Commit Graph

1561 Commits

Author SHA1 Message Date
Adam Silverstein e71a3d6193 Media: Improve display and accessibility of meta data in detail view.
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.

Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes #39667. 


Built from https://develop.svn.wordpress.org/trunk@43633


git-svn-id: http://core.svn.wordpress.org/trunk@43462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-08 04:20:24 +00:00
Sergey Biryukov 773e45e34e Docs: Convert `@see` reference in `wp_checkdate()` DocBlock to `@link`.
Props WiZZarD_.
Fixes #44866.
Built from https://develop.svn.wordpress.org/trunk@43599


git-svn-id: http://core.svn.wordpress.org/trunk@43428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 13:49:25 +00:00
Sergey Biryukov 998d381fa0 Date/Time: Make sure `current_time()` always calculates the offset from GMT/UTC.
Previously, UTC context was implied, but could be unreliable due to being affected by plugins.

Props Rarst, rahulsprajapati, marco.marsala.
Fixes #37440.
Built from https://develop.svn.wordpress.org/trunk@43594


git-svn-id: http://core.svn.wordpress.org/trunk@43423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 12:13:24 +00:00
Felix Arntz 17f435b5aa General: Provide context parameters to `doing_it_wrong_trigger_error` filter.
`$function`, `$message`, and `$version` have historically been passed to the `doing_it_wrong_run` action. It makes sense to pass those to the filter as well, so that one can conditionally determine the filter value to return.

Fixes #34183.

Built from https://develop.svn.wordpress.org/trunk@43587


git-svn-id: http://core.svn.wordpress.org/trunk@43416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-28 13:38:24 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast 46fa15291f Streams: Return early from `wp_is_stream()` for paths that aren't streams.
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.

Props pbiron, JPry, dontstealmyfish.
Fixes #44532.


Built from https://develop.svn.wordpress.org/trunk@43466


git-svn-id: http://core.svn.wordpress.org/trunk@43293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:54:25 +00:00
John Blackbourn 60252611be Date/Time: Add support for the `c` and `r` shorthand formats in `date_i18n()`.
Props Rarst, pbearne

Fixes #20973

Built from https://develop.svn.wordpress.org/trunk@43434


git-svn-id: http://core.svn.wordpress.org/trunk@43261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 23:10:25 +00:00
John Blackbourn 4c2fcf36a3 Media: Update the `@since` tag for `wp_normalize_path()` as this has been backported to th 3.9 (and all other) branches.
See #42837

Built from https://develop.svn.wordpress.org/trunk@43406


git-svn-id: http://core.svn.wordpress.org/trunk@43234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:21:25 +00:00
John Blackbourn c9dce0606b Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/trunk@43392


git-svn-id: http://core.svn.wordpress.org/trunk@43220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:32:25 +00:00
Felix Arntz 46589d1578 Date/Time: Fix usage of `$gmt` parameter in `date_i18n()` and clarify its behavior.
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.

Props Rarst.
Fixes #38771.

Built from https://develop.svn.wordpress.org/trunk@43389


git-svn-id: http://core.svn.wordpress.org/trunk@43217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-04 23:43:25 +00:00
Felix Arntz dc036d5333 Date/Time: Add support for `gmt_offset` to `date_i18n()`.
Prior to this change, `date_i18n()` only supported the `timezone_string` option, causing incorrect timezones to appear in formatted dates on sites that still rely on the `gmt_offset` option.

Props Rarst.
Fixes #34835.

Built from https://develop.svn.wordpress.org/trunk@43387


git-svn-id: http://core.svn.wordpress.org/trunk@43215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-03 15:59:25 +00:00
Sergey Biryukov 99e3bb9077 Date/Time: Simplify `mysql_to_rfc3339()`.
Erasing timezone with a regular expression is redundant, the date could be just formatted in the respective format instead.

Props Rarst.
Fixes #42542.
Built from https://develop.svn.wordpress.org/trunk@43384


git-svn-id: http://core.svn.wordpress.org/trunk@43212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:53 +00:00
Sergey Biryukov 67716d1367 Docs: Correct description for `mysql_to_rfc3339()`.
Despite historical function name, the output does not conform to RFC3339 format, which must contain timezone.

Props Rarst.
See #42542.
Built from https://develop.svn.wordpress.org/trunk@43383


git-svn-id: http://core.svn.wordpress.org/trunk@43211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:29 +00:00
Sergey Biryukov b98ef36c97 Docs: Improve documentation for `date_i18n()`'s second argument.
Despite previously being labeled as a Unix timestamp, in reality it's a sum of Unix timestamp and timezone offset in seconds.

Props Rarst.
See #38771.
Built from https://develop.svn.wordpress.org/trunk@43380


git-svn-id: http://core.svn.wordpress.org/trunk@43208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:44:12 +00:00
iandunn fdd5b8dacd Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.

Built from https://develop.svn.wordpress.org/trunk@43284


git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:22:20 +00:00
iandunn 8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Sergey Biryukov cd4c960a6c Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
Props chetan200891, ianbelanger, afercia.
Fixes #43803.
Built from https://develop.svn.wordpress.org/trunk@43174


git-svn-id: http://core.svn.wordpress.org/trunk@43003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:45:22 +00:00
iandunn 0e0473c9ff Privacy: Return before scheduling cron during install to avoid error.
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.

Checking the current context and returning early during the installation phase avoids that issue.

Props helen, timothyblynjacobs, iandunn.
Fixes #43952.

Built from https://develop.svn.wordpress.org/trunk@43162


git-svn-id: http://core.svn.wordpress.org/trunk@42991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:11:21 +00:00
Sergey Biryukov ae8d70c06c Docs: Update `@since` version numbers for `wp_privacy_anonymize_ip()` and `wp_privacy_anonymize_data()`.
Props joemcgill.
See #43545.
Built from https://develop.svn.wordpress.org/trunk@43081


git-svn-id: http://core.svn.wordpress.org/trunk@42910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:41:21 +00:00
iandunn 9bb0e18c82 Privacy: Include `wp-admin/includes/file.php` to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.

Built from https://develop.svn.wordpress.org/trunk@43059


git-svn-id: http://core.svn.wordpress.org/trunk@42888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:43:22 +00:00
iandunn 23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
John Blackbourn 4ccca7a835 Formatting: Begin the process of improving the docs for KSES related functions.
See #33801

Built from https://develop.svn.wordpress.org/trunk@43016


git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Andrew Ozz 3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
Andrew Ozz 5493d8b253 Privacy: add helper function for anonymizing data in a standardized way.
Props jesperher, allendav, iandunn, birgire, azaozz.
Fixes #43545.
Built from https://develop.svn.wordpress.org/trunk@42971


git-svn-id: http://core.svn.wordpress.org/trunk@42800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-12 21:20:23 +00:00
John Blackbourn 2361ca884f Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42876


git-svn-id: http://core.svn.wordpress.org/trunk@42706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 19:33:31 +00:00
Felix Arntz 176a289050 Multisite: Introduce metadata for sites.
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.

The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.

Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.

Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes #37923.

Built from https://develop.svn.wordpress.org/trunk@42836


git-svn-id: http://core.svn.wordpress.org/trunk@42666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-16 02:15:31 +00:00
Sergey Biryukov 8bab745586 General: In `wp_debug_backtrace_summary()`, check if `$call['args']` is defined to avoid a PHP notice.
Props paulschreiber.
Fixes #31215.
Built from https://develop.svn.wordpress.org/trunk@42824


git-svn-id: http://core.svn.wordpress.org/trunk@42654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-10 17:31:32 +00:00
Sergey Biryukov 0b799bd6a7 General: In `wp_debug_backtrace_summary()`, capture hook name for `do_action_ref_array()` and `apply_filters_ref_array()` as well.
Props Rarst.
Fixes #43488.
Built from https://develop.svn.wordpress.org/trunk@42820


git-svn-id: http://core.svn.wordpress.org/trunk@42650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-10 00:05:31 +00:00
Sergey Biryukov 996efe8f6e Filesystem API: Avoid an infinite loop in `wp_mkdir_p()` when trying to determine the parent folder with `open_basedir` restriction in effect.
Props soulseekah, 1265578519-1.
Fixes #43417.
Built from https://develop.svn.wordpress.org/trunk@42801


git-svn-id: http://core.svn.wordpress.org/trunk@42631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-08 19:32:30 +00:00
Sergey Biryukov c1897645a2 General: In `wp_debug_backtrace_summary()`, normalize paths before replacement for better cross–platform compatibility.
Props Rarst.
Fixes #43501.
Built from https://develop.svn.wordpress.org/trunk@42800


git-svn-id: http://core.svn.wordpress.org/trunk@42630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-08 17:08:31 +00:00
John Blackbourn c9b07e6411 Docs: Standardise and correct documentation relating to parameters which accept plugin names.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42787


git-svn-id: http://core.svn.wordpress.org/trunk@42617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-05 21:50:31 +00:00
Peter Wilson e6ccdf161f General: Further improve error messages following [42648].
Props kristastevens, melchoyce.
Fixes #38332 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42719


git-svn-id: http://core.svn.wordpress.org/trunk@42547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-19 02:13:32 +00:00
Drew Jaynes 6e665d1f15 Docs: Link to the "Conditional Tags" article in the Theme Developer Handbook from the descriptions for a variety of core conditional tag functions.
These notations largely serve to direct consumers (of both the source and the parsed code reference) to extended information on individual and related conditional tags throughout WordPress. The changeset also standardizes corresponding DocBlock summaries to use third-person singular verbs.

Notations been added for the following functions:

* comments_open()
* email exists()
* has_excerpt()
* has_post_thumbnail()
* has_tag()
* in_category()
* in_the_loop()
* is_404()
* is_active_sidebar()
* is_active_widget()
* is_admin()
* is_admin_bar_showing()
* is_archive()
* is_attachment()
* is_author()
* is_blog_installed()
* is_category()
* is_comments_popup()
* is_date()
* is_day()
* is_dynamic_sidebar()
* is_feed()
* is_front_page()
* is_home()
* is_local_attachment()
* is_main_query
* is_month()
* is_multi_author
* is_new_day()
* is_page()
* is_page_template()
* is_paged()
* is_plugin_active()
* is_plugin_active_for_network()
* is_plugin_inactive()
* is_plugin_page()
* is_post_type_archive()
* is_preview()
* is_rtl()
* is_search()
* is_single()
* is_singular()
* is_sticky()
* is_tag()
* is_tax()
* is_taxonomy_hierarchical()
* is_time()
* is_trackback()
* is_user_logged_in()
* is_year()
* pings_open()
* post_type_exists()
* taxonomy_exists()
* term_exists()
* username exists()
* wp_attachment_is_image()
* wp_script_is()

Props janalwin.
Fixes #43254.

Built from https://develop.svn.wordpress.org/trunk@42710


git-svn-id: http://core.svn.wordpress.org/trunk@42538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-13 16:54:31 +00:00
Sergey Biryukov f88dddcab5 Media: Add `aac` to the list of allowed file types.
Props desrosj.
Fixes #42919.
Built from https://develop.svn.wordpress.org/trunk@42697


git-svn-id: http://core.svn.wordpress.org/trunk@42525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-11 16:40:31 +00:00
John Blackbourn 91464bce65 Docs: Add missing code formatting to various `@since` entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Peter Wilson 0d39b35c11 General: Replace `Cheatin’ uh?` with friendlier error messages.
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.

Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes #38332.


Built from https://develop.svn.wordpress.org/trunk@42648


git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-05 02:30:34 +00:00
Sergey Biryukov e9599bc7b5 Email: Don't send notifications for site or network admin email address change to the default 'admin_email' value.
Props tigertech, MattyRob, seanchayes.
Fixes #42693.
Built from https://develop.svn.wordpress.org/trunk@42570


git-svn-id: http://core.svn.wordpress.org/trunk@42399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-23 13:45:32 +00:00
Sergey Biryukov 13e40181eb Media: Add `flac` to the list of allowed file types.
Props blobfolio.
Fixes #42225.
Built from https://develop.svn.wordpress.org/trunk@42451


git-svn-id: http://core.svn.wordpress.org/trunk@42281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-15 22:17:47 +00:00
Dion Hulse cdfa5adc43 Streams: When checking in `wp_is_stream()` escape the stream wrapper names for PCRE to avoid PHP warnings when invalid stream wrappers are registered.
Fixes #43054.

Built from https://develop.svn.wordpress.org/trunk@42432


git-svn-id: http://core.svn.wordpress.org/trunk@42262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-10 02:50:46 +00:00
Dion Hulse 6322887487 Filesystem: Allow `wp_normalise_path()` to handle PHP stream wrappers such as `php://` correctly.
Props calin, dd32.
Fixes #42837.

Built from https://develop.svn.wordpress.org/trunk@42387


git-svn-id: http://core.svn.wordpress.org/trunk@42216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-12 04:16:47 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn 67d03a98c2 Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability.
Built from https://develop.svn.wordpress.org/trunk@42261


git-svn-id: http://core.svn.wordpress.org/trunk@42090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:00:48 +00:00
Gary Pendergast c90cfa3b50 General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42228


git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
Gary Pendergast a779284c00 General: Reformat inline `if ()` statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42217


git-svn-id: http://core.svn.wordpress.org/trunk@42046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-23 04:09:49 +00:00
John Blackbourn 6e39468def HTTP API: Add support for a description for HTTP status code `103`.
Props Dhruvin

Fixes #42490

Built from https://develop.svn.wordpress.org/trunk@42207


git-svn-id: http://core.svn.wordpress.org/trunk@42036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-20 20:35:48 +00:00
John Blackbourn 2f3e91028a Filesystem API: Add more specificity to the rules for valid files in `validate_file()`.
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

Built from https://develop.svn.wordpress.org/trunk@42011


git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
John Blackbourn 4812370aab Docs: Improve the docs for `validate_file()` and `validate_file_to_edit()`.
See #42016, #36170, #41017

Built from https://develop.svn.wordpress.org/trunk@42007


git-svn-id: http://core.svn.wordpress.org/trunk@41841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:50:49 +00:00
Sergey Biryukov bcdedf7f4a Formatting: Make sure `wp_allowed_protocols()` is filterable until `wp_loaded` has fired.
Fixes the issue with plugins not being able to use the `kses_allowed_protocols` filter if `esc_url()` was called too early.

Props turtlepod, SergeyBiryukov.
Fixes #36033.
Built from https://develop.svn.wordpress.org/trunk@41990


git-svn-id: http://core.svn.wordpress.org/trunk@41824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 13:25:55 +00:00
Sergey Biryukov a891bc6c92 Docs: Fix typo in `path_is_absolute()` description.
Props octalmage, birgire.
Fixes #42317.
Built from https://develop.svn.wordpress.org/trunk@41983


git-svn-id: http://core.svn.wordpress.org/trunk@41817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:51:46 +00:00
Felix Arntz e4550efbb7 Multisite: Return `get_current_blog_id()` value instead of hard-coded 1 in `get_main_site_id()` for non-multisite environments.
See #41936.

Built from https://develop.svn.wordpress.org/trunk@41862


git-svn-id: http://core.svn.wordpress.org/trunk@41696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-14 22:46:48 +00:00