Keep the nonce used for cookie based authentication fresh by pulling in and using any new nonce supplied in the response headers.
* Enable passing nonce to init so each api/endpoint can use a unique nonce.
* Store nonce for endpoint on endpointModel.
* New model helper `nonce()` retrieves a model's routeModel nonce.
* When a response header contains a nonce that doesn't match the stored nonce, replace it.
Fixes#40422.
Built from https://develop.svn.wordpress.org/trunk@41553
git-svn-id: http://core.svn.wordpress.org/trunk@41386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Adds a `notifications` property to instances of `wp.customize.Panel` and `wp.customize.Section`.
* Adds a `setupNotifications()` method to `Panel`, `Section`, and `Control`.
* Adds a `getNotificationsContainerElement()` method to the `Panel` and `Section` classes, like `Control` has.
* Replace hard-coded notification in header media section with a notification.
* Limit rendering notifications to panels and sections that are expanded, and to controls that have an expanded section.
See #34893, #35210, #38778.
Fixes#38794.
Built from https://develop.svn.wordpress.org/trunk@41390
git-svn-id: http://core.svn.wordpress.org/trunk@41223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Show global error notiafication when saving is blocked due to client-side setting invalidity.
* Refactor `wp.customize.Notifications#render()` to ensure a notification re-renders if its `message` or data changes but its `code` does not.
Props MatheusGimenez, sixhours, westonruter, karmatosed, aocean90, zoonini, michelleweber, melchoyce.
See #35210.
Fixes#21492.
Built from https://develop.svn.wordpress.org/trunk@41389
git-svn-id: http://core.svn.wordpress.org/trunk@41222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that a control's `Element` is updated in response to pasting into the field. Also fixes issue where inputs using "new" HTML5 types (like `url` and `number`) were not updating in the preview during keystrokes. The use of `input` was previously blocked due to needing to support IE9, but this is no longer a concern since IE<11 is no longer supported.
See #38845, #28477.
Fixes#35832.
Built from https://develop.svn.wordpress.org/trunk@41387
git-svn-id: http://core.svn.wordpress.org/trunk@41220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This function can be used to easily get the main site ID of a given network via the optional `$network_id` parameter, which defaults to the current network. The existing `is_main_site()` now uses the new function internally and now accepts an optional `$network_id` parameter as well.
The main purpose of the new function at this point is to ensure that the `WP_Network::$blog_id` property is always set. Magic getters in the class have been adjusted to auto-fill the property when it is accessed and empty. Furthermore the function encapsulates logic that was previously part of `ms_load_current_site_and_network()` and has been replaced with a call to the function now.
Props spacedmonkey, jeremyfelt, johnjamesjacoby, flixos90.
Fixes#29684.
Built from https://develop.svn.wordpress.org/trunk@41380
git-svn-id: http://core.svn.wordpress.org/trunk@41213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Generally, duplicate terms returned by a term query are eliminated in PHP,
after the database query takes place. This technique doesn't work properly
when the query parameters specify the `number` of results, since the results
of a `SELECT ... LIMIT x...` query may be deduplicated to a count less than
`x`. In these cases, we force the original query to be `DISTINCT`.
Props elvishp2006.
Fixes#41796.
Built from https://develop.svn.wordpress.org/trunk@41377
git-svn-id: http://core.svn.wordpress.org/trunk@41210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.
Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes#12423, #39892.
Built from https://develop.svn.wordpress.org/trunk@41376
git-svn-id: http://core.svn.wordpress.org/trunk@41209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Displays an error notification in the global area when a save attempt is rejected due to invalid settings. An error notification is also displayed when saving fails due to a network error or server error.
* Introduces `wp.customize.Notifications` subclass of `wp.customize.Values` to contain instances of `wp.customize.Notification` and manage their rendering into a container.
* Exposes the global notification area as `wp.customize.notifications` collection instance.
* Updates the `notifications` object on `Control` to use `Notifications` rather than `Values` and to re-use the rendering logic from the former. The old `Control#renderNotifications` method is deprecated.
* Allows notifications to be dismissed by instantiating them with a `dismissible` property.
* Allows `wp.customize.Notification` to be extended with custom templates and `render` functions.
* Triggers a `removed` event on `wp.customize.Values` instances _after_ a value has been removed from the collection.
Props delawski, westonruter, karmatosed, celloexpressions, Fab1en, melchoyce, Kelderic, afercia, adamsilverstein.
See #34893, #39896.
Fixes#35210, #31582, #37727, #37269.
Built from https://develop.svn.wordpress.org/trunk@41374
git-svn-id: http://core.svn.wordpress.org/trunk@41207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Used now in core to facilitate displaying inserted media. See #40854.
* The `[embed]` shortcode is not supported because there is no post context for caching oEmbed responses. This depends on #34115.
* Add `do_shortcode()` to the `widget_text_content` filter in the same way it is added for `the_content` at priority 11, with `shortcode_unautop()` called at priority 10 after `wpautop()`.
* For Text widget in legacy mode, manually apply `do_shortcode()` (and `shortcode_unautop()` if auto-paragraph checked) if the core-added `widget_text_content` filter remains, unless a plugin added `do_shortcode()` to `widget_text` to prevent applying shortcodes twice.
* Ensure that global `$post` is `null` while filters apply in the Text widget so shortcode handlers won't run with unexpected contexts.
Props westonruter, nacin, aaroncampbell.
See #40854, #34115.
Fixes#10457.
Built from https://develop.svn.wordpress.org/trunk@41361
git-svn-id: http://core.svn.wordpress.org/trunk@41194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `aria-current` attribute is a simple, effective way to communicate to assistive
technologies which the current item within a set of items is. While the admin menu
structure isn't 100% ideal (the top-level item is repeated also as a sub-item)
adding `aria-current="page"` to the sub-items gives an important feedback to
assistive technologies users.
This change introduces `aria-current` for the first time in core. Worth noting
there are other places where it can be used to improve accessibility. These should
be addressed in separate tickets and patches.
Fixes#41589.
Built from https://develop.svn.wordpress.org/trunk@41359
git-svn-id: http://core.svn.wordpress.org/trunk@41192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Plugin details modal custom implementation in the Plugins page conflicts with
other Thickbox instances added by plugins. Thickbox shows its age and has been
modified over time to suit core needs. However, WordPress should do its best to
not create conflicts with the native Thickbox styles and functionalities. Plugin
authors should be able to use `add_thickbox()` in any admin page as documented,
without having to worry about potential errors.
- fixes a JavaScript error when closing a native Thickbox modal in the Plugins page
- avoids to override the native Thickbox modal styles
- uses a CSS class to target the Plugin details modal and remove a pile of overqualified CSS selectors
Fixes#41417.
Built from https://develop.svn.wordpress.org/trunk@41356
git-svn-id: http://core.svn.wordpress.org/trunk@41189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Mark a widget as dirty when a field input triggers a `change` or `input` event; clear dirty state when widget is successfully saved.
* Disable Save button and re-label "Saved" when widget not dirty.
* Show AYS dialog when leaving widgets admin screen with unsaved changes.
* When widgets are dirty, expand all unsaved widgets at AYS check and focus on first one.
* Change "Close" link to "Done"; hide link when widget is dirty and reveal when saved.
* The "Done" link persistently appears in the Customizer even after making a change (when the widget is dirty) because changes are autosaved into the changeset.
* Prevent saving widget when form fails `checkValidity`.
* Fix frequency of triggering of `change` event on the rich Text widget's `textarea` limited now to when there are actual changes.
* Add a class of `widget-dirty` to widget containers when the widget has unsaved changes.
Props westonruter, timmydcrawford, melchoyce.
Fixes#41610, #23120.
Built from https://develop.svn.wordpress.org/trunk@41352
git-svn-id: http://core.svn.wordpress.org/trunk@41185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improve JS parsing of our inline JSDocs by introducing `@namespace`, `@lends` and `@memberOf`. Helps set the way for showing our JavaScript documentation on developer.wordpress.org, see https://meta.trac.wordpress.org/ticket/3063.
* Define all used namespaces using @namespace.
* Correctly specify in which namespace each class is using @memberOf.
* Define each usage of the extend function as a prototype assignment using @lends.
* Some comment blocks were moved to correct the parsing of certain definitions.
Props herregroen, atimmer, netweb, SergeyBiryukov.
Fixes#41682.
Built from https://develop.svn.wordpress.org/trunk@41351
git-svn-id: http://core.svn.wordpress.org/trunk@41184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When multisite is setup already, e.g. in a multi network environment, this change gives a performance benefit over the direct SQL query that was previously used. The SQL query remains in place for when setting up multisite initially as the network API is not available at that point.
Props spacedmonkey.
Fixes#41805.
Built from https://develop.svn.wordpress.org/trunk@41348
git-svn-id: http://core.svn.wordpress.org/trunk@41181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add two new helper functions, `wp.api.getModelByRoute` and `wp.api.getCollectionByRoute`. Passed a route, they return the matching model or collection, or `undefined` if none is found.
Also adds tests to verify these functions work as expected.
Props rcutmore.
Fixes#41111.
Built from https://develop.svn.wordpress.org/trunk@41334
git-svn-id: http://core.svn.wordpress.org/trunk@41165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Refactors the UI controls around the Iris color picker to output valid and semantic markup
- Simplifies the way elements visibility gets toggled
- Properly associates the visually hidden label with the color input field
- Makes the toggle button a real button
- Adds `aria-expanded` to the toggle button
- Keeps focus on the toggle button instead of moving it to the color input field
- Adds `aria-label` attributes to give better context to some controls
- Removes a redundant title attribute
- Keeps the toggle button text to "Select Color" instead of changing it to "Current Color" when a color is selected
- Slightly improves the responsive view
- CSS clean-up
Fixes#39662.
Built from https://develop.svn.wordpress.org/trunk@41329
git-svn-id: http://core.svn.wordpress.org/trunk@41160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update to 2.1.9.
- Include the non-minified plupload.js and moxie.js.
- Remove support for Flash and Silverlight, the available runtime options are `html5` and `html4`.
- Delete plupload.flash.swf and plupload.silverlight.xap.
Fixes#41755.
Built from https://develop.svn.wordpress.org/trunk@41328
git-svn-id: http://core.svn.wordpress.org/trunk@41159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was accidentally introduced in [41125]. Since the `added_existing_user` filter has historically accepted either `true` or a `WP_Error` object, the clause is not necessary here. The doc block has been adjusted to account for the new possible `WP_Error` condition.
Fixes#41101.
Built from https://develop.svn.wordpress.org/trunk@41324
git-svn-id: http://core.svn.wordpress.org/trunk@41155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes an issue where failures when inserting the attachment post via
`wp_insert_attachment()` would result in a return value of `0` instead of a
`WP_Error` object, as documented. This is addressed by passing `true` as the
fourth param (added in WP 4.7.0) when calling `wp_insert_attachment()`.
Props mrasharirfan, flixos90.
Fixes#41726.
Built from https://develop.svn.wordpress.org/trunk@41323
git-svn-id: http://core.svn.wordpress.org/trunk@41154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
ALso fixes:
* Accessibility for volume control
* Progress bar tooltip positioning and dimensions correctly set for media with long duration
* Better codec checking
* Minor CSS fix to avoid flickering effect on volume control
Props rafa8626.
See #39686.
Fixes#41640.
Built from https://develop.svn.wordpress.org/trunk@41320
git-svn-id: http://core.svn.wordpress.org/trunk@41151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These log entries are only useful when troubleshooting unexpected results from the API, which is not common. The vast majority of users are better served by not having their logs cluttered with noise.
For the rare situations where troubleshooting is necessary, it can be achieved by a plugin (see #41217 for an example).
Props Howdy_McGee, dd32.
Fixes#41217.
Built from https://develop.svn.wordpress.org/trunk@41316
git-svn-id: http://core.svn.wordpress.org/trunk@41147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38296] we replaced `get_post_meta()` with `wp_get_attachment_metadata()`
so that attachment metadata could be consistently filtered. However, this
results in extra post queries which were previously avoided.
This uses `_prime_post_caches()` instead of `update_meta_cache()` to improve
post caching before looping through all images to retrieve attachment metadata.
Props dlh.
Fixes#40490.
Built from https://develop.svn.wordpress.org/trunk@41315
git-svn-id: http://core.svn.wordpress.org/trunk@41146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces the following meta capabilities:
* `activate_plugin`
* `deactivate_plugin`
* `deactivate_plugins`
The singular `activate_plugin` and `deactivate_plugin` capabilities are used along with the corresponding plugin name when
determining whether or not a user can activate or deactivate an individual plugin.
The plural `deactivate_plugins` capability is used in place of the existing `activate_plugins` capability when determining
whether a user can deactivate plugins.
Each of these new meta capabilities map to the existing `activate_plugins` primitive capability, which means there is no
change in existing behaviour, but plugins can now filter the capabilities required to activate and deactivate individual
plugins.
Fixes#38652
Built from https://develop.svn.wordpress.org/trunk@41290
git-svn-id: http://core.svn.wordpress.org/trunk@41130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.
This change fixes the usage in user-facing text and in developer documentation.
Fixes#41620
Built from https://develop.svn.wordpress.org/trunk@41289
git-svn-id: http://core.svn.wordpress.org/trunk@41129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removing inline examples already listed in the Code Reference
* Improving the summary and description to explain how tag conflicts are handled
* Supplement the docs for the `$func` parameter by describing the three arguments passed to a shortcode callback.
Props grapplerulrich for the initial patch.
Fixes#37222.
Built from https://develop.svn.wordpress.org/trunk@41281
git-svn-id: http://core.svn.wordpress.org/trunk@41121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto generated.
Props drewapicture, samuelsidler, netweb, valendesigns, kpdesign, nacin, jorbin
Fixes#30666
Built from https://develop.svn.wordpress.org/trunk@41271
git-svn-id: http://core.svn.wordpress.org/trunk@41111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.
Props johnbillion, flixos90.
Fixes#39677.
Built from https://develop.svn.wordpress.org/trunk@41268
git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There were a handful of files with an underscore in the name, which violated our naming scheme, and caused problems for anyone how enforced the scheme on their own systems.
This commit renames all of the files to the correct camelCase scheme.
Fixes#41658.
Built from https://develop.svn.wordpress.org/trunk@41261
git-svn-id: http://core.svn.wordpress.org/trunk@41101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.
Error reporting related to the file being moved will also be skipped.
Props ryan, Mte90.
Fixes#24603.
Built from https://develop.svn.wordpress.org/trunk@41258
git-svn-id: http://core.svn.wordpress.org/trunk@41098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.
Props MatheusGimenez, johnbillion
Fixes#39118
Built from https://develop.svn.wordpress.org/trunk@41254
git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twemoji 2.3.0 has a rendering issue in Safari, emoji can sometimes be followed by U+FEOF (which is just a flag meaning "render the preceding character as emoji).
Twemoji wasn't catching this character correctly, and Safari rendered it incorrectly.
Twemoji 2.5.0 resolves this issue.
Fixes#41584.
Built from https://develop.svn.wordpress.org/trunk@41250
git-svn-id: http://core.svn.wordpress.org/trunk@41090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This will send nav menu locations through three levels of mapping:
1. If both themes have only one location, that gets mapped.
2. If both themes have locations with the same slug, they get mapped.
3. Locations that (even partially) match slugs from a similar kind of menu location will get mapped.
Menu locations are mapped for Live Previews in the Customizer and during theme switches.
Props westonruter, obenland, welcher, melchoyce.
Fixes#39692.
Built from https://develop.svn.wordpress.org/trunk@41237
git-svn-id: http://core.svn.wordpress.org/trunk@41077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The following tests were never executed as they have `@depends` annotations which means they get skipped because the `test_video_shortcode_body()` test has not run by the time they run. Re-ordering the test methods fixes this.
* `test_wp_video_shortcode_with_empty_params()`
* `test_wp_video_shortcode_with_bad_attr()`
* `test_wp_video_shortcode_attributes()`
* `test_wp_video_shortcode_youtube_remove_feature()`
* `test_wp_video_shortcode_youtube_force_ssl()`
* `test_wp_video_shortcode_vimeo_force_ssl_remove_query_args()`
* `test_wp_video_shortcode_vimeo_adds_loop()`
* `test_wp_video_shortcode_vimeo_force_adds_loop_true()`
See #35367
Built from https://develop.svn.wordpress.org/trunk@41229
git-svn-id: http://core.svn.wordpress.org/trunk@41069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a visual glitch visible on Ubuntu. WordPress uses system fonts and they have
different metrics across operating systems. Uses screen-reader-text as a more
solid way to visually hide text.
Props punit5658, afercia.
Fixes#41497.
Built from https://develop.svn.wordpress.org/trunk@41227
git-svn-id: http://core.svn.wordpress.org/trunk@41067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While site administrators cannot generally edit users in multisite, they have always been able to change the roles of users on their site. In the REST API however, this has not been possible so far. This changeset brings parity with how it is handled in the administration panel: A REST request to edit only a user's roles succeeds correctly, while a REST request to edit any further details of a user fails.
Props jnylen0.
Fixes#40263.
Built from https://develop.svn.wordpress.org/trunk@41226
git-svn-id: http://core.svn.wordpress.org/trunk@41066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.
The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.
Props jmdodd.
Fixes#41101.
Built from https://develop.svn.wordpress.org/trunk@41225
git-svn-id: http://core.svn.wordpress.org/trunk@41065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces three new filters, replacing those that were introduced in [41153]:
* `wp_password_change_notification_email`
* `wp_new_user_notification_email_admin`
* `wp_new_user_notification_email`
Props pbearne
Fixes#38068
Built from https://develop.svn.wordpress.org/trunk@41213
git-svn-id: http://core.svn.wordpress.org/trunk@41053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are now 3 places where we call out to the REST API from within wp-admin. This commit introduces a small library to allow overriding these calls, centralize nonce-passing logic, and eliminate the need to pass a full REST URL down to client code (this last feature is not yet used and will be explored in a separate ticket).
Fixes#40919.
Built from https://develop.svn.wordpress.org/trunk@41206
git-svn-id: http://core.svn.wordpress.org/trunk@41046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `settings_previewed` property eliminates the need for the Customizer components from having to look at global `doing_ajax` state. This is in particular needed when saving settings, as some settings will short-circuit the update operation if they detect no changes are introduced. This is also needed for low-level integrations with the Customizer, such as in REST API endpoints under development.
Props stubgo, westonruter, utkarshpatel for testing.
See #38900.
Fixes#39221.
Built from https://develop.svn.wordpress.org/trunk@41205
git-svn-id: http://core.svn.wordpress.org/trunk@41045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_Comment_Query` always queries runs an ID query, and so is unaffected
by the 'fields' parameter. As such, 'fields' can be ignored when building
a cache key for the results of the ID query.
Props spacedmonkey.
Fixes#41348.
Built from https://develop.svn.wordpress.org/trunk@41190
git-svn-id: http://core.svn.wordpress.org/trunk@41030 1a063a9b-81f0-0310-95a4-ce76da25c4cd