions, folletto, westonruter, karmatosed, melchoyce, afercia.
Built from https://develop.svn.wordpress.org/trunk@41648
git-svn-id: http://core.svn.wordpress.org/trunk@41482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Incorporates code from the Customize Snapshots and Customize Posts feature plugins.
* Adds a new Publish Settings section for managing the changeset status, scheduled date, and frontend preview link.
* Updates Publish button to reflect the status selected in the Publish Settings (including Save Draft and Schedule).
* Deactivates the Themes section when a non-publish status selected, and deactivates the Publish Settings section when previewing a theme switch.
* Introduces an `outer` section type (`wp.customize.OuterSection` in JS) for the Publish Settings section to use and for available widgets and available nav menu panels to use in the future. These sections can be expanded while other sections are expanded.
* Introduces `WP_Customize_Date_Time_Control` in PHP and `wp.customize.DateTimeControl` in JS for managing a date/time value.
* Keeps track of scheduled time and proactively publish from the client when the time arrives, as opposed to waiting for WP Cron.
* Auto-publishes a scheduled changeset when attempting to access one that missed its schedule.
* Starts a new changeset if attempting to save a changeset that was previously publish.
* Adds `force` arg to `requestChangesetUpdate()` to force an update request even when there are no pending changes.
* Adds utils methods for `getCurrentTimestamp` and `getRemainingTime`.
* Adds new state values for `selectedChangesetStatus`, `changesetDate`, `selectedChangesetDate`.
* Fixes logic for when to short-circuit check to close Customizer when there are unsaved changes.
* Adds getter methods for `autosaved` and `branching` parameters, with the latter applying the `customize_changeset_branching` filter.
* Call to `establish_loaded_changeset` on the fly when `changeset_uuid()` is called if no changeset UUID was specififed.
* De-duplicates logic for dismissing auto-draft changesets.
* Includes unit tests.
Builds on [41597].
Props sayedwp, westonruter, melchoyce, JoshuaWold, folletto, stubgo, karmatosed, dlh, paaljoachim, afercia, johnregan3, utkarshpatel, valendesigns.
See #30937.
Fixes#39896, #28721, #39275.
Built from https://develop.svn.wordpress.org/trunk@41626
git-svn-id: http://core.svn.wordpress.org/trunk@41461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Displays an error notification in the global area when a save attempt is rejected due to invalid settings. An error notification is also displayed when saving fails due to a network error or server error.
* Introduces `wp.customize.Notifications` subclass of `wp.customize.Values` to contain instances of `wp.customize.Notification` and manage their rendering into a container.
* Exposes the global notification area as `wp.customize.notifications` collection instance.
* Updates the `notifications` object on `Control` to use `Notifications` rather than `Values` and to re-use the rendering logic from the former. The old `Control#renderNotifications` method is deprecated.
* Allows notifications to be dismissed by instantiating them with a `dismissible` property.
* Allows `wp.customize.Notification` to be extended with custom templates and `render` functions.
* Triggers a `removed` event on `wp.customize.Values` instances _after_ a value has been removed from the collection.
Props delawski, westonruter, karmatosed, celloexpressions, Fab1en, melchoyce, Kelderic, afercia, adamsilverstein.
See #34893, #39896.
Fixes#35210, #31582, #37727, #37269.
Built from https://develop.svn.wordpress.org/trunk@41374
git-svn-id: http://core.svn.wordpress.org/trunk@41207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds translation context for "Hide Controls" strings so translators can supply shorter strings where space is constrained. Adds styles to fade-out long the "Hide Controls" label where it would run into the device preview buttons.
Props westonruter, ocean90.
Fixes#38762.
Built from https://develop.svn.wordpress.org/trunk@39214
git-svn-id: http://core.svn.wordpress.org/trunk@39154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a great goal for core, and is close, but it is not in shape to be shipped for 4.7 and there is not enough time left in the development cycle to alter and polish sufficiently. There are bugs, but more than that, there are more fundamental questions around the use of existing UI, general UX, and how findable themes are (not) on the .org side.
see #37661.
Built from https://develop.svn.wordpress.org/trunk@39140
git-svn-id: http://core.svn.wordpress.org/trunk@39080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Edit shortcuts show initially for a moment and then fade away so as to not get in the way of the preview.
* Visibility of edit shortcuts is toggled by clicking/touching anywhere inert in the document.
* Implements UI for mobile and touch devices which do not support shift-click.
* Adds `editShortcutVisibility` state.
* Adds new methods to `wp.customize.selectiveRefresh.Partial` for managing edit shortcuts.
Incorporates aspects of the Customize Direct Manipulation feature plugin.
Props sirbrillig, mattwiebe, celloexpressions, melchoyce, westonruter, afercia.
Fixes#27403.
Built from https://develop.svn.wordpress.org/trunk@38967
git-svn-id: http://core.svn.wordpress.org/trunk@38910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
Built from https://develop.svn.wordpress.org/trunk@38672
git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes contents for sections and panels from being logically nested (in the DOM) in order to eliminate many issues related to using `margin-top` hacks. The element containing the link to expand the content element for panels and sections is now a sibling element to its content element: the content is removed from being nested at initialization. The content element is now available in a `contentContainer` property whereas the head element (containing the link to open the construct) is in a `headContainer` property. The existing `container` property is now a jQuery collection that contains both of these elements. Since the head element is no longer in an ancestor element to the `content` element, the `aria-owns` property is now used to maintain the relationship between the `headContainer` and the `contentContainer`. These changes are also accompanied by an improvement to the animation performance for the sliding panes.
Props delawski, celloexpressions.
Fixes#34391.
Fixes#34344.
Fixes#35947.
Built from https://develop.svn.wordpress.org/trunk@38648
git-svn-id: http://core.svn.wordpress.org/trunk@38591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- makes the mobile preview/customize toggle a button
- changes the "Close" link hidden text from 'Cancel' to 'Close the Customizer and go back to the previous page'
- adds a missing `type="button"` attribute
- removes unnecessary `keydown` events and `preventDefault()`: buttons don't need a keydown event and when they have a `type="button"` attribute there's no default action to prevent
Props Cheffheid, afercia.
Fixes#31487.
Built from https://develop.svn.wordpress.org/trunk@37230
git-svn-id: http://core.svn.wordpress.org/trunk@37196 1a063a9b-81f0-0310-95a4-ce76da25c4cd