Commit Graph

31259 Commits

Author SHA1 Message Date
Nikolay Bachiyski 3778cae8ec Shortcodes: don't allow unclosed HTML elements in attributes
Built from https://develop.svn.wordpress.org/trunk@34134


git-svn-id: http://core.svn.wordpress.org/trunk@34102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:36:24 +00:00
Nikolay Bachiyski 097c4fd2f4 List tables: escape user e-mails
Better safe than sorry.

Built from https://develop.svn.wordpress.org/trunk@34133


git-svn-id: http://core.svn.wordpress.org/trunk@34101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:33:25 +00:00
Scott Taylor 1a01a9ab55 In the `edit-comments.php` admin handler, toggle `wp_defer_comment_counting()` so that only unique post IDs have their comment count updated. Currently, if you delete 50 comments from the same post, the count would get reset 50 times. Not joking.
See #33875.

Built from https://develop.svn.wordpress.org/trunk@34132


git-svn-id: http://core.svn.wordpress.org/trunk@34100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:24:26 +00:00
Scott Taylor 60367d567d The "counts" cache for comments by post id is never invalidated. Neither `wp_update_comment_count()` nor `wp_update_comment_count_now()` touch the cache.
Adds unit test.
See #33875.

Built from https://develop.svn.wordpress.org/trunk@34131


git-svn-id: http://core.svn.wordpress.org/trunk@34099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:04:26 +00:00
Scott Taylor 7639a89a1f `wp_unspam_comment()` can accept a full object instead of comment_ID to reduce cache/db lookups..
See #33638.

Built from https://develop.svn.wordpress.org/trunk@34130


git-svn-id: http://core.svn.wordpress.org/trunk@34098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:47:25 +00:00
Scott Taylor b1bc8a6522 More comment functions can accept a full object instead of comment_ID to reduce cache/db lookups.
See ##33638.


Built from https://develop.svn.wordpress.org/trunk@34129


git-svn-id: http://core.svn.wordpress.org/trunk@34097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:40:24 +00:00
Scott Taylor b2a30103ae In `WP_List_Table`, make a new `public` method, `->get_primary_column()`, and revert [34101] due to BC issues.
Fixes #33854.

Built from https://develop.svn.wordpress.org/trunk@34128


git-svn-id: http://core.svn.wordpress.org/trunk@34096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 20:29:26 +00:00
Scott Taylor 4d33644373 In `WP_Media_List_Table`, fetch all pending comment counts at once, instead of for each row in the loop.
See #11381.

Built from https://develop.svn.wordpress.org/trunk@34127


git-svn-id: http://core.svn.wordpress.org/trunk@34095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:25:25 +00:00
John Blackbourn dbe4a770d5 Implement unit tests which use reflection to test functions in pluggable.php. This means any changes to these functions will need explicit changes to their corresponding tests, which helps prevent unintentional breakage.
Fixes #33867

Built from https://develop.svn.wordpress.org/trunk@34126


git-svn-id: http://core.svn.wordpress.org/trunk@34094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:15:27 +00:00
Boone Gorges ef474c6970 Accept 'ID' as a valid `$field` in `get_user_by()`.
We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.

Props Shelob9.
Fixes #33869.
Built from https://develop.svn.wordpress.org/trunk@34125


git-svn-id: http://core.svn.wordpress.org/trunk@34093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:58:26 +00:00
John Blackbourn a78e850e9c Add the site icon meta tags to `wp-login.php`.
See #33597
Props iworks

Built from https://develop.svn.wordpress.org/trunk@34124


git-svn-id: http://core.svn.wordpress.org/trunk@34092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:02:24 +00:00
Scott Taylor 3a0db2a22f Fix the case-sensitivity of some HTTP class usage.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34123


git-svn-id: http://core.svn.wordpress.org/trunk@34091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:37:25 +00:00
John Blackbourn bc6af23302 Update links to the user profile editing screen in the admin toolbar when the current logged in user has no role on the current site. Covers single site and Multisite and introduces tests.
Fixes #25162

Built from https://develop.svn.wordpress.org/trunk@34122


git-svn-id: http://core.svn.wordpress.org/trunk@34090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:10:26 +00:00
Drew Jaynes edd0f2b32f Docs: Add missing parameter and return descriptions for `Walker::get_number_of_root_elements()`.
Fixes #33662.

Built from https://develop.svn.wordpress.org/trunk@34121


git-svn-id: http://core.svn.wordpress.org/trunk@34089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 15:33:27 +00:00
Sergey Biryukov d9bc36d068 Escape class attribute in `edit_post_link()` after [34098].
Props Offereins.
See #30563.
Built from https://develop.svn.wordpress.org/trunk@34117


git-svn-id: http://core.svn.wordpress.org/trunk@34085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 13:01:25 +00:00
Dominik Schilling 4af3a3374e Passwords: Deprecate second parameter of `wp_new_user_notification()`.
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Sergey Biryukov 97c0303f41 Docs: Add a changelog entry for the `$class` argument added to `edit_post_link()` in [34098].
Fixes #30563.
Built from https://develop.svn.wordpress.org/trunk@34115


git-svn-id: http://core.svn.wordpress.org/trunk@34083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:20:26 +00:00
Dominik Schilling d36ffeb160 Passwords: Trigger a `wp-check-valid-field` event when the password field is filled with a password by `generatePassword()`.
Updates event handler in `wpAjax.invalidateForm()` to support `wp-check-valid-field`.

See #33406.
Built from https://develop.svn.wordpress.org/trunk@34114


git-svn-id: http://core.svn.wordpress.org/trunk@34082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 10:39:27 +00:00
Scott Taylor 5020135a10 Add sanity checks in `map_meta_cap()`, return `'do_not_allow'` when posts don't exist.
Adds unit test.

Props ocean90, nerrad, filosofo.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34113


git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges 49803a45f3 Send multisite site/user signup emails via hooked functions.
Site and user signup notifications are moved to the new actions
`'after_signup_site'` and `'after_signup_user'`. Site and user activation
notifications are moved to the existing actions `'wpmu_activate_blog'` and
`'wpmu_activate_user'`.

Props dshanske, thomaswm, jeremyfelt.
See #33587..
Built from https://develop.svn.wordpress.org/trunk@34112


git-svn-id: http://core.svn.wordpress.org/trunk@34080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:28:24 +00:00
Scott Taylor ecc4106ed1 Add an argument to `parent_dropdown()`, `$post`, to allow it to be called for an arbitrary post.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34111


git-svn-id: http://core.svn.wordpress.org/trunk@34079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:20:25 +00:00
Scott Taylor 172e37b007 Move `Walker_Category` and `Walker_CategoryDropdown` into their own files via `svn cp`. Remove them from `category-template.php`. Load them in `category.php`. `svn cp` `category.php` over to `category-functions.php`, which also loads now in `category.php`.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34110


git-svn-id: http://core.svn.wordpress.org/trunk@34078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:10:24 +00:00
Scott Taylor 4cec121d0b Move `Walker_Page` and `Walker_PageDropdown` into their own files via `svn cp`. Remove them from `post-template.php`. Load them in `post.php`.
`post-template.php` loads after `post.php` in `wp-settings.php`. It could probably also be loaded in `post.php`, but avoiding that for the moment.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@34109


git-svn-id: http://core.svn.wordpress.org/trunk@34077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:59:24 +00:00
Scott Taylor 07c6fad006 In `wp_link_pages()`, ensure that `$prev` is greater than `0`.
Props betzster.
Fixes #25273.

Built from https://develop.svn.wordpress.org/trunk@34108


git-svn-id: http://core.svn.wordpress.org/trunk@34076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:46:24 +00:00
Boone Gorges b62bcef1b1 Send password-change email notifications via hook.
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107


git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Boone Gorges c614849786 Send comment notification emails via a hooked function.
Previously, `wp_notify_postauthor()` and `wp_notify_moderator()` were called
directly from `wp_new_comment()`, making it difficult to modify or suppress
default notification emails.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34106


git-svn-id: http://core.svn.wordpress.org/trunk@34074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:17:26 +00:00
Scott Taylor 373d73f781 Turn off `autocomplete` for the `new-post-slug` field.
Props johnbillion.
Fixes #32752.

Built from https://develop.svn.wordpress.org/trunk@34105


git-svn-id: http://core.svn.wordpress.org/trunk@34073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:03:25 +00:00
Dion Hulse 476b5c2046 When running on windows systems, normalise the capitalisation of the drive letter for more reliable string comparisons.
Props tyxla
Fixes #33265

Built from https://develop.svn.wordpress.org/trunk@34104


git-svn-id: http://core.svn.wordpress.org/trunk@34072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:59:25 +00:00
Scott Taylor bae7312f03 Pass `$r` and `$pages` to the 'wp_dropdown_pages' and 'wp_list_pages' filters.
Props bigdawggi, SergeyBiryukov.
Fixes #23734.

Built from https://develop.svn.wordpress.org/trunk@34103


git-svn-id: http://core.svn.wordpress.org/trunk@34071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:32:24 +00:00
Scott Taylor 9604c74f62 Objects are passed by-reference since PHP 5. In `_get_custom_object_labels()`, cast `$object->labels` back to `object` before returning. This function is weird.
Adds unit test.

Props Toro_Unit.
Fixes #33023.

Built from https://develop.svn.wordpress.org/trunk@34102


git-svn-id: http://core.svn.wordpress.org/trunk@34070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:23:26 +00:00
Scott Taylor ae6a3aee7f Make `WP_List_Table::get_primary_column_name()` public in list table classes that have it.
Fixes #33854.

Built from https://develop.svn.wordpress.org/trunk@34101


git-svn-id: http://core.svn.wordpress.org/trunk@34069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:12:25 +00:00
Scott Taylor 5077d917a3 Check if the `$post_type` passed to `get_post_type_object()` is a `scalar` value. Non-scalars were producing PHP warnings.
Adds unit tests.

Props Kloon.
Fixes #30013.

Built from https://develop.svn.wordpress.org/trunk@34100


git-svn-id: http://core.svn.wordpress.org/trunk@34068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 00:03:24 +00:00
Jeremy Felt fa1e1a8850 Multisite: Implement the `get_by_path` method in `WP_Network`.
Move the internals of `get_network_by_path()` to `WP_Network()` and allow network objects to be retrieved by passing a requested domain and path.

Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.

Built from https://develop.svn.wordpress.org/trunk@34099


git-svn-id: http://core.svn.wordpress.org/trunk@34067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:40:24 +00:00
Scott Taylor c745c2deb3 In `edit_post_link()`, add an argument for the class attribute that defaults to `post-edit-link`.
Props voldemortensen.
Fixes #30563.

Built from https://develop.svn.wordpress.org/trunk@34098


git-svn-id: http://core.svn.wordpress.org/trunk@34066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:34:24 +00:00
Jeremy Felt 16b4096779 Multisite: Introduce the `WP_Network` class.
A `WP_Network` object initially matches a row from `wp_site` and is populated with additional properties used by WordPress core. The first iteration is used to retrieve an existing network based on data passed to the class.

* A network can be retrieved by its ID through `WP_Network::get_instance()`, following in the steps of `WP_Post` and `WP_Comment`.
* A network object can be created or completed by passing initial properties in as a standard object to `new WP_Network()`.

Using these methods, we are now able to populate the global `$current_site` during load via this class.

Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.

Built from https://develop.svn.wordpress.org/trunk@34097


git-svn-id: http://core.svn.wordpress.org/trunk@34065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:31:26 +00:00
Andrea Fercia 2a6793c7b2 Bump H3 headings to H2 on the Writing Settings screen for better accessibility.
Props mrahmadawais.
Fixes #33651.
Built from https://develop.svn.wordpress.org/trunk@34096


git-svn-id: http://core.svn.wordpress.org/trunk@34064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 16:48:26 +00:00
Helen Hou-Sandí 7f772bdaff Comments: Fix inline edit/reply on small screens.
props ocean90, SergeyBiryukov.
fixes #33596.

Built from https://develop.svn.wordpress.org/trunk@34094


git-svn-id: http://core.svn.wordpress.org/trunk@34062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 12:47:27 +00:00
Weston Ruter bd801ae5db Customize: Remove redundant `aria-label` attributes.
Adds an `$options` array argument to `WP_Screen::render_screen_options()` to allow the `div#screen-options-wrap` element to be omitted when `wrap` value is `false`.

Props afercia, westonruter.
Fixes #33182.

Built from https://develop.svn.wordpress.org/trunk@34093


git-svn-id: http://core.svn.wordpress.org/trunk@34061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 06:16:26 +00:00
Jeremy Felt f7a00464d5 Tests: Update `Tests_Feed_RSS::test_items` to expect new comment permalink structure.
Introduced in [34075] for posts without comments.

Props netweb.
Fixes #19893.

Built from https://develop.svn.wordpress.org/trunk@34092


git-svn-id: http://core.svn.wordpress.org/trunk@34060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 23:31:25 +00:00
Boone Gorges 1ff03c9d6e Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.

As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.

We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.

Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
Built from https://develop.svn.wordpress.org/trunk@34091


git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Boone Gorges c0a0d4ba50 Use stricter sanitization for meta query clause keys.
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.
Built from https://develop.svn.wordpress.org/trunk@34090


git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:06:24 +00:00
Boone Gorges fc884dc7ec Allow `setup_postdata()` to accept a post ID.
Previously, it accepted only a full post object.

Props sc0ttclark, mordauk, wonderboymusic.
Fixes #30970.
Built from https://develop.svn.wordpress.org/trunk@34089


git-svn-id: http://core.svn.wordpress.org/trunk@34057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:58:23 +00:00
Boone Gorges e0b1340461 Remove extraneous table join in `get_adjacent_post()`.
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.

Fixes #32833.
Built from https://develop.svn.wordpress.org/trunk@34088


git-svn-id: http://core.svn.wordpress.org/trunk@34056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:34:24 +00:00
Dominik Schilling 4d5cd90b46 Revert [34013] and parts of [33970].
* `_WP_Editors::wp_mce_translation()` can't be changed without changing strings in TinyMCE and plugins.
* `\u2026` is escaped by `json_encode()` to `\\u2026`, makes `\u2026` visible in our UI.

See #32875.
Built from https://develop.svn.wordpress.org/trunk@34087


git-svn-id: http://core.svn.wordpress.org/trunk@34055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:03:24 +00:00
Dominik Schilling 720cea8cf9 Themes: Don't use HTML entities for placeholders.
See #32875.
Built from https://develop.svn.wordpress.org/trunk@34086


git-svn-id: http://core.svn.wordpress.org/trunk@34054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 19:48:24 +00:00
Scott Taylor 8977166746 In `wp_insert_post()`, when setting `$post_author`, use `isset()` instead of `! empty()` to allow `0` to be passed as the value for `$post_author`.
Adds unit tests.

Props ericdaams, wonderboymusic.
Fixes #32585.

Built from https://develop.svn.wordpress.org/trunk@34085


git-svn-id: http://core.svn.wordpress.org/trunk@34053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 18:54:25 +00:00
Scott Taylor 8591f94b0a `WP_Posts_List_Table`: there are a cadre of `edit.php` URLs that are generated by string-building instead of using our handy functions. Create a helper method, `->get_edit_link()` that standardizes the generation and escaping of these URLs.
Props BdN3504 for the initial patch on the ticket.
Fixes #32376.

Built from https://develop.svn.wordpress.org/trunk@34084


git-svn-id: http://core.svn.wordpress.org/trunk@34052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 17:13:25 +00:00
Scott Taylor a2aca8d063 Use `table-layout: auto` (instead of `fixed`) on `table.fixed` to ensure that things like date/time don't horrendously wrap on small screens. Before/After screenshots attached to the ticket.
Props gaelan.
Fixes #32691.

Built from https://develop.svn.wordpress.org/trunk@34083


git-svn-id: http://core.svn.wordpress.org/trunk@34051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 16:04:25 +00:00
Scott Taylor 5a21742a6f `wp_delete_post()`: add a filter, 'pre_delete_post', to allow bailout from the function if the filter returns a non-null value.
Props boonebgorges.
Fixes #32933.

Built from https://develop.svn.wordpress.org/trunk@34082


git-svn-id: http://core.svn.wordpress.org/trunk@34050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 15:59:24 +00:00
Scott Taylor 891b76e034 `sanitize_post()`: the default value for `$context` is 'display'. The documentation says the default for `sanitize_post_field()` is 'display', but there is no default for the arg. Make the argument: `$context = 'default'`.
Props morganestes.
Fixes #33117.

Built from https://develop.svn.wordpress.org/trunk@34081


git-svn-id: http://core.svn.wordpress.org/trunk@34049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 15:46:25 +00:00