Commit Graph

2852 Commits

Author SHA1 Message Date
desrosj 779a2144fc Build/Test Tools: Correct JavaScript files in the 4.4 branch.
In [46498], some JavaScript files were unintentionally changed. This restores those files to their correct state.

Partially reverts [46498].
See #52367.
Built from https://develop.svn.wordpress.org/branches/4.4@50018


git-svn-id: http://core.svn.wordpress.org/branches/4.4@49719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-25 20:15:21 +00:00
whyisjake 9a0b89f7a8 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@46498


git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:09:23 +00:00
Dion Hulse e462191652 External Libraries: Remove unnecessary / obsoleted MediaElement.js files.
Merges [42478] to the 4.4 branch.
Fixes #42720 for 4.4.

Built from https://develop.svn.wordpress.org/branches/4.4@42482


git-svn-id: http://core.svn.wordpress.org/branches/4.4@42311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-16 08:09:32 +00:00
Dominik Schilling 2603a8b4d6 TinyMCE: Improve the previews for shortcodes.
Merge of [41395] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@41439


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 12:43:37 +00:00
Dominik Schilling 6b08998219 Editor: Prevent adding `javascript:` and `data:` URLs through the inline link dialog.
Merge of [41393] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@41404


git-svn-id: http://core.svn.wordpress.org/branches/4.4@41237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:18:31 +00:00
Pascal Birchler 9f7f4e5848 Media: Simplify upload error message construction.
Merges [40736] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40740


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 18:03:01 +00:00
Nikolay Bachiyski f3907c1da9 External Libraries: Update plupload from upstream
Built from https://develop.svn.wordpress.org/branches/4.4@37381


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 18:00:51 +00:00
Dominik Schilling b1e244d828 External Libraries: Update MediaElement.js from upstream.
Merge of [37370] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37372


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-06 17:53:28 +00:00
Pascal Birchler eb51235b19 Embeds: Improve how iframes are loaded after being initially hidden.
Use a more accessible way to initially hide the iframe. After that, only display an iframe when it was successfully loaded.

Merge of [36648] and [36708] to the 4.4 branch.

Fixes #35894.
Built from https://develop.svn.wordpress.org/branches/4.4@37093


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 10:57:27 +00:00
Gary Pendergast 3331f83d78 Emoji: Fix the diversity emoji check in Safari.
When the browser test for diversity emoji was added in [36160], it included a workaround for Chrome not being able to compare Uint8ClampedArray objects directly, by converting them to a string. Unfortunately, Safari doesn't support the Uint8ClampedArray.toString() method correctly, so the test was incorrectly failing in Safari.

Merge of [37028] to the 4.4 branch.

Fixes #36266.

Built from https://develop.svn.wordpress.org/branches/4.4@37090


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:19:28 +00:00
Gary Pendergast f9fa129053 Emoji: Add some extra IE11 compatibility.
IE 11's implementation of MutationObserver is buggy. It unnecessarily splits text nodes when it encounters a HTML template interpolation symbol ( "{{", for example ). So, we join the text nodes back together as a work-around.

Merge of [36817] and [36981] to the 4.4 branch.

Fixes #35977.


Built from https://develop.svn.wordpress.org/branches/4.4@37089


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-29 02:02:51 +00:00
Dion Hulse 487580f7c4 Emoji: Work around a `mod_security` rule which prevents pages with 4 or more instances of `String.fromCharCode(` from being served.
Merges [36359] to the 4.4 branch.
Fixes #35412.

Built from https://develop.svn.wordpress.org/branches/4.4@36410


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-27 10:11:28 +00:00
Andrew Ozz c9c10c4752 Media: when inserting an attachment in the editor and it is not an image, ensure the link is set to something else than `none`.
Props eherman24, azaozz.
Fixes #35153 for 4.4.1.
Built from https://develop.svn.wordpress.org/branches/4.4@36167


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-04 00:41:26 +00:00
Gary Pendergast 410109ca49 Emoji: Add Emoji Diversity support, and fall back to twemoji if the browser doesn't support diverse emoji.
Merge of [36126] and [36160] to the 4.4 branch.

See #33592.


Built from https://develop.svn.wordpress.org/branches/4.4@36161


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 04:42:23 +00:00
Dion Hulse a048514d43 Admin: fix repositioning of notices when the first header is not an immediate children of `.wrap`.
Merges [36134] to the 4.4 branch.
Props afercia, DvanKooten.
Fixes #35047.

Built from https://develop.svn.wordpress.org/branches/4.4@36144


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:32:23 +00:00
Andrew Nacin 9834e9993a Embeds: Enforce, via unit tests, the no-ampersand rule for wp-embed.js.
fixes #34698.

Built from https://develop.svn.wordpress.org/trunk@35762


git-svn-id: http://core.svn.wordpress.org/trunk@35726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 05:46:25 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Andrew Ozz 50a5fbb269 Editor: remove wpLink dependency on jQuery UI.
Props afercia.
Fixes #34716.
Built from https://develop.svn.wordpress.org/trunk@35728


git-svn-id: http://core.svn.wordpress.org/trunk@35692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:27:26 +00:00
Gary Pendergast 603d3c0013 Embeds: Remove `&` characters from the inline embed JS.
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.

Props pento, peterwilsoncc.

See #34698.


Built from https://develop.svn.wordpress.org/trunk@35708


git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 23:06:26 +00:00
Scott Taylor f1d0763785 Comments: after [35593], extend support to IE8 and improve checking for elements hidden with CSS
Props afercia.
Fixes #29974.

Built from https://develop.svn.wordpress.org/trunk@35675


git-svn-id: http://core.svn.wordpress.org/trunk@35639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:15:28 +00:00
Ella Iseulde Van Dorpe 72f09b29df TinyMCE 4.2.8 update
Changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=view&pr_id=1&vr_id=889

(No plugin, theme, skin or test changes)

Fixes #34671 and #34720.

Built from https://develop.svn.wordpress.org/trunk@35658


git-svn-id: http://core.svn.wordpress.org/trunk@35622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 23:19:01 +00:00
Gary Pendergast 9974c9b18d Emoji: Ensure twemoji kicks in on certain DOM mutations.
Twemoji will replace the `img` with the emoji character, in the event that the image fails to load. We deliberately avoid trying to change that emoji character when it's changed back. We do need to replace emoji characters that are changed by something other than Twemoji, which this rectifies.

Fixes #34640.


Built from https://develop.svn.wordpress.org/trunk@35637


git-svn-id: http://core.svn.wordpress.org/trunk@35601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-14 09:52:29 +00:00
Gary Pendergast 6381e168b7 Pinking Shears: Remove some errant non-breaking spaces from a few JavaScript files.
Props francoisb.

Fixes #34658.


Built from https://develop.svn.wordpress.org/trunk@35627


git-svn-id: http://core.svn.wordpress.org/trunk@35591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-12 12:04:27 +00:00
Andrew Ozz 7e1c68ea78 TinyMCE:
- Fix the inline toolbar on images in iOS, move it out of the way so the default inline toolbar is not over it.
- Fix selecting images on touch in the editor (iOS Safari fails to select them most of the time).

Fixes #34557.
Built from https://develop.svn.wordpress.org/trunk@35607


git-svn-id: http://core.svn.wordpress.org/trunk@35571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-11 03:27:25 +00:00
Gary Pendergast d3f30288e9 Emoji: Use twemoji in browsers that don't support Unicode 8 emoji.
Some less advanced browsers are yet to add support for the important advances made in Unicode 8. Let's make ensure that their users can experience emoji in their full glory.

See #33592.


Built from https://develop.svn.wordpress.org/trunk@35606


git-svn-id: http://core.svn.wordpress.org/trunk@35570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-11 02:25:25 +00:00
Andrew Ozz 93fa052e49 TinyMCE: prevent resize handles in newer IE when inserting a wpView.
Fixes #29400.
Built from https://develop.svn.wordpress.org/trunk@35602


git-svn-id: http://core.svn.wordpress.org/trunk@35566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 19:33:26 +00:00
Andrew Ozz 8b3c5fb300 TinyMCE: always remove trailing `<br>` added by WebKit browsers to the clipboard.
Fixes #34642.
Built from https://develop.svn.wordpress.org/trunk@35597


git-svn-id: http://core.svn.wordpress.org/trunk@35561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 04:32:25 +00:00
Gary Pendergast 1f24f52673 Emoji: Add some new flags, and a handful from Unicode 8.0.
Including the following that should be used as often as possible:

U+1F1E6 U+1F1FA Flag for Australia
U+1F3CF Cricket Bat and Ball
U+1F32F Burrito

See #33592.


Built from https://develop.svn.wordpress.org/trunk@35596


git-svn-id: http://core.svn.wordpress.org/trunk@35560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 03:35:25 +00:00
Andrea Fercia e6e4496822 Comments: in `comment_form()` when replying to a comment ensure to set focus on the first focusable form element, regardless of what that form element is.
Props azaozz.
See #29974.
Built from https://develop.svn.wordpress.org/trunk@35593


git-svn-id: http://core.svn.wordpress.org/trunk@35557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 00:43:26 +00:00
Andrew Ozz 42a955a89b TinyMCE: update the keyboard shortcuts for the link dialog in the `wplink` plugin. Fixes Ctrl + Alt + A on MacOS.
Fixes #34636.
Built from https://develop.svn.wordpress.org/trunk@35589


git-svn-id: http://core.svn.wordpress.org/trunk@35553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 21:32:28 +00:00
Gary Pendergast a2349a2377 Embeds: Fix support for embedding in non-WordPress sites.
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.

Props swissspidy.

Fixes #34451.


Built from https://develop.svn.wordpress.org/trunk@35577


git-svn-id: http://core.svn.wordpress.org/trunk@35541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:08:27 +00:00
Andrew Ozz 9fb7dcc30d TinyMCE: update to 4.2.7. Changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=view&pr_id=1&vr_id=888
Fixes #34620.
Built from https://develop.svn.wordpress.org/trunk@35574


git-svn-id: http://core.svn.wordpress.org/trunk@35538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-08 02:32:26 +00:00
Scott Taylor 175064637f Administration: when hiding the login modal and unbind the auth check, also unbind the heartbeat auth check.
Props nofearinc.
Fixes #28962.

Built from https://develop.svn.wordpress.org/trunk@35568


git-svn-id: http://core.svn.wordpress.org/trunk@35532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 16:22:25 +00:00
Scott Taylor e649fabb6a Accessibility: add missing `alt` attributes to a gaggle of `<img>`s.
Props afercia.
Fixes #34583.

Built from https://develop.svn.wordpress.org/trunk@35567


git-svn-id: http://core.svn.wordpress.org/trunk@35531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 16:12:27 +00:00
Dominik Schilling a3d58b3fbe Build Tools: Update the `preserveComments` option for `uglify:jqueryui`.
Uglify2 doesn't support the value "some" anymore. Replace it with the `/^!/` regex which produces the same output as before.

See https://build.trac.wordpress.org/changeset/35502 and https://build.trac.wordpress.org/changeset/35528.
Fixes #34177.
Built from https://develop.svn.wordpress.org/trunk@35564


git-svn-id: http://core.svn.wordpress.org/trunk@35528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 12:37:26 +00:00
Aaron Jorbin d60ca2f758 Bump grunt-contrib-uglify to 0.10.0
This includes an update to the underlying version of uglify which causes all of the JS to be modified.

See #34177


Built from https://develop.svn.wordpress.org/trunk@35538


git-svn-id: http://core.svn.wordpress.org/trunk@35502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-05 17:47:30 +00:00
Andrea Fercia d7485cf10b WP oEmbed: Improve the Sharing dialog accessibility.
Improves ARIA attributes, focus handling, and constrains tabbing within the modal dialog.

Fixes #34484.
Built from https://develop.svn.wordpress.org/trunk@35492


git-svn-id: http://core.svn.wordpress.org/trunk@35456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-03 15:49:27 +00:00
Scott Taylor 382d455235 WP oEmbed: Improve height attribute sanitization
Props afercia, swissspidy.
Fixes #34527.

Built from https://develop.svn.wordpress.org/trunk@35478


git-svn-id: http://core.svn.wordpress.org/trunk@35442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:39:25 +00:00
Gary Pendergast 21393df10e Embeds: Add fallbacks for IE7-9.
Older IE versions need just that little bit of extra tender care to keep them going.

Props peterwilsoncc, swissspidy, pento.

Fixes #34204.


Built from https://develop.svn.wordpress.org/trunk@35466


git-svn-id: http://core.svn.wordpress.org/trunk@35430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 04:38:25 +00:00
Gary Pendergast 368e5f9fc3 Embeds: Provide a cached text fallback.
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.

Fixes #34462.


Built from https://develop.svn.wordpress.org/trunk@35437


git-svn-id: http://core.svn.wordpress.org/trunk@35401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 23:11:24 +00:00
Scott Taylor f507751a40 Thickbox: spinner should disappear when loading is done.
Props niklasbr, afercia.
Fixes #33311.

Built from https://develop.svn.wordpress.org/trunk@35418


git-svn-id: http://core.svn.wordpress.org/trunk@35382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-28 18:19:26 +00:00
Sergey Biryukov ae58f104cb Embeds: Rename TinyMCE `wpoembed` plugin to `wpembed`.
Props swissspidy.
Fixes #34272.
Built from https://develop.svn.wordpress.org/trunk@35397


git-svn-id: http://core.svn.wordpress.org/trunk@35361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-26 14:50:26 +00:00
Andrea Fercia 930a688e17 Customizer: remove the `title` attribute from the Preview html element while loading.
Props mehulkaklotar.

Fixes #33250.
Built from https://develop.svn.wordpress.org/trunk@35391


git-svn-id: http://core.svn.wordpress.org/trunk@35355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-25 15:14:26 +00:00
Andrew Ozz 4cdddd401a TinyMCE:
- Sanitize and render HTML in captions when showing a gallery preview (wpView).
- Encode/escape HTML entered in the text field in the wpLink dialog.

Props iseulde, kraftbj, jnylen0, shawarkhan.
Fixes #32616.
Built from https://develop.svn.wordpress.org/trunk@35341


git-svn-id: http://core.svn.wordpress.org/trunk@35307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:38:26 +00:00
Helen Hou-Sandí 28c77bec72 RIP `#21759b`, the old WordPress Blue.
The final lingering instances were all for hidden accessibility helper text.

fixes #34388.

Built from https://develop.svn.wordpress.org/trunk@35340


git-svn-id: http://core.svn.wordpress.org/trunk@35306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 18:36:28 +00:00
Andrew Ozz 3451251548 TinyMCE: update to 4.2.6. Changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=view&pr_id=1&vr_id=887.
Fixes #34331.
Built from https://develop.svn.wordpress.org/trunk@35306


git-svn-id: http://core.svn.wordpress.org/trunk@35272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 22:06:24 +00:00
Ella Iseulde Van Dorpe 9845e08340 TinyMCE: Drag and drop link with image
Make sure images don't loose their link after drag and drop.

Fixes #28272.

Built from https://develop.svn.wordpress.org/trunk@35261


git-svn-id: http://core.svn.wordpress.org/trunk@35227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-18 11:05:23 +00:00
Ella Iseulde Van Dorpe 47e364de42 Admin: fix repositioning notices
Fixes #34294.
Props afercia.

Built from https://develop.svn.wordpress.org/trunk@35238


git-svn-id: http://core.svn.wordpress.org/trunk@35204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 07:04:26 +00:00
Sergey Biryukov a908d2d4b1 Embeds: Rename files, functions, and hooks added in [34903] to make it more clear what is oEmbed-specific and what isn't.
See https://core.trac.wordpress.org/ticket/34272#comment:7 for full list of renamed functions and hooks.

Props swissspidy.
Fixes #34272.
Built from https://develop.svn.wordpress.org/trunk@35235


git-svn-id: http://core.svn.wordpress.org/trunk@35201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 01:21:25 +00:00
Ella Iseulde Van Dorpe bafdd96ebf TinyMCE: add lang attribute
This is needed to make `hyphens: auto;` work correctly.

Fixes #32555.

Built from https://develop.svn.wordpress.org/trunk@35217


git-svn-id: http://core.svn.wordpress.org/trunk@35183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-16 10:11:27 +00:00