Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.
Props ajoah, johnbillion, peterwilsoncc
Fixes#38293
Built from https://develop.svn.wordpress.org/trunk@39062
git-svn-id: http://core.svn.wordpress.org/trunk@39004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [38625], any media searches that already included JOINs,
e.g., `tax_queries`, would get trampled when we joined the post meta
table to search for filenames. This preserves existing JOINs and
also only applies the `_filter_query_attachment_filenames()` filter
when a search query is being performed.
Props flixos90, joemcgill.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38733
git-svn-id: http://core.svn.wordpress.org/trunk@38676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This applies a new private function, `_filter_query_attachment_filenames()`,
to the `post_clauses` filter hook during `wp_ajax_query_attachments()` and
`wp_edit_attachments_query_vars()` to include `_wp_attached_file` post meta
in search queries performed from the media library or in a `WP_Media_List_Table`.
Props wonderboymusic, DrewAPicture, joemcgill, swissspidy.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38625
git-svn-id: http://core.svn.wordpress.org/trunk@38568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, changing the post thumbnail of a published post in the edit screen
would immediately apply the change, rather than waiting for the post to be
saved before applying the update. This could lead to someone unintentionally
editing the post thumbnail on a published post, and made it impossible to
preview changes to post thumbnails on published posts before saving the change.
This introduces a new Ajax handler, `wp_ajax_get_post_thumbnail_html()` to
retrieve the HTML for the post thumbnail meta box without updating the post
meta value for `_thumbnail_id`. It also allows post thumbnail changes to be
previewed by passing the `_thumbnail_id` as a query variable to the preview
screen and adding a new filter, `_wp_preview_post_thumbnail_filter()`, which
gets applied to `get_post_metadata` during the post preview process.
Props flixos90.
Fixes#12922.
Built from https://develop.svn.wordpress.org/trunk@38118
git-svn-id: http://core.svn.wordpress.org/trunk@38059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.
See #35557
Built from https://develop.svn.wordpress.org/trunk@36930
git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Move the array processing to a new function, `_wp_post_revision_data()`.
* Make both functions accept a post array or a `WP_Post` object.
* Always apply the `_wp_post_revision_fields` filter and pass the post data to it.
Fixes#13382.
Built from https://develop.svn.wordpress.org/trunk@36659
git-svn-id: http://core.svn.wordpress.org/trunk@36626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The title attribute is now replaced with plain text in a `howto` paragraph, as done for example in the Tags postbox.
Adds an `aria-describedby` attribute on the thumbnail link to target the description.
Also, fixes the focus style on the featured image thumbnail.
Fixes#35076.
Built from https://develop.svn.wordpress.org/trunk@36000
git-svn-id: http://core.svn.wordpress.org/trunk@35965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add 2 methods to `WP_List_Table`, `->get_orderby()` and `->get_order()`. Override the methods in `WP_Posts_List_Table`.
`WP_Posts_List_Table` calls `wp_edit_posts_query()` in `->prepare_items()` which is a wrapper for `wp()`. As such, we can obtain `orderby` and `order` via `get_query_var()`, instead of the URL.
Fixes#25493.
Built from https://develop.svn.wordpress.org/trunk@34728
git-svn-id: http://core.svn.wordpress.org/trunk@34692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, unattached attachments would have unsightly `/?attachment_id=1` URLs. As we've moved away from attachments being specifically attached to posts, instead being Media items, this has made the unattached URLs a more common occurrence.
We can breath easy once more, knowing that the world is a little bit safer from the horror of unnecessarily ugly URLs.
Props SergeyBiryukov, wonderboymusic, pento.
Fixes#1914.
Built from https://develop.svn.wordpress.org/trunk@34690
git-svn-id: http://core.svn.wordpress.org/trunk@34654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there were two persistent "View Post" links on an edit screen: next to the permalink and in the toolbar. This would then become three links after a post was published or updated, as a link is also included in the admin notice. This is a lot of redundancy and visual noise for a flow that is not your primary action upon starting to edit a post. The "View Post" link next to the sample permalink was particularly bad because it is styled like a button, but unlike a button, does not keep you on the current screen.
Because the permalink is now linked, there is no highlighted slug that you can click to edit, but rather just the "Edit" button.
props scribu, lessbloat, sabreuse, SergeyBiryukov, DrewAPicture, helen.
see #18306.
Built from https://develop.svn.wordpress.org/trunk@34670
git-svn-id: http://core.svn.wordpress.org/trunk@34634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In cases where a user has the `edit_others_posts` capability but not
`publish_posts`, it was possible for that user to unstick a post after editing,
since the input field was never made available in that context.
Props ericmann, chriscct7.
Fixes#24153.
Built from https://develop.svn.wordpress.org/trunk@33096
git-svn-id: http://core.svn.wordpress.org/trunk@33067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When editing a post, non-hierarchical taxonomy terms are sent as the
comma-separated list entered into the tax_input metabox. Passing these
values directly to `wp_update_post()` meant that they were interpreted as
term slugs rather than term names, causing mismatches when a typed string
matched the slug of one term and the name of a different term. We fix the
problem by preprocessing tax_input data sent from post.php, converting it to
unambiguous term_ids before saving.
Props boonebgorges, ArminBraun.
Fixes#30615.
Built from https://develop.svn.wordpress.org/trunk@31359
git-svn-id: http://core.svn.wordpress.org/trunk@31340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [31114], `get_permalink()` was modified to prevent pretty permalinks from
being generated for posts with the 'future' post status. This inadvertently
broke the pretty permalink preview for scheduled posts. The fix is to include
the 'future' status in the list of statuses that `get_sample_permalink()` fakes
as 'publish' before it fetches a permalink.
Props DrewAPicture.
Fixes#30910.
Built from https://develop.svn.wordpress.org/trunk@31323
git-svn-id: http://core.svn.wordpress.org/trunk@31304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes#30191.
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp_save_post_revision_post_has_changed` filter which can be used to determine if a post has been changed, and therefore if a revision should be created for a post.
* `wp_get_revision_ui_diff` filter which can be used to filter the fields displayed in the post revision diff UI.
* `wp_creating_autosave` action which is fired just before an autosave is created.
See #20564.
Props mattheu, adamsilverstein.
Built from https://develop.svn.wordpress.org/trunk@30091
git-svn-id: http://core.svn.wordpress.org/trunk@30091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes back compat for `views_upload` links. These look a little awkward, but do not appear to be commonly used. Also prevents the view mode links from being dropped on smaller screens so a user doesn't get "stuck" in the list view.
This is different from other list tables, but aligns well with other uploaded content management screens (themes, plugins).
props pento, helen.
fixes#28946.
Built from https://develop.svn.wordpress.org/trunk@29625
git-svn-id: http://core.svn.wordpress.org/trunk@29399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Make attachment metadata for audio files editable by providing a metabox on the Edit Media page
* Standardize on using the attachment title everywhere
* Label the Caption and Description fields for audio and video appropriately
* Make the playlist Underscore templates more straightforward
See #27574.
Built from https://develop.svn.wordpress.org/trunk@27862
git-svn-id: http://core.svn.wordpress.org/trunk@27693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes:
- Add connectNow() public method to trigger a connection immediately.
- Remove the "skipping" when no data to send.
- Change the default interval to 60 sec.
- Fix resetting the next connection time when changing the interval.
See #25073.
Built from https://develop.svn.wordpress.org/trunk@26169
git-svn-id: http://core.svn.wordpress.org/trunk@26078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- When a post is locked, ensure the 'Go back' button doesn't reload the same screen. If no referrer, change the button from 'Go back' to 'Go to All Posts'/'Go to All Pages' etc.
- Remove restriction on checking locks only for posts.
See #23697.
git-svn-id: http://core.svn.wordpress.org/trunk@24408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Change from IDs to classes for the notification-dialog divs so they can be reused.
- Do not check post locks if the dialog's html is not present.
- Do not check post locks if there is only one user on a single site install.
See #23697.
git-svn-id: http://core.svn.wordpress.org/trunk@24304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Show 'Saving revision...' while autosaving after a post has been taken over. Change to 'Your latest changes were saved as a revision.' when autosave completes.
- Make sure a user exists before using $user->display_name.
- Add 'post_lock_text' action for extending the message text.
git-svn-id: http://core.svn.wordpress.org/trunk@24042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Store the post format as meta on revisions (including autosaves).
- Add post formats data (post meta) when autosaving.
- Only add non-empty post formats data to revisions.
- Correct the post format when previewing a published post.
Props kovshenin, see #19570, see #20564.
git-svn-id: http://core.svn.wordpress.org/trunk@23928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Icons
* Selection
* Prompt text
* Special fields
* Styling
* Sparkles
This is going to need testing, polish, and love.
see #19570. props melchoyce, helen, wonderboymusic, lessbloat, rachelbaker, aaroncampbell, DrewAPicture, ryelle.
git-svn-id: http://core.svn.wordpress.org/trunk@23843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Adds a very basic tabbed interface for selecting a post format (requires JS).
* Extra fields, which are post meta, are shown/hidden based on the selected format.
* Introduce a helper function for retrieving formats-specific metadata: `get_post_format_meta()`.
* Image selection uses the media modal, although without filtering or from URL support at the moment.
props rachelbaker, wonderboymusic, aaroncampbell, helen. see #19570.
git-svn-id: http://core.svn.wordpress.org/trunk@23449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most users don't realize that the Featured Image meta box exists; if they do, few use it.
Restores the old meta box UI, including the admin_post_thumbnail_html filter. If a plugin is using _wp_post_thumbnail_html() in conjunction with Thickbox elsewhere, it will also magically still work.
Specific underlying changes:
* Converts the modal view to use the view manager, which means that a call to open() will automatically call render and attach if necessary.
* Doesn't automatically set a state in wp.media, to allow code to customize the states to be added before activation.
props koopersmith.
fixes#21776.
git-svn-id: http://core.svn.wordpress.org/trunk@22979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use the specific post_type's 'edit_post' cap
* Pass the ID of the post being edited.
Fixes#22417
git-svn-id: http://core.svn.wordpress.org/trunk@22769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This code, which could block autosaves when drafts had future timestamps,
dates to before autosaves were saved as revisions and is no longer necessary.
fixes#21858.
git-svn-id: http://core.svn.wordpress.org/trunk@21949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Attachments now go through post.php, edit_post(), the like, and have show_ui set to true.
* Taxonomies attached to the media library now appear in the admin menu (if show_ui).
* Editing, cropping, uploading, etc. is still very rough, but mostly functional.
API-wise:
* New function: get_taxonomies_for_attachments(). Like get_taxonomies(), for taxonomies specifically registered against attachments.
* Brings taxonomy support from the posts list table to the media list table. Expect them to converge soon.
* wp_insert_attachment() now handles taxonomies like wp_insert_post(). Also expect them to converge soon.
* New edit_form_after_title hook.
props helenyhou, ocean90. see #21391.
git-svn-id: http://core.svn.wordpress.org/trunk@21948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce a wp_checkdate() function with a single filter to centralise the code that validates dates.
* Improve the error message
* Correctly handle the return value of wp_insert_post which is not always a WP_Error on failure
Fixes#17180
git-svn-id: http://core.svn.wordpress.org/trunk@21922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously you could quite easily send a new post into the back of beyond by specifying an invalid date like the 30th Feb and this was very confusing.
Sometimes it would seem to work and sometimes the post would end up very far in the past - depending on the mysql version and other factors.
Fixes#17180 props jkudish.
git-svn-id: http://core.svn.wordpress.org/trunk@21921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the new buttons:
* Button classes are now stackable.
* All buttons should use a base class of "button".
* Buttons default to the gray style (formerly "button-secondary"). Buttons can add a style by adding additional classes. To make a primary button, add the "button-primary" class.
* Buttons can be rendered in various sizes. In addition to the default size, you can add "button-large", "button-small", or "button-tiny".
For backwards compatibility reasons, "button-primary" and "button-secondary" both work as standalone classes.
get_submit_button() has been adjusted to handle shorthand button classes (i.e. button classes can be passed without the "button-" prefix).
props lessbloat, helenyhou, trepmal, nacin. see #21598.
git-svn-id: http://core.svn.wordpress.org/trunk@21789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates the featured image when the publish/update button is clicked (rather than instantly). Uses the existing post_thumbnail_meta_box() function. Does not remove the old featured image meta box JS, ajax handler, or CSS.
see #21776, #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@21770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make the $post argument to get_post() optional, defaulting to the current post in The Loop.
Props nacin
see #21309
git-svn-id: http://core.svn.wordpress.org/trunk@21735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Return WP_Post from get_default_post_to_edit()
Replace all calls to get_page() with get_post()
see #21309
git-svn-id: http://core.svn.wordpress.org/trunk@21597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
format specifiers. Fixes setting the featured image on blogs containing spaces in the install path. Props rosshanney. fixes#20443
git-svn-id: http://svn.automattic.com/wordpress/trunk@20594 1a063a9b-81f0-0310-95a4-ce76da25c4cd