Commit Graph

29 Commits

Author SHA1 Message Date
whyisjake afc65069bb Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.0 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.0@47647


git-svn-id: http://core.svn.wordpress.org/branches/5.0@47422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:14:48 +00:00
whyisjake de7d42ed47 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/5.0@46492


git-svn-id: http://core.svn.wordpress.org/branches/5.0@46289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:26:51 +00:00
Gary Pendergast 0a164850fc Query: Remove nextpage block delimiters when setting up global post data.
`WP_Query::setup_postdata()` splits the post up by `<!--nextpage-->`, which causes invalid block data to be contained in the post content.

This change removes the `<!-- wp:nextpage -->` and `<!-- /wp:nextpage -->`, as well.

Props pento, youknowriad, azaozz, noisysocks.
See #45401.


Built from https://develop.svn.wordpress.org/branches/5.0@43940


git-svn-id: http://core.svn.wordpress.org/branches/5.0@43772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-11-23 00:42:45 +00:00
Aaron Jorbin f0fd88a7f5 Query: Fix warning on counting non countable
Merges [42581], [42585], and [42594] to the 4.9 branch.

Adds tests to continue the behavior for both null and strings. Skip the tests on PHP 5.2 as they require ReflectionMethod.

See https://wiki.php.net/rfc/counting_non_countables for information on the PHP change.

Fixes #42860.
Props dd32 for test skipping and janak007 and ayeshrajans for initial patches.

Built from https://develop.svn.wordpress.org/branches/4.9@42597


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-24 21:44:42 +00:00
John Blackbourn 4a16295dc5 Docs: Standardise the format used for documenting parameters passed by reference.
See #35974, #41017

Built from https://develop.svn.wordpress.org/trunk@41688


git-svn-id: http://core.svn.wordpress.org/trunk@41522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:14:46 +00:00
John Blackbourn 9fdbe6538e Docs: Remove `&` prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Drew Jaynes 0860bb2771 Docs: Remove `@access` notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
Drew Jaynes beb67c9512 Docs: Improve the DocBlock summary for `WP_Query::parse_orderby()`.
See #41017.

Built from https://develop.svn.wordpress.org/trunk@41042


git-svn-id: http://core.svn.wordpress.org/trunk@40892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-13 15:44:41 +00:00
Drew Jaynes e1a227cf11 Docs: Document usage of the `$wpdb` global in `WP_Query::parse_search()` and `WP_Query::parse_orderby()`.
Props avinapatel.
Fixes #41313.

Built from https://develop.svn.wordpress.org/trunk@41041


git-svn-id: http://core.svn.wordpress.org/trunk@40891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-13 15:42:44 +00:00
Boone Gorges 848bcf3b28 Introduce `$comment_count` param for `WP_Query`.
This parameter allows querying for posts with a specific value of
`comment_count`. It is also possible to query for posts that match
a `comment_count` comparison by passing an array with 'value' and
'compare' operators (eg `array( 'compare' => '>', 'value' => 5 )`).

Props ramon fincken.
Fixes #28399.
Built from https://develop.svn.wordpress.org/trunk@40978


git-svn-id: http://core.svn.wordpress.org/trunk@40828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 11:25:44 +00:00
Drew Jaynes 4b0e64aa8c Docs: Add missing `@since`, `@access`, and `@global` notations to the DocBlock for `WP_Query::parse_search_order()`.
Props dixitadusara.
Fixes #41045.

Built from https://develop.svn.wordpress.org/trunk@40972


git-svn-id: http://core.svn.wordpress.org/trunk@40822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-30 16:08:44 +00:00
Drew Jaynes af5b2ca7f5 Docs: Add more useful summaries to the DocBlocks for boolean `$is_*` properties in `WP_Query`.
Props megane9988 for the initial patch.
Fixes #34726.

Built from https://develop.svn.wordpress.org/trunk@40966


git-svn-id: http://core.svn.wordpress.org/trunk@40816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-30 03:44:46 +00:00
Boone Gorges 8951af8ebb Introduce `loop_no_results` action.
This action fires when a `WP_Query` query returns no results.

Props mgibbs189.
Props #40850.
Built from https://develop.svn.wordpress.org/trunk@40923


git-svn-id: http://core.svn.wordpress.org/trunk@40773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-23 01:55:44 +00:00
Sergey Biryukov 3abb3087df Docs: Correct parameter description for `posts_join` filter.
Props anhskohbo.
Fixes #40991.
Built from https://develop.svn.wordpress.org/trunk@40912


git-svn-id: http://core.svn.wordpress.org/trunk@40762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-15 12:46:41 +00:00
Sergey Biryukov 564d6a0c90 Docs: Update the description of `is_singular()` and `WP_Query::is_singular()` to be parsed correctly by developer.wordpress.org.
Props grapplerulrich.
Fixes #39948.
Built from https://develop.svn.wordpress.org/trunk@40103


git-svn-id: http://core.svn.wordpress.org/trunk@40040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 10:30:43 +00:00
Sergey Biryukov 9d7ea04936 I18N: Merge similar strings in `_deprecated_argument()` calls.
Add translator comments.

Props ramiy, SergeyBiryukov.
Fixes #39020.
Built from https://develop.svn.wordpress.org/trunk@40028


git-svn-id: http://core.svn.wordpress.org/trunk@39965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-29 11:50:41 +00:00
Dominik Schilling 85384297a6 Query: Ensure that queries work correctly with post type names with special characters.
Built from https://develop.svn.wordpress.org/trunk@39952


git-svn-id: http://core.svn.wordpress.org/trunk@39889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:33:45 +00:00
Boone Gorges af885f45cf Query: Improve documentation for `orderby=relevance` in `WP_Query`.
Props dots.
Fixes #39336.
Built from https://develop.svn.wordpress.org/trunk@39636


git-svn-id: http://core.svn.wordpress.org/trunk@39576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-23 02:31:41 +00:00
Boone Gorges 97fd5ae77c Docs: Correct param definition for `WP_Query::query()`.
Props Shelob9.
Fixes #38963.
Built from https://develop.svn.wordpress.org/trunk@39550


git-svn-id: http://core.svn.wordpress.org/trunk@39490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 16:23:42 +00:00
Drew Jaynes 568838bebd Docs: Update the DocBlock description for `WP_Query::is_single()` to mention that it works for any post types excluding pages.
Props ryankienstra.
Fixes #38225.

Built from https://develop.svn.wordpress.org/trunk@39052


git-svn-id: http://core.svn.wordpress.org/trunk@38994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:34:34 +00:00
Boone Gorges bcc26664ed Query: Allow the prefix used for search term exclusion to be filtered.
[38792] allowed `WP_Query`'s hyphen-as-exclusion-prefix feature to be
disabled via filter. A more general solution is to allow the prefix to
be filtered; returning an empty value from a filter callback works to
disable the feature.

Props dlh.
Fixes #38099.
Built from https://develop.svn.wordpress.org/trunk@38844


git-svn-id: http://core.svn.wordpress.org/trunk@38787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 18:42:29 +00:00
Boone Gorges 9783a3df6b Query: Allow the hyphen-prefix-for-search-exclusion feature to be disabled by filter.
WordPress 4.4 introduced "hyphen exclusion" for search terms, so that
"foo -bar" would return posts containing "foo" AND not containing "bar".
The new filter 'wp_query_use_hyphen_for_exclusion' allows developers
to disable this feature when it's known that their content will contain
semantically important leading hyphens.

Props chriseverson, choongsavvii.
Fixes #38099.
Built from https://develop.svn.wordpress.org/trunk@38792


git-svn-id: http://core.svn.wordpress.org/trunk@38735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-14 20:06:28 +00:00
Gary Pendergast af69f4ab1a General: Restore usage of `$wpdb`, instead of `$this->db`.
Hiding the `$wpdb` global behind a property decreases the readability of the code, as well as causing irrelevant output when dumping an object.

Reverts [38275], [38278], [38279], [38280], [38387].
See #37699.


Built from https://develop.svn.wordpress.org/trunk@38768


git-svn-id: http://core.svn.wordpress.org/trunk@38711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-10 06:38:31 +00:00
Boone Gorges 132f3d0d19 Query: Eliminate unnecessary `wp_list_filter()` call in `get_queried_object()`.
The refactor in [30711] swapped out the old `queries` property for the
new `queried_terms`, but should also have gotten rid of the now-
superfluous `wp_list_filter()` call.

Fixes #37962.
Built from https://develop.svn.wordpress.org/trunk@38586


git-svn-id: http://core.svn.wordpress.org/trunk@38529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-09 19:49:29 +00:00
Boone Gorges 163d59f8e1 Query: Avoid PHP notice in `get_queried_object()` when query contains `NOT EXISTS` tax query.
Props johnjamesjacoby.
See #37962.
Built from https://develop.svn.wordpress.org/trunk@38585


git-svn-id: http://core.svn.wordpress.org/trunk@38528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-09 19:37:38 +00:00
Dion Hulse 227a80eba3 Query: Use `AND` in a SQL query rather than `&&`.
This appears to have been the only instance of `&&` being used in SQL, so for consistency lets remove it.

Props scrappy@hub.org.
Fixes #37903.

Built from https://develop.svn.wordpress.org/trunk@38491


git-svn-id: http://core.svn.wordpress.org/trunk@38432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-01 05:11:31 +00:00
Scott Taylor af71985625 Query: r38356, you were not long for this world.
Fixes #37830.

Built from https://develop.svn.wordpress.org/trunk@38471


git-svn-id: http://core.svn.wordpress.org/trunk@38412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:53:29 +00:00
Scott Taylor faccc617fb Query: collapse several of the `is_*` methods using `__call()`. Add `@method` annotations.
Fixes #37830.

Built from https://develop.svn.wordpress.org/trunk@38356


git-svn-id: http://core.svn.wordpress.org/trunk@38297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 19:42:43 +00:00
Scott Taylor d5f28fdad8 Query: move `WP_Query` into its own file via `svn cp`.
See #37827.

Built from https://develop.svn.wordpress.org/trunk@38351


git-svn-id: http://core.svn.wordpress.org/trunk@38292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 17:20:38 +00:00