This updates the 4.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
Because older branches use (really) old versions of NodeJS, the local Docker environment cannot be backported since the needed dependencies will not run on these older versions (see #48301). This also blocks the ability to move automated testing over to GitHub Actions (see #50401).
This change also introduces a `packager-lock.json` file to the branch.
In addition to backporting the package updates that happened after branching 4.2, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [32356-32357,32988,33726,34888,35335,35363,35513,35521,35538-35541,35859,36861-36865,36935,36979,37017,37019-37020,37212,37612,38111,39110,39113,39115-39119,39478,41835,42460,42461,42463,42887,43320,43323,43977,44219,44233,45321,45765,46404,46408-46409,47404,47867,47872-47873,48705,49636,49933,49937,49939,50126,50176,50185] to the 4.2 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.2@50214
git-svn-id: http://core.svn.wordpress.org/branches/4.2@49883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.2 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.2@49404
git-svn-id: http://core.svn.wordpress.org/branches/4.2@49163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- When saving a draft change the text of the Save Draft button to Saving...
- On success, hide the button and show Edit Post link in its place. If the user focuses the title or the editor, hide the link and show the button again.
Fixes#31923.
Built from https://develop.svn.wordpress.org/trunk@32092
git-svn-id: http://core.svn.wordpress.org/trunk@32071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Headers are currently keyed by the basename of the image, see #31786. When two images have the same key only one image will be listed and the current image can be empty in the header control.
To prevent this we now fall back to the raw current header image if the image isn't in `_wpCustomizeHeader.uploads`.
props sirbrillig.
fixes#31742.
Built from https://develop.svn.wordpress.org/trunk@32091
git-svn-id: http://core.svn.wordpress.org/trunk@32070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin detail modal can contain a link to update a plugin. When it does, we should initiate a shiny update.
This relies upon postMessage which isn't available in all browsers, specifically it isn't in IE versions below 8 so this is going to be a progressive enhancement that some small percentage of users will miss out on. These are the same users that can't use the customizer.
Fixes#31739
Built from https://develop.svn.wordpress.org/trunk@32062
git-svn-id: http://core.svn.wordpress.org/trunk@32041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was broken since 4.0 and the introduction of user session tokens. The nonces are now tied to session tokens as opposed to user IDs, and thus they change with each re-login.
Custom nonces can be added through the `customize_refresh_nonces` filter. On a successful refresh request the JavaScript API will trigger a `nonce-refresh` event. See widget's update nonce as an example.
props westonruter for initial patch.
fixes#31294.
Built from https://develop.svn.wordpress.org/trunk@32054
git-svn-id: http://core.svn.wordpress.org/trunk@32033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a shiny update is happening or pending, we should make sure users don't accidentally leave the page. This simple notification should help prevent users from accidentally not updating when they want to update.
See #31769
Props ericlewis and adamsilverstein for initial patch
Built from https://develop.svn.wordpress.org/trunk@32052
git-svn-id: http://core.svn.wordpress.org/trunk@32031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The current logic doesn't account for the special case of `select[multiple]` inputs which lack a single value to synchronize: The value to synchronize is an array of zero or more values.
This change replaces `_getInputStatePropertyName()` with `_getInputState()`, which returns the state for an input depending on its type, and `_setInputState()`, which updates an input's state based on its type.
props westonruter.
fixes#31885.
Built from https://develop.svn.wordpress.org/trunk@32012
git-svn-id: http://core.svn.wordpress.org/trunk@31991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Detach Themes section from other controls
* Move to buttons to navigate back and forth
* Change titles based on current theme status, active/previewing
* Hide the active/previewing theme from the list of available themes
props folletto for the design concepts.
props designsimply, celloexpressions for initial patches.
props Team Gandalf.
see #31289.
Built from https://develop.svn.wordpress.org/trunk@31975
git-svn-id: http://core.svn.wordpress.org/trunk@31954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Numerous changes to make the FTP modal experience a good one. These include:
* Update HTML used by both the form here and the form on the standalone screen
* Allow users to cancel FTP install
* Focus locking in the modal
* Focus on modal form on load
* ARIA Attributes
* Style Enhancements
* Add low screen height (such as phone and some tablets) friendly experience for entering credentials
Props ericlewis, afercia
Fixes#31608
Built from https://develop.svn.wordpress.org/trunk@31949
git-svn-id: http://core.svn.wordpress.org/trunk@31928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
desrosj
whyisjake
Aaron Campbell
Dominik Schilling
Andrew Ozz
Dion Hulse
Drew Jaynes
Helen Hou-Sandí
Gary Pendergast
Aaron Jorbin