This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.
Props MatheusGimenez, johnbillion
Fixes#39117
Built from https://develop.svn.wordpress.org/trunk@41164
git-svn-id: http://core.svn.wordpress.org/trunk@41004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.
Props rodrigosprimo, tharsheblows, johnbillion
Fixes#16470
Built from https://develop.svn.wordpress.org/trunk@41163
git-svn-id: http://core.svn.wordpress.org/trunk@41003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
Built from https://develop.svn.wordpress.org/trunk@41162
git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
Built from https://develop.svn.wordpress.org/trunk@41161
git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[41139] changed how the REST API URL is generated, but included an incorrect version of `wp-api-generated.js`.
This updates the generator to create the correct `wp-api-generated.js`, and updates ``wp-api-generated.js`.
See #40886.
Built from https://develop.svn.wordpress.org/trunk@41154
git-svn-id: http://core.svn.wordpress.org/trunk@40994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since WordPress 2.3, the Recent Posts widget used to output the post ID for posts
with an empty title. Using '(no title)' seems a best option and is consistent with
what's already used in other similar cases.
Props antonrinas, Ankit K Gupta.
Fixes#35709.
Built from https://develop.svn.wordpress.org/trunk@41149
git-svn-id: http://core.svn.wordpress.org/trunk@40989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures all the column titles, not just the Comments column one, are
"clean" when later reused for the Screen Options checkboxes. Also introduces
some consistency with what is already done in WP_List_Table.
Fixes#41261.
Built from https://develop.svn.wordpress.org/trunk@41148
git-svn-id: http://core.svn.wordpress.org/trunk@40988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When pretty permalinks are disabled, the web server will internally forward requests to `index.php`. Unfortunately, nginx only forwards HTTP/1.0 methods: `PUT`, `PATCH`, and `DELETE` methods will return a 405 error.
To work around this nginx behaviour, including `index.php` in the REST URL skips the internal redirect.
Fixes#40886.
Built from https://develop.svn.wordpress.org/trunk@41139
git-svn-id: http://core.svn.wordpress.org/trunk@40979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API does not provide a mechanism to distinguish between endpoints representing models and those representing collections, so the Backbone client must make that distinction internally. Previously wp-api.js accounted for `/users/me`, but not for `/settings`. This patch updates the logic so that `/settings` is properly registered as a Backbone model.
When calling `wp.api.init`, additional endpoints can be specified to be models using the `modelEndpoints` argument.
Props @adamsilverstein.
Fixes#41056.
Built from https://develop.svn.wordpress.org/trunk@41112
git-svn-id: http://core.svn.wordpress.org/trunk@40952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that users who copy HTML from the Text widget in legacy mode over to the Custom HTML widget will continue to get all of the same filters applied, including tag balancing and shortcodes, if a plugin added support. Plugins still have the `widget_text_content` and `widget_custom_html_content` filters they can use to target the specific widget types.
Amends [40893].
See #40951.
Fixes#40907 for trunk.
Built from https://develop.svn.wordpress.org/trunk@41086
git-svn-id: http://core.svn.wordpress.org/trunk@40926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since plugin-added shortcode handling is just-in-time deferred to run after `wpautop`, there is no need to retain the presence of shortcodes to trigger legacy mode. Also updates Text widget legacy mode notice informing of Custom HTML widget.
Amends [41050].
Props westonruter, melchoyce.
Fixes#40951 for trunk.
Built from https://develop.svn.wordpress.org/trunk@41070
git-svn-id: http://core.svn.wordpress.org/trunk@40922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, the similar help tab and sidebar for these screens were all duplicated for each respective screen. This changeset introduces two internal admin functions `get_site_screen_help_tab_args()` and `get_site_screen_help_sidebar_content()` that make these available in a centralized location.
Props atanasangelovdev.
Fixes#41167.
Built from https://develop.svn.wordpress.org/trunk@41065
git-svn-id: http://core.svn.wordpress.org/trunk@40917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change there were two different cache keys used for the same query. That is because regardless of the `$fields` argument, the query response will be the same. This was already fixed for `WP_Site_Query` in [41059].
Props spacedmonkey.
Fixes#41347.
Built from https://develop.svn.wordpress.org/trunk@41063
git-svn-id: http://core.svn.wordpress.org/trunk@40915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress no longer supports many old old browsers: https://make.wordpress.org/core/2017/04/23/target-browser-coverage/
This also removes alot of no longer necessary CSS. It served us well, but we are never getting back together with IE8,9,10.
So, in the (paraphrased) words of Taylor Swift:
I remember when we dropped support the first time
Saying, "This is it, I've had enough, " 'cause like
We hadn't seen many users in a month
When you said you needed flexbox. (What?)
Then you postMessage again and say
"IE8, I miss you and I swear I'm gonna change, trust me."
Remember how that lasted for a day?
I say, "I hate the box model, " we break up, you call me, "I love css-grids."
Ooh, we called it off again last night
But ooh, this time I'm telling you, I'm telling you
We are never ever ever supporting IE 8,9,10,
We are never ever ever supporting IE 8,9,10,
You go talk to EDGE, talk to my FIREFOX, talk to CHROME
But we are never ever ever ever getting back together
Like, ever...
Fixes#37651.
Props stunnedbeast, netweb, jorbin.
Built from https://develop.svn.wordpress.org/trunk@41062
git-svn-id: http://core.svn.wordpress.org/trunk@40912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before this changeset, the language of a new site would always result in the language of the current network, regardless of the `$site_id` parameter passed that actually determines the network for the site. Now the correct `WPLANG` value is used in such cases.
Alongside this change, a few minor documentation changes around the function have been made to account for the current naming conventions of sites and networks.
Props spacedmonkey.
Fixes#40503.
Built from https://develop.svn.wordpress.org/trunk@41058
git-svn-id: http://core.svn.wordpress.org/trunk@40908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Text widget in legacy mode omits TinyMCE and retains old behavior for matching pre-existing Text widgets. Usage pointers added to default visual mode appear when attempting to paste HTML code into the Visual tab and when clicking on the Text tab, informing users of the new Custom HTML widget.
Props westonruter, melchoyce, gitlost for testing, obenland for testing, dougal for testing, afercia for testing.
See #35243.
Fixes#40951.
Built from https://develop.svn.wordpress.org/trunk@41050
git-svn-id: http://core.svn.wordpress.org/trunk@40900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, these filters were being run once per post, but the changes in [41043] caused them to be run once per emoji found.
We will not stand idly by while this kind of unfair performance penalty is placed on the emoji literate. The filters are now run once only, emoji aficionados everywhere can rest easy, knowing their posts will be just as performant as their emoji-less cousins.
Props ocean90 for noticing this severe oversight.
See #35293.
Built from https://develop.svn.wordpress.org/trunk@41046
git-svn-id: http://core.svn.wordpress.org/trunk@40896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wp_encode_emoji()` and `wp_staticize_emoji()` used inaccurate regular expressions to find emoji, and transform then into HTML entities or `<img>`s, respectively. This would result in emoji not being correctly transformed, or occasionally, non-emoji being incorrectly transformed.
This commit adds a new `grunt` task - `grunt precommit:emoji`. It finds the regex in `twemoji.js`, transforms it into a PHP-friendly version, and adds it to `formatting.php`. This task is also automatically run by `grunt precommit`, when it detects that `twemoji.js` has changed.
The new regex requires features introduced in PCRE 8.32, which was introduced in PHP 5.4.14, though it was also backported to later releases of the PHP 5.3 series. For versions of PHP that don't support this, it will fall back to an updated version of the loose-matching regex.
For short posts, the performance difference between the old and new regex is negligible. As the posts get longer, however, the new method is exponentially faster.
Fixes#35293.
Built from https://develop.svn.wordpress.org/trunk@41043
git-svn-id: http://core.svn.wordpress.org/trunk@40893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[40514] introduced a bug that caused term queries to return some duplicates
when the `$taxonomies` array contained only taxonomies that were originally
registered with an `$args` array. We fix this bug by ensuring that
recursive `get_terms()` queries stop when all queried `$taxonomies` have
already been referenced.
Props bor0, atanasangelovdev.
Fixes#41010.
Built from https://develop.svn.wordpress.org/trunk@41037
git-svn-id: http://core.svn.wordpress.org/trunk@40887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
John Blackbourn
Drew Jaynes
Sergey Biryukov
Gary Pendergast
Andrea Fercia
Weston Ruter
K. Adam White
James Nylen
Andrew Ozz
Felix Arntz
Aaron Jorbin
Adam Silverstein
Boone Gorges
Peter Westwood