Commit Graph

21883 Commits

Author SHA1 Message Date
Rachel Baker 2040186a5d Comments: Include comment_content with html and without in blacklist_keys comparison.
After [38047], also include the comment_content with html in the preg_match against blacklist keys to match urls.

Props ocean90.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38048


git-svn-id: http://core.svn.wordpress.org/trunk@37989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 14:05:29 +00:00
Rachel Baker 240e3ec683 Comments: Strip html tags from comment content before blacklist_keys comparison.
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.

Props cfinke.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38047


git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 13:48:39 +00:00
Dominik Schilling c73c23c423 Resource Hints: Increase priority of `wp_resource_hints()` so hints get printed before scripts and styles.
Also run `wp_resource_hints()` on the login screen and in the customizer. 

Props swissspidy.
Fixes #37317.
Built from https://develop.svn.wordpress.org/trunk@38046


git-svn-id: http://core.svn.wordpress.org/trunk@37987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 12:54:28 +00:00
Dominik Schilling 834f0809fc WP Mail: Remove an unused variable.
Unused since [34864].

Props vishalkakadiya.
Fixes #37346.
Built from https://develop.svn.wordpress.org/trunk@38045


git-svn-id: http://core.svn.wordpress.org/trunk@37986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 12:37:29 +00:00
Dominik Schilling fb59d07c9b Database: Add unit test to test that a column type change for a table name with a hyphen is working after [37583].
Fixes #31679.
Built from https://develop.svn.wordpress.org/trunk@38044


git-svn-id: http://core.svn.wordpress.org/trunk@37985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 11:39:41 +00:00
John Blackbourn 7e7dfdea55 HTTP API: Remove duplicate documentation for the `http_api_debug` hook.
Fixes #37081

Built from https://develop.svn.wordpress.org/trunk@38043


git-svn-id: http://core.svn.wordpress.org/trunk@37984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 10:23:43 +00:00
Jeremy Felt f3b3ece76a Multisite: Set default `$args` to an empty array in `get_networks()`.
The empty string was not incorrect. Using `array()` here instead makes things a bit more consistent by aligning with `get_sites()`, `get_users()`, and `get_terms()`.

See #32504.

Built from https://develop.svn.wordpress.org/trunk@38042


git-svn-id: http://core.svn.wordpress.org/trunk@37983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 05:30:29 +00:00
Jeremy Felt da40e89d06 Meta: Ensure filters are backwards compatible for pre-4.6 style meta registration.
When using `register_meta()` with the function signature from 4.5 and earlier, the `auth_{$type}_meta_{$key}` and `sanitize_{$type}_meta_{$key}` filters are used. Any calls to `register_meta()` expecting this behavior should continue to work. The new filters, which take advantage of object subtypes, should not be added unless the proper `$args` array is passed.

See #35658.

Built from https://develop.svn.wordpress.org/trunk@38041


git-svn-id: http://core.svn.wordpress.org/trunk@37982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 04:46:28 +00:00
Jeremy Felt d5e14166f3 Meta: Remove filters when meta is unregistered.
If auth and/or sanitize callbacks are specified in the arguments for
`register_meta()`, filters are added to handle these callbacks. These
should be removed when calling `unregister_meta_key()` to avoid
unintentional filtering.

See #35658.

Built from https://develop.svn.wordpress.org/trunk@38040


git-svn-id: http://core.svn.wordpress.org/trunk@37981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 04:13:30 +00:00
Andrew Ozz 532e8f0204 TinyMCE: preserve `<script>` and `<style>` tags inside the editor.
Uses image placeholders for the tags and makes then visible. That way the tags can also be deleted from inside the editor.

Props iseulde, azaozz.
Fixes #32923.
Built from https://develop.svn.wordpress.org/trunk@38039


git-svn-id: http://core.svn.wordpress.org/trunk@37980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 22:09:31 +00:00
John Blackbourn 3a7137a7a5 Meta: Add a missing `@since` param for `wp_object_type_exists()`.
See #35658

Built from https://develop.svn.wordpress.org/trunk@38038


git-svn-id: http://core.svn.wordpress.org/trunk@37979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 13:21:29 +00:00
Dominik Schilling 97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Dominik Schilling e5f967ca99 Resource Hints: Remove schemes from `dns-prefetch` resource hint outputs.
"wordpress.org", "!http://wordpress.org", and "!https://wordpress.org" should all have the same DNS lookup.
Also, replace `\r\n` with `\n` and ensure that invalid URLs are skipped.

Props niallkennedy, peterwilsoncc.
Fixes #37240.
Built from https://develop.svn.wordpress.org/trunk@38036


git-svn-id: http://core.svn.wordpress.org/trunk@37977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:32:28 +00:00
Dominik Schilling f160f2afd1 Toolbar: Allow 0 as a value for the `tabindex` property of a menu item.
To enhance accessibility for items without a link you can now define `tabindex="0"`, which makes descendant dropdowns accessible.

Props joedolson, afercia, ocean90.
Fixes #32495.
Built from https://develop.svn.wordpress.org/trunk@38035


git-svn-id: http://core.svn.wordpress.org/trunk@37976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:18:30 +00:00
Andrew Ozz 70fa27a953 TinyMCE: update to 4.4.0, changelog: https://github.com/tinymce/tinymce/blob/master/changelog.txt. Includes two bugfixes for #36434.
Fixes #37327.
Built from https://develop.svn.wordpress.org/trunk@38034


git-svn-id: http://core.svn.wordpress.org/trunk@37975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 00:20:29 +00:00
Pascal Birchler e4eee7ef5c Plugins: Improve Ajax search of installed plugins.
Fixes a few accessibility issues, tweaks the design of the search form to match other Ajax search fields and improves compatibility with older browsers.

See #37230.
Built from https://develop.svn.wordpress.org/trunk@38033


git-svn-id: http://core.svn.wordpress.org/trunk@37974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-11 21:50:31 +00:00
Dominik Schilling f8e7680cd6 Multisite: Use `hash_equals()` when comparing hashes to mitigate timing attacks.
Fixes #37324.
Built from https://develop.svn.wordpress.org/trunk@38032


git-svn-id: http://core.svn.wordpress.org/trunk@37973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:43:28 +00:00
Dominik Schilling 02424959e4 Accessibility: Add `aria-button-if-js` class to links in the media list table that behave like buttons when JavaScript is on.
Props joedolson, afercia.
See #26504.
Fixes #36555.
Built from https://develop.svn.wordpress.org/trunk@38031


git-svn-id: http://core.svn.wordpress.org/trunk@37972 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:31:31 +00:00
Drew Jaynes 844ae66820 Docs: The `$labels` property in `WP_Post_Type` is of type `object` as returned from `get_post_type_labels()`, not an array.
Props swissspidy.
See #36217.

Built from https://develop.svn.wordpress.org/trunk@38030


git-svn-id: http://core.svn.wordpress.org/trunk@37971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 17:41:30 +00:00
Drew Jaynes 31f150080a Docs: Standardize references to "meta box" or "meta boxes" as two distinct words throughout core documentation per the core spelling guide.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38029


git-svn-id: http://core.svn.wordpress.org/trunk@37970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:56:28 +00:00
Drew Jaynes 6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Drew Jaynes 4c029e870e Docs: Link the 4.6 changelog entry in the DocBlock for `register_meta()` to its corresponding dev note on make/core.
h/t ocean90.

See #35658. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38027


git-svn-id: http://core.svn.wordpress.org/trunk@37968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 16:50:35 +00:00
Tammie Lister 5bcc4e7b35 PHP 7 compatibility issues fixed in Twenty Thirteen and Twenty Fourteen
Props xknown
Fixes #37227
--This Line, and those below, will be ignored--

M    themes/twentyfourteen/functions.php
M    themes/twentythirteen/functions.php

Built from https://develop.svn.wordpress.org/trunk@38026


git-svn-id: http://core.svn.wordpress.org/trunk@37967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 15:11:33 +00:00
Dominik Schilling 559c6637bf Docs: Fix a typo in the DocBlock for `themes_api()`, `themes_api`, `plugins_api()`, and `plugins_api`.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@38025


git-svn-id: http://core.svn.wordpress.org/trunk@37966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:39:33 +00:00
Drew Jaynes 7eb6471461 Docs: Fix minor formatting and syntax for wp-admin/* elements introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38024


git-svn-id: http://core.svn.wordpress.org/trunk@37965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:00:31 +00:00
Drew Jaynes a13164355f Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6
See #36618. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38023


git-svn-id: http://core.svn.wordpress.org/trunk@37964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:45:33 +00:00
Drew Jaynes 2ee0027bc1 Docs: Improve usefulness of DocBlocks for ajax-actions.php functions introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38022


git-svn-id: http://core.svn.wordpress.org/trunk@37963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:23:30 +00:00
Drew Jaynes c009abcc98 Docs: Fix a typo in the hook doc description for the `enable_loading_advanced_cache_dropin` run-time filter.
See #34936. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38021


git-svn-id: http://core.svn.wordpress.org/trunk@37962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:17:30 +00:00
Dominik Schilling 1036637afc Taxonomy: Remove an unnecessary double assignment in `WP_Term_Query::get_terms()`.
Props birgire.
Fixes #37254.
Built from https://develop.svn.wordpress.org/trunk@38020


git-svn-id: http://core.svn.wordpress.org/trunk@37961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 11:49:29 +00:00
Pascal Birchler aa4334cc50 Upgrade/Install: Do not remove event handlers when trying to update a theme.
Previously, when clicking "Update now" the callbacks were erroneously removed. This prevented opening the filesystem credentials modal for a second time.

Fixes #37285.
Built from https://develop.svn.wordpress.org/trunk@38019


git-svn-id: http://core.svn.wordpress.org/trunk@37960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 11:43:43 +00:00
Drew Jaynes dac2988528 Docs: Fix a typo in an inline hook reference in the DocBlock for `comment_form()`.
Props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38018


git-svn-id: http://core.svn.wordpress.org/trunk@37959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 23:56:32 +00:00
Dominik Schilling 9b2f385b07 Bootstrap: Make `wp_is_ini_value_changeable()` compatible with PHP 5.2.6 - 5.2.17.
There is a bug in PHP 5.2.6 - 5.2.17 (https://bugs.php.net/bug.php?id=44936, https://3v4l.org/IL0A2) which changes the access level of a setting to 63 after `ini_set()` was called.
To continue comparing the access value against `INI_ALL` and `INI_USER` use the bit operator `& 7`:

* `1 & 7 === 1` (INI_USER)
* `2 & 7 === 2` (INI_PERDIR)
* `4 & 7 === 4` (INI_SYSTEM)
* `7 & 7 === 7` (INI_ALL)
* `63 & 7 === 7` (INI_ALL)

See [38015].
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38017


git-svn-id: http://core.svn.wordpress.org/trunk@37958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 18:36:30 +00:00
Dominik Schilling 31d3147f4e Unit tests: Don't change the `memory_limit` setting during tests.
40M isn't enough and can lead to an "out of memory" error. Change `test_wp_raise_memory_limit()` to test that `wp_raise_memory_limit()` doesn't *lower* the memory limit.

See [38015].
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38016


git-svn-id: http://core.svn.wordpress.org/trunk@37957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 18:17:41 +00:00
Dominik Schilling aa561e67a1 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.
Built from https://develop.svn.wordpress.org/trunk@38015


git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 14:37:30 +00:00
Sergey Biryukov d1cd600733 Docs: Fix typo in a comment in `Core_Upgrader::upgrade()`.
Props Zuige.
Fixes #37314.
Built from https://develop.svn.wordpress.org/trunk@38014


git-svn-id: http://core.svn.wordpress.org/trunk@37955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 13:19:30 +00:00
Dominik Schilling 682e028a5a Bootstrap: Clean up `wp_convert_hr_to_bytes()`.
* Don't return a value higher than `PHP_INT_MAX`.
* Add unit tests.

Props jrf.
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38013


git-svn-id: http://core.svn.wordpress.org/trunk@37954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 12:54:28 +00:00
Dominik Schilling 5eae48b414 Boostrap: Move `wp_convert_hr_to_bytes()` to wp-includes/load.php.
`wp_convert_hr_to_bytes()` was previously defined in wp-includes/media.php because it's only used by `wp_max_upload_size()` in the same file.
Moving this function to load.php allows us to improve core's memory limit handling.

See #32075.
Built from https://develop.svn.wordpress.org/trunk@38012


git-svn-id: http://core.svn.wordpress.org/trunk@37953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 11:27:27 +00:00
Dominik Schilling 561018677f Constants: Move constants for data sizes before constants for memory limits.
This allows us to improve core's memory limit handling.

See #32075.
Built from https://develop.svn.wordpress.org/trunk@38011


git-svn-id: http://core.svn.wordpress.org/trunk@37952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 11:19:29 +00:00
Peter Wilson b9b69676d8 Embeds: Include locale stylesheets after default styles.
Fire `locale_stylesheet` action after the `wp_print_styles` action in the embeds header to match the order in `wp_head`.

Props swissspidy.
Fixes #36839.

Built from https://develop.svn.wordpress.org/trunk@38010


git-svn-id: http://core.svn.wordpress.org/trunk@37951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 06:07:33 +00:00
Rachel Baker c283b3c0c6 Revisions: Allow autosaves to be restored when revisions are disabled.
Fixes bug introduced in [23639] where autosaves are not restored if revisions are disabled.

Props adamsilverstein.
Fixes #36262.



Built from https://develop.svn.wordpress.org/trunk@38009


git-svn-id: http://core.svn.wordpress.org/trunk@37950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 01:16:31 +00:00
Jeremy Felt 602f231a26 Docs: Correct the description of the `$network_id` in `WP_Site_Query`.
Passing 0 for `network_id` results in a query across all networks.

See #35791.

Built from https://develop.svn.wordpress.org/trunk@38008


git-svn-id: http://core.svn.wordpress.org/trunk@37949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 20:36:30 +00:00
Jeremy Felt 771212f20a Multisite: Correct logic used to display an Edit User link after adding a user.
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.

Fixes #37223.

Built from https://develop.svn.wordpress.org/trunk@38007


git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:48:29 +00:00
Jeremy Felt 24804144de Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email.
Props scottbasgaard.
Fixes #36954.

Built from https://develop.svn.wordpress.org/trunk@38006


git-svn-id: http://core.svn.wordpress.org/trunk@37947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:13:27 +00:00
Boone Gorges 397f08e7d3 Tests: Ensure that test for invalid user ID actually uses an invalid user ID.
This prevents false positives when the ID column's incrementor has exceeded the
hardcoded invalid ID.

Fixes #37308.
Built from https://develop.svn.wordpress.org/trunk@38005


git-svn-id: http://core.svn.wordpress.org/trunk@37946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 16:48:28 +00:00
Dominik Schilling 30420b7d19 Screen API: After [37972], ensure that `$box['args']` is an array before trying to access `__widget_basename`.
This prevents a PHP fatal error on the Nav Menus screen where `$args` is an object.

Props elrae.
Fixes #35021.
Built from https://develop.svn.wordpress.org/trunk@38004


git-svn-id: http://core.svn.wordpress.org/trunk@37945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 16:39:29 +00:00
Jeremy Felt 7b5cd0c021 Multisite: Don't store `max_num_pages` in `WP_Network_Query` query cache.
This value can be easily calculated with available data.

Props spacedmonkey.
Fixes #32504.

Built from https://develop.svn.wordpress.org/trunk@38003


git-svn-id: http://core.svn.wordpress.org/trunk@37944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 15:52:28 +00:00
Jeremy Felt d11c9de613 Multisite: Don't store `max_num_pages` in `WP_Site_Query` query cache.
This value can be easily calculated with available data.

Props spacedmonkey.
Fixes #35791.

Built from https://develop.svn.wordpress.org/trunk@38002


git-svn-id: http://core.svn.wordpress.org/trunk@37943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 15:32:29 +00:00
Boone Gorges c6d5f78241 Comments: Cache results of `SELECT FOUND_ROWS()` query.
When comment IDs are fetched from the cache rather than the database,
the subsequent `SELECT FOUND_ROWS()` query will not return the correct value.
To avoid unnecessary queries, we cache the results of the `found_comments`
query alongside the comment IDs.

Props spacedmonkey.
Fixes #37184.
Built from https://develop.svn.wordpress.org/trunk@38001


git-svn-id: http://core.svn.wordpress.org/trunk@37942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 14:27:38 +00:00
Dominik Schilling 1630c97795 Text Changes: Unify a few more permission error messages which were missed in [37914].
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37999


git-svn-id: http://core.svn.wordpress.org/trunk@37940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 11:33:33 +00:00
Dominik Schilling 65eb29ad46 Import: Merge two similar strings.
Props ramiy.
See #34521.
Built from https://develop.svn.wordpress.org/trunk@37998


git-svn-id: http://core.svn.wordpress.org/trunk@37939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 10:53:28 +00:00