Commit Graph

36001 Commits

Author SHA1 Message Date
Gary Pendergast 7d9b5b14b5 Libraries: Update zxcvbn from version 1.0 to 4.4.1
This includes masses of bug fixes, as well as tweaks to how passwords are scored.

QUnit tests have been updated to reflect tha scoring changes.

Full changelog: https://github.com/dropbox/zxcvbn/compare/v1.0...v4.4.1

Fixes #31647.


Built from https://develop.svn.wordpress.org/trunk@39596


git-svn-id: http://core.svn.wordpress.org/trunk@39536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 11:23:42 +00:00
James Nylen d7ab7fdf5a REST API: Do not include the `password` argument when getting media items
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Fixes #38977.

Built from https://develop.svn.wordpress.org/trunk@39595


git-svn-id: http://core.svn.wordpress.org/trunk@39535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:51:44 +00:00
James Nylen 0b599cce41 REST API: Do not error on empty JSON body
It's fairly common for clients to send `Content-Type: application/json` with an
empty body.  While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry.
Fixes #39150.

Built from https://develop.svn.wordpress.org/trunk@39594


git-svn-id: http://core.svn.wordpress.org/trunk@39534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:34:41 +00:00
Boone Gorges aa644128d6 Taxonomy: Use `get_term_link()` instead of `get_category_link()` in `get_term_parents_list()`.
`get_category_link()` is a wrapper for `get_term_link()`. Using the
unwrapped function makes more sense semantically (it's taxonomy-
agnostic) and it's also more parsimonious (the `WP_Error` check in
`get_category_link()` is redundant with similar checks just before
in `get_term_link()`).

Props keesiemeijer.
Fixes #17069.
Built from https://develop.svn.wordpress.org/trunk@39593


git-svn-id: http://core.svn.wordpress.org/trunk@39533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 02:57:41 +00:00
Ryan McCue 20aa5d7150 General: Correctly detect trailing newline when prepending.
We need to check that the final line is actually an artifact of explode(), not just an empty input string.

See #37082.

Built from https://develop.svn.wordpress.org/trunk@39592


git-svn-id: http://core.svn.wordpress.org/trunk@39532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 02:48:41 +00:00
Ryan McCue fbc00b31ef General: Remove most uses of create_function()
create_function() is equivalent to eval(), and most of our uses can be refactored. This is simpler, more secure, and slightly more performant.

Props sgolemon.
Fixes #37082.

Built from https://develop.svn.wordpress.org/trunk@39591


git-svn-id: http://core.svn.wordpress.org/trunk@39531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 01:49:39 +00:00
Felix Arntz 6e2d9af8b6 Tests: Use `wp_delete_user()` during teardown to delete a single site's user.
Fixes failing tests for `get_dashboard_url()`.

Fixes #39065.

Built from https://develop.svn.wordpress.org/trunk@39590


git-svn-id: http://core.svn.wordpress.org/trunk@39530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 23:18:40 +00:00
Felix Arntz d784b5552c Multisite: Replace `is_super_admin()` with `manage_network` in `get_dashboard_url()`.
Unit tests for `get_dashboard_url()` have been added.

Props iaaxpage.
Fixes #39065. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39589


git-svn-id: http://core.svn.wordpress.org/trunk@39529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 22:41:39 +00:00
Felix Arntz f704fc808a Multisite: Handle capability check for removing oneself via `map_meta_cap()`.
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39588


git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 21:42:42 +00:00
Konstantin Obenland ee36cf9214 Themes: Add missing square bracket in jQuery selector.
Fixes a bug in Safari where the UI wasn't updated after deleting a theme due to
the incomplete selector.

Props Hristo Sg.
Fixes #39246.

Built from https://develop.svn.wordpress.org/trunk@39586


git-svn-id: http://core.svn.wordpress.org/trunk@39526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 09:32:41 +00:00
Weston Ruter c9b863fc40 Customize: Prevent navigation in preview when clicking on child elements of preview links that have non-previewable URLs.
Fixes #39098.

Built from https://develop.svn.wordpress.org/trunk@39584


git-svn-id: http://core.svn.wordpress.org/trunk@39524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 08:09:41 +00:00
Dion Hulse 5edd9b03e7 Remove the WordPress version number from `readme.html`.
See #35554 

Built from https://develop.svn.wordpress.org/trunk@39583


git-svn-id: http://core.svn.wordpress.org/trunk@39523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 08:01:39 +00:00
Weston Ruter 8a89a50c69 Customize: Prevent edit shortcut from losing event handler after selective refresh.
Props sirbrillig.
See #27403.
Fixes #39100.

Built from https://develop.svn.wordpress.org/trunk@39581


git-svn-id: http://core.svn.wordpress.org/trunk@39521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 07:52:43 +00:00
Dion Hulse 0a349c9641 PDF Images: Avoid a PHP Warning when attempting to process a file without an extension.
Props chandrapatel for initial patch.
Fixes #39195.

Built from https://develop.svn.wordpress.org/trunk@39580


git-svn-id: http://core.svn.wordpress.org/trunk@39520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 06:19:41 +00:00
Dion Hulse 883689c816 Taxonomy: Restore the ability to use string-based `$args` in `wp_get_object_terms()`.
Props tyxla.
Fixes #39215

Built from https://develop.svn.wordpress.org/trunk@39578


git-svn-id: http://core.svn.wordpress.org/trunk@39518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 05:47:42 +00:00
Weston Ruter 826a0323a2 Build/Test Tools: Facilitate SVN and Git being co-located in the same directory.
Ignore .svn in .gitignore, and ignore .git in svn:ignore.

Fixes #39245.

Built from https://develop.svn.wordpress.org/trunk@39577


git-svn-id: http://core.svn.wordpress.org/trunk@39517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 05:12:44 +00:00
Dion Hulse bdf6087450 Bootstrap: Re-initialize any hooks added manually by `object-cache.php`.
Prior to 3.1 if a object cache dropin wanted to add actions, they needed to use `$wp_filter` directly.

Props jorbin.
Fixes #39132.

Built from https://develop.svn.wordpress.org/trunk@39565


git-svn-id: http://core.svn.wordpress.org/trunk@39505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 01:29:42 +00:00
Peter Wilson c21907ca1e Options: Prevent unnecessary SQL updates by `update_option`.
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.

This change compares the old and new values as serialized data to remove the resource ID from the comparison.

Props salcode, bradyvercher, peterwilsoncc.
Fixes #38903.

Built from https://develop.svn.wordpress.org/trunk@39564


git-svn-id: http://core.svn.wordpress.org/trunk@39504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-11 21:43:43 +00:00
Rachel Baker d054b9afba REST API: Allow schema sanitization_callback to be set to null to bypass fallback sanitization functions.
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.

Props kkoppenhaver, rachelbaker, jnylen0.
Fixes #39042.

Built from https://develop.svn.wordpress.org/trunk@39563


git-svn-id: http://core.svn.wordpress.org/trunk@39503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-11 21:26:43 +00:00
Weston Ruter 9669c60397 Customize: Fix ability to shift-click on placeholder/pre-saved nav menu items in preview to focus on corresponding control.
Fixes #39102.

Built from https://develop.svn.wordpress.org/trunk@39562


git-svn-id: http://core.svn.wordpress.org/trunk@39502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 23:47:41 +00:00
Weston Ruter 57830bf2be Customize: Deprecate `page_home` nav menu item starter content in favor of `home_link`; replace usage in Twenty Seventeen.
Props celloexpressions, westonruter.
Amends [38991].
See #38615, #38114.
Fixes #39104.

Built from https://develop.svn.wordpress.org/trunk@39561


git-svn-id: http://core.svn.wordpress.org/trunk@39501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 23:39:43 +00:00
Weston Ruter a366e58135 Customize: Trim whitespace for URLs supplied for `external_header_video` to prevent `esc_url_raw()` from making them invalid.
Props tyxla.
See #38172.
Fixes #39125.

Built from https://develop.svn.wordpress.org/trunk@39560


git-svn-id: http://core.svn.wordpress.org/trunk@39500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 07:00:45 +00:00
Weston Ruter 6527c24ab1 Customize: Prevent single quotes (apostrophes) in `custom_css` values from unexpectedly causing false positives for unbalanced character validation errors.
See #39218, #35395.
Fixes #39198.

Built from https://develop.svn.wordpress.org/trunk@39559


git-svn-id: http://core.svn.wordpress.org/trunk@39499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 06:45:42 +00:00
Weston Ruter 1b96e389c0 Customize: Fix inability to delete nav menus by preventing `preview` filters from being added during `customize_save` admin ajax request.
Also prevent setting `nav_menu_locations[...]` values to `NaN` which gets sent as `null`.

Amends [38810].
See #30937.
Fixes #39103.

Built from https://develop.svn.wordpress.org/trunk@39558


git-svn-id: http://core.svn.wordpress.org/trunk@39498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 06:30:46 +00:00
Weston Ruter f1c383454b Customize: Prevent scrolling `custom_css` textarea to top when pressing tab.
Props tyxla, sstoqnov for testing, celloexpressions for testing.
See #38667.
Fixes #39134.

Built from https://develop.svn.wordpress.org/trunk@39557


git-svn-id: http://core.svn.wordpress.org/trunk@39497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 00:44:40 +00:00
John Blackbourn 5b15e8c11b Build/Test Tools: Remove some more randomness.
See #37371

Built from https://develop.svn.wordpress.org/trunk@39556


git-svn-id: http://core.svn.wordpress.org/trunk@39496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-10 00:02:41 +00:00
John Blackbourn da5255777a Build/Test Tools: Reuse another fixture in the user capability tests.
See #38716

Built from https://develop.svn.wordpress.org/trunk@39555


git-svn-id: http://core.svn.wordpress.org/trunk@39495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 23:36:41 +00:00
John Blackbourn b5f7ab46dd Build/Test Tools: Remove commented out tests that have existed in an unimplemented state since the dawn of the test infrastructure.
See #38716

Built from https://develop.svn.wordpress.org/trunk@39554


git-svn-id: http://core.svn.wordpress.org/trunk@39494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 23:12:41 +00:00
Andrea Fercia 10819d629f Accessibility: Remove inappropriate content from the Edit Categories and Edit Tags screens headings.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39553


git-svn-id: http://core.svn.wordpress.org/trunk@39493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 20:50:41 +00:00
Andrea Fercia 9d474c8206 Accessibility: Remove inappropriate content from the Edit Comments screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39552


git-svn-id: http://core.svn.wordpress.org/trunk@39492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 18:59:40 +00:00
Andrea Fercia c05f1dc805 Accessibility: Remove inappropriate content from the Network screens headings.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39551


git-svn-id: http://core.svn.wordpress.org/trunk@39491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 18:57:42 +00:00
Boone Gorges 97fd5ae77c Docs: Correct param definition for `WP_Query::query()`.
Props Shelob9.
Fixes #38963.
Built from https://develop.svn.wordpress.org/trunk@39550


git-svn-id: http://core.svn.wordpress.org/trunk@39490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 16:23:42 +00:00
Boone Gorges 74b6e1ba86 Taxonomy: Introduce `get_term_parents_list()`.
This new function is a taxonomy-agnostic version of `get_category_parents()`.

Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes #17069.
Built from https://develop.svn.wordpress.org/trunk@39549


git-svn-id: http://core.svn.wordpress.org/trunk@39489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 16:10:42 +00:00
Weston Ruter d94530e721 Customize: Collapse available nav menu items panel when clicking outside over preview or over existing items.
Props rockwell15.
Fixes #38953.

Built from https://develop.svn.wordpress.org/trunk@39548


git-svn-id: http://core.svn.wordpress.org/trunk@39488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 06:16:40 +00:00
Weston Ruter d10cde75c6 Customize: Allow (optional) `url` parameter to be omitted in intercepted calls to `history.pushState()` and `history.replaceState()` in customize preview.
Fixes issue where calls without the `url` parameter erroneously end up rewriting the location path to `/undefined`.

Props Christian1012, westonruter.
Fixes #39175.

Built from https://develop.svn.wordpress.org/trunk@39547


git-svn-id: http://core.svn.wordpress.org/trunk@39487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 01:59:41 +00:00
Weston Ruter 592c3fc7d7 Customize: Use `esc_url_raw()` instead of `wp_json_encode()` to eliminate extraneous slashes when outputting background image URL in CSS `url()`.
Props tyxla, westonruter.
See #22058.
Fixes #39145.

Built from https://develop.svn.wordpress.org/trunk@39546


git-svn-id: http://core.svn.wordpress.org/trunk@39486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 01:43:42 +00:00
Weston Ruter c68f1de5f8 Customize: Use selected user language for edit shortcuts in preview instead of site language.
Props ocean90.
Fixes #39009.

Built from https://develop.svn.wordpress.org/trunk@39545


git-svn-id: http://core.svn.wordpress.org/trunk@39485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-08 19:32:59 +00:00
Boone Gorges 3a0e61e680 Allow apostrophes in email address during wp-login.php registration.
See #18039 for a related fix when creating users via the Dashboard.

Props tomdxw.
Fixes #34483.
Built from https://develop.svn.wordpress.org/trunk@39544


git-svn-id: http://core.svn.wordpress.org/trunk@39484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-08 03:58:45 +00:00
Andrea Fercia 76a5b4f3c2 Accessibility: Remove inappropriate content from the Menus screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39543


git-svn-id: http://core.svn.wordpress.org/trunk@39483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 23:47:43 +00:00
Andrea Fercia 40e303237b Accessibility: Remove inappropriate content from the old Edit Media screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39542


git-svn-id: http://core.svn.wordpress.org/trunk@39482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 23:30:40 +00:00
Andrea Fercia 2d76e0dfb2 Accessibility: Remove inappropriate content from the Widgets screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39541


git-svn-id: http://core.svn.wordpress.org/trunk@39481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 22:18:40 +00:00
Felix Arntz da4cc4d9e2 Multisite: Replace `is_super_admin()` with `update_core` for update permissions.
Fixes #39060. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39540


git-svn-id: http://core.svn.wordpress.org/trunk@39480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 22:14:42 +00:00
Felix Arntz 72380176dc Multisite: Remove redundant `is_super_admin()` when checking for `edit_others_posts`.
The super admin on multisite as well as the administrator on non-multisite both have this capability already. For custom post types using different capabilities this change ensures that only users with that capability have permissions.

Fixes #39059. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39539


git-svn-id: http://core.svn.wordpress.org/trunk@39479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 22:09:42 +00:00
Andrea Fercia 57c2604200 Accessibility: Remove inappropriate content from the Edit User screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39538


git-svn-id: http://core.svn.wordpress.org/trunk@39478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 22:08:43 +00:00
Andrea Fercia 2c227839d4 Accessibility: Remove inappropriate content from the Link Manager screens headings.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39537


git-svn-id: http://core.svn.wordpress.org/trunk@39477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 20:18:46 +00:00
Andrea Fercia 64f63499f8 Accessibility: Remove inappropriate content from the Add Plugins screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39536


git-svn-id: http://core.svn.wordpress.org/trunk@39476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 19:06:41 +00:00
Andrea Fercia 993f895c29 Accessibility: Remove inappropriate content from the Plugins screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39535


git-svn-id: http://core.svn.wordpress.org/trunk@39475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 18:48:40 +00:00
Andrea Fercia 87882d0463 Accessibility: Remove inappropriate content from the Users screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39534


git-svn-id: http://core.svn.wordpress.org/trunk@39474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 18:29:38 +00:00
Andrea Fercia 710b4431dd Toolbar: remove some unnecessary CSS lines.
They were commented out in `admin-bar.css` since 3 years, see [26770].

Props kafleg, ketuchetan.

Fixes #39137.

Built from https://develop.svn.wordpress.org/trunk@39533


git-svn-id: http://core.svn.wordpress.org/trunk@39473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 17:45:45 +00:00
Boone Gorges f882fc1295 Comments: Clean up unused code after [38446].
When the direct SQL query was removed in [38446], part of the SQL
concatenation was not removed. This changeset fixes that.

Props david.binda.
Fixes #39142.
Built from https://develop.svn.wordpress.org/trunk@39532


git-svn-id: http://core.svn.wordpress.org/trunk@39472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 15:52:44 +00:00