Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes#28523.
Built from https://develop.svn.wordpress.org/trunk@37646
git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Avoids a PHP notice since `Language_Pack_Upgrader_Skin::before()` tries to access a non-existent update.
Also, change the `up_to_date` string to use the plural form because translations are only updated in bulk mode.
Fixes#36615.
Built from https://develop.svn.wordpress.org/trunk@37635
git-svn-id: http://core.svn.wordpress.org/trunk@37603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37623] used the wrong parameter name (count=true instead of fields=count).
For greater flexibility and forward compatibility with other potential changes
to the return value of `get_terms()`, we now do a looser check: any non-array
value is excluded from the filter.
Fixes#36992.
Built from https://develop.svn.wordpress.org/trunk@37634
git-svn-id: http://core.svn.wordpress.org/trunk@37602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Different tests are used for subdomain and subdirectory installs as domain and path are searched differently for each. Only trailing wildcard searches are tested because leading wildcards are not yet supported.
See #36675.
Built from https://develop.svn.wordpress.org/trunk@37633
git-svn-id: http://core.svn.wordpress.org/trunk@37601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Non web interfaces with WordPress (such as wp-cli) need to be able to bypass certain checks in the bootstrap process. This introduces three new filters to allow for those checks to be skipped.
1. Provides a way of forcefully bypassing wp_maintenance().
2. Provides a way of forcefully bypassing wp_debug_mode(). See https://github.com/wp-cli/wp-cli/issues/177
3. Provide a way of forcefully skipping loading wp-content/advance-cache.php. See https://github.com/wp-cli/wp-cli/pull/164
These filters should not be used by plugins (in fact, they run before plugins are loaded, so they can't be used by plugins). In general, they should only be used in non-web interactions with WordPress.
See #34936.
Props jorbin, DrewAPicture.
Built from https://develop.svn.wordpress.org/trunk@37626
git-svn-id: http://core.svn.wordpress.org/trunk@37594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hierarchical comment queries work by first fetching the IDs of top-level
comments, and then filling the descendant tree one level at a time based on the
top-level results. When top-level comment IDs are found in the cache,
`WP_Comment_Query` does not generate the SQL used to fetch these comments. In
this case, the `fill_descendants()` query does not have enough information
to fill children. As a result, descendant comments were failing to be filled
in cases where the top-level comments were found in the cache.
This was a minor bug previously, because comment caches were not maintained
between pageloads. Since comment caches are now persistent [37613], the problem
becomes evident anywhere that a persistent object cache is in use.
The solution is to cache parent-child relationships, so that when top-level
comments are found in the cache, descendant comments should be found there as
well.
Fixes#36487.
Built from https://develop.svn.wordpress.org/trunk@37625
git-svn-id: http://core.svn.wordpress.org/trunk@37593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of the 'get_terms' filter was consolidated in [37572], with the
introduction of `WP_Term_Query`. At that time, the result of 'count=true'
queries began being filtered by 'get_terms'. This breaks existing 'get_terms'
callbacks, which often assume that the returned value will be an array or a
`WP_Error` object.
Props JustinSainton.
Fixes#36992.
Built from https://develop.svn.wordpress.org/trunk@37623
git-svn-id: http://core.svn.wordpress.org/trunk@37591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_sites()` should be considered a replacement for `wp_get_sites()`. Backward compatibility is maintained in the meantime by using `get_site()` to populate the return data with associative arrays rather than `WP_Site` objects.
Props spacedmonkey, flixos90.
See #35791.
Built from https://develop.svn.wordpress.org/trunk@37617
git-svn-id: http://core.svn.wordpress.org/trunk@37585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the 'last_changed' incrementor was manually invalidated, since
the newly created comment did not yet exist in the cache. However, this created
an inconsistency with the other comment CRUD functions, which result in the
'clean_comment_cache' action firing.
Props spacedmonkey.
See #36906.
Built from https://develop.svn.wordpress.org/trunk@37614
git-svn-id: http://core.svn.wordpress.org/trunk@37582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
'comment' was made non-persistent in [7986], to address the difficulty of
reliable cache invalidation. Since then, the comment system has improved such
that we can be more confident that caches are being busted as needed.
Props spacedmonkey.
Fixes#36906.
Built from https://develop.svn.wordpress.org/trunk@37613
git-svn-id: http://core.svn.wordpress.org/trunk@37581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This update adds two main features for your WordPress development happiness.
1) GitHub URL support. You can now use `grunt patch:https://github.com/aaronjorbin/develop.wordpress/pull/3` with any copy of WordPress on GitHub. No longer will you need to download the patch manually. Works for both core and develop mirrors on GitHub.
2) Upload patches directly from the command line. No longer will you need to create a patch and manually upload it to trac. `grunt upload_patch:20000` will upload a patch to the appropriate ticket after a user enters a WordPress.org username and password. This is limited to users with the appropriate XML-RPC privileges in trac (right now, that is just bug gardeners). You still need to manually add the `has patch` keyword.
Full changelog: https://github.com/aaronjorbin/grunt-patch-wordpress/compare/0.3.0...0.4.0Fixes#35917.
Props netweb, ericlewis, michaelbeil, jorbin.
Built from https://develop.svn.wordpress.org/trunk@37612
git-svn-id: http://core.svn.wordpress.org/trunk@37580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The logic for determining the appropriate character set and collation to use is becoming more complex, particularly with the recent additions of [37522] and [37523]. As `init_charset()` has side effects, and makes use of constants instead of parameters, it's not possible to unit test this logic.
This commit splits the logic part of `init_charset()` out into a new method, `wpdb::determine_charset()`, along with appropriate unit tests.
See #32105, #37522.
Fixes#36917.
Built from https://develop.svn.wordpress.org/trunk@37601
git-svn-id: http://core.svn.wordpress.org/trunk@37569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to [37572], arguments passed to `get_terms()` were passed immediately
through `wp_parse_args()`, which made it possible to pass arguments as a
querystring (`hide_empty=0`) rather than an array
(`array( 'hide_empty' => false )`). [37572] moved default argument parsing
into `WP_Term_Query`, while assuming that arguments passed to `get_terms()`
would be formatted as an array.
To provide compatibility, we now parse all args passed to `get_terms()` into
an array before processing.
See #35381.
Built from https://develop.svn.wordpress.org/trunk@37599
git-svn-id: http://core.svn.wordpress.org/trunk@37567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`CHAR` is redundant, since the `meta_value` column is `LONGTEXT`. Meanwhile,
use of `CAST()` causes MySQL to ignore any index that the administrator may
have added to the column.
A number of automated tests were doing searches for `CAST` in the SQL strings
generated by `WP_Meta_Query` (for reasons unrelated to the `CAST()` behavior).
These tests have been updated to expect the new query format.
Props ericlewis.
Fixes#36625.
Built from https://develop.svn.wordpress.org/trunk@37594
git-svn-id: http://core.svn.wordpress.org/trunk@37562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [37573], object relationship caches (`{$taxonomy}_relationships`)
contain term IDs rather than term objects. See #36814. As such, it's no longer
necessary to clear these caches when a term is updated; none of the data that's
changed on update (name, description, count, etc) is stored in the relationship
cache.
Fixes#36251.
Built from https://develop.svn.wordpress.org/trunk@37593
git-svn-id: http://core.svn.wordpress.org/trunk@37561 1a063a9b-81f0-0310-95a4-ce76da25c4cd