* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.2 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.2@49394
git-svn-id: http://core.svn.wordpress.org/branches/5.2@49153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47948-47951] to the 5.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@47960
git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Include `forms.css` and `l10n.css`, for consistency with login screen and other admin screens.
* Remove redundant `@import` directives from `login.css` for files already declared as dependencies.
* Adjust margin on password strength meter for consistency with other fields.
* Increase font size for "You will need this password to log in" notice.
* Fix misaligned icon on "Hide" button for the password.
Props iseulde, dan@micamedia.com, bassgang, cdog, johnbillion, nmenescardi, mukesh27, alpipego, SergeyBiryukov.
Merges [45673] to the 5.2 branch.
Fixes#35776, #43483, #47757, #47758.
Built from https://develop.svn.wordpress.org/branches/5.2@45844
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds `role="presentation"` to the edit comment table
- removes a few pointless `<fieldset>` elements
- adds a few missing `<label>` elements
- adds the CSS class `class="td-full"` to table rows spanning to multiple cells
- adds explicit `scope="row"` attribute to the table headers in `options-permalink.php`: this table is better communicated as data table
- uses consistent label association in the "Privacy Settings" page
- in the installation page "Set up your database connection": associates descriptions to their inout fields using `aria-describedby`
- improves the link to gravatar.com in the `user-edit.php` page
Props afercia.
Merges [45416] to the 5.2 branch.
See #46899.
Fixes#47390.
Built from https://develop.svn.wordpress.org/branches/5.2@45835
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds `role="presentation"` to the `<table>` elements used for layout purposes.
Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.
Props greatislander, afercia.
Merges [45403] to the 5.2 branch.
See #46899.
Built from https://develop.svn.wordpress.org/branches/5.2@45834
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When adding a Custom Link and leaving the "Link Text" field empty, WordPress used to set a default fallback text: "Menu Item".
The changes in [36379] broke this behavior making the fallback text: `(Pending)`, with a leading space.
Pending major refactoring of the Menus page (which is going to use a block-based user interface) this change just restores the original behavior by adding the fallback text to the related AJAX response.
Props christophherr, Fencer04, thakkarhardik, backermann1978, audrasjb.
Merges [45727] to the 5.2 branch.
Fixes#38415.
Built from https://develop.svn.wordpress.org/branches/5.2@45828
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.
The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.
The capability is granted on the `user_has_cap` filter.
Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Merges [45507] to the 5.2 branch.
Fixes#46957 for 5.2.2.
Built from https://develop.svn.wordpress.org/branches/5.2@45508
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp-admin/includes/update-core.php` runs in the context of the previous WordPress version. Any calls to newly introduced functions there need to be checked via `function_exists()`.
Reviewed by desrosj, earnjam, SergeyBiryukov.
Props dd32, imath.
Merges [45365] to the 5.2 branch.
Fixes#47323.
Built from https://develop.svn.wordpress.org/branches/5.2@45366
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `sodium_compat` library can be very slow for certain operations on 32-bit architectures, which can lead to web server timeouts while attempting to verify an update. This adds a runtime speed check to skip signature verification on systems that would otherwise time out. Includes simple unit tests.
Merges [45345] to the 5.2 branch.
Props dd32, paragoninitiativeenterprises, tellyworth.
Fixes#47186.
Built from https://develop.svn.wordpress.org/branches/5.2@45356
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
whyisjake
Sergey Biryukov
desrosj
Andrew Ozz
Andrea Fercia
Peter Wilson