Post Passwords are incredibly inflexible. One Password per site at a time and other limitations that can't really be changed without a backwards compatibility break. This adds the ability for sites to change the password behavior such as doing per post passwords or allowing multiple passwords to be set in a browser. The possibilities are YUGE.
Additionally, it allows for a behavior other than returning a html form when a password is needed. This is important for non website use cases (such as in a restful API).
Fixes#38056. See #16483.
Props rmccue.
Built from https://develop.svn.wordpress.org/trunk@38603
git-svn-id: http://core.svn.wordpress.org/trunk@38546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.
Props websupporter, rmccue.
Fixes#37560.
Built from https://develop.svn.wordpress.org/trunk@38601
git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38592] changed the behaviour of `wpautop()` , so it's nice to change `autop()` to match.
Interestingly, this change isn't necessary for the functionality to work - #4857 didn't affect content that had been run through `autop()` at some point, as `autop()` would add a single line break before block elements, then `wpautop()` would later add a second line break, making it work correctly.
Props nacin for finding out about [38592] on Twitter, and DMing me to remind me to review `autop()`.
See #4857.
Built from https://develop.svn.wordpress.org/trunk@38594
git-svn-id: http://core.svn.wordpress.org/trunk@38537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wpautop()` considers double line breaks to be the separator between block level HTML elements. By adding two line breaks before a block element, this allows us to process the text before a block element correctly.
Fixes#4857.
Built from https://develop.svn.wordpress.org/trunk@38592
git-svn-id: http://core.svn.wordpress.org/trunk@38535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Longer passwords and passphrases are much more common than when post passwords were introduced all those eons ago, so let's increase the length of the `post_password` field from 20 to 255 characters.
The password will continue to be stored in plaintext, as the ability for the post author to view the password is a commonly used feature.
Trivia: this was the last 3 digit Trac ticket to be closed.
Props skippy, nazgul, iandunn, adamsilverstein, pento.
Fixes#881.
Built from https://develop.svn.wordpress.org/trunk@38590
git-svn-id: http://core.svn.wordpress.org/trunk@38533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To allow `plugin.php` to be loaded before the rest of WordPress is loaded, it cannot rely on WordPress constants, such as `ABSPATH` and `WPINC`.
Instead, we can assume that `class-wp-hook.php` will be in the same directory as `plugin.php`, so `dirname( __FILE__ )` will give us the correct path to load from.
Props pento, dd32.
Fixes#37707.
Built from https://develop.svn.wordpress.org/trunk@38589
git-svn-id: http://core.svn.wordpress.org/trunk@38532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `tests_add_filter()` helper function directly manipulates the `$wp_filter` global, instead of using `add_filter()`. We can use `add_filter()` when it's available, and fall back to manipulating `$wp_filter` when it isn't, relying on the `$wp_filter` bootstrap code at the top of `plugin.php` to handle conversion.
Props boonebgorges, dd32 and pento: WordPress Thought Leadership Triumvirate.
Fixes#17817.
Built from https://develop.svn.wordpress.org/trunk@38582
git-svn-id: http://core.svn.wordpress.org/trunk@38525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, `DB_CHARSET` will be set to `utf8mb4`, even if the current setup doesn't support `utf8mb4`. After [38442], this can cause significant character set failures, causing the connection to fall back to `latin1`.
Instead of doing this, we now check that the connection supports `utf8mb4` before trying to use it, and fall back to `utf8` when we need to.
Fixes#37982 for trunk.
Built from https://develop.svn.wordpress.org/trunk@38580
git-svn-id: http://core.svn.wordpress.org/trunk@38523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The most useful function this introduces is `get_theme_file_uri()`, which returns the URL to the specified file in the child theme if it exists, and falls back to the URL to the specified file in the parent theme. This allows parent themes to reference files (including enqueuing CSS and JavaScript files) that can be overridden by the child theme simply by existing.
This change also introduces `get_theme_file_path()`, which is the file path equivalent of `get_theme_file_uri()`.
Finally, `get_parent_theme_file_uri()` and `get_parent_theme_file_path()` are also introduced, which allow a theme to specifically reference a file URL or file path in the parent theme. These can be used as replacements for `get_template_directory_uri()` and `get_template_directory()` respectively, for consistency.
Props johnbillion, georgestephanis, gma992.
Fixes#18302
Built from https://develop.svn.wordpress.org/trunk@38578
git-svn-id: http://core.svn.wordpress.org/trunk@38521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Filters and actions have been the basis of WordPress' plugin functionality since time immemorial, they've always been a reliable method for acting upon the current state of WordPress, and will continue to be so.
Over the years, however, edge cases have cropped up. Particularly when it comes to recursively executing hooks, or a hook adding and removing itself, the existing implementation struggled to keep up with more complex use cases.
And so, we introduce `WP_Hook`. By changing `$wp_filter` from an array of arrays, to an array of objects, we reduce the complexity of the hook handling code, as the processing code (see `::apply_filters()`) only needs to be aware of itself, rather than the state of all hooks. At the same time, we're able te handle more complex use cases, as the object can more easily keep track of its own state than an array ever could.
Props jbrinley for the original architecture and design of this patch.
Props SergeyBiryukov, cheeserolls, Denis-de-Bernardy, leewillis77, wonderboymusic, nacin, jorbin, DrewAPicture, ocean90, dougwollison, khag7, pento, noplanman and aaroncampbell for their testing, suggestions, contributions, patch maintenance, cajoling and patience as we got through this.
Fixes#17817.
Built from https://develop.svn.wordpress.org/trunk@38571
git-svn-id: http://core.svn.wordpress.org/trunk@38514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an `item_spacing` option to the arguments array for the functions `wp_nav_menu()`, `wp_list_pages()`, and `wp_page_menu()`. `item_spacing` is a boolean accepting either `preserve` or `discard`.
Previously, certain CSS choices could result in a site's layout changing if `wp_nav_menu()` fell back to the default `wp_list_pages()` due to differences in the whitespace within the HTML. The new argument ensures a function outputs consistant HTML while maintaining backward compatibility.
Fixes#35206.
Built from https://develop.svn.wordpress.org/trunk@38523
git-svn-id: http://core.svn.wordpress.org/trunk@38464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Customizer and Theme Installer open in full overlays that need to receive
focus. Also, keyboard navigation should be constrained within the overlays. Using
CSS `visibility` to hide all the content except the overlays, makes them the only
available and focusable content and allows browsers to handle focus natively.
See #29158.
Fixes#33228, #27705.
Built from https://develop.svn.wordpress.org/trunk@38520
git-svn-id: http://core.svn.wordpress.org/trunk@38461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, update the `$message` parameter description in the DocBlock for `wp_die()` to make it explicitly clear messages derived from a passed `WP_Error` object will only be evaluated if not performing an Ajax or XML-RPC request (as both default handlers completely ignore `WP_Error` object messages).
See #37770.
Built from https://develop.svn.wordpress.org/trunk@38518
git-svn-id: http://core.svn.wordpress.org/trunk@38459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_network()` was converted into a wrapper for `get_network()` in 4.6.0 and can now be deprecated.
This moves `wp_get_network()` to the bottom of `ms-load.php` as `ms-deprecated.php` is not available early enough.
Props PieWP, flixos90.
Fixes#37553.
Built from https://develop.svn.wordpress.org/trunk@38515
git-svn-id: http://core.svn.wordpress.org/trunk@38456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminates the server mutating the a `WP_Error`'s `$error_data` to merge-in a `$from_server` flag (since it may not be an array to begin with). Instead it defers to the client to add a `fromServer` param on any `Notification` instances created from server-sent errors.
* Ensures that notifications will be re-rendered if a notification's `message` changes but the `data` and `type` remain the same.
* Adds explicit support for the `Notification` class to have a `setting` property, ensuring that the property is set whereas previously it was dropped.
Fixes#37890.
Props westonruter, dlh.
Built from https://develop.svn.wordpress.org/trunk@38513
git-svn-id: http://core.svn.wordpress.org/trunk@38454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove the manual flag for HTTPS support and replace it with a simple check on the URL format.
* Ensure `testOembedTestsCoverAllProviders()` actually fails when a new provider is added without a corresponding test.
See #32360
Built from https://develop.svn.wordpress.org/trunk@38512
git-svn-id: http://core.svn.wordpress.org/trunk@38453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wpdb::get_table_from_query()` would not find the correct table name in the query `DELETE a FROM table a`, due to not recognising the table alias immediately after the `DELETE` as correct syntax.
Fixes#37660.
Built from https://develop.svn.wordpress.org/trunk@38507
git-svn-id: http://core.svn.wordpress.org/trunk@38448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Links within lines or blocks of text should always be underlined since they can't
rely on color alone to be distinguished from the surrounding text. Exceptions
can be handled on a case-by-case basis.
Props Presskopp for the initial patch.
Fixes#37527.
Built from https://develop.svn.wordpress.org/trunk@38503
git-svn-id: http://core.svn.wordpress.org/trunk@38444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The third parameter of `date_i18n` is a bool. Currently, it's a weak check, otherwise the call showing the universal time on the "General Settings" screen would be messed up. Use an actual bool so we call our own functions correctly.
Fixes#37634.
Props fronaldaraujo.
Built from https://develop.svn.wordpress.org/trunk@38502
git-svn-id: http://core.svn.wordpress.org/trunk@38443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38364], the inclusion of `class-wp-locale.php` was changed from a `require_once()` to a `require()`. This caused problems for anything that called `load_text_domain_early()` prior to the `require()` but didn't bail, as it was now being `require()`-ed a second time.
With the use of `require_once()`, it doesn't really matter where it's loaded, so it has been moved next to the related `l10n.php` load.
See #37827.
Built from https://develop.svn.wordpress.org/trunk@38496
git-svn-id: http://core.svn.wordpress.org/trunk@38437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a customizer construct (panel, section, control) is not added in PHP, the JS has interpreted this to mean that a given construct should be deactivated (because it is gone). This is problematic for dynamically-created constructs in JS, as it has meant that the construct would also have to be created in PHP to ensure the `active` callback is called, or else a hack would be required to add a `construct.active.validate = function() { return true };` to forcibly prevent the construct from getting deactivated.
These workarounds can be eliminated by treating constructs differently when they are created dynamically in JS (after page load) as opposed to being created statically in PHP (on the server). Namely, if a construct is dynamically-created then its absence in a preview refresh should not signal that the construct should be deactivated. Rather, a dynamic construct should only have its activation state toggled if it has a corresponding construct created in PHP when the preview refreshes to explicitly indicate its `active` state. Otherwise, the management of the `active` state for a construct created in JS should also be the responsibility of client-side code.
Props westonruter, sayedwp.
Fixes#37270.
Built from https://develop.svn.wordpress.org/trunk@38464
git-svn-id: http://core.svn.wordpress.org/trunk@38405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This private query var allows the hierarchical page query on the Pages listing screen to query for `wp_posts.ID, wp_posts.post_parent` instead of `wp_posts.*`. This introduces large memory and time savings when the site contains a large number of Pages. Combined with the processing time savings introduced in [31730] this makes the Pages listing screen considerably more performant.
Fixes#34982
Props rodrigosprimo
Built from https://develop.svn.wordpress.org/trunk@38451
git-svn-id: http://core.svn.wordpress.org/trunk@38392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The SQL query was built using the clauses compiled when querying for
top-level comments. But in cases where the top-level comment query
results are already in the cache, the SQL clauses are not built, and
so are unavailable for `fill_descendants()`. Instead, we call
`get_comments()`, using modified versions of the parameters passed
to the main `WP_Comment_Query` class.
Props Akeif, Rarst for testing.
Fixes#37696.
Built from https://develop.svn.wordpress.org/trunk@38446
git-svn-id: http://core.svn.wordpress.org/trunk@38387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37320] corrected some behaviour in how PHP and MySQL character sets are matched up. This was correct, but had the side effect of causing some incorrectly configured sites to start failing.
Prior to [37320], if `DB_CHARSET` was set to `utf8mb4`, but the PHP version didn't support `utf8mb4`, it would fall back to the default character set - usually `latin1`. After [37320], the `SET NAMES` query would force MySQL to treat the connection character set as `utf8mb4`, even if PHP wasn't able to understand it.
By checking if `mysqli_set_charset()` succeeded, we can simulate the old behaviour, while maintaining the fix in [37320].
Props danielkanchev fo helping to diagnose this issue.
Fixes#37689 for trunk.
Built from https://develop.svn.wordpress.org/trunk@38441
git-svn-id: http://core.svn.wordpress.org/trunk@38382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Running the taxonomy array through `array_unique()` is unnecessary
when the function returns objects, because the associative keys already
ensure uniqueness.
This also fixes a bug when running `get_attachment_taxonomies()` in
HHVM, which doesn't like casting objects to strings for the purposes
of `array_unique()`.
Props swissspidy.
See #37368.
Built from https://develop.svn.wordpress.org/trunk@38437
git-svn-id: http://core.svn.wordpress.org/trunk@38378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the ability to create stubs for the various post types to add to a given menu. This eliminates the need to leave the customizer to first create the post in the admin and then return to managing menus. Only the title of the newly-created post can be supplied; the post content will be blank and will need to be provided in the normal edit post screen outside the customizer, unless a plugin enables a post editing in the customizer experience. When a post is created and added to a nav menu in the customizer, the newly created post that is added to a menu is given the `auto-draft` status, and if the changes are not published, the `auto-draft` post will be automatically deleted within 7 days via `wp_delete_auto_drafts()`. However, if the customizer changes are saved, then these nav menu item `auto-draft` post stubs will be transitioned to `publish`.
Includes portions of code from the Customize Posts <https://github.com/xwp/wp-customize-posts> and Front-end Editor <https://github.com/iseulde/wp-front-end-editor> plugins.
For more information, see https://make.wordpress.org/core/2016/06/16/feature-proposal-content-authorship-in-menus-with-live-preview/
Props celloexpressions, westonruter, valendesigns, afercia, melchoyce, mapk, iseulde, mrahmadawais.
Fixes#34923.
Built from https://develop.svn.wordpress.org/trunk@38436
git-svn-id: http://core.svn.wordpress.org/trunk@38377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures `_wp_preview_post_thumbnail_filter()`
is only applied if the `$post_id` of the post meta being filtered is
equal to the post or page being previewed.
Props swisspidy, joemcgill.
Fixes#37697.
Built from https://develop.svn.wordpress.org/trunk@38433
git-svn-id: http://core.svn.wordpress.org/trunk@38374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.
Props ionutst, gitlost.
Fixes#37731.
Built from https://develop.svn.wordpress.org/trunk@38415
git-svn-id: http://core.svn.wordpress.org/trunk@38356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The following files have been added to `svn:ignore` already as they are not compatible with PHP 5.2:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38401
git-svn-id: http://core.svn.wordpress.org/trunk@38342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress always* passes $args to filters as an array of arugments. A exception is made in `wp_nav_menu()` and the associated walker where these are passed to filters as an object, this has been the case for seven years (since [13368]).
These new tests enforce the use of an object in these filters to ensure backward compatibility is maintained.
See #24587.
Built from https://develop.svn.wordpress.org/trunk@38400
git-svn-id: http://core.svn.wordpress.org/trunk@38341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38399
git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Automatically delete objects that we were created during `wpSetUpBeforeClass` - posts, comments, terms (except 1), and user (except 1)
* The amount of leftover data between tests was breathtaking - use the new function: `_delete_all_data()`
* Commit database transactions for all `TestCase`s, not just those that implement `wpSetUpBeforeClass` and `wpTearDownAfterClass`
* The tests run 10-20 seconds faster now
See #37699.
Built from https://develop.svn.wordpress.org/trunk@38398
git-svn-id: http://core.svn.wordpress.org/trunk@38339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a `{$type}_template_hierarchy` filter that allows the hierarchy of candidate template filenames for a given template type to be filtered.
This allows the hierarchy to be added to or altered completely without resorting to re-building the hierarchy from scratch within the `template_include` filter, which is common and prone to conflicts between plugins and prone to getting out of sync with core's hierarchy.
Fixes#14310
Built from https://develop.svn.wordpress.org/trunk@38385
git-svn-id: http://core.svn.wordpress.org/trunk@38326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To fiddle around with what it does, run `composer install` from the project root. If you do not have Composer installed:
https://getcomposer.org/doc/00-intro.md#locally
tl;dr for Mac/Homebrew users: `brew install composer`
Classes from `wp-includes` and `wp-admin` are eligible for autoloading via `autoload.classmap`. Through a tornado of recent commits, many unsuitable files have been transitioned into a more acceptable state for autoloading: 1 file per class, no side effects.
The file bootstrap in `wp-settings.php` can transition into `autoload.files`. This will be done with care and attention.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38384
git-svn-id: http://core.svn.wordpress.org/trunk@38325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change defaults to using HTTPS endpoints for oEmbeds for those providers that have full HTTPS support and don't redirect back to HTTP when clicking through from the embed. It covers:
* Vimeo
* SmugMug
* Scribd
* WordPress.tv
* SoundCloud
* Meetup
* issuu
* Mixcloud
* TED
See #28507
Built from https://develop.svn.wordpress.org/trunk@38366
git-svn-id: http://core.svn.wordpress.org/trunk@38307 1a063a9b-81f0-0310-95a4-ce76da25c4cd