This function was originally introduced to fix an XSS attack in Netscape 4, which never affected any other browsers, or later versions of Netscape.
I'm willing to go out on a limb, and say that we've officially dropped security support for Netscape 4.
Props dmsnell, desrosj.
Fixes#33848.
Built from https://develop.svn.wordpress.org/trunk@38785
git-svn-id: http://core.svn.wordpress.org/trunk@38728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38776] introduced a call to `get_term()` using only the term ID. This
causes problems in cases where shared terms have not been split. Since
we have the taxonomy available, there's no harm in passing it along to
`get_term()`.
Props dd32.
See #37291.
Built from https://develop.svn.wordpress.org/trunk@38779
git-svn-id: http://core.svn.wordpress.org/trunk@38722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes#36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [37573], `get_object_term_cache()` has expected term IDs to be
stored in the taxonomy relationship cache. The function would then
reach directly into the 'terms' cache to fetch the data corresponding
to a given term, before returning a `WP_Term` object. This caused
problems when, for one reason or another, term data was cached
inconsistently:
* If the 'terms' cache is empty for a given term ID, despite the earlier call to `_prime_term_caches()`, `get_term()` would return an error object.
* If the array of cached term IDs contains an invalid ID, `get_term()` would return an error object.
We avoid these errors by no longer touching the 'terms' cache directly,
but running term IDs through `get_term()` and allowing that function to
reference the cache (and database, as needed). If `get_term()` returns
an error object for any of the cached term IDs, `get_object_term_cache()`
will return that error object alone. This change ensures that upstream
functions, like `get_the_terms()`, return `WP_Error` objects in a
predictable fashion.
Props dd32, michalzuber.
Fixes#37291.
Built from https://develop.svn.wordpress.org/trunk@38776
git-svn-id: http://core.svn.wordpress.org/trunk@38719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Menus screen, the links to move menu items behave like buttons: they
perform an action so they should be real buttons to be correctly reported to
assistive technologies. Since they're logically grouped controls, they should
also be wrapped in a `<fieldset>` element for better semantics and accessibility.
Props Cheffheid.
Fixes#35578.
Built from https://develop.svn.wordpress.org/trunk@38770
git-svn-id: http://core.svn.wordpress.org/trunk@38713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Although unlikely, clashes in randomly generated strings could cause unexpected failures. In addition, most randomness is entirely unnecessary, is bad practice, and increases test time (however small it may be).
See #37371
Built from https://develop.svn.wordpress.org/trunk@38762
git-svn-id: http://core.svn.wordpress.org/trunk@38705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The position of this template within the hierarchy is of so little use that zero themes in the WordPress.org theme directory make use of it. It's second only to `index.php` in the hierarchy, meaning that any archive template such as `category.php` or `archive.php` will be chosen before it.
Fixes#38162
Props ryankienstra for initial patch
Built from https://develop.svn.wordpress.org/trunk@38755
git-svn-id: http://core.svn.wordpress.org/trunk@38698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a plugin attempts to change the rewrite rules to early, other plugins may have their rules inadvertently discarded. Additionally, some function such as `url_to_post_id` cause a rewrite rule lookup that could cause this accidental flushing. This forces the flushing to only occur once `wp_loaded` has been fired.
Fixes#37892.
Props Chouby.
Built from https://develop.svn.wordpress.org/trunk@38751
git-svn-id: http://core.svn.wordpress.org/trunk@38694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes special handling for `edit-tags.php` which is no longer required because of `term.php`. Related: [34202] and [36308].
* Sets `$referer` to `$_SERVER['REQUEST_URI']` because `wp_get_referer()` returns false if `$_SERVER['REQUEST_URI'] === $_REQUEST['_wp_http_referer']`.
* Sets `paged` always to `$pagenum` which is the value of `$wp_list_table->get_pagenum();`. This avoids an additional redirect when you delete an item which was previously on the last page.
Fixes#38194.
Built from https://develop.svn.wordpress.org/trunk@38750
git-svn-id: http://core.svn.wordpress.org/trunk@38693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the global `$wp_taxonomies` to an array of `WP_Taxonomy ` objects. `WP_Taxonomy ` includes methods to handle rewrite rules and hooks.
Each taxonomy argument becomes a property of `WP_Taxonomy`. Introducing such a class makes further improvements in the future much more feasible.
Props boonebgorges for review.
Fixes#36224. See #36217.
Built from https://develop.svn.wordpress.org/trunk@38747
git-svn-id: http://core.svn.wordpress.org/trunk@38690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When editing a plugin file, show the correct plugin as being edited in the dropdown with the correct activation status.
Props aniketpant, dd32, DrewAPicture, jayarjo, MattyRob, mt8.biz, solarissmoke, swissspidy, WraithKenny.
Fixes#24122, #17552.
Built from https://develop.svn.wordpress.org/trunk@38745
git-svn-id: http://core.svn.wordpress.org/trunk@38688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Trashed posts cannot be accessed by site visitors and thus should not be visible on the front end. By marking menu items of trashed posts as invalid, they are excluded from the output.
Props solarissmoke, swissspidy.
Fixes#19038.
Built from https://develop.svn.wordpress.org/trunk@38744
git-svn-id: http://core.svn.wordpress.org/trunk@38687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use the value of the `comment_order` setting to determine the date_query key to pass to `WP_Comment_Query`.
Fixes a bug where sites that had comments ordered "newest" first would have the incorrect page number returned.
Props tyxla, boonebgorges.
Fixes#31101.
Built from https://develop.svn.wordpress.org/trunk@38740
git-svn-id: http://core.svn.wordpress.org/trunk@38683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Making behavior changes based on some broad definition of what mobile is rarely, if ever, makes sense. Each bit of functionality should be more clearly targeted, whether that's for screen size, performance, or some kind of touch capability.
props akibjorklund.
see #33704.
Built from https://develop.svn.wordpress.org/trunk@38739
git-svn-id: http://core.svn.wordpress.org/trunk@38682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`. This allows authenticated users that have changed their email address to bypass having their comment held for moderation.
Props voldemortensen, rachelbaker.
Fixes#28603.
Built from https://develop.svn.wordpress.org/trunk@38738
git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [38625], any media searches that already included JOINs,
e.g., `tax_queries`, would get trampled when we joined the post meta
table to search for filenames. This preserves existing JOINs and
also only applies the `_filter_query_attachment_filenames()` filter
when a search query is being performed.
Props flixos90, joemcgill.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38733
git-svn-id: http://core.svn.wordpress.org/trunk@38676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes#38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes#37992 allowing for connecting to SSL resources on ports other than 443.
Fixes#37991 by not sending default ports in the `Host:` header.
Fixes#37839 to match and decode Chunked responses correctly.
Fixes#38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.
Built from https://develop.svn.wordpress.org/trunk@38727
git-svn-id: http://core.svn.wordpress.org/trunk@38670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38694] revealed some URL formats were been parsed incorrectly, including those used by Google Fonts. This change simplifies the function to use placeholder values which cause PHP's parsing to behave consistently.
Props jrf, peterwilsoncc.
Fixes#36356.
Built from https://develop.svn.wordpress.org/trunk@38726
git-svn-id: http://core.svn.wordpress.org/trunk@38669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
New parameters are: `login`, `login__in`, `login__not_in`, `nicename`,
`nicename__in`, `nicename__not_in`.
`login__in` and `nicename__in` are also now valid values for the
'orderby' parameter.
Props ryanplas.
Fixes#36624.
Built from https://develop.svn.wordpress.org/trunk@38715
git-svn-id: http://core.svn.wordpress.org/trunk@38658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The addition of the `pre_do_shortcode_tag` in [38506] allows plugins to short-circuit the shortcode execution process, which is particularly helpful for caching expensive shortcodes.
The `do_shortcode_tag` is the corresponding part of that system - when a shortcode hasn't been executed previously, there needs to be a clean method of populating the cache.
Props flixos90.
Fixes#32790.
Built from https://develop.svn.wordpress.org/trunk@38713
git-svn-id: http://core.svn.wordpress.org/trunk@38656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a bug where the UI wasn't updated after deleting/updating a theme.
Also introduces unit tests for theme management ajax handlers. For now they're
focused on `wp_ajax_update_theme()` but they can include tests for other
handlers as well.
Props chrisjean for initial patch.
Fixes#37924.
Built from https://develop.svn.wordpress.org/trunk@38710
git-svn-id: http://core.svn.wordpress.org/trunk@38653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds a "search" icon into the search fields
- adds a hidden description for the widget search field, targeted by `aria-describedby`
- adds the "clear-results" button to the widgets search
- removes the `change` and `search` events bound on the widget search, for these "live searches" WordPress should standardize on `input` (+ `keyup` when needed)
- adds property and function to keep track and update the number of the widgets search results
- the widgets search results are now announced via `wp.a11y.speak()`
- adds a visible and audible message when there are no widgets search results
- moves some CSS to `customize-controls.css`
Props ryankienstra, melchoyce, afercia.
Fixes#36908.
Built from https://develop.svn.wordpress.org/trunk@38709
git-svn-id: http://core.svn.wordpress.org/trunk@38652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38634], this adjusts the behaviour to remove redundancy by not displaying the link if the latest posts are shown on the front page. In that scenario, the 'Visit Site' link already points to the latest posts.
Fixes#34113.
Built from https://develop.svn.wordpress.org/trunk@38708
git-svn-id: http://core.svn.wordpress.org/trunk@38651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.
The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.
Props ocean90, ipm-frommen, swissspidy.
Fixes#29783.
Built from https://develop.svn.wordpress.org/trunk@38705
git-svn-id: http://core.svn.wordpress.org/trunk@38648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces the singular `edit_term`, `delete_term`, and `assign_term` meta capabilities for terms, and switches the base capability name for tags from `manage_categories` to `manage_post_tags` and the corresponding `edit_post_tags`, `delete_post_tags`, and `assign_post_tags`.
All of these capabilities ultimately map to `manage_categories` so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The `map_meta_cap` filter and the `capabilities` argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.
Fixes#35614
Props johnjamesjacoby for feedback
Built from https://develop.svn.wordpress.org/trunk@38698
git-svn-id: http://core.svn.wordpress.org/trunk@38641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.
Props jnylen0.
Fixes#35590.
Built from https://develop.svn.wordpress.org/trunk@38689
git-svn-id: http://core.svn.wordpress.org/trunk@38632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Also includes a new prefixed value.
Changes:
6.5 “Einigkeit und Recht und Freiheit”
- Add defaults keyword to browsers requirements.
- Fix CSS Grid Layout support.
- Fix align-self cleaning.
6.4.1
- Fix node cloning after some PostCSS plugins.
6.4 “Hic et ubique terrarum”
- Add :any-link selector support.
- Add text-decoration-skip support.
- Add transition: duration property support.
- Fix -webkit- prefix for backface-visibility.
- Fix rad unit support in gradients (by 刘祺).
- Fix transition support in Opera 12.
- Removed Safari TP Grid prefixes support.
6.3.7
- Fix rare Cannot read property 'constructor' of null issue.
6.3.6
- Add Safari TP prefix support for Grid Layout.
6.3.5
- Fix duplicate prefixes for -ms-interpolation-mode.
6.3.4
- Show users coverage for selected browsers in info().
28.0
- Happy Birthday @nacin
See #38199
Built from https://develop.svn.wordpress.org/trunk@38688
git-svn-id: http://core.svn.wordpress.org/trunk@38631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we looped through all of the site IDs found via user meta and ran `get_blog_details()` for each site. Now, we can pass all of the site IDs at once to `get_sites()` and receive full `WP_Site` objects.
To avoid possible issues with return type, sites are still processed into a standard object that also has a `userblog_id` property attached. Nothing is changed for non-multisite configurations.
Props flixos90.
Fixes#37061.
Built from https://develop.svn.wordpress.org/trunk@38682
git-svn-id: http://core.svn.wordpress.org/trunk@38625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is possible to short circuit `get_site_by_path()` using the `pre_get_site_by_path` filter. When this happens and a standard site object is provided, we can make sure it is upgraded to a proper `WP_Site` object before passing it on.
Props flixos90.
Fixes#37053.
Built from https://develop.svn.wordpress.org/trunk@38681
git-svn-id: http://core.svn.wordpress.org/trunk@38624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_Term_Query` already supports querying terms by 'slug', 'name', and 'term_taxonomy_id'. Its additional arguments allow us to generate nearly the same SQL queries as before.
This change has one yuge benefit: the term queries are now cached.
Add tests to increase coverage of `get_term_by()`.
Props spacedmonkey, boonebgorges, johnjamesjacoby, pento, ocean90.
Fixes#21760.
Built from https://develop.svn.wordpress.org/trunk@38677
git-svn-id: http://core.svn.wordpress.org/trunk@38620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38294], `pathinfo()` was used with the `PATHINFO_BASENAME` constant to
get the basename of the file to be used as an attachment title, which depends
on PHP locale and can cause issues with UTF-8 characters. This uses
`wp_basename()` instead, which is a more i18n-friendly version of `basename()`.
Props SergeyBiryukov.
Fixes#37608, #37989.
Built from https://develop.svn.wordpress.org/trunk@38673
git-svn-id: http://core.svn.wordpress.org/trunk@38616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
Built from https://develop.svn.wordpress.org/trunk@38672
git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is possible to delegate pingback processing to a service function outside of WordPress itself. All other calls in default themes (and likely other themes) uses `bloginfo` which automatically adds the filter argument of "display". This adds consistency.
Props dshanske.
Fixes#34633.
Built from https://develop.svn.wordpress.org/trunk@38671
git-svn-id: http://core.svn.wordpress.org/trunk@38614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new 'object_ids' parameter for `WP_Term_Query` allows queries for
terms that "belong to" a given object. This change makes it possible
to use `WP_Term_Query` inside of `wp_get_object_terms()`, rather than
assembling a SQL query.
The refactor has a couple of benefits:
* Less redundancy.
* Better consistency in accepted arguments between the term query functions. See #31105.
* Less redundancy.
* Object term queries are now cached. The `get_object_term_cache()` cache remains, and will be a somewhat less fragile secondary cache in front of the query cache (which is subject to frequent invalidation).
* Less redundancy.
A small breaking change: Previously, if a non-hierarchical taxonomy had
terms that had a non-zero 'parent' (perhaps because of a direct SQL
query), `wp_get_object_terms()` would respect the 'parent' argument.
This is in contrast to `WP_Term_Query` and `get_terms()`, which have
always rejected 'parent' queries for non-hierarchical taxonomies. For
consistency, the behavior of `get_terms()` is being applied across the
board: passing 'parent' for a non-hierarchical taxonomy will result in
an empty result set (since the cached taxonomy hierarchy will be empty).
Props flixos90, boonebgorges.
See #37198.
Built from https://develop.svn.wordpress.org/trunk@38667
git-svn-id: http://core.svn.wordpress.org/trunk@38610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, if a network's domain started with `www.` in a subdomain configuration, a slug lookup with `get_id_from_blogname()` would not match an existing site. A similar lookup in a subdirectory configuration would work fine.
This strips `www.` from the network's domain in a subdomain configuration during the lookup and returns the site as expected.
Adds tests which would previously fail in a subdomain configuration, but now pass in both configurations.
Props igmoweb, flixos90.
Fixes#34450.
Built from https://develop.svn.wordpress.org/trunk@38658
git-svn-id: http://core.svn.wordpress.org/trunk@38601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp-admin/network/admin.php` is required by all of the individual network templates and begins with an `is_multisite()` check of its own. Because of this, we can remove the 26 other checks in the individual templates.
Props flixos90.
Fixes#37447.
Built from https://develop.svn.wordpress.org/trunk@38657
git-svn-id: http://core.svn.wordpress.org/trunk@38600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes contents for sections and panels from being logically nested (in the DOM) in order to eliminate many issues related to using `margin-top` hacks. The element containing the link to expand the content element for panels and sections is now a sibling element to its content element: the content is removed from being nested at initialization. The content element is now available in a `contentContainer` property whereas the head element (containing the link to open the construct) is in a `headContainer` property. The existing `container` property is now a jQuery collection that contains both of these elements. Since the head element is no longer in an ancestor element to the `content` element, the `aria-owns` property is now used to maintain the relationship between the `headContainer` and the `contentContainer`. These changes are also accompanied by an improvement to the animation performance for the sliding panes.
Props delawski, celloexpressions.
Fixes#34391.
Fixes#34344.
Fixes#35947.
Built from https://develop.svn.wordpress.org/trunk@38648
git-svn-id: http://core.svn.wordpress.org/trunk@38591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bulk action filtering was introduced in 3.1, but only to remove default bulk actions, not add new ones.
Bulk actions can now be registered for all admin list table dropdowns via the `bulk_actions-{get_current_screen()->id}` filter. Handling custom bulk actions can be performed in the corresponding and newly introduced `handle_bulk_actions-${get_current_screen()->id}` filter.
Props scribu, flixos90, Veraxus.
See #16031.
Built from https://develop.svn.wordpress.org/trunk@38647
git-svn-id: http://core.svn.wordpress.org/trunk@38590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In rare circumstances, for example buttons with icons and no visible text,
`user-select: none;` may trigger a bug that happens only when using Safari and
VoiceOver and doesn't allow focusable elements to receive focus correctly.
Worth reminding `user-select: none;` is a non-standard property and should be
used with care especially now that `::selection` is almost universally supported.
Fixes#37589.
Built from https://develop.svn.wordpress.org/trunk@38642
git-svn-id: http://core.svn.wordpress.org/trunk@38585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds "Apply Filters" and "Clear" at the end of the form
- changes the "Feature Filter", "Apply Filters", "Clear", and "Edit" links in `<button>` elements
- removes a leftover from [27963]
- clarifies one button text and adds an `aria-label` attribute
- adds a `wp.a11y.speak()` message when clicking on "Apply Filters" and no features are selected
Fixes#38086.
Built from https://develop.svn.wordpress.org/trunk@38640
git-svn-id: http://core.svn.wordpress.org/trunk@38583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`register_setting` can now be passed an array arguments to specify meta-data about the setting,
much like using the `register_meta` API. Of note, it will now accept a `show_in_rest` arg to
hint the inclusion of the setting in the REST API. `get_registered_settings()` is available
as a utility to get all registered settings.
Props rmccue, aaroncampbell.
Fixes#37885.
Built from https://develop.svn.wordpress.org/trunk@38635
git-svn-id: http://core.svn.wordpress.org/trunk@38578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `compact()` provided a non existent `$join` and could cause confusion for anyone attempting to extend `WP_Site_Query` with their own tables. This aligns with the current behavior in `WP_Network_Query`.
Props johnjamesjacoby.
Fixes#37922.
Built from https://develop.svn.wordpress.org/trunk@38631
git-svn-id: http://core.svn.wordpress.org/trunk@38574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This applies a new private function, `_filter_query_attachment_filenames()`,
to the `post_clauses` filter hook during `wp_ajax_query_attachments()` and
`wp_edit_attachments_query_vars()` to include `_wp_attached_file` post meta
in search queries performed from the media library or in a `WP_Media_List_Table`.
Props wonderboymusic, DrewAPicture, joemcgill, swissspidy.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38625
git-svn-id: http://core.svn.wordpress.org/trunk@38568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If there are no pages when the customizer is opened, the `static_front_page` section will be hidden. As soon as a page is created in the customizer session, the `static_front_page` section will be revealed. Previously the section would not be registered if there were no pages. Page stubs created via nav menus will appear in the `dropdown-pages` controls for `page_for_posts` and `page_on_front`, and such page stubs will thus cause the `static_front_page` section to appear. Plugins that facilitate page creation in the customizer by filtering `get_pages` will also cause the section to appear.
See #34923.
Fixes#38013.
Built from https://develop.svn.wordpress.org/trunk@38624
git-svn-id: http://core.svn.wordpress.org/trunk@38567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change means that after entering their site's settings upon installation, users are immediately logged in and redirected to the admin dashboard, instead of being presented with the 'Success!' screen and then being asked to log in. This reduces friction and reduces the number of steps for installation.
Fixes#34084
Built from https://develop.svn.wordpress.org/trunk@38619
git-svn-id: http://core.svn.wordpress.org/trunk@38562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `submitdelete` CSS class is used in various places across the admin for some
"red" action links. It is worth simplifying this rule for further improvements
related to color contrast.
- simplifies a non-standard styling for the "Remove/Cancel" links in the Menus screen
- underlines all the "Move to trash/Delete" red links in all the Publish meta boxes
- fixes CSS classes usage for all the Publish meta boxes primary buttons
- fixes broken layout for the old Link Manager publish meta box
Props karmatosed, hugobaeta, monikarao, afercia.
Fixes#37969, #37018. See #37448, #37138, #27314.
Built from https://develop.svn.wordpress.org/trunk@38616
git-svn-id: http://core.svn.wordpress.org/trunk@38559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Post Passwords are incredibly inflexible. One Password per site at a time and other limitations that can't really be changed without a backwards compatibility break. This adds the ability for sites to change the password behavior such as doing per post passwords or allowing multiple passwords to be set in a browser. The possibilities are YUGE.
Additionally, it allows for a behavior other than returning a html form when a password is needed. This is important for non website use cases (such as in a restful API).
Fixes#38056. See #16483.
Props rmccue.
Built from https://develop.svn.wordpress.org/trunk@38603
git-svn-id: http://core.svn.wordpress.org/trunk@38546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.
Props websupporter, rmccue.
Fixes#37560.
Built from https://develop.svn.wordpress.org/trunk@38601
git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38592] changed the behaviour of `wpautop()` , so it's nice to change `autop()` to match.
Interestingly, this change isn't necessary for the functionality to work - #4857 didn't affect content that had been run through `autop()` at some point, as `autop()` would add a single line break before block elements, then `wpautop()` would later add a second line break, making it work correctly.
Props nacin for finding out about [38592] on Twitter, and DMing me to remind me to review `autop()`.
See #4857.
Built from https://develop.svn.wordpress.org/trunk@38594
git-svn-id: http://core.svn.wordpress.org/trunk@38537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wpautop()` considers double line breaks to be the separator between block level HTML elements. By adding two line breaks before a block element, this allows us to process the text before a block element correctly.
Fixes#4857.
Built from https://develop.svn.wordpress.org/trunk@38592
git-svn-id: http://core.svn.wordpress.org/trunk@38535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Longer passwords and passphrases are much more common than when post passwords were introduced all those eons ago, so let's increase the length of the `post_password` field from 20 to 255 characters.
The password will continue to be stored in plaintext, as the ability for the post author to view the password is a commonly used feature.
Trivia: this was the last 3 digit Trac ticket to be closed.
Props skippy, nazgul, iandunn, adamsilverstein, pento.
Fixes#881.
Built from https://develop.svn.wordpress.org/trunk@38590
git-svn-id: http://core.svn.wordpress.org/trunk@38533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To allow `plugin.php` to be loaded before the rest of WordPress is loaded, it cannot rely on WordPress constants, such as `ABSPATH` and `WPINC`.
Instead, we can assume that `class-wp-hook.php` will be in the same directory as `plugin.php`, so `dirname( __FILE__ )` will give us the correct path to load from.
Props pento, dd32.
Fixes#37707.
Built from https://develop.svn.wordpress.org/trunk@38589
git-svn-id: http://core.svn.wordpress.org/trunk@38532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `tests_add_filter()` helper function directly manipulates the `$wp_filter` global, instead of using `add_filter()`. We can use `add_filter()` when it's available, and fall back to manipulating `$wp_filter` when it isn't, relying on the `$wp_filter` bootstrap code at the top of `plugin.php` to handle conversion.
Props boonebgorges, dd32 and pento: WordPress Thought Leadership Triumvirate.
Fixes#17817.
Built from https://develop.svn.wordpress.org/trunk@38582
git-svn-id: http://core.svn.wordpress.org/trunk@38525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, `DB_CHARSET` will be set to `utf8mb4`, even if the current setup doesn't support `utf8mb4`. After [38442], this can cause significant character set failures, causing the connection to fall back to `latin1`.
Instead of doing this, we now check that the connection supports `utf8mb4` before trying to use it, and fall back to `utf8` when we need to.
Fixes#37982 for trunk.
Built from https://develop.svn.wordpress.org/trunk@38580
git-svn-id: http://core.svn.wordpress.org/trunk@38523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The most useful function this introduces is `get_theme_file_uri()`, which returns the URL to the specified file in the child theme if it exists, and falls back to the URL to the specified file in the parent theme. This allows parent themes to reference files (including enqueuing CSS and JavaScript files) that can be overridden by the child theme simply by existing.
This change also introduces `get_theme_file_path()`, which is the file path equivalent of `get_theme_file_uri()`.
Finally, `get_parent_theme_file_uri()` and `get_parent_theme_file_path()` are also introduced, which allow a theme to specifically reference a file URL or file path in the parent theme. These can be used as replacements for `get_template_directory_uri()` and `get_template_directory()` respectively, for consistency.
Props johnbillion, georgestephanis, gma992.
Fixes#18302
Built from https://develop.svn.wordpress.org/trunk@38578
git-svn-id: http://core.svn.wordpress.org/trunk@38521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Filters and actions have been the basis of WordPress' plugin functionality since time immemorial, they've always been a reliable method for acting upon the current state of WordPress, and will continue to be so.
Over the years, however, edge cases have cropped up. Particularly when it comes to recursively executing hooks, or a hook adding and removing itself, the existing implementation struggled to keep up with more complex use cases.
And so, we introduce `WP_Hook`. By changing `$wp_filter` from an array of arrays, to an array of objects, we reduce the complexity of the hook handling code, as the processing code (see `::apply_filters()`) only needs to be aware of itself, rather than the state of all hooks. At the same time, we're able te handle more complex use cases, as the object can more easily keep track of its own state than an array ever could.
Props jbrinley for the original architecture and design of this patch.
Props SergeyBiryukov, cheeserolls, Denis-de-Bernardy, leewillis77, wonderboymusic, nacin, jorbin, DrewAPicture, ocean90, dougwollison, khag7, pento, noplanman and aaroncampbell for their testing, suggestions, contributions, patch maintenance, cajoling and patience as we got through this.
Fixes#17817.
Built from https://develop.svn.wordpress.org/trunk@38571
git-svn-id: http://core.svn.wordpress.org/trunk@38514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an `item_spacing` option to the arguments array for the functions `wp_nav_menu()`, `wp_list_pages()`, and `wp_page_menu()`. `item_spacing` is a boolean accepting either `preserve` or `discard`.
Previously, certain CSS choices could result in a site's layout changing if `wp_nav_menu()` fell back to the default `wp_list_pages()` due to differences in the whitespace within the HTML. The new argument ensures a function outputs consistant HTML while maintaining backward compatibility.
Fixes#35206.
Built from https://develop.svn.wordpress.org/trunk@38523
git-svn-id: http://core.svn.wordpress.org/trunk@38464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Customizer and Theme Installer open in full overlays that need to receive
focus. Also, keyboard navigation should be constrained within the overlays. Using
CSS `visibility` to hide all the content except the overlays, makes them the only
available and focusable content and allows browsers to handle focus natively.
See #29158.
Fixes#33228, #27705.
Built from https://develop.svn.wordpress.org/trunk@38520
git-svn-id: http://core.svn.wordpress.org/trunk@38461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, update the `$message` parameter description in the DocBlock for `wp_die()` to make it explicitly clear messages derived from a passed `WP_Error` object will only be evaluated if not performing an Ajax or XML-RPC request (as both default handlers completely ignore `WP_Error` object messages).
See #37770.
Built from https://develop.svn.wordpress.org/trunk@38518
git-svn-id: http://core.svn.wordpress.org/trunk@38459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_network()` was converted into a wrapper for `get_network()` in 4.6.0 and can now be deprecated.
This moves `wp_get_network()` to the bottom of `ms-load.php` as `ms-deprecated.php` is not available early enough.
Props PieWP, flixos90.
Fixes#37553.
Built from https://develop.svn.wordpress.org/trunk@38515
git-svn-id: http://core.svn.wordpress.org/trunk@38456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminates the server mutating the a `WP_Error`'s `$error_data` to merge-in a `$from_server` flag (since it may not be an array to begin with). Instead it defers to the client to add a `fromServer` param on any `Notification` instances created from server-sent errors.
* Ensures that notifications will be re-rendered if a notification's `message` changes but the `data` and `type` remain the same.
* Adds explicit support for the `Notification` class to have a `setting` property, ensuring that the property is set whereas previously it was dropped.
Fixes#37890.
Props westonruter, dlh.
Built from https://develop.svn.wordpress.org/trunk@38513
git-svn-id: http://core.svn.wordpress.org/trunk@38454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove the manual flag for HTTPS support and replace it with a simple check on the URL format.
* Ensure `testOembedTestsCoverAllProviders()` actually fails when a new provider is added without a corresponding test.
See #32360
Built from https://develop.svn.wordpress.org/trunk@38512
git-svn-id: http://core.svn.wordpress.org/trunk@38453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wpdb::get_table_from_query()` would not find the correct table name in the query `DELETE a FROM table a`, due to not recognising the table alias immediately after the `DELETE` as correct syntax.
Fixes#37660.
Built from https://develop.svn.wordpress.org/trunk@38507
git-svn-id: http://core.svn.wordpress.org/trunk@38448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Links within lines or blocks of text should always be underlined since they can't
rely on color alone to be distinguished from the surrounding text. Exceptions
can be handled on a case-by-case basis.
Props Presskopp for the initial patch.
Fixes#37527.
Built from https://develop.svn.wordpress.org/trunk@38503
git-svn-id: http://core.svn.wordpress.org/trunk@38444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The third parameter of `date_i18n` is a bool. Currently, it's a weak check, otherwise the call showing the universal time on the "General Settings" screen would be messed up. Use an actual bool so we call our own functions correctly.
Fixes#37634.
Props fronaldaraujo.
Built from https://develop.svn.wordpress.org/trunk@38502
git-svn-id: http://core.svn.wordpress.org/trunk@38443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38364], the inclusion of `class-wp-locale.php` was changed from a `require_once()` to a `require()`. This caused problems for anything that called `load_text_domain_early()` prior to the `require()` but didn't bail, as it was now being `require()`-ed a second time.
With the use of `require_once()`, it doesn't really matter where it's loaded, so it has been moved next to the related `l10n.php` load.
See #37827.
Built from https://develop.svn.wordpress.org/trunk@38496
git-svn-id: http://core.svn.wordpress.org/trunk@38437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a customizer construct (panel, section, control) is not added in PHP, the JS has interpreted this to mean that a given construct should be deactivated (because it is gone). This is problematic for dynamically-created constructs in JS, as it has meant that the construct would also have to be created in PHP to ensure the `active` callback is called, or else a hack would be required to add a `construct.active.validate = function() { return true };` to forcibly prevent the construct from getting deactivated.
These workarounds can be eliminated by treating constructs differently when they are created dynamically in JS (after page load) as opposed to being created statically in PHP (on the server). Namely, if a construct is dynamically-created then its absence in a preview refresh should not signal that the construct should be deactivated. Rather, a dynamic construct should only have its activation state toggled if it has a corresponding construct created in PHP when the preview refreshes to explicitly indicate its `active` state. Otherwise, the management of the `active` state for a construct created in JS should also be the responsibility of client-side code.
Props westonruter, sayedwp.
Fixes#37270.
Built from https://develop.svn.wordpress.org/trunk@38464
git-svn-id: http://core.svn.wordpress.org/trunk@38405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This private query var allows the hierarchical page query on the Pages listing screen to query for `wp_posts.ID, wp_posts.post_parent` instead of `wp_posts.*`. This introduces large memory and time savings when the site contains a large number of Pages. Combined with the processing time savings introduced in [31730] this makes the Pages listing screen considerably more performant.
Fixes#34982
Props rodrigosprimo
Built from https://develop.svn.wordpress.org/trunk@38451
git-svn-id: http://core.svn.wordpress.org/trunk@38392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The SQL query was built using the clauses compiled when querying for
top-level comments. But in cases where the top-level comment query
results are already in the cache, the SQL clauses are not built, and
so are unavailable for `fill_descendants()`. Instead, we call
`get_comments()`, using modified versions of the parameters passed
to the main `WP_Comment_Query` class.
Props Akeif, Rarst for testing.
Fixes#37696.
Built from https://develop.svn.wordpress.org/trunk@38446
git-svn-id: http://core.svn.wordpress.org/trunk@38387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37320] corrected some behaviour in how PHP and MySQL character sets are matched up. This was correct, but had the side effect of causing some incorrectly configured sites to start failing.
Prior to [37320], if `DB_CHARSET` was set to `utf8mb4`, but the PHP version didn't support `utf8mb4`, it would fall back to the default character set - usually `latin1`. After [37320], the `SET NAMES` query would force MySQL to treat the connection character set as `utf8mb4`, even if PHP wasn't able to understand it.
By checking if `mysqli_set_charset()` succeeded, we can simulate the old behaviour, while maintaining the fix in [37320].
Props danielkanchev fo helping to diagnose this issue.
Fixes#37689 for trunk.
Built from https://develop.svn.wordpress.org/trunk@38441
git-svn-id: http://core.svn.wordpress.org/trunk@38382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Running the taxonomy array through `array_unique()` is unnecessary
when the function returns objects, because the associative keys already
ensure uniqueness.
This also fixes a bug when running `get_attachment_taxonomies()` in
HHVM, which doesn't like casting objects to strings for the purposes
of `array_unique()`.
Props swissspidy.
See #37368.
Built from https://develop.svn.wordpress.org/trunk@38437
git-svn-id: http://core.svn.wordpress.org/trunk@38378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the ability to create stubs for the various post types to add to a given menu. This eliminates the need to leave the customizer to first create the post in the admin and then return to managing menus. Only the title of the newly-created post can be supplied; the post content will be blank and will need to be provided in the normal edit post screen outside the customizer, unless a plugin enables a post editing in the customizer experience. When a post is created and added to a nav menu in the customizer, the newly created post that is added to a menu is given the `auto-draft` status, and if the changes are not published, the `auto-draft` post will be automatically deleted within 7 days via `wp_delete_auto_drafts()`. However, if the customizer changes are saved, then these nav menu item `auto-draft` post stubs will be transitioned to `publish`.
Includes portions of code from the Customize Posts <https://github.com/xwp/wp-customize-posts> and Front-end Editor <https://github.com/iseulde/wp-front-end-editor> plugins.
For more information, see https://make.wordpress.org/core/2016/06/16/feature-proposal-content-authorship-in-menus-with-live-preview/
Props celloexpressions, westonruter, valendesigns, afercia, melchoyce, mapk, iseulde, mrahmadawais.
Fixes#34923.
Built from https://develop.svn.wordpress.org/trunk@38436
git-svn-id: http://core.svn.wordpress.org/trunk@38377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures `_wp_preview_post_thumbnail_filter()`
is only applied if the `$post_id` of the post meta being filtered is
equal to the post or page being previewed.
Props swisspidy, joemcgill.
Fixes#37697.
Built from https://develop.svn.wordpress.org/trunk@38433
git-svn-id: http://core.svn.wordpress.org/trunk@38374 1a063a9b-81f0-0310-95a4-ce76da25c4cd