Commit Graph

32932 Commits

Author SHA1 Message Date
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Helen Hou-Sandí 2f287af8aa Media: Avoid `rel="rel="` situations.
props lucymtc, swissspidy.
fixes #34826. see #32074.

Built from https://develop.svn.wordpress.org/trunk@35760


git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Gary Pendergast caf4b8270c Readme: Bump recommended MySQL version to 5.6, as 5.5 is now over 5 years old.
Happy birthday, MySQL 5.5! 

Fixes #34840.


Built from https://develop.svn.wordpress.org/trunk@35759


git-svn-id: http://core.svn.wordpress.org/trunk@35723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:46:26 +00:00
Mark Jaquith 6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Boone Gorges 939291df9f Ensure that order is specified when querying for comment descendants.
Props tellyworth.
Fixes #34838.
Built from https://develop.svn.wordpress.org/trunk@35757


git-svn-id: http://core.svn.wordpress.org/trunk@35721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 15:50:27 +00:00
Scott Taylor fc349932c0 Install: after [35508], the margin on the header for the Install screen is too big.
Props SergeyBiryukov.
Fixes #34819.

Built from https://develop.svn.wordpress.org/trunk@35756


git-svn-id: http://core.svn.wordpress.org/trunk@35720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 21:02:25 +00:00
Scott Taylor 9b5ffe8062 Responsive Images: Currently images are included in the `srcset` if the aspect ratio difference is smaller than `0.01`. This number is too high, set it to `0.002`
Props joemcgill.
Fixes #34810.

Built from https://develop.svn.wordpress.org/trunk@35755


git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor c0f8bd0de2 Customize Unit Tests: also `remove_action( 'after_setup_theme', 'twentysixteen_setup' )`. TwentyFifteen is already removed.
See #31550.

Built from https://develop.svn.wordpress.org/trunk@35754


git-svn-id: http://core.svn.wordpress.org/trunk@35718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:56:24 +00:00
Scott Taylor eaae2546f5 Media: don't use `get_media_embedded_in_content()` in `wp_make_content_images_responsive()`.
Adds unit test.

Props azaozz.
Fixes #34807.

Built from https://develop.svn.wordpress.org/trunk@35753


git-svn-id: http://core.svn.wordpress.org/trunk@35717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:50:25 +00:00
Scott Taylor d569b9609e Media: show Trash filter for Media list table when `MEDIA_TRASH` is true.
Props chacha102.
Fixes #34795.

Built from https://develop.svn.wordpress.org/trunk@35752


git-svn-id: http://core.svn.wordpress.org/trunk@35716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:48:25 +00:00
Scott Taylor cd9515d306 Unit Tests: fix responsive image unit tests. Correct the logic in video shortcode unit test for width.
Props joemcgill, wonderboymusic.
Fixes #34790.

Built from https://develop.svn.wordpress.org/trunk@35751


git-svn-id: http://core.svn.wordpress.org/trunk@35715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:45:28 +00:00
Ryan McCue d1436af513 REST API: Unabbreviate error string.
Props daniel-koskinen.
Fixes #34818.

Built from https://develop.svn.wordpress.org/trunk@35750


git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 09:51:27 +00:00
Mark Jaquith 1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
John Blackbourn ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
John Blackbourn 6f37afb6ec When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
Fixes #33694

Built from https://develop.svn.wordpress.org/trunk@35747


git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
John Blackbourn 2b81411a0d Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
Fixes #34801
Props rodrigosprimo

Built from https://develop.svn.wordpress.org/trunk@35746


git-svn-id: http://core.svn.wordpress.org/trunk@35710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:37:27 +00:00
John Blackbourn 28c78799c3 Ensure the correct error message is returned when a user attempts to comment on a post to which they do not have access.
Adds more tests.

Built from https://develop.svn.wordpress.org/trunk@35745


git-svn-id: http://core.svn.wordpress.org/trunk@35709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:29:32 +00:00
Scott Taylor aa624c4029 WordPress 4.4 RC 1 version bump
Built from https://develop.svn.wordpress.org/trunk@35744


git-svn-id: http://core.svn.wordpress.org/trunk@35708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 23:02:24 +00:00
Scott Taylor cbed27ccf0 WordPress 4.4 RC 1
Built from https://develop.svn.wordpress.org/trunk@35743


git-svn-id: http://core.svn.wordpress.org/trunk@35707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:53:27 +00:00
Dominik Schilling 9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Ryan McCue 7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Helen Hou-Sandí e24681632e Avoid potential fatal errors after [35718].
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.

In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)

fixes #33413.

Built from https://develop.svn.wordpress.org/trunk@35740


git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Helen Hou-Sandí 2eb60b8278 Set Twenty Sixteen as the default theme.
With thanks to all those who contributed.

props iamtakashi, karmatosed, iandstewart, dd32, mor10, grapplerulrich, davidakennedy, frank-klein, tywayne, wenthemes, monika, metodiew, nhuja, headonfire, Chrisdc1, philiparthurmoore, karpstrucking, cais, mt8.biz, fjarrett, sdavis2702, SergeyBiryukov, eduardozulian, webdevmattcrom, ehtis, peterwilsoncc, tfrommen, fsylum, wonderboymusic, ocean90, obenland, cainm, mrahmadawais, drewapicture, trenzterra, tevko, kraftbj, walbo, nacin.
fixes #34306.

Built from https://develop.svn.wordpress.org/trunk@35739


git-svn-id: http://core.svn.wordpress.org/trunk@35703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:52:26 +00:00
Scott Taylor 79a2915a9b Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining `CORE_UPGRADE_SKIP_NEW_BUNDLED` as `false`.
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do. 

Props nacin, jeremyfelt, dd32.
See #34306.

Built from https://develop.svn.wordpress.org/trunk@35738


git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Konstantin Obenland 77c6154881 Template: Defining a default value for `show_home` breaks back compat.
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.

Fixes #11095.


Built from https://develop.svn.wordpress.org/trunk@35737


git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:55:26 +00:00
Scott Taylor a2ec7caf93 Add a unit test for `wp_nav_menu()` with `container => ''`
See #32464.


Built from https://develop.svn.wordpress.org/trunk@35736


git-svn-id: http://core.svn.wordpress.org/trunk@35700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:19:27 +00:00
Dominik Schilling 0632e4ab84 Passwords: Support the pre-4.3 behavior of `wp_new_user_notification()`.
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.

You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?

Props danielbachhuber.
Fixes #34377.
Built from https://develop.svn.wordpress.org/trunk@35735


git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 23:07:26 +00:00
Dominik Schilling 16b95ab2a7 HTTP Tests: Use `login.wordpress.org/wp-login.php` in `test_get_response_cookies()`.
The old URL redirects to `login.wordpress.org` because it's the new canonical URL for all logins on wordpress.org.

Fixes #34782.
Built from https://develop.svn.wordpress.org/trunk@35734


git-svn-id: http://core.svn.wordpress.org/trunk@35698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 22:00:26 +00:00
Dominik Schilling 7f3082491d Passwords: Re-enable password fields before submitting the form.
Avoids an PHP undefined notice when creating new users.

Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35733


git-svn-id: http://core.svn.wordpress.org/trunk@35697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 21:17:27 +00:00
Sergey Biryukov 64fdd0c6a0 Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.
See #28435, #29880.
Built from https://develop.svn.wordpress.org/trunk@35732


git-svn-id: http://core.svn.wordpress.org/trunk@35696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 18:40:25 +00:00
Sergey Biryukov 60c8e272f5 Docs: Improve DocBlock formatting for `add_menu_page()` and `add_submenu_page()` wrappers.
See #34360.
Built from https://develop.svn.wordpress.org/trunk@35731


git-svn-id: http://core.svn.wordpress.org/trunk@35695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:56:26 +00:00
Helen Hou-Sandí 2cdeac7cf6 Pass the `$post` object as context to `postmeta_form_keys`.
see #33885, #18979.

Built from https://develop.svn.wordpress.org/trunk@35730


git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Gary Pendergast d04396d0ad Docs: Replace a reference to WP.org with WordPress.org.
Built from https://develop.svn.wordpress.org/trunk@35729


git-svn-id: http://core.svn.wordpress.org/trunk@35693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 22:38:26 +00:00
Andrew Ozz 50a5fbb269 Editor: remove wpLink dependency on jQuery UI.
Props afercia.
Fixes #34716.
Built from https://develop.svn.wordpress.org/trunk@35728


git-svn-id: http://core.svn.wordpress.org/trunk@35692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:27:26 +00:00
Andrew Ozz 91759029e9 TinyMCE: fix the regexp used to protect line breaks inside script and pre tags to match `<script>` that load external scripts.
Fixes #34760.
Built from https://develop.svn.wordpress.org/trunk@35727


git-svn-id: http://core.svn.wordpress.org/trunk@35691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:13:28 +00:00
Sergey Biryukov ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to `moderated`.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Sergey Biryukov bc1e479fd0 After [35718], update the location of some files in `This filter is documented in` docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Weston Ruter 5dae1386aa Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked.
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.

Includes unit tests with assertions to check the reported issues and validate the fixes.

Fixes defect introduced in [35007].
See #32103.
Fixes #34738.

Built from https://develop.svn.wordpress.org/trunk@35724


git-svn-id: http://core.svn.wordpress.org/trunk@35688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-21 02:52:27 +00:00
Sergey Biryukov fd9bd77fe5 Comments: In `comment_form()`, introduce the `comment_form_fields` filter for comment fields, including the textarea.
Correct the docs for `comment_notes_before` and `comment_notes_after` arguments as well as `comment_form_before_fields` and `comment_form_after_fields` actions to better describe the current behaviour.

Fixes #34731.
Built from https://develop.svn.wordpress.org/trunk@35723


git-svn-id: http://core.svn.wordpress.org/trunk@35687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 18:56:27 +00:00
Sergey Biryukov 17af54fc7c Customizer: Use correct context and translator comments for menu location strings.
See #33431.
Built from https://develop.svn.wordpress.org/trunk@35722


git-svn-id: http://core.svn.wordpress.org/trunk@35686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 17:46:25 +00:00
Helen Hou-Sandí 277747f944 Postbox handle buttons don't need a focus outline.
see #33808, #34242.

Built from https://develop.svn.wordpress.org/trunk@35721


git-svn-id: http://core.svn.wordpress.org/trunk@35685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:56:25 +00:00
Dominik Schilling 22fe87c3b3 Build: Update source for `includes:embed` after [35718].
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Dominik Schilling 6fa25ac809 4.4-beta4-35719.
Built from https://develop.svn.wordpress.org/trunk@35719


git-svn-id: http://core.svn.wordpress.org/trunk@35683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 13:46:27 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Helen Hou-Sandí e549e56f02 Custom fields: Allow for short-circuiting the meta key dropdown.
Adds the `postmeta_form_keys` filter which allows for a potentially expensive query against postmeta to be avoided.

props ericmann, tollmanz, nacin.
see #33885.

Built from https://develop.svn.wordpress.org/trunk@35717


git-svn-id: http://core.svn.wordpress.org/trunk@35681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:50 +00:00
Sergey Biryukov 4341637ba6 Docs: Remove redundant `type` strings from the `wp_calculate_image_srcset` filter DocBlock.
Props DH-Shredder, joemcgill.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35716


git-svn-id: http://core.svn.wordpress.org/trunk@35680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:26 +00:00
Sergey Biryukov db4a87b0fd Docs: Add `@see` tags for `wp_get_attachment_image_srcset()` and `wp_get_attachment_image_sizes()`.
Update `@see` tags for `wp_make_content_images_responsive()` and `wp_image_add_srcset_and_sizes()`.

Props jaspermdegroot.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35715


git-svn-id: http://core.svn.wordpress.org/trunk@35679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:13:26 +00:00
Dion Hulse 048f327bfc Merge the changes to GlotPress's POMO from upstream to WordPress's copy.
Fixes #34748

Built from https://develop.svn.wordpress.org/trunk@35714


git-svn-id: http://core.svn.wordpress.org/trunk@35678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 04:34:25 +00:00
Dion Hulse 870cdfb024 Bump the version of MediaElement in script-loader.php to match what we're shipping with.
See #33798
Fixes #34743

Built from https://develop.svn.wordpress.org/trunk@35713


git-svn-id: http://core.svn.wordpress.org/trunk@35677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 03:32:26 +00:00
Sergey Biryukov cc7736a024 ru_RU: In back-compat styles for admin menu, inherit the width from the parent element, `#adminmenuwrap`, to account for media queries.
See #20974.
Built from https://develop.svn.wordpress.org/trunk@35712


git-svn-id: http://core.svn.wordpress.org/trunk@35676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 01:40:25 +00:00