This is a restoration of [31749] which was reverted in [31755].
It includes a number of enhancements from the original version. Namely:
* Not doing a credential check in src/wp-includes/script-loader.php
* Add new function `wp_print_request_filesystem_credentials_modal`
* update the version number in the list table when a plugin is updated
UI still needs further work, but this basic version should enable more testing
Props ericlewis, jorbin
See #31528
Built from https://develop.svn.wordpress.org/trunk@31811
git-svn-id: http://core.svn.wordpress.org/trunk@31793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a first pass at requesting FTP and SSH credentials when needed during shiny updates. Styling and some UX improvements are still needed, but we do show the prompt and use the passed data when doing plugin installs and updates for shiny updates. There are also a couple of areas that we could improve code wise such how we create the requestFilesystemCredentials part of the localized _wpUpdatesSettings. Over the past half century, we've split the atom, we've spliced the gene and we've roamed Tranquility Base. We've reached for the stars and never have we been closer to having them in our grasp. That has nothing to do with shiny updates.
Props ericlewis, jorbin, and drewapicture for testing
Fixes#31528
Built from https://develop.svn.wordpress.org/trunk@31749
git-svn-id: http://core.svn.wordpress.org/trunk@31730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use `wp.shortcode()` instead of manually constructing a shortcode in `views/embed/link`
* Allow a URL to transition to a shortcode (and vice versa) when returning an embed to TinyMCE
* In `WP_Embed`, store the last URL and last set of attributes requested in class properties
* `wp_ajax_parse_embed()`, allow `[embed]`s to have attributes. Return `attr` in the response.
This is a first pass to allow broad testing with recent MCE view changes.
See #31139.
Built from https://develop.svn.wordpress.org/trunk@31620
git-svn-id: http://core.svn.wordpress.org/trunk@31601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML4 Plupload handler uses a hidden iframe to POST the upload form,
Unfortunately Internet Explorer 9 doesn't support the `application/json`
content-type which `wp_send_json_success()` and requires `text/html` instead.
This partially reverts [30354], keeping the better error messages.
Fixes#31037 for trunk.
Built from https://develop.svn.wordpress.org/trunk@31429
git-svn-id: http://core.svn.wordpress.org/trunk@31410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The UI for these taxonomies was hidden in [31308], but it remained possible to
send a direct POST request to the `inline-edit` endpoint to bypass the
restriction. The current changeset fixes this.
Props meloniq.
Fixes#26948.
Built from https://develop.svn.wordpress.org/trunk@31313
git-svn-id: http://core.svn.wordpress.org/trunk@31294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Bump MediaElement script loader versions to 2.16.2 - missed in [30634], oops!
* Add `Froogaloop` to `js/mediaelement` scripts for Vimeo
* Check for Vimeo in the same locations that YouTube is checked
* Dynamically load Froogaloop script in admin when editing a TinyMCE view
* Edit MediaElement to call `mejs.$.extend` instead of `$.extend` in `mejs.HtmlMediaElementShim.createPlugin()`, since `$` is not available via WP's jQuery (I will report this upstream):
6f9a78e008/src/js/me-shim.js (L631)Fixes#29267.
Built from https://develop.svn.wordpress.org/trunk@31016
git-svn-id: http://core.svn.wordpress.org/trunk@30997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the token is set (`$keep` is a string), this means the user is viewing their own profile-editing screen and destroying their own sessions (except the current one). If it isn't set (`$keep` is null), the user is editing another user's profile and destroying all of their sessions with no exceptions.
See #30264, #30469
Built from https://develop.svn.wordpress.org/trunk@30595
git-svn-id: http://core.svn.wordpress.org/trunk@30585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Variables in DocBlocks should be backtick-escaped
* Parameter and return types should be as specific as possible
* `@param` types and variables should align with each other, but not intentionally with the `@return` description
See #30230.
Built from https://develop.svn.wordpress.org/trunk@30284
git-svn-id: http://core.svn.wordpress.org/trunk@30284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use a `MutationObserver` to listen to the `body` class of the parent editor frame.
* In `wpview_media_sandbox_styles()`, only return the MEjs stylesheets.
* In `wp_ajax_parse_media_shortcode()` and `wp_ajax_parse_embed()`, return an object instead of an HTML blob to allow passing `body` and `head` separately
Props avryl, azaozz.
Fixes#29048.
Built from https://develop.svn.wordpress.org/trunk@29615
git-svn-id: http://core.svn.wordpress.org/trunk@29389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a setting to `_wpMediaViewsL10n.settings`: `mediaTrash`
* In the attachment edit modal, properly toggle between Trash/Untrash
* In `media.view.Attachment`, add a method for `untrashAttachment`
* When creating the grid toolbar, switch the setting order of subviews so that `media.view.DeleteSelectedButton` can listen to the instance of `media.view.AttachmentFilters.All` to update the text in its UI.
* Add a new filter to `media.view.AttachmentFilters.All`, `trash`, when `settings.mediaTrash` is true
* Allow the cached queries in `Query.get()` to be flushed when race conditions exist and collections need to be refreshed. This is currently only being used when `MEDIA_TRASH` is set, to refresh the filtered/mirrored collections related to `all`, `trash`, and any already queried filter.
* Cleanup the bootstrapping of `media.view.MediaFrame.Manage`
* Allow `wp_ajax_query_attachments()` to return items from the trash when `MEDIA_TRASH` is `true`
* Allow `wp_ajax_save_attachment()` to set `post_status` when `MEDIA_TRASH` is `true`. It allows `wp_delete_post()` to be called, which will trash the attachment instead of deleting when the flag is set.
Props koop for the knowledge sharing and thought partnership.
See #29145.
Built from https://develop.svn.wordpress.org/trunk@29490
git-svn-id: http://core.svn.wordpress.org/trunk@29268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We will no longer replace previously valid oEmbed responses with an `{{unknown}}` cache value. When this happens due to reaching a rate limit or a service going down, it is data loss, and is not acceptable. This means that oEmbed caches for a post are no longer deleted indiscriminately every time that post is saved.
oEmbed continues to be cached in post meta, with the addition of a separate meta key containing the timestamp of the last retrieval, which is used to avoid re-requesting a recently cached oEmbed response. By default, we consider a valued cached in the past day to be fresh. This can greatly reduce the number of outbound requests, especially in cases where a post containing multiple embeds is saved frequently.
The TTL used to determine whether or not to request a response can be filtered using `oembed_ttl`, thus allowing for the possibility of respecting the optional oEmbed response parameter `cache_age` or altering the period of time a cached value is considered to be fresh.
Now that oEmbeds are previewed in the visual editor as well as the media modal, oEmbed caches are often populated before a post is saved or published. By pre-populating and avoiding having to re-request that response, we also greatly reduce the chances of a stampede happening when a published post is visible before oEmbed caching is complete.
As it previously stood, a stampede was extremely likely to happen, as the AJAX caching was only triggered when `$_GET['message']` was 1. The published message is 6. We now trigger the caching every time `$_GET['message']` is present on the edit screen, as we are able to avoid triggering so many HTTP requests overall.
props markjaquith. fixes#14759. see #17210.
Built from https://develop.svn.wordpress.org/trunk@28972
git-svn-id: http://core.svn.wordpress.org/trunk@28761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* In `wp_ajax_add_tag()`, `$post_type` is set and never used.
* In `wp_ajax_hidden_columns()`, `$hidden` is set twice, but only checks for the existence of `$_POST['hidden']` the first time. The two lines can be combined and work together.
* In `wp_ajax_inline_save()`, `$mode` is set and never used.
* In `wp_ajax_find_posts()`, `$searchand = $search = '';` is leftover cruft, neither variable is used. `$wpdb` does not need to be imported, it is never used.
* In `wp_ajax_wp_fullscreen_save_post()`, `$post_type` is set and never used.
* In `wp_ajax_save_attachment_order()`, `$post` is set and never used.
* In `wp_ajax_send_attachment_to_editor()`, `$title` is set and never used.
See #27882.
Built from https://develop.svn.wordpress.org/trunk@28292
git-svn-id: http://core.svn.wordpress.org/trunk@28120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Removes wp-tinymce-schema.js and mark-loaded.js, no longer needed.
- Removes the inlinepopups and most of the wpdialogs plugins; wpdialog.js is moved to wp-includes/js.
- Adds charmap, compat3x, image, link and textcolor plugins, previously contained in /themes/advanced.
- Updates the wordpress, wpeditimage, wpfullscreen, wpgallery and wplink plugins.
- Updates DFW, wp-admin/js/wp-fullscreen.js.
See #24067.
Built from https://develop.svn.wordpress.org/trunk@26876
git-svn-id: http://core.svn.wordpress.org/trunk@26759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Update about page, there's now 8.
* Display them four wide, not three, and ensure adequate spacing.
* Use a dedicated nonce.
* Push Light to the front in addition to Default.
* Use user-profile.js on about.php. A few extra things are initialized but they are harmless.
see #26468, #26387.
Built from https://develop.svn.wordpress.org/trunk@26776
git-svn-id: http://core.svn.wordpress.org/trunk@26663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use wp_add_dashboard_widget() rather than add_meta_box().
* Use original functions like wp_dashboard_primary(), wp_dashboard_right_now(), wp_dashboard_quick_press() (where possible).
* Only include plugins section of the news widget when appropriate, which necessitates the set_current_screen() via the ajax action.
* Remove some debug cruft that was preventing caching and invalidation.
* Simplify lots of things where possible.
see #25824.
Built from https://develop.svn.wordpress.org/trunk@26220
git-svn-id: http://core.svn.wordpress.org/trunk@26128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Color scheme selection on your own profile page gives you a preview and autosaves the selection.
Also introduces the usage of a preprocessor for core files, namely Sass. For 3.8, we will not expand its implementation past the color schemes. This does require Ruby as well as Sass 3.3.0+ due to the usage of the sourcemap option.
Note that only the default color scheme is available when running out of src. Use build to test the rest as well as the color picker.
props ryelle, melchoyce, tillkruess, drw158, littlethingsstudio, helen. see #25858, #22862.
Built from https://develop.svn.wordpress.org/trunk@26137
git-svn-id: http://core.svn.wordpress.org/trunk@26048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.
All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.
Fixes#25282.
Built from https://develop.svn.wordpress.org/trunk@25438
git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`
See #25282.
Built from https://develop.svn.wordpress.org/trunk@25433
git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd