* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.1 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.1@49395
git-svn-id: http://core.svn.wordpress.org/branches/5.1@49154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.
These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.
See #44600.
Built from https://develop.svn.wordpress.org/trunk@43569
git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.
Props benoitchantre, afercia.
Fixes#41858.
Built from https://develop.svn.wordpress.org/trunk@43019
git-svn-id: http://core.svn.wordpress.org/trunk@42848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.
Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes#38332.
Built from https://develop.svn.wordpress.org/trunk@42648
git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057.
Built from https://develop.svn.wordpress.org/trunk@42228
git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.
This change fixes the usage in user-facing text and in developer documentation.
Fixes#41620
Built from https://develop.svn.wordpress.org/trunk@41289
git-svn-id: http://core.svn.wordpress.org/trunk@41129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.
Props johnbillion, flixos90.
Fixes#39677.
Built from https://develop.svn.wordpress.org/trunk@41268
git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.
The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.
Props jmdodd.
Fixes#41101.
Built from https://develop.svn.wordpress.org/trunk@41225
git-svn-id: http://core.svn.wordpress.org/trunk@41065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, the similar help tab and sidebar for these screens were all duplicated for each respective screen. This changeset introduces two internal admin functions `get_site_screen_help_tab_args()` and `get_site_screen_help_sidebar_content()` that make these available in a centralized location.
Props atanasangelovdev.
Fixes#41167.
Built from https://develop.svn.wordpress.org/trunk@41065
git-svn-id: http://core.svn.wordpress.org/trunk@40917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change brings consistency with the regular site administration panel settings pages: Radio and checkbox labels do not use full stops there, so those in the network administration panel should not either.
Props Ankit K Gupta.
Fixes#39319.
Built from https://develop.svn.wordpress.org/trunk@40953
git-svn-id: http://core.svn.wordpress.org/trunk@40803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, a role selected below the list table would not apply on save. This aligns the behavior with `wp-admin/users.php` and allows role changes from both selections, deferring to the bottom selection when both are populated.
Props desrosj.
Fixes#40113.
Built from https://develop.svn.wordpress.org/trunk@40780
git-svn-id: http://core.svn.wordpress.org/trunk@40638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, a mix of `is_super_admin()` calls and `manage_network` capability checks was used to determine whether the current user could upgrade the network. With this changeset a dedicated capability is introduced that allows more granular handling.
Props dhanendran for the original patch.
Fixes#39205. See #37616.
Built from https://develop.svn.wordpress.org/trunk@40404
git-svn-id: http://core.svn.wordpress.org/trunk@40311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`setup_network` is a new meta capability that brings more granular control over the permissions to setup a multisite environment. In a non-multisite environment it falls back to `manage_options` while in a multisite it falls back to `manage_network_options`. The introduction of this capability furthermore allows replacing an `is_super_admin()` check.
Props ashokkumar24 for the original patch.
Fixes#39206. See #37616.
Built from https://develop.svn.wordpress.org/trunk@40390
git-svn-id: http://core.svn.wordpress.org/trunk@40297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.
This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.
Props flixos90.
Fixes#37414.
Built from https://develop.svn.wordpress.org/trunk@38814
git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
Built from https://develop.svn.wordpress.org/trunk@38672
git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp-admin/network/admin.php` is required by all of the individual network templates and begins with an `is_multisite()` check of its own. Because of this, we can remove the 26 other checks in the individual templates.
Props flixos90.
Fixes#37447.
Built from https://develop.svn.wordpress.org/trunk@38657
git-svn-id: http://core.svn.wordpress.org/trunk@38600 1a063a9b-81f0-0310-95a4-ce76da25c4cd