Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes#28523.
Built from https://develop.svn.wordpress.org/trunk@37646
git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Avoids a PHP notice since `Language_Pack_Upgrader_Skin::before()` tries to access a non-existent update.
Also, change the `up_to_date` string to use the plural form because translations are only updated in bulk mode.
Fixes#36615.
Built from https://develop.svn.wordpress.org/trunk@37635
git-svn-id: http://core.svn.wordpress.org/trunk@37603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37623] used the wrong parameter name (count=true instead of fields=count).
For greater flexibility and forward compatibility with other potential changes
to the return value of `get_terms()`, we now do a looser check: any non-array
value is excluded from the filter.
Fixes#36992.
Built from https://develop.svn.wordpress.org/trunk@37634
git-svn-id: http://core.svn.wordpress.org/trunk@37602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Different tests are used for subdomain and subdirectory installs as domain and path are searched differently for each. Only trailing wildcard searches are tested because leading wildcards are not yet supported.
See #36675.
Built from https://develop.svn.wordpress.org/trunk@37633
git-svn-id: http://core.svn.wordpress.org/trunk@37601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Non web interfaces with WordPress (such as wp-cli) need to be able to bypass certain checks in the bootstrap process. This introduces three new filters to allow for those checks to be skipped.
1. Provides a way of forcefully bypassing wp_maintenance().
2. Provides a way of forcefully bypassing wp_debug_mode(). See https://github.com/wp-cli/wp-cli/issues/177
3. Provide a way of forcefully skipping loading wp-content/advance-cache.php. See https://github.com/wp-cli/wp-cli/pull/164
These filters should not be used by plugins (in fact, they run before plugins are loaded, so they can't be used by plugins). In general, they should only be used in non-web interactions with WordPress.
See #34936.
Props jorbin, DrewAPicture.
Built from https://develop.svn.wordpress.org/trunk@37626
git-svn-id: http://core.svn.wordpress.org/trunk@37594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hierarchical comment queries work by first fetching the IDs of top-level
comments, and then filling the descendant tree one level at a time based on the
top-level results. When top-level comment IDs are found in the cache,
`WP_Comment_Query` does not generate the SQL used to fetch these comments. In
this case, the `fill_descendants()` query does not have enough information
to fill children. As a result, descendant comments were failing to be filled
in cases where the top-level comments were found in the cache.
This was a minor bug previously, because comment caches were not maintained
between pageloads. Since comment caches are now persistent [37613], the problem
becomes evident anywhere that a persistent object cache is in use.
The solution is to cache parent-child relationships, so that when top-level
comments are found in the cache, descendant comments should be found there as
well.
Fixes#36487.
Built from https://develop.svn.wordpress.org/trunk@37625
git-svn-id: http://core.svn.wordpress.org/trunk@37593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of the 'get_terms' filter was consolidated in [37572], with the
introduction of `WP_Term_Query`. At that time, the result of 'count=true'
queries began being filtered by 'get_terms'. This breaks existing 'get_terms'
callbacks, which often assume that the returned value will be an array or a
`WP_Error` object.
Props JustinSainton.
Fixes#36992.
Built from https://develop.svn.wordpress.org/trunk@37623
git-svn-id: http://core.svn.wordpress.org/trunk@37591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_sites()` should be considered a replacement for `wp_get_sites()`. Backward compatibility is maintained in the meantime by using `get_site()` to populate the return data with associative arrays rather than `WP_Site` objects.
Props spacedmonkey, flixos90.
See #35791.
Built from https://develop.svn.wordpress.org/trunk@37617
git-svn-id: http://core.svn.wordpress.org/trunk@37585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the 'last_changed' incrementor was manually invalidated, since
the newly created comment did not yet exist in the cache. However, this created
an inconsistency with the other comment CRUD functions, which result in the
'clean_comment_cache' action firing.
Props spacedmonkey.
See #36906.
Built from https://develop.svn.wordpress.org/trunk@37614
git-svn-id: http://core.svn.wordpress.org/trunk@37582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
'comment' was made non-persistent in [7986], to address the difficulty of
reliable cache invalidation. Since then, the comment system has improved such
that we can be more confident that caches are being busted as needed.
Props spacedmonkey.
Fixes#36906.
Built from https://develop.svn.wordpress.org/trunk@37613
git-svn-id: http://core.svn.wordpress.org/trunk@37581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This update adds two main features for your WordPress development happiness.
1) GitHub URL support. You can now use `grunt patch:https://github.com/aaronjorbin/develop.wordpress/pull/3` with any copy of WordPress on GitHub. No longer will you need to download the patch manually. Works for both core and develop mirrors on GitHub.
2) Upload patches directly from the command line. No longer will you need to create a patch and manually upload it to trac. `grunt upload_patch:20000` will upload a patch to the appropriate ticket after a user enters a WordPress.org username and password. This is limited to users with the appropriate XML-RPC privileges in trac (right now, that is just bug gardeners). You still need to manually add the `has patch` keyword.
Full changelog: https://github.com/aaronjorbin/grunt-patch-wordpress/compare/0.3.0...0.4.0Fixes#35917.
Props netweb, ericlewis, michaelbeil, jorbin.
Built from https://develop.svn.wordpress.org/trunk@37612
git-svn-id: http://core.svn.wordpress.org/trunk@37580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The logic for determining the appropriate character set and collation to use is becoming more complex, particularly with the recent additions of [37522] and [37523]. As `init_charset()` has side effects, and makes use of constants instead of parameters, it's not possible to unit test this logic.
This commit splits the logic part of `init_charset()` out into a new method, `wpdb::determine_charset()`, along with appropriate unit tests.
See #32105, #37522.
Fixes#36917.
Built from https://develop.svn.wordpress.org/trunk@37601
git-svn-id: http://core.svn.wordpress.org/trunk@37569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to [37572], arguments passed to `get_terms()` were passed immediately
through `wp_parse_args()`, which made it possible to pass arguments as a
querystring (`hide_empty=0`) rather than an array
(`array( 'hide_empty' => false )`). [37572] moved default argument parsing
into `WP_Term_Query`, while assuming that arguments passed to `get_terms()`
would be formatted as an array.
To provide compatibility, we now parse all args passed to `get_terms()` into
an array before processing.
See #35381.
Built from https://develop.svn.wordpress.org/trunk@37599
git-svn-id: http://core.svn.wordpress.org/trunk@37567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`CHAR` is redundant, since the `meta_value` column is `LONGTEXT`. Meanwhile,
use of `CAST()` causes MySQL to ignore any index that the administrator may
have added to the column.
A number of automated tests were doing searches for `CAST` in the SQL strings
generated by `WP_Meta_Query` (for reasons unrelated to the `CAST()` behavior).
These tests have been updated to expect the new query format.
Props ericlewis.
Fixes#36625.
Built from https://develop.svn.wordpress.org/trunk@37594
git-svn-id: http://core.svn.wordpress.org/trunk@37562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [37573], object relationship caches (`{$taxonomy}_relationships`)
contain term IDs rather than term objects. See #36814. As such, it's no longer
necessary to clear these caches when a term is updated; none of the data that's
changed on update (name, description, count, etc) is stored in the relationship
cache.
Fixes#36251.
Built from https://develop.svn.wordpress.org/trunk@37593
git-svn-id: http://core.svn.wordpress.org/trunk@37561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The process of lazy-loading can be resource intensive for object that have
terms in large numbers of taxonomies and are running a persistent object cache.
This new parameter allows the feature to be disabled in these cases.
Props DBrumbaugh10Up.
See #36953.
Built from https://develop.svn.wordpress.org/trunk@37589
git-svn-id: http://core.svn.wordpress.org/trunk@37557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to allow non-web initializations of WordPress (such as through wp-cli) to modify things like the check for maintenance mode, plugins.php and the associated functions must be available much earlier. The use of these functions earlier than the loading of plugins is not recommended in most use cases.
Fixes#36819. See #34936.
Props jorbin, danielbachhuber for documentation.
Built from https://develop.svn.wordpress.org/trunk@37588
git-svn-id: http://core.svn.wordpress.org/trunk@37556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`dbDelta()` compares the index definitions against the result of `SHOW INDEX FROM $table_name`. This requires a specific format so indices are not unnecessarily re-created. This format wasn't ensured, until now.
* Parse the raw index definition to extract the type, name and columns so a normalized definition can be built (#20263, #34873).
* Standardize on uppercase types (#34871) and on 'KEY'. 'INDEX' is only a synonym for 'KEY'.
* Escape index names with backticks (#20263).
* Normalize columns: Ignore ASC and DESC definitions (#34959), remove whitespaces (#34869) and escape column names with backticks (#20263).
* Add backticks to all index change queries (#20263).
Props ocean90, pento, kurtpayne.
Fixes#20263, #34869, #34871, #34873, #34959.
Built from https://develop.svn.wordpress.org/trunk@37583
git-svn-id: http://core.svn.wordpress.org/trunk@37551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are some table prefixes (for example, `7e1_`), which MySQL will try and parse as values when they're note quoted in backticks. Because not everything remembers to quote their table names, it's best if we just discourage their use during setup.
Fixes#36422.
Built from https://develop.svn.wordpress.org/trunk@37581
git-svn-id: http://core.svn.wordpress.org/trunk@37549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, objects containing all data about a term were stored in each
object's term cache. Besides being wasteful, this approach caused invalidation
issues, as when a modified term count required a flush for all objects
belonging to the term.
Backward compatibility is maintained for plugins that continue to put object
data directly into the `{$taxonomy}_relationships` cache bucket.
Fixes#36814.
Built from https://develop.svn.wordpress.org/trunk@37573
git-svn-id: http://core.svn.wordpress.org/trunk@37541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_Term_Query` is modeled on existing query classes, such as those used
for comments and users. It provides a more consistent structure for generating
term queries, and should make it easier to add new functionality in the future.
Props flixos90, boonebgorges.
See #35381.
Built from https://develop.svn.wordpress.org/trunk@37572
git-svn-id: http://core.svn.wordpress.org/trunk@37540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34529] introduced logic intended to prime the termmeta cache for certain
values of the `fields` parameter. There were a few bugs:
* The `all_with_object_id` param was misspelled.
* `term_id` was used instead of `ids`.
* The values being passed to `update_termmeta_cache()` in the case where `fields=ids` was not correct.
All of these would result in a failure to pre-fetch termmeta in some cases.
Props dlh.
Fixes#36932.
Built from https://develop.svn.wordpress.org/trunk@37567
git-svn-id: http://core.svn.wordpress.org/trunk@37535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a unit test factory so that bookmark/link fixtures can be
created during tests.
Why are we writing tests for functionality that has been deprecated for years?
Because it's the Right Thing to Do.
See #18356.
Built from https://develop.svn.wordpress.org/trunk@37563
git-svn-id: http://core.svn.wordpress.org/trunk@37531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `$before` falls before the link markup starts
* `$after` falls after the link markup ends
* `$link_before` falls before the link text
* `$link_after` falls after the link text
Props wp_smith for the initial patch.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37561
git-svn-id: http://core.svn.wordpress.org/trunk@37529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the event that the database has gone away for some reason, calls to `mysqli_errno()` and `mysqli_error()` (and their `ext/mysql` equivalents, of course), will generate PHP warnings, which are unsightly, and not how we do things in these parts.
Props mbijon, craig-ralston for the original patch.
Fixes#23085.
Built from https://develop.svn.wordpress.org/trunk@37548
git-svn-id: http://core.svn.wordpress.org/trunk@37516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.
On the subsequent upgrade, after the `utf8mb4` upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their original size, so let's do that.
Fixes#36748.
Built from https://develop.svn.wordpress.org/trunk@37525
git-svn-id: http://core.svn.wordpress.org/trunk@37493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `utf8mb4_unicode_520_ci` (Unicode Collation Algorithm 5.2.0, October 2010) collation is an improvement over `utf8mb4_unicode_ci` (UCA 4.0.0, November 2003).
There is no word on when MySQL will support later UCAs.
Fixes#32105.
Built from https://develop.svn.wordpress.org/trunk@37523
git-svn-id: http://core.svn.wordpress.org/trunk@37491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some sites prefer to use locale-specific location settings. For example, the Swedish WordPress package use `utf8_swedish_ci`, instead of `utf8_unicode_ci`. When upgrading the connection to `utf8mb4`, we were overriding this to be `utf8mb4_unicode_ci`, instead of maintaining the use of the `_swedish_ci` variant.
The locale-specific collations do have extra collation rules just for that language, so it's useful to maintain compatibility.
Fixes#32405.
Built from https://develop.svn.wordpress.org/trunk@37521
git-svn-id: http://core.svn.wordpress.org/trunk@37489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Provides a consistent way to query `$wpdb->blogs` for `WP_Site` objects based on domain, path, site ID, network ID, and more.
Introduces and uses `update_site_cache()` and `_prime_site_caches()` to maintain a cached list of `WP_Site` objects for use in multiple queries.
Props spacedmonkey, flixos90, DrewAPicture, jeremyfelt, ocean90.
See #35791.
Built from https://develop.svn.wordpress.org/trunk@37477
git-svn-id: http://core.svn.wordpress.org/trunk@37445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a setting is invalid, not only will it be blocked from being saved but all other settings will be blocked as well. This ensures that Customizer saves aren't partial but are more transactional. User will be displayed the error in a notification so that they can fix and re-attempt saving.
PHP changes:
* Introduces `WP_Customize_Setting::validate()`, `WP_Customize_Setting::$validate_callback`, and the `customize_validate_{$setting_id}` filter.
* Introduces `WP_Customize_Manager::validate_setting_values()` to do validation (and sanitization) for the setting values supplied, returning a list of `WP_Error` instances for invalid settings.
* Attempting to save settings that are invalid will result in the save being blocked entirely, with the errors being sent in the `customize_save_response`. Modifies `WP_Customize_Manager::save()` to check all settings for validity issues prior to calling their `save` methods.
* Introduces `WP_Customize_Setting::json()` for parity with the other Customizer classes. This includes exporting of the `type`.
* Modifies `WP_Customize_Manager::post_value()` to apply `validate` after `sanitize`, and if validation fails, to return the `$default`.
* Introduces `customize_save_validation_before` action which fires right before the validation checks are made prior to saving.
JS changes:
* Introduces `wp.customize.Notification` in JS which to represent `WP_Error` instances returned from the server when setting validation fails.
* Introduces `wp.customize.Setting.prototype.notifications`.
* Introduces `wp.customize.Control.prototype.notifications`, which are synced with a control's settings' notifications.
* Introduces `wp.customize.Control.prototype.renderNotifications()` to re-render a control's notifications in its notification area. This is called automatically when the notifications collection changes.
* Introduces `wp.customize.settingConstructor`, allowing custom setting types to be used in the same way that custom controls, panels, and sections can be made.
* Injects a notification area into existing controls which is populated in response to the control's `notifications` collection changing. A custom control can customize the placement of the notification area by overriding the new `getNotificationsContainerElement` method.
* When a save fails due to setting invalidity, the invalidity errors will be added to the settings to then populate in the controls' notification areas, and the first such invalid control will be focused.
Props westonruter, celloexpressions, mrahmadawais.
See #35210.
See #30937.
Fixes#34893.
Built from https://develop.svn.wordpress.org/trunk@37476
git-svn-id: http://core.svn.wordpress.org/trunk@37444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce `ms_load_current_site_and_network`. This is used by core during the multisite bootstrap process to populate the `$current_site` and `$current_blog` globals based on a requested domain and path.
Return values from this function inform `ms-settings.php` as to whether a page view should continue, `ms_not_installed()` should fire, or a redirect to a new location should occur.
This was previously a procedural block in `ms-settings.php`. Wrapping this code and providing specific return values allows us to write tests that do not rely on the manual and repeated inclusion of `ms-settings.php`.
This should not be used by plugins or themes. Please.
See #34941.
Built from https://develop.svn.wordpress.org/trunk@37475
git-svn-id: http://core.svn.wordpress.org/trunk@37443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Given a site ID or site object, `get_site()` retrieves site data in the same vein as `get_post()` or `get_comment()`. This will allow for clean retrieval of sites from a primed cache when `WP_Site_Query` is implemented.
Adds a `WP_Site::to_array()` method to support multiple return types within `get_site()`.
Props spacedmonkey.
See #35791.
Built from https://develop.svn.wordpress.org/trunk@37468
git-svn-id: http://core.svn.wordpress.org/trunk@37436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce the `network_edit_site_nav` function, which DRYs up the code used to display a common set of links at the top of "Edit Site" views.
Introduce the `network_edit_site_nav_links` filter, which allows plugins to modify the list of links displayed at the top of Edit Site views as a "tabbed" interface.
Props johnjamesjacoby, c3mdigital, Bueltge.
Fixes#15800.
Built from https://develop.svn.wordpress.org/trunk@37466
git-svn-id: http://core.svn.wordpress.org/trunk@37434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Clicking on the Edit Menu button focuses on the corresponding nav menu section. Upon collapsing the nav menu section, the focus is returned to the Custom Menu widget instead of taking the user to the menus root panel. In this way, the back button behavior is modified once to serve as breadcrumb/history navigation. The Edit Menu button with the breadcrumb back button behavior greatly reduce the number of UI interactions needed to edit a menu referenced in a Custom Menu widget.
Props celloexpressions, westonruter.
Fixes#32683.
Built from https://develop.svn.wordpress.org/trunk@37437
git-svn-id: http://core.svn.wordpress.org/trunk@37403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `medium_large_size_w` and `medium_large_size_h` options were added to the
$whitelist_options['media'] in options.php in [35479], which causes both options
to be set to `0` when the media settings are changed. When this occurs, the
medium_large image size will no longer be created when an image is uploaded.
Since these options aren't meant to be updated via the settings UI, they can be
safely removed from the whitelist.
Fixes#36531.
Built from https://develop.svn.wordpress.org/trunk@37435
git-svn-id: http://core.svn.wordpress.org/trunk@37401 1a063a9b-81f0-0310-95a4-ce76da25c4cd