By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
Built from https://develop.svn.wordpress.org/trunk@39046
git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
Built from https://develop.svn.wordpress.org/trunk@39038
git-svn-id: http://core.svn.wordpress.org/trunk@38980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.
Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.
Props Ankit K Gupta.
Fixes#38459.
Built from https://develop.svn.wordpress.org/trunk@39006
git-svn-id: http://core.svn.wordpress.org/trunk@38948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
Built from https://develop.svn.wordpress.org/trunk@39005
git-svn-id: http://core.svn.wordpress.org/trunk@38947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Hides page numbers visually at smaller screen sizes.
* Reduced padding around `.wrap` class on smaller screens.
* Fixed issue with the page numbers not displaying the underline on `:hover`. This has been updated in the custom colors files, too.
Props laurelfulford, caspie.
Fixes#38394.
Built from https://develop.svn.wordpress.org/trunk@38996
git-svn-id: http://core.svn.wordpress.org/trunk@38938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.
* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.
Props helen, westonruter, ocean90.
Fixes#38114, #38533.
Built from https://develop.svn.wordpress.org/trunk@38991
git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A background color style that was added to the front page during video header implementation did not get included in the `colors-dark.css`, causing a display issue with the dark color scheme.
Props laurelfulford.
See #38172.
Built from https://develop.svn.wordpress.org/trunk@38987
git-svn-id: http://core.svn.wordpress.org/trunk@38930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Rename customizer JS files to customize-preview.js and customize-controls.js to align with the core file naming and make it clearer where each file runs.
* Only show the colorscheme_hue control when there's a custom color scheme.
* Update preview JS handling for revised front page section handling, see below.
* Remove all references to "Theme Customizer" in code comments. It hasn't been called that since before 4.0.
* Clarify the purpose of the JS files by updated the code comments in the file headers.
* Improve code readability.
* Make the arbitrary number of front page sections filterable, for UI registration and output.
* Rename twentyseventeen_sanitize_layout to twentyseventeen_sanitize_page_layout to be clearer about what it sanitizes in case child themes or plugins consider reusing it.
* Rename page_options setting/control to page_layout as that's more reflective of what that option does; and again, helps for potential extensions.
* Make the page layout option contextual to pages and the sidebar being inactive, as the option only applies when there is no sidebar (per its description).
* Condense options into a single section.
* Add selective refresh for front page sections.
* Locate active_callback functions within customizer.php so that they're easier to find when editing customizer registrations, similarly to sanitize callbacks.
* Adjust the styling for placeholders for panels that aren't active.
* Ensure that the new visible edit shortcuts don't have any issues.
Props celloexpressions.
Fixes#38426.
Built from https://develop.svn.wordpress.org/trunk@38986
git-svn-id: http://core.svn.wordpress.org/trunk@38929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds the ability for themes to add support for videos in custom headers
by passing `'video' => true` as an argument when adding theme support for
custom headers.
Custom video headers are managed through the “Header Visuals” (i.e. “Header Image”)
panel in the Customizer where you can select a video from the media library or set a
URL to an external video (YouTube for now) for use in custom headers.
This introduces several new functions:
`has_header_video()` – Check whether a header video is set or not.
`get_header_video_url()` – Retrieve header video URL for custom header.
`the_header_video_url()` – Display header video URL.
`get_header_video_settings()` – Retrieve header video settings.
`has_custom_header()` – Check whether a custom header is set or not.
`get_custom_header_markup()` – Retrieve the markup for a custom header.
`the_custom_header_markup()` – Print the markup for a custom header.
And a new file, `wp-includes/js/wp-custom-header.js` that handles loading videos
in custom headers.
This also enables video headers in the Twenty Seventeen and Twenty Fourteen themes.
Props davidakennedy, celloexpressions, bradyvercher, laurelfulford, joemcgill.
Fixes#38172.
Built from https://develop.svn.wordpress.org/trunk@38985
git-svn-id: http://core.svn.wordpress.org/trunk@38928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
CSS generated content is going to be rendered for speech output more and more in
the next future. When it's not intended to be available for speech output, for
example with font icons, then special care should be used to hide it from
assistive technologies. At the moment, the only reliable way to do this is making
use of a wrapper element and set `aria-hidden="true"` on it.
Fixes#37513.
Built from https://develop.svn.wordpress.org/trunk@38984
git-svn-id: http://core.svn.wordpress.org/trunk@38927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A `null` value is returned in the response for any option that has a non-scalar value.
To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.
Props joehoyle, rachelbaker.
Fixes#38527.
Built from https://develop.svn.wordpress.org/trunk@38982
git-svn-id: http://core.svn.wordpress.org/trunk@38925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds hidden text to the pagination links
- slightly increases the links clickable area
- fixes a JS error when clicking on the current page number
- avoids to generate nested `<div>` elements at each click
Props xavortm, cwpnolen, afercia.
Fixes#35577.
Built from https://develop.svn.wordpress.org/trunk@38981
git-svn-id: http://core.svn.wordpress.org/trunk@38924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As sparrows' tears shed steadily
Make widest rivers filled,
`setUp()` routines run prodig'ly
Add minutes to a build.
So cull ye fixtures profligate!
Direct thine frugal gaze!
Our savings here - a half-minute -
When multiplied: Amaze!
See #30017.
Built from https://develop.svn.wordpress.org/trunk@38975
git-svn-id: http://core.svn.wordpress.org/trunk@38918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.
Fixes#38504.
Built from https://develop.svn.wordpress.org/trunk@38974
git-svn-id: http://core.svn.wordpress.org/trunk@38917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.
Props websupporter, rachelbaker.
Fixes#38378.
Built from https://develop.svn.wordpress.org/trunk@38968
git-svn-id: http://core.svn.wordpress.org/trunk@38911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Edit shortcuts show initially for a moment and then fade away so as to not get in the way of the preview.
* Visibility of edit shortcuts is toggled by clicking/touching anywhere inert in the document.
* Implements UI for mobile and touch devices which do not support shift-click.
* Adds `editShortcutVisibility` state.
* Adds new methods to `wp.customize.selectiveRefresh.Partial` for managing edit shortcuts.
Incorporates aspects of the Customize Direct Manipulation feature plugin.
Props sirbrillig, mattwiebe, celloexpressions, melchoyce, westonruter, afercia.
Fixes#27403.
Built from https://develop.svn.wordpress.org/trunk@38967
git-svn-id: http://core.svn.wordpress.org/trunk@38910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes the left padding on the first cell in a row, and the right padding on the last cell in each row - the padding is still there between cells, so the contents don't meet.
* Does the opposite for RTL, and fixes some spacing issues.
* Updates the editor styles to match.
Props laurelfulford, snacking.
Fixes#38447.
Built from https://develop.svn.wordpress.org/trunk@38963
git-svn-id: http://core.svn.wordpress.org/trunk@38906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Fixes the display issues with the header. The header doesn't look exactly like it does in newer browsers, but it's closer.
* Gets the font sizes a bit more consistent with how it looks like other browsers.
* IE8 doesn't support SVGs, so it's using the fallback styles for some of the icons. The fallbacks are limited to the absolutely necessary icons - so there is one for the submenu dropdown toggle icon, but not for the little 'hamburger' and X that sit in front of the 'menu' button.
Props laurelfulford.
Fixes#38472.
Built from https://develop.svn.wordpress.org/trunk@38962
git-svn-id: http://core.svn.wordpress.org/trunk@38905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.
This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.
`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).
Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes#26511.
Built from https://develop.svn.wordpress.org/trunk@38961
git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd