- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 5.2 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/5.2@57403
git-svn-id: http://core.svn.wordpress.org/branches/5.2@56909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56833], [56834], [56835], [56836], and [56838] to the 5.2 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.2@56876
git-svn-id: http://core.svn.wordpress.org/branches/5.2@56387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.2 branch.
See #56532.
Built from https://develop.svn.wordpress.org/branches/5.2@54438
git-svn-id: http://core.svn.wordpress.org/branches/5.2@53997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.2 branch.
Built from https://develop.svn.wordpress.org/branches/5.2@51756
git-svn-id: http://core.svn.wordpress.org/branches/5.2@51363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This backports several build and test tool improvements to the 5.2 branch. Most notably, this includes:
- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- The ability to run PHPUnit tests from `src` instead of `build` [50441-50443].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.
Merges [50267,50299,50379,50387,50413,50416,50432,50435-50436,50441-50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50598] to the 5.2 branch.
See #50401, #51734, #51801, #51802, #52548, #52608, #52612, #52623, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/5.2@50606
git-svn-id: http://core.svn.wordpress.org/branches/5.2@50219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the 5.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
In addition to backporting the package updates that happened after branching 5.2, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin, whyisjake.
Merges [45321,45765,45826,45875,46403-46404,46408-46409,47404,47867,47872-47873,48213,48705,49636,49933,49937,49939-49940,49983,49989,50017,50126,50176,50185] to the 5.2 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/5.2@50191
git-svn-id: http://core.svn.wordpress.org/branches/5.2@49869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `dealerdirect/phpcodesniffer-composer-installer` package to allow installing version `0.7.0` which supports Composer 2.0.
It also includes several minor spacing/alignment coding standards fixes that are made as a result of the package update.
Props itowhid06, jrf.
Merges [49306] to the 5.2 branch.
See #51624, #48301.
Built from https://develop.svn.wordpress.org/branches/5.2@49514
git-svn-id: http://core.svn.wordpress.org/branches/5.2@49269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.2 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.2@49394
git-svn-id: http://core.svn.wordpress.org/branches/5.2@49153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47948-47951] to the 5.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@47960
git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Include `forms.css` and `l10n.css`, for consistency with login screen and other admin screens.
* Remove redundant `@import` directives from `login.css` for files already declared as dependencies.
* Adjust margin on password strength meter for consistency with other fields.
* Increase font size for "You will need this password to log in" notice.
* Fix misaligned icon on "Hide" button for the password.
Props iseulde, dan@micamedia.com, bassgang, cdog, johnbillion, nmenescardi, mukesh27, alpipego, SergeyBiryukov.
Merges [45673] to the 5.2 branch.
Fixes#35776, #43483, #47757, #47758.
Built from https://develop.svn.wordpress.org/branches/5.2@45844
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds `role="presentation"` to the edit comment table
- removes a few pointless `<fieldset>` elements
- adds a few missing `<label>` elements
- adds the CSS class `class="td-full"` to table rows spanning to multiple cells
- adds explicit `scope="row"` attribute to the table headers in `options-permalink.php`: this table is better communicated as data table
- uses consistent label association in the "Privacy Settings" page
- in the installation page "Set up your database connection": associates descriptions to their inout fields using `aria-describedby`
- improves the link to gravatar.com in the `user-edit.php` page
Props afercia.
Merges [45416] to the 5.2 branch.
See #46899.
Fixes#47390.
Built from https://develop.svn.wordpress.org/branches/5.2@45835
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds `role="presentation"` to the `<table>` elements used for layout purposes.
Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.
Props greatislander, afercia.
Merges [45403] to the 5.2 branch.
See #46899.
Built from https://develop.svn.wordpress.org/branches/5.2@45834
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When adding a Custom Link and leaving the "Link Text" field empty, WordPress used to set a default fallback text: "Menu Item".
The changes in [36379] broke this behavior making the fallback text: `(Pending)`, with a leading space.
Pending major refactoring of the Menus page (which is going to use a block-based user interface) this change just restores the original behavior by adding the fallback text to the related AJAX response.
Props christophherr, Fencer04, thakkarhardik, backermann1978, audrasjb.
Merges [45727] to the 5.2 branch.
Fixes#38415.
Built from https://develop.svn.wordpress.org/branches/5.2@45828
git-svn-id: http://core.svn.wordpress.org/branches/5.2@45639 1a063a9b-81f0-0310-95a4-ce76da25c4cd