Commit Graph

6704 Commits

Author SHA1 Message Date
Dion Hulse daacc37405 Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Fixes #42609.

Built from https://develop.svn.wordpress.org/trunk@42244


git-svn-id: http://core.svn.wordpress.org/trunk@42073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:28:48 +00:00
Dion Hulse 28677d382d Theme/Plugin Editor: Remove the caching added in [41806] as it causes more problems than it fixes.
While caching here seemed like a good idea in theory, in practice the cache would be often stale causing development issues.
We exclude common folders (such as `node_modules`) from the scanning to avoid directories which are not useful to the end-user, so as long as those exclusion lists are held up this shouldn't cause too much of a degredation in the future.
We may consider adding caching here again in the future if it's determined that it is really needed.

Props precies, ibenic, mariovalney, schlessera, and all the others who commented on the ticket(s).
This partually reverts [41806].
See #6531.
Fixes #42573.

Built from https://develop.svn.wordpress.org/trunk@42242


git-svn-id: http://core.svn.wordpress.org/trunk@42071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 02:59:47 +00:00
Gary Pendergast c90cfa3b50 General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42228


git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
Dion Hulse 4073743527 Filesystem: Use a more unique filename in `wp_tempnam()` and `get_filesystem_method()`.
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.

Props jrchamp, bikecrazyy.
Fixes #42265.

Built from https://develop.svn.wordpress.org/trunk@42224


git-svn-id: http://core.svn.wordpress.org/trunk@42053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-24 03:05:50 +00:00
Gary Pendergast a779284c00 General: Reformat inline `if ()` statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42217


git-svn-id: http://core.svn.wordpress.org/trunk@42046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-23 04:09:49 +00:00
Dion Hulse 27116397c5 Upgrade: Fix updating plugins which include a numeric file/folder names.
The fix in [41821] caused numeric folder names to be reindexed to 0..n when in the root directory (for example, `my-plugin/24/`).

Props edo888.
See #41524.
Fixes #42628 for trunk.

Built from https://develop.svn.wordpress.org/trunk@42214


git-svn-id: http://core.svn.wordpress.org/trunk@42043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-21 04:15:47 +00:00
Boone Gorges 2322b40358 Introduce `meta_box_sanitize_cb` taxonomy argument.
The `meta_box_cb` argument was introduced in [25572] to allow plugin
authors to provide a custom callback for rendering their taxonomy's meta
box on the post edit screen. However, the routine used to handle the saving
of these custom taxonomy meta boxes was not customizable, but was instead
based simply on whether the taxonomy was hierarchicaly. See [13535].

The new `meta_box_sanitize_cb` argument defaults to the "tag" routine for
non-hierarchical taxonomies and the "category" routine for hierarchical ones,
thereby maintaining the current default behavior. Developers can override this
when the data passed from their `meta_box_cb` differs.

Props boonebgorges, ZaneMatthew, stephenharris.
Fixes #36514.
Built from https://develop.svn.wordpress.org/trunk@42211


git-svn-id: http://core.svn.wordpress.org/trunk@42040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-21 03:15:50 +00:00
Felix Arntz d14a2988e7 Multisite: Fix broken update `blog_versions` query after [41661].
Props Mista-Flo, lenasterg.
Fixes #42641.

Built from https://develop.svn.wordpress.org/trunk@42210


git-svn-id: http://core.svn.wordpress.org/trunk@42039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-20 23:46:48 +00:00
John Blackbourn 4ef018df2b Docs: Correct the `@since` property for the `page_attributes_misc_attributes` action.
Props jeremyescott, jfarthing84

Fixes #42607

Built from https://develop.svn.wordpress.org/trunk@42203


git-svn-id: http://core.svn.wordpress.org/trunk@42033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-19 11:52:52 +00:00
Felix Arntz d9e4fc273d Multisite: Do not show edit links in network users table for users that cannot be edited.
Props ocean90.
Fixes #42552.

Built from https://develop.svn.wordpress.org/trunk@42202


git-svn-id: http://core.svn.wordpress.org/trunk@42032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-17 21:35:51 +00:00
Sergey Biryukov 1a5adcf722 Rewrite Rules: Correct the logic in `extract_from_markers()` after [41928].
Props stodorovic.
Fixes #42579. See #39920.
Built from https://develop.svn.wordpress.org/trunk@42199


git-svn-id: http://core.svn.wordpress.org/trunk@42029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-16 13:25:50 +00:00
Weston Ruter 609c0db668 Customize: Prevent PHP notice on theme-switch dashboard welcome link (and link to themes admin screen) when user cannot `customize`.
Props skostadinov, ocean90.
Amends [41699].
See #42050.
Fixes #42525.

Built from https://develop.svn.wordpress.org/trunk@42169


git-svn-id: http://core.svn.wordpress.org/trunk@41999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-13 22:45:11 +00:00
John Blackbourn 67c973f95e Docs: Correct parameter type documentation for various `__call()` methods.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42151


git-svn-id: http://core.svn.wordpress.org/trunk@41982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 22:56:47 +00:00
Weston Ruter 10ac2ccd3a Settings: Replace `count()` call with `empty()` in `get_settings_errors()` to prevent PHP 7.2 warnings when `$wp_settings_errors` is `null`.
Props pross, dd32, westonruter.
See #40109.
Fixes #42498 for trunk.

Built from https://develop.svn.wordpress.org/trunk@42146


git-svn-id: http://core.svn.wordpress.org/trunk@41977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 22:30:56 +00:00
Weston Ruter 6c00350575 Settings: Fix date/time format previewing.
Props afercia.
Amends [41857].
Fixes #41603.

Built from https://develop.svn.wordpress.org/trunk@42134


git-svn-id: http://core.svn.wordpress.org/trunk@41965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-09 03:55:46 +00:00
Konstantin Obenland 65c1468ff5 File Editors: Account for network admin use
Fixes a bug where files couldn't be accessed in multisite installs.

Props flixos90, westonruter.
Fixes #42420.


Built from https://develop.svn.wordpress.org/trunk@42115


git-svn-id: http://core.svn.wordpress.org/trunk@41944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-03 18:51:49 +00:00
Weston Ruter 83c29a4d08 Theme Editor: Ensure files listed recursively can be both viewed and edited.
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.

Built from https://develop.svn.wordpress.org/trunk@42112


git-svn-id: http://core.svn.wordpress.org/trunk@41941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-02 23:05:48 +00:00
iandunn 2762709d2a Dashboard: Strip ports from IPs to avoid PHP warnings.
Fixes #41083.
Props pento, iandunn, EatonZ, birgire, dd32.

Built from https://develop.svn.wordpress.org/trunk@42016


git-svn-id: http://core.svn.wordpress.org/trunk@41850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-25 00:07:46 +00:00
Weston Ruter 12c626c82e Update `$_old_files` to add the deleted MediaElement.js files when it was upgraded from 2.22.0 to 4.2.3.
Amends [41198].
See #39686.
Fixes #42097.

Built from https://develop.svn.wordpress.org/trunk@42015


git-svn-id: http://core.svn.wordpress.org/trunk@41849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-25 00:02:50 +00:00
John Blackbourn 2f3e91028a Filesystem API: Add more specificity to the rules for valid files in `validate_file()`.
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

Built from https://develop.svn.wordpress.org/trunk@42011


git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
John Blackbourn 16cfe96580 Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016

Built from https://develop.svn.wordpress.org/trunk@42010


git-svn-id: http://core.svn.wordpress.org/trunk@41844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:11:50 +00:00
Weston Ruter 48e726bbef Embeds: Improve consistency of update and refresh logic for oEmbed caching between `oembed_cache` and post meta.
* Allow updating oEmbed cache during `parse-embed` requests for non-post editors (such as widgets).
* Update any existing `oembed_cache` post when `usecache` and TTL has passed.
* Do not overwrite a previously valid cache with `{{unknown}}`.

Props dlh.
See #34115.
Fixes #42310.

Built from https://develop.svn.wordpress.org/trunk@42009


git-svn-id: http://core.svn.wordpress.org/trunk@41843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:10:48 +00:00
John Blackbourn 4812370aab Docs: Improve the docs for `validate_file()` and `validate_file_to_edit()`.
See #42016, #36170, #41017

Built from https://develop.svn.wordpress.org/trunk@42007


git-svn-id: http://core.svn.wordpress.org/trunk@41841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:50:49 +00:00
Sergey Biryukov 29d5ee851c I18N: Use a consistent pattern for translator comments for placeholders in some more Customizer strings.
See #41974.
Built from https://develop.svn.wordpress.org/trunk@42006


git-svn-id: http://core.svn.wordpress.org/trunk@41840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:47:46 +00:00
Sergey Biryukov f156f90ff5 I18N: Add a context for remaining "Schedule" strings.
Props Mirucon.
Fixes #42165.
Built from https://develop.svn.wordpress.org/trunk@42005


git-svn-id: http://core.svn.wordpress.org/trunk@41839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:35:47 +00:00
Sergey Biryukov 654386a5b7 Taxonomy: After [40984], add the `most_used` label for non-hierarchical taxonomies too, and use it on the Menus screen.
Props johnbillion.
Fixes #41150.
Built from https://develop.svn.wordpress.org/trunk@41987


git-svn-id: http://core.svn.wordpress.org/trunk@41821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 11:23:24 +00:00
Weston Ruter 9093718b15 Editor: Specify `maxwidth` in `parse-embed` requests based on width of editor iframe so that TinyMCE view embeds fit, particularly in Text widgets.
See #40854, #34115.

Built from https://develop.svn.wordpress.org/trunk@41985


git-svn-id: http://core.svn.wordpress.org/trunk@41819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 04:07:50 +00:00
Peter Wilson 339d838475 Comments: Check if `wp_new_comment()` returns an error.
Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance.

Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error.

Props enrico.sorcinelli, ryotsun.
Fixes #39730.


Built from https://develop.svn.wordpress.org/trunk@41980


git-svn-id: http://core.svn.wordpress.org/trunk@41814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:12:51 +00:00
Aaron Jorbin b8fc8cb59c Dashboard: Remove "Try Gutenberg" callout.
Reverting this for 4.9. It will be added back in a future version of WordPress. This doesn't mean that you shouldn't be trying Gutenberg, just that it isn't ready for a call out to a larger audience. But if you are the type to read commit messages, https://github.com/WordPress/gutenberg could use your pull requests and comments on issues.

Reverts [41931] [41900] [41896] [41895]
See #41316


Built from https://develop.svn.wordpress.org/trunk@41978


git-svn-id: http://core.svn.wordpress.org/trunk@41812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 20:48:47 +00:00
Gary Pendergast 0847fab645 Media: Don't backdate media uploaded to pages.
When media is uploaded to a post, the upload directory is set according to the date of the post, so that the media URLs in the post match when the post was published.

A page is a slightly different beast, pages often live for years, and are regularly updated to stay relevant. This change causes media uploaded to pages to use the upload date to determine the upload directory.

Fixes #10752.


Built from https://develop.svn.wordpress.org/trunk@41964


git-svn-id: http://core.svn.wordpress.org/trunk@41798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-21 13:27:48 +00:00
Dion Hulse 26f9c6b909 Transients: Clear expired transients from the database in a daily cron task.
Fixes #41699

Built from https://develop.svn.wordpress.org/trunk@41963


git-svn-id: http://core.svn.wordpress.org/trunk@41797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-21 13:22:49 +00:00
Sergey Biryukov 1accb992f8 Menus: Pass `$recent_args` parameter to `nav_menu_items_{$post_type_name}_recent` filter.
Props welcher, eclev91.
Fixes #39849.
Built from https://develop.svn.wordpress.org/trunk@41941


git-svn-id: http://core.svn.wordpress.org/trunk@41775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-19 13:05:55 +00:00
Sergey Biryukov 15c8976cc4 Dashboard: Add missing URL to "Help with testing" link in Gutenberg callout.
See #41316.
Built from https://develop.svn.wordpress.org/trunk@41931


git-svn-id: http://core.svn.wordpress.org/trunk@41765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 22:41:46 +00:00
Sergey Biryukov 0f06f90341 Rewrite Rules: Remove redundant `if` condition in `extract_from_markers()`.
Props Dency, yahil, appchecker.
Fixes #39920.
Built from https://develop.svn.wordpress.org/trunk@41928


git-svn-id: http://core.svn.wordpress.org/trunk@41762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 21:28:46 +00:00
Sergey Biryukov d2499c4212 Network Admin: After [41923], move the second `<p>` tag to a new line for better readability.
See #41652.
Built from https://develop.svn.wordpress.org/trunk@41924


git-svn-id: http://core.svn.wordpress.org/trunk@41758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 20:51:48 +00:00
Sergey Biryukov a749494900 I18N: Remove hardcoded constant from a translatable string in `network_step1()`.
Props ramiy.
Fixes #41652.
Built from https://develop.svn.wordpress.org/trunk@41923


git-svn-id: http://core.svn.wordpress.org/trunk@41757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 20:02:50 +00:00
Sergey Biryukov 106beec6a7 I18N: Combine two "Warning" strings in `network_step1()` and `network_step2()`.
Props ramiy.
Fixes #38570.
Built from https://develop.svn.wordpress.org/trunk@41921


git-svn-id: http://core.svn.wordpress.org/trunk@41755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 19:50:47 +00:00
Sergey Biryukov a28bd1d36c Plugins: Revert unintended change from [41915].
See #37430.
Built from https://develop.svn.wordpress.org/trunk@41916


git-svn-id: http://core.svn.wordpress.org/trunk@41750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 18:01:49 +00:00
Sergey Biryukov 936bf3661f Plugins: After [41608], make the markup in `WP_Plugin_Install_List_Table::no_items()` a bit more readable.
See #37430.
Built from https://develop.svn.wordpress.org/trunk@41915


git-svn-id: http://core.svn.wordpress.org/trunk@41749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:58:48 +00:00
Sergey Biryukov 4dd637acde Docs: Add `@since` entry for `WP_Automatic_Updater::after_core_update()`, introduced in [25841].
See #41017, #29086.
Built from https://develop.svn.wordpress.org/trunk@41914


git-svn-id: http://core.svn.wordpress.org/trunk@41748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:48:49 +00:00
Weston Ruter ae538512c3 Widgets: Fix previewing embeds in Text widget by allowing `parse-embed` admin ajax requests with an empty `post_ID` just as `WP_oEmbed_Controller::get_proxy_item_permissions_check()` allows.
As of #34115 if there is no post context the oEmbed will be cached in an `oembed_cache` custom post type, so having a post as context is no longer a requirement for caching.

Props biskobe, westonruter.
See #34115, #40450.
Fixes #40854.

Built from https://develop.svn.wordpress.org/trunk@41913


git-svn-id: http://core.svn.wordpress.org/trunk@41747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:40:49 +00:00
Sergey Biryukov 3951984680 I18N: Remove `<b>` tag from a translatable string in `post_submit_meta_box()`.
Props ramiy.
Fixes #41681.
Built from https://develop.svn.wordpress.org/trunk@41910


git-svn-id: http://core.svn.wordpress.org/trunk@41744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:31:48 +00:00
Sergey Biryukov 6b2a4c4574 I18N: Remove `<strong>` tag from a translatable string in `Theme_Upgrader::install_strings()`.
Props ramiy.
Fixes #41695.
Built from https://develop.svn.wordpress.org/trunk@41909


git-svn-id: http://core.svn.wordpress.org/trunk@41743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:20:48 +00:00
Sergey Biryukov 2b9e8abd8f I18N: Remove `<code>` tags from translatable strings in `Core_Upgrader`, `Language_Pack_Upgrader`, `Plugin_Upgrader`, `Theme_Upgrader`.
Props ramiy.
Fixes #41705.
Built from https://develop.svn.wordpress.org/trunk@41908


git-svn-id: http://core.svn.wordpress.org/trunk@41742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 17:15:47 +00:00
Sergey Biryukov f9ff030127 I18N: Replace hardcoded file name in a translatable string in `convert_to_screen()` with a placeholder.
Props ramiy.
Fixes #41668.
Built from https://develop.svn.wordpress.org/trunk@41906


git-svn-id: http://core.svn.wordpress.org/trunk@41740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 15:46:52 +00:00
Gary Pendergast 3981736cd6 Dashboard: Introduce a "Try Gutenberg" callout.
To encourage more people to try Gutenberg, this new Dashboard box allows site users to easily install and try out Gutenberg.

Props pento, melchoyce, joen, karmatosed.
Fixes #41316.


Built from https://develop.svn.wordpress.org/trunk@41895


git-svn-id: http://core.svn.wordpress.org/trunk@41729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 10:04:47 +00:00
Weston Ruter bd9d1d9178 Customize: Allow post/page stubs to be edited in WP Admin as "customization drafts" when changeset is saved as draft or scheduled.
* Update stubs to have draft status when changeset is saved as draft, instead of preventing auto-draft garbage collection by giving them a far-future `post_date`.
* Show notice in publish metabox when editing a customization draft indicating that it will be published automatically with its changeset; a link to Customizer is included.
* Include a new "Customization Draft" display post state in the post list table.
* Disconnect stubs from their changesets when they are updated with a status other than "Draft".
* Trash customization drafts when their related changeset is trashed or deleted.
* Add a `_customize_changeset_uuid` postmeta to stubs to link them with their associated changeset.
* Include `customize_changeset_uuid` as context when requesting to insert a new auto-draft.

Props westonruter, melchoyce.
See #39896, #39752, #34923.
Fixes #42220.

Built from https://develop.svn.wordpress.org/trunk@41887


git-svn-id: http://core.svn.wordpress.org/trunk@41721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-17 20:15:52 +00:00
Andrea Fercia 575e60e96c Administration: Improve consistency of the "not found" strings.
Partially reverts [41608] restoring the original strings without the word `query`.

See #37430.
Fixes #42231.

Built from https://develop.svn.wordpress.org/trunk@41878


git-svn-id: http://core.svn.wordpress.org/trunk@41712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-16 18:14:48 +00:00
Weston Ruter 0659de4e21 File Editors: Display list of theme/plugin files in scrollable directory tree.
Props WraithKenny, afercia, melchoyce, westonruter.
Amends [41721].
Fixes #24048.

Built from https://develop.svn.wordpress.org/trunk@41851


git-svn-id: http://core.svn.wordpress.org/trunk@41685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-13 02:39:47 +00:00
Dion Hulse b35cf2f529 Upgrades: Remove the usage of `each()` from `WP_Upgrader` for PHP 7.2 compatibility.
Props chrisvendiadvertisingcom, dd32.
Fixes #41524

Built from https://develop.svn.wordpress.org/trunk@41821


git-svn-id: http://core.svn.wordpress.org/trunk@41655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 04:24:50 +00:00
Weston Ruter 3609d0c4c5 Plugin Editor: Revert superseded changes to `activate_plugin()` and `plugin_sandbox_scrape()`.
Partially revert [41671], [41561], [41560].
See #21622.
Fixes #39766.

Built from https://develop.svn.wordpress.org/trunk@41819


git-svn-id: http://core.svn.wordpress.org/trunk@41653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 00:03:48 +00:00
Gary Pendergast 58db3cb54e File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.


Built from https://develop.svn.wordpress.org/trunk@41806


git-svn-id: http://core.svn.wordpress.org/trunk@41640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:34:49 +00:00
Weston Ruter 1a22fb3b60 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.

Built from https://develop.svn.wordpress.org/trunk@41805


git-svn-id: http://core.svn.wordpress.org/trunk@41639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:27:49 +00:00
Weston Ruter 35b5c9e762 Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in `top` window.
* Open the door for future browser history feature in #28536, which is currently not feasible when customize-loader is used.
* Remove customizer-loader from being used on admin screens for Dashboard, Themes, non-shiny theme install/update.
* Keep the customize-loader functionality available for plugins, for the time being. It may become deprecated.
* Ensure `return` param in customizer links in Themes screen update to reflect `search` updated by `pushState`.
* Persist `return` when reloading Customizer due to theme switch, autosave restoration, or changeset trashing.
* Use `location.replace()` instead of changing `location.href` when trashing.
* Hide theme browser while Themes screen is loading when there is a `search` to prevent flash of unfiltered themes.
* Use throttling instead of debouncing when searching themes to ensure that screen is updated immediately on page load.
* Fix encoding and decoding of `search` param between URL and search field.
* Add support for dismissing autosaves when closing customize-loader, when it is used by plugins.
* Skip sending changeset UUID to customize-loader for population in browser location if changeset branching is not enabled.

See #28536.
Fixes #40254.

Built from https://develop.svn.wordpress.org/trunk@41797


git-svn-id: http://core.svn.wordpress.org/trunk@41631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 16:04:48 +00:00
Sergey Biryukov 561bde29c7 Administration: Add `.protected-post-excerpt` class to password-protected post excerpts in the posts list.
Props Soean, mp518, slaFFik, SergeyBiryukov.
Fixes #41426.
Built from https://develop.svn.wordpress.org/trunk@41770


git-svn-id: http://core.svn.wordpress.org/trunk@41604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 02:50:46 +00:00
Sergey Biryukov 33beafaf02 Posts, Post Types: Introduce `page_attributes_misc_attributes` action that fires before the help hint text in the 'Page Attributes' meta box.
Props markcallen, MikeHansenMe.
Fixes #34034.
Built from https://develop.svn.wordpress.org/trunk@41763


git-svn-id: http://core.svn.wordpress.org/trunk@41597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:55:47 +00:00
Gary Pendergast 37aa531cd4 Plugins: Tweak the plugin icons added in [41695].
- Remove plugins icons from the plugin list table, as there were performance issues loading the icons when the site had lots of plugins.
- Depending on which icons the plugin has uploaded, prefer them in this order: `svg`, `128x128`, `256x256`.
- Improve the style of the fallback icon for plugins that don't have an icon defined.

Props Travel_girl, danieltj, afercia, karmatosed,hugobaeta, empireoflight, brentjett, melchoyce, pento.
Fixes #30186.


Built from https://develop.svn.wordpress.org/trunk@41755


git-svn-id: http://core.svn.wordpress.org/trunk@41589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 23:43:46 +00:00
John Blackbourn 50948669eb Users: Revert [41613], [41614], and [41623] as this feature needs some more work.
See #38741

Built from https://develop.svn.wordpress.org/trunk@41753


git-svn-id: http://core.svn.wordpress.org/trunk@41587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 22:17:46 +00:00
Mike Schroder e8a1a7ab2b Media: Store video creation date in meta.
When able to be parsed, store the created date for a video file from meta,
since this is useful separately from the dates on the file itself.

Introduces `wp_get_media_creation_timestamp()` to read the timestamp from
getID3 and a `wp_read_video_metadata` filter analogous to
`wp_read_image_metadata`.

Fixes #35218.
Props stevegrunwell, joemcgill, desrosj, blobfolio, mikeschroder.
Built from https://develop.svn.wordpress.org/trunk@41746


git-svn-id: http://core.svn.wordpress.org/trunk@41580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 19:32:47 +00:00
John Blackbourn fbd44ee554 Security: Add a referrer policy header to the admin and login screens.
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036

Built from https://develop.svn.wordpress.org/trunk@41741


git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
Weston Ruter 5f7a5c1246 File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

Built from https://develop.svn.wordpress.org/trunk@41721


git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 00:20:45 +00:00
Felix Arntz 1130241bbd Multisite: Replace calls to `refresh_blog_details()` with `clean_blog_cache()`.
Fixes #42077. See #40201.

Built from https://develop.svn.wordpress.org/trunk@41717


git-svn-id: http://core.svn.wordpress.org/trunk@41551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 19:05:46 +00:00
John Blackbourn f4f31bc598 Plugins: Introduce a singular and plural form for the plugin deletion error message.
Props eddhurst, SergeyBiryukov

Fixes #38918

Built from https://develop.svn.wordpress.org/trunk@41713


git-svn-id: http://core.svn.wordpress.org/trunk@41547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 17:13:46 +00:00
Sergey Biryukov af4cda27cc Posts, Post Types: Simplify the wording in post locking notice.
Props munyagu.
Fixes #42023.
Built from https://develop.svn.wordpress.org/trunk@41706


git-svn-id: http://core.svn.wordpress.org/trunk@41540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 15:11:48 +00:00
Weston Ruter a3ad1e8c57 Customize: Update dashboard welcome link to point to themes panel in the customizer instead of themes admin screen.
Props celloexpressions.
Fixes #42050.

Built from https://develop.svn.wordpress.org/trunk@41699


git-svn-id: http://core.svn.wordpress.org/trunk@41533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 04:13:46 +00:00
Gary Pendergast 7e33702830 Plugins: Add plugin icons to the plugin list tables.
To mirror theme list table behaviour, the plugin icon now appears next to plugins in the plugin list tables. For plugins that don't have an icon, or non-W.org plugins, a fallback dashicon is shown.

Props melchoyce, afercia, paulwilde, pento, obenland.
Fixes #30186.


Built from https://develop.svn.wordpress.org/trunk@41695


git-svn-id: http://core.svn.wordpress.org/trunk@41529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 00:25:46 +00:00
John Blackbourn 4a16295dc5 Docs: Standardise the format used for documenting parameters passed by reference.
See #35974, #41017

Built from https://develop.svn.wordpress.org/trunk@41688


git-svn-id: http://core.svn.wordpress.org/trunk@41522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:14:46 +00:00
John Blackbourn 9fdbe6538e Docs: Remove `&` prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Andrea Fercia a42b9cebde Quick/Bulk Edit: Improve the inline error messages styling.
- uses the core `notice` styles for the Quick Edit form inline error messages
- adds missing periods at the end of a few error messages

Props ocean90, karmatosed, melchoyce, afercia.
Fixes #35496.

Built from https://develop.svn.wordpress.org/trunk@41684


git-svn-id: http://core.svn.wordpress.org/trunk@41518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 21:52:52 +00:00
Andrea Fercia 6a6795382a Accessibility: List Tables: use `aria-current` for the views current link.
The `aria-current` attribute is a simple, effective way to help assistive
technologies users orientate themselves within a list of items. Continues the 
introduction in core of the `aria-current` attribute after [41359] and [41371].

Props joedolson, flixos90, afercia.
Fixes #32399.

Built from https://develop.svn.wordpress.org/trunk@41683


git-svn-id: http://core.svn.wordpress.org/trunk@41517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 19:44:47 +00:00
Weston Ruter 31647252e7 Plugin Editor: Remove `plugins_loaded` from being re-triggered in `plugin_sandbox_scrape()`.
Props jdgrimes.
Amends [41560].
Fixes #39766.

Built from https://develop.svn.wordpress.org/trunk@41671


git-svn-id: http://core.svn.wordpress.org/trunk@41505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 17:07:49 +00:00
Jeremy Felt abdfe59c28 Multisite: Use `get_current_blog_id()` instead of `$wpdb->blogid`.
`get_current_blog_id()` is more appropriate for determining the ID of the current site in most cases. This eliminates the need for the global `$wpdb` in several functions and is better than the implicit global used in admin pages.

Props bnap00, spacedmonkey.
Fixes #41684.

Built from https://develop.svn.wordpress.org/trunk@41661


git-svn-id: http://core.svn.wordpress.org/trunk@41495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 01:44:47 +00:00
Andrea Fercia 1f4dab28fe Accessibility: Improve the Theme Details modal accessibility.
- sets the modal content to `role="document"` to make screen readers switch back to browse mode
- standardizes the Themes screen and Customizer modals interaction
- Themes screen modal: sets initial focus on the modal overlay instead of the primary button, avoiding to "skip" content for keyboard and screen reader users

Fixes #42055.

Built from https://develop.svn.wordpress.org/trunk@41658


git-svn-id: http://core.svn.wordpress.org/trunk@41492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-01 13:48:46 +00:00
Weston Ruter 76f590b99b Customize: Introduce a new experience for discovering, installing, and previewing themes within the customizer.
Unify the theme-browsing and theme-customization experiences by introducing a comprehensive theme browser and installer directly accessible in the customizer. Replaces the customizer theme switcher with a full-screen panel for discovering/browsing and installing themes available on WordPress.org. Themes can now be installed and previewed directly in the customizer without entering the wp-admin context. Also includes an extensible framework for browsing and installing themes from other sources.

Also includes CSS auto-prefixing added via `grunt precommit:css`.

For details, see: https://make.wordpress.org/core/2016/10/03/feature-proposal-a-new-experience-for-discovering-installing-and-previewing-themes-in-the-customizer/

Previously [38813] but reverted in [39140].
Fixes #37661, #34843, #38666.
Props celloexpressions, folletto, westonruter, karmatosed, melchoyce, afercia.

Built from https://develop.svn.wordpress.org/trunk@41648


git-svn-id: http://core.svn.wordpress.org/trunk@41482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-29 20:13:50 +00:00
Sergey Biryukov 6a2b59745e I18N: Use a consistent pattern for translator comments for placeholders in `wp-admin/includes/dashboard.php`.
See #41974.
Built from https://develop.svn.wordpress.org/trunk@41641


git-svn-id: http://core.svn.wordpress.org/trunk@41475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-29 11:44:45 +00:00
Gary Pendergast 0028a9555e Database: Don't quote placeholders in queries going through `$wpdb->prepare()`
To bring Core into line with the changes to `$wpdb->prepare()` in WordPress 4.8.2, query placeholders shouldn't be quoted.

Props jrf, johnjamesjacoby.
Fixes #41983.


Built from https://develop.svn.wordpress.org/trunk@41628


git-svn-id: http://core.svn.wordpress.org/trunk@41463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-28 04:32:46 +00:00
Andrea Fercia 8c7a2b1d54 Accessibility: Improve the sidebar toggles in the Widgets screen.
- uses button elements for the toggles
- uses `aria-expanded` on the toggles to communicate to assistive technologies the panels expanded/collapsed state
- adds the "circular focus" style to the toggles to give users a clear indication of the currently focused element
- standardizes CSS class names to `.toggle-indicator` and `.handlediv` as these names are already used across the admin for similar controls

Props monikarao, xavortm, mihai2u, Kopepasah.
Fixes #37013.

Built from https://develop.svn.wordpress.org/trunk@41621


git-svn-id: http://core.svn.wordpress.org/trunk@41456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 16:29:44 +00:00
John Blackbourn 50a7d2b121 Options, Meta APIs: Require a confirmation link in an email to be clicked when a user attempts to change the network
admin email address on Multisite.

This mirrors the same functionality for the site admin email address and user profile email address.

Fixes #41254

Built from https://develop.svn.wordpress.org/trunk@41617


git-svn-id: http://core.svn.wordpress.org/trunk@41452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 14:17:45 +00:00
John Blackbourn 807bc5a6c9 Users: Introduce the concept of a large site in order to speed up the Users screen when there are many users.
Calling the `count_users()` function is expensive, regardless of the counting strategy that's used, and it gets
slower the more users there are on a site. In order to speed up the Users screen in the admin area, calling
`count_users()` can be avoided entirely while still displaying the total count for users.

This introduces some new functions:

* `wp_is_large_user_count()`
* `wp_get_active_user_count()`
* `wp_update_active_user_count()`

A corresponding `wp_is_large_user_count` filter is also introduced.

Props tharsheblows, johnbillion

Fixes #38741

Built from https://develop.svn.wordpress.org/trunk@41613


git-svn-id: http://core.svn.wordpress.org/trunk@41448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 13:04:47 +00:00
Pascal Birchler 0fe4c3b3f2 Upgrade/Install: Fix updating plugins on the Add Plugins screen.
Props imath.
Fixes #41407.

Built from https://develop.svn.wordpress.org/trunk@41612


git-svn-id: http://core.svn.wordpress.org/trunk@41447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 11:59:47 +00:00
Pascal Birchler 2dd83960b9 Upgrade/Install: Show new version number when updating a theme on Multisite.
Props afragen.
Fixes #40764.

Built from https://develop.svn.wordpress.org/trunk@41611


git-svn-id: http://core.svn.wordpress.org/trunk@41446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 09:44:45 +00:00
Pascal Birchler 1f5c7470fb Plugins: Improve error messages on plugins screen.
This unifies the layout and wording of error messages on both the plugins screen and the themes screen.

Props tinkerbelly, juhise, Ankit K Gupta, m1tk00, swissspidy, mrahmadawais, danieltj.
Fixes #37430.

Built from https://develop.svn.wordpress.org/trunk@41608


git-svn-id: http://core.svn.wordpress.org/trunk@41443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 08:46:45 +00:00
Dion Hulse db86c635ba Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate.
This also standardises the `User-Agent` used when communicating with WordPress.org, allowing for more consistent version detection.

Fixes #42004.

Built from https://develop.svn.wordpress.org/trunk@41605


git-svn-id: http://core.svn.wordpress.org/trunk@41440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 08:00:49 +00:00
Pascal Birchler fce70235f2 Permalinks: Change structure tag button state more reliably.
Changes the highlighted tag buttons accordingly when selecting one of the commong permalink settings.

Deprecates `options_permalink_add_js()` as that JavaScript isn't added inline anymore.

Fixes #29872.

Built from https://develop.svn.wordpress.org/trunk@41598


git-svn-id: http://core.svn.wordpress.org/trunk@41433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-26 08:24:46 +00:00
Andrew Ozz a5f8097899 Retire Press This and extract it to a plugin. First run.
Props kraftbj, azaozz.
See #41689.
Built from https://develop.svn.wordpress.org/trunk@41584


git-svn-id: http://core.svn.wordpress.org/trunk@41417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-24 14:22:54 +00:00
Sergey Biryukov d379f839cf Posts, Post Types: Pass `$post` parameter to `post_submitbox_start`, `attachment_submitbox_misc_actions`, `media_submitbox_misc_sections`, `audio_submitbox_misc_sections` filters.
Props sebastian.pisula, SergeyBiryukov.
Fixes #36206.
Built from https://develop.svn.wordpress.org/trunk@41581


git-svn-id: http://core.svn.wordpress.org/trunk@41414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-23 17:07:46 +00:00
Sergey Biryukov c28cc57f3b Quick/Bulk Edit: Remove duplicate `inline-edit-{$screen->post_type}` CSS class from Quick Edit table rows.
Props ibachal.
Fixes #41906.
Built from https://develop.svn.wordpress.org/trunk@41576


git-svn-id: http://core.svn.wordpress.org/trunk@41409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-23 11:02:46 +00:00
Andrew Ozz 58b769a057 Plupload: also delete `plupload.full.min.js` when updating.
See #41755.
Built from https://develop.svn.wordpress.org/trunk@41571


git-svn-id: http://core.svn.wordpress.org/trunk@41404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 20:48:46 +00:00
Sergey Biryukov 4db08514ea Taxonomy: Convert tag cloud in Tags meta box to a list (`<ul>`) for better semantics and accessibility.
An unordered list allows screen reader users to know in advance how many tags are within the list.

Props audrasjb, afercia.
Fixes #40187.
Built from https://develop.svn.wordpress.org/trunk@41563


git-svn-id: http://core.svn.wordpress.org/trunk@41396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 11:28:44 +00:00
Weston Ruter bf1eb1b505 Plugin Editor: Use `include_once` instead of `include` in `plugin_sandbox_scrape()` to fix unit tests broken with [41560].
See #39766.

Built from https://develop.svn.wordpress.org/trunk@41561


git-svn-id: http://core.svn.wordpress.org/trunk@41394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 02:01:45 +00:00
Weston Ruter aff467e1cb Plugin Editor: Improve reliability of detecting PHP fatal errors when editing an active plugin.
* Invalidate PHP opcache after file is updated to ensure `include` will ''include'' the written changes.
* Define `WP_ADMIN` when activating plugin in sandbox so plugin code targeting admin will be loaded.
* Do actions that get triggered when loading the admin to ensure plugin code runs that could cause errors on plugin editor screen (and lock out access).
* Fix ability to re-activate a plugin after editing a PHP file other than the main plugin file, and ensure PHP fatal error will be displayed in such cases.
* Consolidate duplicated code into `plugin_sandbox_scrape()` and re-use in `activate_plugin()`.
* Show an error notice instead of a success notice when a file is updated but a plugin was deactivated due to a fatal error.
* Update style of warning when editing an active plugin to be styled as an actual warning notice.

See #12423, #21622.
Fixes #39766.

Built from https://develop.svn.wordpress.org/trunk@41560


git-svn-id: http://core.svn.wordpress.org/trunk@41393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 01:36:48 +00:00
Adam Silverstein 415e9379f9 Revisions: correct a timezone display issue.
When preparing the data for the revisions screen, add ' +0000' to the gmt date string before passing it thru `strtotime`.

Props biranit, nacin, buley.
Fixes #25365.

Built from https://develop.svn.wordpress.org/trunk@41559


git-svn-id: http://core.svn.wordpress.org/trunk@41392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-21 23:33:44 +00:00
Andrew Ozz 76296ef657 Remove SWFUpload,
- Refactor swfupload.js to output a simple upload form, and handlers.js.
- Delete the SWFUpload plugins directory and swfupload.swf.
- Remove flash cookies "hack" from async-upload.php.

See #41752.
Built from https://develop.svn.wordpress.org/trunk@41554


git-svn-id: http://core.svn.wordpress.org/trunk@41387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-21 16:35:48 +00:00
John Blackbourn 69de73224f Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Built from https://develop.svn.wordpress.org/trunk@41457


git-svn-id: http://core.svn.wordpress.org/trunk@41290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:36:47 +00:00
John Blackbourn e088205014 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Props kawauso, Mte90 for initial patches

Fixes #13377

Built from https://develop.svn.wordpress.org/trunk@41399


git-svn-id: http://core.svn.wordpress.org/trunk@41232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:11:43 +00:00
Weston Ruter 90bedf8f9d Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.

Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes #12423, #39892.

Built from https://develop.svn.wordpress.org/trunk@41376


git-svn-id: http://core.svn.wordpress.org/trunk@41209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-13 06:08:47 +00:00
Weston Ruter 203d220c6f Customize: Re-use homepage settings help tab text from Reading Options admin screen in description for corresponding Customizer section.
Also remove "Static" reference in template name, missed in [41363].

See #41829.

Built from https://develop.svn.wordpress.org/trunk@41364


git-svn-id: http://core.svn.wordpress.org/trunk@41197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 17:08:43 +00:00
Weston Ruter a74e98d7be Customize: Rename "Static front page" to just "Homepage".
Props danieltj, melchoyce.
Fixes #41828.

Built from https://develop.svn.wordpress.org/trunk@41363


git-svn-id: http://core.svn.wordpress.org/trunk@41196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 16:20:44 +00:00
Weston Ruter 9b5d71bad0 Widgets: Add dirty state tracking for widgets on admin screen.
* Mark a widget as dirty when a field input triggers a `change` or `input` event; clear dirty state when widget is successfully saved.
* Disable Save button and re-label "Saved" when widget not dirty.
* Show AYS dialog when leaving widgets admin screen with unsaved changes.
* When widgets are dirty, expand all unsaved widgets at AYS check and focus on first one.
* Change "Close" link to "Done"; hide link when widget is dirty and reveal when saved.
* The "Done" link persistently appears in the Customizer even after making a change (when the widget is dirty) because changes are autosaved into the changeset.
* Prevent saving widget when form fails `checkValidity`.
* Fix frequency of triggering of `change` event on the rich Text widget's `textarea` limited now to when there are actual changes.
* Add a class of `widget-dirty` to widget containers when the widget has unsaved changes.

Props westonruter, timmydcrawford, melchoyce.
Fixes #41610, #23120.

Built from https://develop.svn.wordpress.org/trunk@41352


git-svn-id: http://core.svn.wordpress.org/trunk@41185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-08 19:11:43 +00:00
Felix Arntz 6ced176459 Multisite: Use `get_network()` in `populate_network()` to check whether a network with the given ID already exists.
When multisite is setup already, e.g. in a multi network environment, this change gives a performance benefit over the direct SQL query that was previously used. The SQL query remains in place for when setting up multisite initially as the network API is not available at that point.

Props spacedmonkey.
Fixes #41805.

Built from https://develop.svn.wordpress.org/trunk@41348


git-svn-id: http://core.svn.wordpress.org/trunk@41181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-08 16:33:43 +00:00