* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.1 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.1@49395
git-svn-id: http://core.svn.wordpress.org/branches/5.1@49154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 5.1 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.1@47963
git-svn-id: http://core.svn.wordpress.org/branches/5.1@47734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/branches/5.1@44984
git-svn-id: http://core.svn.wordpress.org/branches/5.1@44815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `change` event was previously required to ensure that the Customizer picked detected changes to the widget's content and synced them to the preview. In the current state, though, the `trigger( 'change' )` is no longer required and is causing issues with the widget's “Done” and “Save” buttons.
Merges [44816] to the 5.1 branch.
Fixes#46335.
Props audrasjb, afercia, westonruter.
Built from https://develop.svn.wordpress.org/branches/5.1@44817
git-svn-id: http://core.svn.wordpress.org/branches/5.1@44649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Merges [44814] to the 5.1 branch.
Fixes#46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/branches/5.1@44815
git-svn-id: http://core.svn.wordpress.org/branches/5.1@44647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is only run if the wordpress.org API considers the PHP version acceptable. This ensures that other plugins or hosting providers can only make this check stricter, but not loosen it.
Merges [44788] to the 5.1 branch.
Props j-falk, mikeschroder.
Fixes#46065.
Built from https://develop.svn.wordpress.org/branches/5.1@44789
git-svn-id: http://core.svn.wordpress.org/branches/5.1@44621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit also moves the images to s.w.org, removes the old "Gutenberg has been deactivated" warning, as well as removing some old JS from About pages of years gone past.
Merges [44749] to the 5.1 branch.
Props melchoyce, ryelle, paaljoachim, karmatosed, pento.
Fixes#46161.
Built from https://develop.svn.wordpress.org/branches/5.1@44752
git-svn-id: http://core.svn.wordpress.org/branches/5.1@44584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Gutenberg plugin will not be deactivated on sites upgrading to WordPress 5.1. This deprecates the `upgrade_500_was_gutenberg_active` option and the `upgrade_500()` function as they are no longer required.
Props peterwilsoncc.
Fixes#46029.
Built from https://develop.svn.wordpress.org/trunk@44732
git-svn-id: http://core.svn.wordpress.org/trunk@44563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies the jQuery selector for determining hidden columns to ensure they are detected when the expanded columns details are closed.
Adds high-specificity selectors specifically for setting screen options in the comments and plugins lists.
Props afercia.
Fixes#46005.
Built from https://develop.svn.wordpress.org/trunk@44722
git-svn-id: http://core.svn.wordpress.org/trunk@44553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
Built from https://develop.svn.wordpress.org/trunk@44717
git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Edit Comment page:
- moves the "Author" `h2` heading out of the form fieldset
- removes an unnecessary `<span>` element
- adds a visually hidden legend element to the fieldset
- uses an existing string "Comment Author"
Fixes#43586.
Built from https://develop.svn.wordpress.org/trunk@44712
git-svn-id: http://core.svn.wordpress.org/trunk@44543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `Language_Pack_Upgrader::clear_destination()` to clear existing translations before installing new translations. Ensures that unused translations in JSON format are cleaned up.
Props dd32, swissspidy, ocean90.
Fixes#45468.
Built from https://develop.svn.wordpress.org/trunk@44676
git-svn-id: http://core.svn.wordpress.org/trunk@44507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_Shutdown_Handler` name plus related function names were premature when originally committed, as there can be multiple shutdown handlers in PHP, and WordPress makes use of that feature. This changeset modifies the name to a more appropriate `WP_Fatal_Error_Handler`, and related to that changes the following names:
* The drop-in to override the handler is now called `fatal-error-handler.php`.
* The internal function `wp_register_premature_shutdown_handler` is now called `wp_register_fatal_error_handler()`.
In addition to these naming changes, a new constant `WP_DISABLE_FATAL_ERROR_HANDLER` is introduced that can be set in `wp-config.php` to entirely disable the fatal error handler. That constant's value is and should be accessed indirectly via a new `wp_is_fatal_error_handler_enabled()` function and is filterable via a new `wp_fatal_error_handler_enabled` hook. Note that disabling the fatal error handler will skip the new functionality entirely, including the potentially used `fatal-error-handler.php` drop-in.
The new set of constant, filter and function provide for an easier-to-use mechanism to disable the fatal error handler altogether, rather than requiring developers to implement a drop-in for purely that purpose.
Props afragen, flixos90, joyously, knutsp, markjaquith, ocean90, schlessera, spacedmonkey.
Fixes#46047. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44674
git-svn-id: http://core.svn.wordpress.org/trunk@44505 1a063a9b-81f0-0310-95a4-ce76da25c4cd