While it might seem counter-intuitive to remove HTML escaping, these fields are already safe (they originate in `_get_plugin_data_markup_translate()` which handles sanitization and escaping), and the AuthorName field actually allows some HTML. This change prevents escaped HTML from appearing here.
Fixes#25422
Built from https://develop.svn.wordpress.org/trunk@34973
git-svn-id: http://core.svn.wordpress.org/trunk@34938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$screen` parameter in both functions can now accept a single screen ID, `WP_Screen` object, or an array of screen IDs.
Adds tests.
Props coffee2code, iamfriendly, madalinungureanu, mordauk, igmoweb, meloniq, DrewAPicture.
See #15000.
Built from https://develop.svn.wordpress.org/trunk@34951
git-svn-id: http://core.svn.wordpress.org/trunk@34916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.
See #28290.
Built from https://develop.svn.wordpress.org/trunk@34912
git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 4.3 the widget controls were fully initialized up front along with the sidebar controls. The sidebar control depended (unnecessarily) on the widget control to ensure that `wp.customize.Widgets.savedWidgetIds` was defined. So after [34563] there could be a situation where the widgets are added/removed from a sidebar before their controls are initialized (if the sidebar section is never expanded), resulting in an error attempting to get a property off of an undefined value. So this change does the right thing and defines `savedWidgetIds` up front.
Also changes the `savedWidgetIds` variable type from an array to an object, to match how it is used as a dictionary lookup.
See #33901.
Built from https://develop.svn.wordpress.org/trunk@34883
git-svn-id: http://core.svn.wordpress.org/trunk@34848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.
A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available. However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.
The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.
Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828
git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After some discussion, it was decided that Multisite vs single site context can just as easily be derived using available functions like `is_network_admin()`, `get_current_screen()`, etc., rendering the second parameter moot. The hook was introduced in [34796].
Fixes#25360.
Built from https://develop.svn.wordpress.org/trunk@34813
git-svn-id: http://core.svn.wordpress.org/trunk@34778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The current list table is passed as a second parameter, `$this`, and can take the form of either a `WP_Users_List_Table` or `WP_MS_Users_List_Table` instance depending on the context in which the filter was evaluated.
Props juliobox for the initial patch.
Fixes#25360.
Built from https://develop.svn.wordpress.org/trunk@34796
git-svn-id: http://core.svn.wordpress.org/trunk@34761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of using `Array.toString()` to serialize an array with comma delimiters, explicitly `join` the array using spaces instead. Also ensure that `xfn` is handled properly if it ever gets stored as an array.
Props tyxla, westonruter.
Fixes#34111.
Built from https://develop.svn.wordpress.org/trunk@34788
git-svn-id: http://core.svn.wordpress.org/trunk@34753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the `$action` type is 'query_plugins' or 'plugin_information', the API will return an object, thus an object should be passed if replacing it. For 'hot_tags' and 'hot_categories', the same logic applies, but with arrays instead.
See #34035.
Built from https://develop.svn.wordpress.org/trunk@34763
git-svn-id: http://core.svn.wordpress.org/trunk@34728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_update_plugins()` and `wp_update_themes()` are both hooked into `upgrader_process_complete` with priority 10. But at this stage the caches in `get_plugins()`, `search_theme_directories()`, and `wp_get_themes()` aren't refreshed yet so both functions couldn't fetch any translations for the new plugin/theme.
To reset the caches `wp_clean_themes_cache()` and `wp_clean_plugins_cache()` are now hooked into `upgrader_process_complete` with priority 9.
Fixes#34029.
Built from https://develop.svn.wordpress.org/trunk@34751
git-svn-id: http://core.svn.wordpress.org/trunk@34716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The main site on a new network is forced by default into using `/blog` as the prefix for its permalink structure. This can be changed easily through the network admin, though the `options-permalink.php` screen is then unusable to make further changes to the structure.
Now, if `/blog/` is not at the beginning of the `permalink_structure` option, we do not force `/blog` as a prefix in the UI.
Fixes#12002.
Built from https://develop.svn.wordpress.org/trunk@34749
git-svn-id: http://core.svn.wordpress.org/trunk@34714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Also, add a "Edit Comment" legend before the Quick Edit form to pair it with "Reply to Comment" and "Add new Comment" and move the Name, Email, and URL fields after the Comment textarea.
Props joedolson, afercia.
Fixes#33757.
Built from https://develop.svn.wordpress.org/trunk@34743
git-svn-id: http://core.svn.wordpress.org/trunk@34708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The call to `flock()` is an exclusive advisory lock, which in my testing only PHP respects (apache continues to read it).
Not all filesystems support locking (remote NFS mounts for example) so this offers minimal benefit to those platforms, but offers much better protection against file corruption on systems which do support it.
The call is blocking, so a second process will wait for the first to complete before writing if supported.
See #31767
Built from https://develop.svn.wordpress.org/trunk@34740
git-svn-id: http://core.svn.wordpress.org/trunk@34704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes issues where SSH2 with chrooted environments runs into a `Unable to locate WordPress Content directory (wp-content).` error.
The workaround is to simply list the contents of the `/./` directory instead of `/`.
Fixes#33919
Built from https://develop.svn.wordpress.org/trunk@34738
git-svn-id: http://core.svn.wordpress.org/trunk@34702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change causes it to list the parent directories files, and assets that the node exists within the returned listing, this is a little more compatible than relying upon the FTP server to correctly filter the returned resultset to the specific file/node being requested.
Fixes#28013
Built from https://develop.svn.wordpress.org/trunk@34733
git-svn-id: http://core.svn.wordpress.org/trunk@34697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add 2 methods to `WP_List_Table`, `->get_orderby()` and `->get_order()`. Override the methods in `WP_Posts_List_Table`.
`WP_Posts_List_Table` calls `wp_edit_posts_query()` in `->prepare_items()` which is a wrapper for `wp()`. As such, we can obtain `orderby` and `order` via `get_query_var()`, instead of the URL.
Fixes#25493.
Built from https://develop.svn.wordpress.org/trunk@34728
git-svn-id: http://core.svn.wordpress.org/trunk@34692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the same `$post_new_file` global variable name in `wp-admin/menu.php` in [33723] was unintentional, but we're already unsetting other variables that are in global scope so we can just unset this one as well. Someday the admin menu won't be a big pile of sad and cryptic globals. Maybe.
props johnjamesjacoby, norcross.
fixes#34045.
Built from https://develop.svn.wordpress.org/trunk@34723
git-svn-id: http://core.svn.wordpress.org/trunk@34687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, unattached attachments would have unsightly `/?attachment_id=1` URLs. As we've moved away from attachments being specifically attached to posts, instead being Media items, this has made the unattached URLs a more common occurrence.
We can breath easy once more, knowing that the world is a little bit safer from the horror of unnecessarily ugly URLs.
Props SergeyBiryukov, wonderboymusic, pento.
Fixes#1914.
Built from https://develop.svn.wordpress.org/trunk@34690
git-svn-id: http://core.svn.wordpress.org/trunk@34654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there were two persistent "View Post" links on an edit screen: next to the permalink and in the toolbar. This would then become three links after a post was published or updated, as a link is also included in the admin notice. This is a lot of redundancy and visual noise for a flow that is not your primary action upon starting to edit a post. The "View Post" link next to the sample permalink was particularly bad because it is styled like a button, but unlike a button, does not keep you on the current screen.
Because the permalink is now linked, there is no highlighted slug that you can click to edit, but rather just the "Edit" button.
props scribu, lessbloat, sabreuse, SergeyBiryukov, DrewAPicture, helen.
see #18306.
Built from https://develop.svn.wordpress.org/trunk@34670
git-svn-id: http://core.svn.wordpress.org/trunk@34634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Adds a matrix-like data table demonstrating which arguments are available for the different `$action` types
* Adjusts the return types to accommodate an `array` for the 'hot_tags' `$action` choice
Props ocean90.
See #34035.
Built from https://develop.svn.wordpress.org/trunk@34641
git-svn-id: http://core.svn.wordpress.org/trunk@34605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds:
* A hash notation with descriptions for all accepted arguments
* A matrix-like data table demonstrating which arguments are available for the different `$action` types
* A better summary and description with linked hooks
* An improved return description with a link to external information
Props ocean90.
See #34036.
Built from https://develop.svn.wordpress.org/trunk@34640
git-svn-id: http://core.svn.wordpress.org/trunk@34604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Normally when there are multiple comma-separated values in CSS, each one would go on its own indented line. However, Autoprefixer appears to be tripping up on gradients at the moment, so it's going to stay on one line until we investigate upstream.
see #33299.
Built from https://develop.svn.wordpress.org/trunk@34637
git-svn-id: http://core.svn.wordpress.org/trunk@34601 1a063a9b-81f0-0310-95a4-ce76da25c4cd