[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.
Fixes#35008 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36036
git-svn-id: http://core.svn.wordpress.org/trunk@36001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twelve years later, after no fewer than three themes have intentionally implemented popup comments in their functionality, before being abandoned for at least the last six years, we've reached a time where we can put this era behind us. A time when we can remove comment popup functionality from WordPress.
If this breaks the internet, I'll eat my hat.
Fixes#28617
Built from https://develop.svn.wordpress.org/trunk@35848
git-svn-id: http://core.svn.wordpress.org/trunk@35812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The whole string is escaped with `esc_html()` anyway, so we don't
need to `wp_kses_post()`. This is a better experience for users who
want to use angle brackets in their site title or description.
Does not allow any HTML, adds unit tests.
props BandonRandon, pauldewouters.
fixes#27942.
Built from https://develop.svn.wordpress.org/trunk@35788
git-svn-id: http://core.svn.wordpress.org/trunk@35752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `&` would be converted everywhere, which caused problems when it was converted within a `<script>`, for example.
`convert_chars()` is now removed from the `the_content` filter, as it was doing the same job as `wptexturize()`.
KSES correctly handles converting `&` within HTML attributes, so there's no need for `wptexturize()` and `convert_chars()` to do the same job.
Fixes#34698.
Built from https://develop.svn.wordpress.org/trunk@35709
git-svn-id: http://core.svn.wordpress.org/trunk@35673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates `rawurlencode_deep()`, `urlencode_deep()`, and `stripslashes_deep()` to use `map_deep()`. Introduces `urldecode_deep()` for completeness.
Props wpmuguru, nbachiyski, boonebgorges, MikeHansenMe, chriscct7, realloc, johnbillion
Fixes#22300
Built from https://develop.svn.wordpress.org/trunk@35252
git-svn-id: http://core.svn.wordpress.org/trunk@35218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Move pattern from `wptexturize()` into a separate function.
* Move pattern from `wp_html_split()` into a separate function.
* Beautify code for `wp_html_split()`.
* Remove unnecessary instances of `/s` modifier in patterns that don't use dots.
* Add `tests/phpunit/data/formatting/whole-posts.php` for testing larger strings.
* Add function `benchmark_pcre_backtracking()`.
* Add tests for `wp_html_split()`.
* Add tests for `wptexturize()`.
* Add tests for `get_shortcode_regex()`.
Props miqrogroove.
Fixes#34121.
Built from https://develop.svn.wordpress.org/trunk@34761
git-svn-id: http://core.svn.wordpress.org/trunk@34726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was necessary to explain in a double-negative that `$richedit` being false would prevent `$content` from being passed through `esc_textarea()`. The updated `$rich_edit` name and documentation now better reflects the intent of the parameter.
Fixes#21613.
Built from https://develop.svn.wordpress.org/trunk@34727
git-svn-id: http://core.svn.wordpress.org/trunk@34691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port.
Adds a bunch of tests, including square brackets in query parameters, IPv6 URLs, and several other permutations.
See #16859
Built from https://develop.svn.wordpress.org/trunk@34674
git-svn-id: http://core.svn.wordpress.org/trunk@34638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()`
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`
Adds unit tests.
Props miqrogroove, kitchin, azaozz.
Fixes#33106.
Built from https://develop.svn.wordpress.org/trunk@33469
git-svn-id: http://core.svn.wordpress.org/trunk@33436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The mailto protocol is a bit different than the other protocols in that new lines are something you might realistically want to include. Includes tests to make sure that http protocol urls that contain mailto: aren't affected. Tests for stripping newlines in general already exist.
Fixes#31632
Props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@33064
git-svn-id: http://core.svn.wordpress.org/trunk@33035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* A variant of a language has its own locale, for example the locale of the formal variant of German is `de_DE_formal`.
* Update `remove_accents()` and some CSS rules to support `de_DE_formal`.
* Add tests for `get_bloginfo( 'language' )`.
* API changes will be deployed over the next few days.
see #28303.
Built from https://develop.svn.wordpress.org/trunk@33027
git-svn-id: http://core.svn.wordpress.org/trunk@32998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.
Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.
Built from https://develop.svn.wordpress.org/trunk@32994
git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd