Scott Taylor
8cf8e2c66d
WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
...
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes #34831 .
Built from https://develop.svn.wordpress.org/trunk@35761
git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Helen Hou-Sandí
2f287af8aa
Media: Avoid `rel="rel="` situations.
...
props lucymtc, swissspidy.
fixes #34826 . see #32074 .
Built from https://develop.svn.wordpress.org/trunk@35760
git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Gary Pendergast
caf4b8270c
Readme: Bump recommended MySQL version to 5.6, as 5.5 is now over 5 years old.
...
Happy birthday, MySQL 5.5!
Fixes #34840 .
Built from https://develop.svn.wordpress.org/trunk@35759
git-svn-id: http://core.svn.wordpress.org/trunk@35723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:46:26 +00:00
Mark Jaquith
6cc98e6fcd
Route HEAD API requests through the GET callback method
...
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758
git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Boone Gorges
939291df9f
Ensure that order is specified when querying for comment descendants.
...
Props tellyworth.
Fixes #34838 .
Built from https://develop.svn.wordpress.org/trunk@35757
git-svn-id: http://core.svn.wordpress.org/trunk@35721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 15:50:27 +00:00
Scott Taylor
fc349932c0
Install: after [35508], the margin on the header for the Install screen is too big.
...
Props SergeyBiryukov.
Fixes #34819 .
Built from https://develop.svn.wordpress.org/trunk@35756
git-svn-id: http://core.svn.wordpress.org/trunk@35720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 21:02:25 +00:00
Scott Taylor
9b5ffe8062
Responsive Images: Currently images are included in the `srcset` if the aspect ratio difference is smaller than `0.01`. This number is too high, set it to `0.002`
...
Props joemcgill.
Fixes #34810 .
Built from https://develop.svn.wordpress.org/trunk@35755
git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor
c0f8bd0de2
Customize Unit Tests: also `remove_action( 'after_setup_theme', 'twentysixteen_setup' )`. TwentyFifteen is already removed.
...
See #31550 .
Built from https://develop.svn.wordpress.org/trunk@35754
git-svn-id: http://core.svn.wordpress.org/trunk@35718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:56:24 +00:00
Scott Taylor
eaae2546f5
Media: don't use `get_media_embedded_in_content()` in `wp_make_content_images_responsive()`.
...
Adds unit test.
Props azaozz.
Fixes #34807 .
Built from https://develop.svn.wordpress.org/trunk@35753
git-svn-id: http://core.svn.wordpress.org/trunk@35717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:50:25 +00:00
Scott Taylor
d569b9609e
Media: show Trash filter for Media list table when `MEDIA_TRASH` is true.
...
Props chacha102.
Fixes #34795 .
Built from https://develop.svn.wordpress.org/trunk@35752
git-svn-id: http://core.svn.wordpress.org/trunk@35716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:48:25 +00:00
Scott Taylor
cd9515d306
Unit Tests: fix responsive image unit tests. Correct the logic in video shortcode unit test for width.
...
Props joemcgill, wonderboymusic.
Fixes #34790 .
Built from https://develop.svn.wordpress.org/trunk@35751
git-svn-id: http://core.svn.wordpress.org/trunk@35715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:45:28 +00:00
Ryan McCue
d1436af513
REST API: Unabbreviate error string.
...
Props daniel-koskinen.
Fixes #34818 .
Built from https://develop.svn.wordpress.org/trunk@35750
git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 09:51:27 +00:00
Mark Jaquith
1a43f0b290
Do not pass FALSE as second parameter in variable class_exists() checks
...
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.
fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749
git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
John Blackbourn
ec24d6e001
In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
...
Built from https://develop.svn.wordpress.org/trunk@35748
git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
John Blackbourn
6f37afb6ec
When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
...
Fixes #33694
Built from https://develop.svn.wordpress.org/trunk@35747
git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
John Blackbourn
2b81411a0d
Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
...
Fixes #34801
Props rodrigosprimo
Built from https://develop.svn.wordpress.org/trunk@35746
git-svn-id: http://core.svn.wordpress.org/trunk@35710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:37:27 +00:00
John Blackbourn
28c78799c3
Ensure the correct error message is returned when a user attempts to comment on a post to which they do not have access.
...
Adds more tests.
Built from https://develop.svn.wordpress.org/trunk@35745
git-svn-id: http://core.svn.wordpress.org/trunk@35709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:29:32 +00:00
Scott Taylor
aa624c4029
WordPress 4.4 RC 1 version bump
...
Built from https://develop.svn.wordpress.org/trunk@35744
git-svn-id: http://core.svn.wordpress.org/trunk@35708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 23:02:24 +00:00
Scott Taylor
cbed27ccf0
WordPress 4.4 RC 1
...
Built from https://develop.svn.wordpress.org/trunk@35743
git-svn-id: http://core.svn.wordpress.org/trunk@35707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:53:27 +00:00
Dominik Schilling
9fb5c540bb
Users: Allow to create users without sending an email to the new user.
...
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes #33504 .
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742
git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Ryan McCue
7ce9772866
REST API: Mark WP_REST_Server::get_raw_data as static.
...
This is just a utility function for getting the request body, not
tied to the server class.
Fixes #34768 .
Built from https://develop.svn.wordpress.org/trunk@35741
git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Helen Hou-Sandí
e24681632e
Avoid potential fatal errors after [35718].
...
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes #33413 .
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Helen Hou-Sandí
2eb60b8278
Set Twenty Sixteen as the default theme.
...
With thanks to all those who contributed.
props iamtakashi, karmatosed, iandstewart, dd32, mor10, grapplerulrich, davidakennedy, frank-klein, tywayne, wenthemes, monika, metodiew, nhuja, headonfire, Chrisdc1, philiparthurmoore, karpstrucking, cais, mt8.biz, fjarrett, sdavis2702, SergeyBiryukov, eduardozulian, webdevmattcrom, ehtis, peterwilsoncc, tfrommen, fsylum, wonderboymusic, ocean90, obenland, cainm, mrahmadawais, drewapicture, trenzterra, tevko, kraftbj, walbo, nacin.
fixes #34306 .
Built from https://develop.svn.wordpress.org/trunk@35739
git-svn-id: http://core.svn.wordpress.org/trunk@35703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:52:26 +00:00
Scott Taylor
79a2915a9b
Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining `CORE_UPGRADE_SKIP_NEW_BUNDLED` as `false`.
...
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do.
Props nacin, jeremyfelt, dd32.
See #34306 .
Built from https://develop.svn.wordpress.org/trunk@35738
git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Konstantin Obenland
77c6154881
Template: Defining a default value for `show_home` breaks back compat.
...
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.
Fixes #11095 .
Built from https://develop.svn.wordpress.org/trunk@35737
git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:55:26 +00:00
Scott Taylor
a2ec7caf93
Add a unit test for `wp_nav_menu()` with `container => ''`
...
See #32464 .
Built from https://develop.svn.wordpress.org/trunk@35736
git-svn-id: http://core.svn.wordpress.org/trunk@35700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:19:27 +00:00
Dominik Schilling
0632e4ab84
Passwords: Support the pre-4.3 behavior of `wp_new_user_notification()`.
...
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.
You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?
Props danielbachhuber.
Fixes #34377 .
Built from https://develop.svn.wordpress.org/trunk@35735
git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 23:07:26 +00:00
Dominik Schilling
16b95ab2a7
HTTP Tests: Use `login.wordpress.org/wp-login.php` in `test_get_response_cookies()`.
...
The old URL redirects to `login.wordpress.org` because it's the new canonical URL for all logins on wordpress.org.
Fixes #34782 .
Built from https://develop.svn.wordpress.org/trunk@35734
git-svn-id: http://core.svn.wordpress.org/trunk@35698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 22:00:26 +00:00
Dominik Schilling
7f3082491d
Passwords: Re-enable password fields before submitting the form.
...
Avoids an PHP undefined notice when creating new users.
Fixes #33699 .
Built from https://develop.svn.wordpress.org/trunk@35733
git-svn-id: http://core.svn.wordpress.org/trunk@35697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 21:17:27 +00:00
Sergey Biryukov
64fdd0c6a0
Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.
...
See #28435 , #29880 .
Built from https://develop.svn.wordpress.org/trunk@35732
git-svn-id: http://core.svn.wordpress.org/trunk@35696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 18:40:25 +00:00
Sergey Biryukov
60c8e272f5
Docs: Improve DocBlock formatting for `add_menu_page()` and `add_submenu_page()` wrappers.
...
See #34360 .
Built from https://develop.svn.wordpress.org/trunk@35731
git-svn-id: http://core.svn.wordpress.org/trunk@35695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:56:26 +00:00
Helen Hou-Sandí
2cdeac7cf6
Pass the `$post` object as context to `postmeta_form_keys`.
...
see #33885 , #18979 .
Built from https://develop.svn.wordpress.org/trunk@35730
git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Gary Pendergast
d04396d0ad
Docs: Replace a reference to WP.org with WordPress.org.
...
Built from https://develop.svn.wordpress.org/trunk@35729
git-svn-id: http://core.svn.wordpress.org/trunk@35693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 22:38:26 +00:00
Andrew Ozz
50a5fbb269
Editor: remove wpLink dependency on jQuery UI.
...
Props afercia.
Fixes #34716 .
Built from https://develop.svn.wordpress.org/trunk@35728
git-svn-id: http://core.svn.wordpress.org/trunk@35692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:27:26 +00:00
Andrew Ozz
91759029e9
TinyMCE: fix the regexp used to protect line breaks inside script and pre tags to match `<script>` that load external scripts.
...
Fixes #34760 .
Built from https://develop.svn.wordpress.org/trunk@35727
git-svn-id: http://core.svn.wordpress.org/trunk@35691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:13:28 +00:00
Sergey Biryukov
ae04eba0b6
Comments: After [35670], change the CSS class for the pending comments count back to `moderated`.
...
Fixes #34680 .
Built from https://develop.svn.wordpress.org/trunk@35726
git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Sergey Biryukov
bc1e479fd0
After [35718], update the location of some files in `This filter is documented in` docs.
...
Partially reverts [33954].
Fixes #33413 .
Built from https://develop.svn.wordpress.org/trunk@35725
git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Weston Ruter
5dae1386aa
Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked.
...
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.
Includes unit tests with assertions to check the reported issues and validate the fixes.
Fixes defect introduced in [35007].
See #32103 .
Fixes #34738 .
Built from https://develop.svn.wordpress.org/trunk@35724
git-svn-id: http://core.svn.wordpress.org/trunk@35688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-21 02:52:27 +00:00
Sergey Biryukov
fd9bd77fe5
Comments: In `comment_form()`, introduce the `comment_form_fields` filter for comment fields, including the textarea.
...
Correct the docs for `comment_notes_before` and `comment_notes_after` arguments as well as `comment_form_before_fields` and `comment_form_after_fields` actions to better describe the current behaviour.
Fixes #34731 .
Built from https://develop.svn.wordpress.org/trunk@35723
git-svn-id: http://core.svn.wordpress.org/trunk@35687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 18:56:27 +00:00
Sergey Biryukov
17af54fc7c
Customizer: Use correct context and translator comments for menu location strings.
...
See #33431 .
Built from https://develop.svn.wordpress.org/trunk@35722
git-svn-id: http://core.svn.wordpress.org/trunk@35686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 17:46:25 +00:00
Helen Hou-Sandí
277747f944
Postbox handle buttons don't need a focus outline.
...
see #33808 , #34242 .
Built from https://develop.svn.wordpress.org/trunk@35721
git-svn-id: http://core.svn.wordpress.org/trunk@35685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:56:25 +00:00
Dominik Schilling
22fe87c3b3
Build: Update source for `includes:embed` after [35718].
...
See #33413 .
Built from https://develop.svn.wordpress.org/trunk@35720
git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Dominik Schilling
6fa25ac809
4.4-beta4-35719.
...
Built from https://develop.svn.wordpress.org/trunk@35719
git-svn-id: http://core.svn.wordpress.org/trunk@35683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 13:46:27 +00:00
Andrew Nacin
1579e45d41
Simplify the include graph after work to split out classes.
...
see #33413 . More details there.
Built from https://develop.svn.wordpress.org/trunk@35718
git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Helen Hou-Sandí
e549e56f02
Custom fields: Allow for short-circuiting the meta key dropdown.
...
Adds the `postmeta_form_keys` filter which allows for a potentially expensive query against postmeta to be avoided.
props ericmann, tollmanz, nacin.
see #33885 .
Built from https://develop.svn.wordpress.org/trunk@35717
git-svn-id: http://core.svn.wordpress.org/trunk@35681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:50 +00:00
Sergey Biryukov
4341637ba6
Docs: Remove redundant `type` strings from the `wp_calculate_image_srcset` filter DocBlock.
...
Props DH-Shredder, joemcgill.
See #34733 .
Built from https://develop.svn.wordpress.org/trunk@35716
git-svn-id: http://core.svn.wordpress.org/trunk@35680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:26 +00:00
Sergey Biryukov
db4a87b0fd
Docs: Add `@see` tags for `wp_get_attachment_image_srcset()` and `wp_get_attachment_image_sizes()`.
...
Update `@see` tags for `wp_make_content_images_responsive()` and `wp_image_add_srcset_and_sizes()`.
Props jaspermdegroot.
See #34733 .
Built from https://develop.svn.wordpress.org/trunk@35715
git-svn-id: http://core.svn.wordpress.org/trunk@35679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:13:26 +00:00
Dion Hulse
048f327bfc
Merge the changes to GlotPress's POMO from upstream to WordPress's copy.
...
Fixes #34748
Built from https://develop.svn.wordpress.org/trunk@35714
git-svn-id: http://core.svn.wordpress.org/trunk@35678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 04:34:25 +00:00
Dion Hulse
870cdfb024
Bump the version of MediaElement in script-loader.php to match what we're shipping with.
...
See #33798
Fixes #34743
Built from https://develop.svn.wordpress.org/trunk@35713
git-svn-id: http://core.svn.wordpress.org/trunk@35677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 03:32:26 +00:00
Sergey Biryukov
cc7736a024
ru_RU: In back-compat styles for admin menu, inherit the width from the parent element, `#adminmenuwrap`, to account for media queries.
...
See #20974 .
Built from https://develop.svn.wordpress.org/trunk@35712
git-svn-id: http://core.svn.wordpress.org/trunk@35676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 01:40:25 +00:00