Nikolay Bachiyski
3778cae8ec
Shortcodes: don't allow unclosed HTML elements in attributes
...
Built from https://develop.svn.wordpress.org/trunk@34134
git-svn-id: http://core.svn.wordpress.org/trunk@34102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:36:24 +00:00
Nikolay Bachiyski
097c4fd2f4
List tables: escape user e-mails
...
Better safe than sorry.
Built from https://develop.svn.wordpress.org/trunk@34133
git-svn-id: http://core.svn.wordpress.org/trunk@34101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:33:25 +00:00
Scott Taylor
1a01a9ab55
In the `edit-comments.php` admin handler, toggle `wp_defer_comment_counting()` so that only unique post IDs have their comment count updated. Currently, if you delete 50 comments from the same post, the count would get reset 50 times. Not joking.
...
See #33875 .
Built from https://develop.svn.wordpress.org/trunk@34132
git-svn-id: http://core.svn.wordpress.org/trunk@34100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:24:26 +00:00
Scott Taylor
60367d567d
The "counts" cache for comments by post id is never invalidated. Neither `wp_update_comment_count()` nor `wp_update_comment_count_now()` touch the cache.
...
Adds unit test.
See #33875 .
Built from https://develop.svn.wordpress.org/trunk@34131
git-svn-id: http://core.svn.wordpress.org/trunk@34099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:04:26 +00:00
Scott Taylor
7639a89a1f
`wp_unspam_comment()` can accept a full object instead of comment_ID to reduce cache/db lookups..
...
See #33638 .
Built from https://develop.svn.wordpress.org/trunk@34130
git-svn-id: http://core.svn.wordpress.org/trunk@34098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:47:25 +00:00
Scott Taylor
b1bc8a6522
More comment functions can accept a full object instead of comment_ID to reduce cache/db lookups.
...
See ##33638.
Built from https://develop.svn.wordpress.org/trunk@34129
git-svn-id: http://core.svn.wordpress.org/trunk@34097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:40:24 +00:00
Scott Taylor
b2a30103ae
In `WP_List_Table`, make a new `public` method, `->get_primary_column()`, and revert [34101] due to BC issues.
...
Fixes #33854 .
Built from https://develop.svn.wordpress.org/trunk@34128
git-svn-id: http://core.svn.wordpress.org/trunk@34096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 20:29:26 +00:00
Scott Taylor
4d33644373
In `WP_Media_List_Table`, fetch all pending comment counts at once, instead of for each row in the loop.
...
See #11381 .
Built from https://develop.svn.wordpress.org/trunk@34127
git-svn-id: http://core.svn.wordpress.org/trunk@34095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:25:25 +00:00
John Blackbourn
dbe4a770d5
Implement unit tests which use reflection to test functions in pluggable.php. This means any changes to these functions will need explicit changes to their corresponding tests, which helps prevent unintentional breakage.
...
Fixes #33867
Built from https://develop.svn.wordpress.org/trunk@34126
git-svn-id: http://core.svn.wordpress.org/trunk@34094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:15:27 +00:00
Boone Gorges
ef474c6970
Accept 'ID' as a valid `$field` in `get_user_by()`.
...
We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.
Props Shelob9.
Fixes #33869 .
Built from https://develop.svn.wordpress.org/trunk@34125
git-svn-id: http://core.svn.wordpress.org/trunk@34093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:58:26 +00:00
John Blackbourn
a78e850e9c
Add the site icon meta tags to `wp-login.php`.
...
See #33597
Props iworks
Built from https://develop.svn.wordpress.org/trunk@34124
git-svn-id: http://core.svn.wordpress.org/trunk@34092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:02:24 +00:00
Scott Taylor
3a0db2a22f
Fix the case-sensitivity of some HTTP class usage.
...
See #33413 .
Built from https://develop.svn.wordpress.org/trunk@34123
git-svn-id: http://core.svn.wordpress.org/trunk@34091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:37:25 +00:00
John Blackbourn
bc6af23302
Update links to the user profile editing screen in the admin toolbar when the current logged in user has no role on the current site. Covers single site and Multisite and introduces tests.
...
Fixes #25162
Built from https://develop.svn.wordpress.org/trunk@34122
git-svn-id: http://core.svn.wordpress.org/trunk@34090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:10:26 +00:00
Drew Jaynes
edd0f2b32f
Docs: Add missing parameter and return descriptions for `Walker::get_number_of_root_elements()`.
...
Fixes #33662 .
Built from https://develop.svn.wordpress.org/trunk@34121
git-svn-id: http://core.svn.wordpress.org/trunk@34089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 15:33:27 +00:00
Sergey Biryukov
d9bc36d068
Escape class attribute in `edit_post_link()` after [34098].
...
Props Offereins.
See #30563 .
Built from https://develop.svn.wordpress.org/trunk@34117
git-svn-id: http://core.svn.wordpress.org/trunk@34085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 13:01:25 +00:00
Dominik Schilling
4af3a3374e
Passwords: Deprecate second parameter of `wp_new_user_notification()`.
...
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654 .
(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116
git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Sergey Biryukov
97c0303f41
Docs: Add a changelog entry for the `$class` argument added to `edit_post_link()` in [34098].
...
Fixes #30563 .
Built from https://develop.svn.wordpress.org/trunk@34115
git-svn-id: http://core.svn.wordpress.org/trunk@34083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:20:26 +00:00
Dominik Schilling
d36ffeb160
Passwords: Trigger a `wp-check-valid-field` event when the password field is filled with a password by `generatePassword()`.
...
Updates event handler in `wpAjax.invalidateForm()` to support `wp-check-valid-field`.
See #33406 .
Built from https://develop.svn.wordpress.org/trunk@34114
git-svn-id: http://core.svn.wordpress.org/trunk@34082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 10:39:27 +00:00
Scott Taylor
5020135a10
Add sanity checks in `map_meta_cap()`, return `'do_not_allow'` when posts don't exist.
...
Adds unit test.
Props ocean90, nerrad, filosofo.
Fixes #23162 .
Built from https://develop.svn.wordpress.org/trunk@34113
git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges
49803a45f3
Send multisite site/user signup emails via hooked functions.
...
Site and user signup notifications are moved to the new actions
`'after_signup_site'` and `'after_signup_user'`. Site and user activation
notifications are moved to the existing actions `'wpmu_activate_blog'` and
`'wpmu_activate_user'`.
Props dshanske, thomaswm, jeremyfelt.
See #33587..
Built from https://develop.svn.wordpress.org/trunk@34112
git-svn-id: http://core.svn.wordpress.org/trunk@34080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:28:24 +00:00
Scott Taylor
ecc4106ed1
Add an argument to `parent_dropdown()`, `$post`, to allow it to be called for an arbitrary post.
...
Fixes #23162 .
Built from https://develop.svn.wordpress.org/trunk@34111
git-svn-id: http://core.svn.wordpress.org/trunk@34079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:20:25 +00:00
Scott Taylor
172e37b007
Move `Walker_Category` and `Walker_CategoryDropdown` into their own files via `svn cp`. Remove them from `category-template.php`. Load them in `category.php`. `svn cp` `category.php` over to `category-functions.php`, which also loads now in `category.php`.
...
See #33413 .
Built from https://develop.svn.wordpress.org/trunk@34110
git-svn-id: http://core.svn.wordpress.org/trunk@34078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:10:24 +00:00
Scott Taylor
4cec121d0b
Move `Walker_Page` and `Walker_PageDropdown` into their own files via `svn cp`. Remove them from `post-template.php`. Load them in `post.php`.
...
`post-template.php` loads after `post.php` in `wp-settings.php`. It could probably also be loaded in `post.php`, but avoiding that for the moment.
See #33413 .
Built from https://develop.svn.wordpress.org/trunk@34109
git-svn-id: http://core.svn.wordpress.org/trunk@34077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:59:24 +00:00
Scott Taylor
07c6fad006
In `wp_link_pages()`, ensure that `$prev` is greater than `0`.
...
Props betzster.
Fixes #25273 .
Built from https://develop.svn.wordpress.org/trunk@34108
git-svn-id: http://core.svn.wordpress.org/trunk@34076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:46:24 +00:00
Boone Gorges
b62bcef1b1
Send password-change email notifications via hook.
...
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.
In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.
Props dshanske, thomaswm.
See #33587 .
Built from https://develop.svn.wordpress.org/trunk@34107
git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Boone Gorges
c614849786
Send comment notification emails via a hooked function.
...
Previously, `wp_notify_postauthor()` and `wp_notify_moderator()` were called
directly from `wp_new_comment()`, making it difficult to modify or suppress
default notification emails.
Props dshanske, thomaswm.
See #33587 .
Built from https://develop.svn.wordpress.org/trunk@34106
git-svn-id: http://core.svn.wordpress.org/trunk@34074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:17:26 +00:00
Scott Taylor
373d73f781
Turn off `autocomplete` for the `new-post-slug` field.
...
Props johnbillion.
Fixes #32752 .
Built from https://develop.svn.wordpress.org/trunk@34105
git-svn-id: http://core.svn.wordpress.org/trunk@34073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:03:25 +00:00
Dion Hulse
476b5c2046
When running on windows systems, normalise the capitalisation of the drive letter for more reliable string comparisons.
...
Props tyxla
Fixes #33265
Built from https://develop.svn.wordpress.org/trunk@34104
git-svn-id: http://core.svn.wordpress.org/trunk@34072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:59:25 +00:00
Scott Taylor
bae7312f03
Pass `$r` and `$pages` to the 'wp_dropdown_pages' and 'wp_list_pages' filters.
...
Props bigdawggi, SergeyBiryukov.
Fixes #23734 .
Built from https://develop.svn.wordpress.org/trunk@34103
git-svn-id: http://core.svn.wordpress.org/trunk@34071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:32:24 +00:00
Scott Taylor
9604c74f62
Objects are passed by-reference since PHP 5. In `_get_custom_object_labels()`, cast `$object->labels` back to `object` before returning. This function is weird.
...
Adds unit test.
Props Toro_Unit.
Fixes #33023 .
Built from https://develop.svn.wordpress.org/trunk@34102
git-svn-id: http://core.svn.wordpress.org/trunk@34070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:23:26 +00:00
Scott Taylor
ae6a3aee7f
Make `WP_List_Table::get_primary_column_name()` public in list table classes that have it.
...
Fixes #33854 .
Built from https://develop.svn.wordpress.org/trunk@34101
git-svn-id: http://core.svn.wordpress.org/trunk@34069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:12:25 +00:00
Scott Taylor
5077d917a3
Check if the `$post_type` passed to `get_post_type_object()` is a `scalar` value. Non-scalars were producing PHP warnings.
...
Adds unit tests.
Props Kloon.
Fixes #30013 .
Built from https://develop.svn.wordpress.org/trunk@34100
git-svn-id: http://core.svn.wordpress.org/trunk@34068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 00:03:24 +00:00
Jeremy Felt
fa1e1a8850
Multisite: Implement the `get_by_path` method in `WP_Network`.
...
Move the internals of `get_network_by_path()` to `WP_Network()` and allow network objects to be retrieved by passing a requested domain and path.
Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985 .
Built from https://develop.svn.wordpress.org/trunk@34099
git-svn-id: http://core.svn.wordpress.org/trunk@34067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:40:24 +00:00
Scott Taylor
c745c2deb3
In `edit_post_link()`, add an argument for the class attribute that defaults to `post-edit-link`.
...
Props voldemortensen.
Fixes #30563 .
Built from https://develop.svn.wordpress.org/trunk@34098
git-svn-id: http://core.svn.wordpress.org/trunk@34066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:34:24 +00:00
Jeremy Felt
16b4096779
Multisite: Introduce the `WP_Network` class.
...
A `WP_Network` object initially matches a row from `wp_site` and is populated with additional properties used by WordPress core. The first iteration is used to retrieve an existing network based on data passed to the class.
* A network can be retrieved by its ID through `WP_Network::get_instance()`, following in the steps of `WP_Post` and `WP_Comment`.
* A network object can be created or completed by passing initial properties in as a standard object to `new WP_Network()`.
Using these methods, we are now able to populate the global `$current_site` during load via this class.
Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985 .
Built from https://develop.svn.wordpress.org/trunk@34097
git-svn-id: http://core.svn.wordpress.org/trunk@34065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:31:26 +00:00
Andrea Fercia
2a6793c7b2
Bump H3 headings to H2 on the Writing Settings screen for better accessibility.
...
Props mrahmadawais.
Fixes #33651 .
Built from https://develop.svn.wordpress.org/trunk@34096
git-svn-id: http://core.svn.wordpress.org/trunk@34064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 16:48:26 +00:00
Helen Hou-Sandí
7f772bdaff
Comments: Fix inline edit/reply on small screens.
...
props ocean90, SergeyBiryukov.
fixes #33596 .
Built from https://develop.svn.wordpress.org/trunk@34094
git-svn-id: http://core.svn.wordpress.org/trunk@34062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 12:47:27 +00:00
Weston Ruter
bd801ae5db
Customize: Remove redundant `aria-label` attributes.
...
Adds an `$options` array argument to `WP_Screen::render_screen_options()` to allow the `div#screen-options-wrap` element to be omitted when `wrap` value is `false`.
Props afercia, westonruter.
Fixes #33182 .
Built from https://develop.svn.wordpress.org/trunk@34093
git-svn-id: http://core.svn.wordpress.org/trunk@34061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 06:16:26 +00:00
Jeremy Felt
f7a00464d5
Tests: Update `Tests_Feed_RSS::test_items` to expect new comment permalink structure.
...
Introduced in [34075] for posts without comments.
Props netweb.
Fixes #19893 .
Built from https://develop.svn.wordpress.org/trunk@34092
git-svn-id: http://core.svn.wordpress.org/trunk@34060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 23:31:25 +00:00
Boone Gorges
1ff03c9d6e
Fail gracefully when checking mapped cap against unregistered post type.
...
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956 .
Built from https://develop.svn.wordpress.org/trunk@34091
git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Boone Gorges
c0a0d4ba50
Use stricter sanitization for meta query clause keys.
...
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.
Props nikolov.tmw.
Fixes #32937 .
Built from https://develop.svn.wordpress.org/trunk@34090
git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:06:24 +00:00
Boone Gorges
fc884dc7ec
Allow `setup_postdata()` to accept a post ID.
...
Previously, it accepted only a full post object.
Props sc0ttclark, mordauk, wonderboymusic.
Fixes #30970 .
Built from https://develop.svn.wordpress.org/trunk@34089
git-svn-id: http://core.svn.wordpress.org/trunk@34057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:58:23 +00:00
Boone Gorges
e0b1340461
Remove extraneous table join in `get_adjacent_post()`.
...
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.
Fixes #32833 .
Built from https://develop.svn.wordpress.org/trunk@34088
git-svn-id: http://core.svn.wordpress.org/trunk@34056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:34:24 +00:00
Dominik Schilling
4d5cd90b46
Revert [34013] and parts of [33970].
...
* `_WP_Editors::wp_mce_translation()` can't be changed without changing strings in TinyMCE and plugins.
* `\u2026` is escaped by `json_encode()` to `\\u2026`, makes `\u2026` visible in our UI.
See #32875 .
Built from https://develop.svn.wordpress.org/trunk@34087
git-svn-id: http://core.svn.wordpress.org/trunk@34055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:03:24 +00:00
Dominik Schilling
720cea8cf9
Themes: Don't use HTML entities for placeholders.
...
See #32875 .
Built from https://develop.svn.wordpress.org/trunk@34086
git-svn-id: http://core.svn.wordpress.org/trunk@34054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 19:48:24 +00:00
Scott Taylor
8977166746
In `wp_insert_post()`, when setting `$post_author`, use `isset()` instead of `! empty()` to allow `0` to be passed as the value for `$post_author`.
...
Adds unit tests.
Props ericdaams, wonderboymusic.
Fixes #32585 .
Built from https://develop.svn.wordpress.org/trunk@34085
git-svn-id: http://core.svn.wordpress.org/trunk@34053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 18:54:25 +00:00
Scott Taylor
8591f94b0a
`WP_Posts_List_Table`: there are a cadre of `edit.php` URLs that are generated by string-building instead of using our handy functions. Create a helper method, `->get_edit_link()` that standardizes the generation and escaping of these URLs.
...
Props BdN3504 for the initial patch on the ticket.
Fixes #32376 .
Built from https://develop.svn.wordpress.org/trunk@34084
git-svn-id: http://core.svn.wordpress.org/trunk@34052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 17:13:25 +00:00
Scott Taylor
a2aca8d063
Use `table-layout: auto` (instead of `fixed`) on `table.fixed` to ensure that things like date/time don't horrendously wrap on small screens. Before/After screenshots attached to the ticket.
...
Props gaelan.
Fixes #32691 .
Built from https://develop.svn.wordpress.org/trunk@34083
git-svn-id: http://core.svn.wordpress.org/trunk@34051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 16:04:25 +00:00
Scott Taylor
5a21742a6f
`wp_delete_post()`: add a filter, 'pre_delete_post', to allow bailout from the function if the filter returns a non-null value.
...
Props boonebgorges.
Fixes #32933 .
Built from https://develop.svn.wordpress.org/trunk@34082
git-svn-id: http://core.svn.wordpress.org/trunk@34050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 15:59:24 +00:00
Scott Taylor
891b76e034
`sanitize_post()`: the default value for `$context` is 'display'. The documentation says the default for `sanitize_post_field()` is 'display', but there is no default for the arg. Make the argument: `$context = 'default'`.
...
Props morganestes.
Fixes #33117 .
Built from https://develop.svn.wordpress.org/trunk@34081
git-svn-id: http://core.svn.wordpress.org/trunk@34049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 15:46:25 +00:00