Commit Graph

337 Commits

Author SHA1 Message Date
whyisjake b2b0e0d427 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.2 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.2@49404


git-svn-id: http://core.svn.wordpress.org/branches/4.2@49163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:08:22 +00:00
Jeremy Felt 6d9698863c Multisite: Improve escaping in network settings.
Merge of [37124] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@37127


git-svn-id: http://core.svn.wordpress.org/branches/4.2@37094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 16:02:49 +00:00
Andrew Nacin 9e92fab289 Update wp_die() calls modified in [31658] to use shorthand calling style.
see #31422.

Built from https://develop.svn.wordpress.org/trunk@32152


git-svn-id: http://core.svn.wordpress.org/trunk@32127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:27:27 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Sergey Biryukov f2a69e631c After [31941], use the decoupled strings from `wp-admin/network/themes.php` in `wp-admin/network/site-themes.php` as well.
fixes #28502.
Built from https://develop.svn.wordpress.org/trunk@32029


git-svn-id: http://core.svn.wordpress.org/trunk@32008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 14:58:27 +00:00
Helen Hou-Sandí d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov d013c703e4 Merge title strings on Edit Site screens.
props ramiy.
fixes #31844.
Built from https://develop.svn.wordpress.org/trunk@31962


git-svn-id: http://core.svn.wordpress.org/trunk@31941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 18:00:28 +00:00
Sergey Biryukov 29cddbeda9 Add translator comments for placeholders in network-related strings.
props ramiy.
fixes #31834.
Built from https://develop.svn.wordpress.org/trunk@31956


git-svn-id: http://core.svn.wordpress.org/trunk@31935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 13:26:28 +00:00
Sergey Biryukov 36643388ef Decouple strings where the singular and plural form are not just the same string with different numbers, but essentially two different strings.
This allows for using proper plural forms in languages with more than two forms, and also resolves string conflicts when the same string is present in both singular and plural form.

fixes #28502.
Built from https://develop.svn.wordpress.org/trunk@31941


git-svn-id: http://core.svn.wordpress.org/trunk@31920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-31 18:45:28 +00:00
Dominik Schilling 13ad2d4e16 Screen Options: Improve items per page option label.
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.

props afercia.
fixes #31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696


git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-10 15:32:27 +00:00
Scott Taylor 0ec87e4584 There are a few functions that have the ability to return `false` instead of a string, so the return value should be checked before being passed to functions that expect string.
These are trivial, but they clear out some Scrutinizer issues.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31681


git-svn-id: http://core.svn.wordpress.org/trunk@31662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-09 02:11:28 +00:00
Jeremy Felt 80d13281ed Return HTTP status code 403 in network admin when access is forbidden.
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

Built from https://develop.svn.wordpress.org/trunk@31658


git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 06:00:28 +00:00
Jeremy Felt 63ceacb67a Improve experience when deleting users from a multisite network.
When deleting a user who is not associated with any sites, the current messaging can be confusing as only users associated with at least one site actually appear on the confirmation page for deletion.

This experience can be improved by showing all users being deleted as well as their current site associations.

* If an empty array of users is passed, don't attempt to confirm deletion.
* If one user is passed, show a message crafted for a user of one.
* If multiple users are passed, show a message crafted for many.
* Show the pending results of all users to be deleted.
* Update messaging around the deletion/confirmation process to be less misleading.

Props Idealien, HarishChaudhari, DrewAPicture.

Fixes #18132.

Built from https://develop.svn.wordpress.org/trunk@31656


git-svn-id: http://core.svn.wordpress.org/trunk@31637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 04:40:28 +00:00
Jeremy Felt 7644e68119 Provide proper label associations and descriptions throughout the network admin
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.

Props cfoellmann, afercia, rianrietveld.

Fixes #38406.

Built from https://develop.svn.wordpress.org/trunk@31517


git-svn-id: http://core.svn.wordpress.org/trunk@31498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 02:29:26 +00:00
Scott Taylor 7f8b548df1 In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Jeremy Felt 40bcb404a3 Update `home` and `siteurl` after path slashes are validated in `update_blog_details()`
When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.

Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.

Props earnjam.

Fixes #30417.

Built from https://develop.svn.wordpress.org/trunk@31156


git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 01:57:23 +00:00
Scott Taylor af0e5cc851 Inline `<script>`s that are only printed in the admin for pages that are served with the HTML5 doctype absolutely do not need `CDATA` comments.
Props tw2113 for the initial patch.
See #18788.

Built from https://develop.svn.wordpress.org/trunk@31034


git-svn-id: http://core.svn.wordpress.org/trunk@31015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 05:46:25 +00:00
John Blackbourn 9b9424aa77 Admin help text changes for the General Settings screen, post editing screen, network settings screen, and user editing screen.
Fixes #30547
Props kpdesign

Built from https://develop.svn.wordpress.org/trunk@30705


git-svn-id: http://core.svn.wordpress.org/trunk@30695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-02 05:15:23 +00:00
Drew Jaynes 9ae5e43ac8 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/network/*.
Affects DocBlocks for the following hooks:
* `network_admin_edit_' . $_GET['action']`
* `network_sites_updated_message_' . $_GET['updated']`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30647


git-svn-id: http://core.svn.wordpress.org/trunk@30637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:21:22 +00:00
Drew Jaynes 374ec33767 4.1 Docs Audit: Clarify the DocBlock summary for `network_settings_add_js()` to specify that it's specific to the Network Settings screen.
See #30469.

Built from https://develop.svn.wordpress.org/trunk@30603


git-svn-id: http://core.svn.wordpress.org/trunk@30593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 09:09:22 +00:00
Dominik Schilling 184d327ff4 Network Admin: Improve width of input fields on Add New Site and Edit Site screens.
props honeysilvas.
fixes #16383.
Built from https://develop.svn.wordpress.org/trunk@30578


git-svn-id: http://core.svn.wordpress.org/trunk@30568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:51:23 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Dominik Schilling 8fb6f317ff Site Language: Install translations on the fly.
The language dropdown now includes installed languages and all available translations when the filesystem is writable by WordPress.
Go to wp-admin/options-general.php, select one of the available translations, submit the form and let WordPress handle the rest.
Works for Multisite's Default Language too.

see #29395.
Built from https://develop.svn.wordpress.org/trunk@30335


git-svn-id: http://core.svn.wordpress.org/trunk@30334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 17:01:24 +00:00
Jeremy Felt aa469e2623 Optimize site query when performing network database upgrades
We only use `blog_id` from the query, so we don't need a wildcard.

props marcosf
Fixes #30097

Built from https://develop.svn.wordpress.org/trunk@30029


git-svn-id: http://core.svn.wordpress.org/trunk@30029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 22:10:19 +00:00
Sergey Biryukov 4cedf4a2a2 Users screen in network admin:
* Remove unused $key variables.
* Rename $val to $user_id for clarity.

props ipm-frommen.
fixes #30096.
Built from https://develop.svn.wordpress.org/trunk@30020


git-svn-id: http://core.svn.wordpress.org/trunk@30020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-25 13:52:19 +00:00
Boone Gorges 24babfddb3 Allow apostrophes in email addresses when adding users via the Dashboard.
Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.

Fixes #18039.
Built from https://develop.svn.wordpress.org/trunk@29966


git-svn-id: http://core.svn.wordpress.org/trunk@29713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-19 20:30:19 +00:00
Jeremy Felt 1ffba4abc4 Differentiate between invalid and missing admin emails when adding a new site
Check the emptiness of the admin email before using `sanitize_email()` and `is_email()` to determine if the address is valid.

Fixes #17890

Built from https://develop.svn.wordpress.org/trunk@29877


git-svn-id: http://core.svn.wordpress.org/trunk@29634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-12 00:22:18 +00:00
Dominik Schilling 57c41263d7 Language packs: Remove translations when deleting a theme or a plugin.
This is for translation files in WP_LANG_DIR which are installed through a language pack.
Change `wp_get_installed_translations()` to only return a translation if the .mo file also exists.

fixes #29860.
Built from https://develop.svn.wordpress.org/trunk@29856


git-svn-id: http://core.svn.wordpress.org/trunk@29619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-08 19:05:20 +00:00
Sergey Biryukov 53642c5d16 Network Admin: Properly check if the theme is active on the main site to avoid deleting it via bulk actions.
props ocean90.
fixes #29861.
Built from https://develop.svn.wordpress.org/trunk@29839


git-svn-id: http://core.svn.wordpress.org/trunk@29603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-05 20:37:17 +00:00
Scott Taylor 71bca51151 Network Admin Menu:
* Don't display update count for Themes when the user doesn't have the 'update_themes' cap
* Don't display update count for Plugins when there aren't any/count is `0`

Props peterchester.
Fixes #29651.

Built from https://develop.svn.wordpress.org/trunk@29817


git-svn-id: http://core.svn.wordpress.org/trunk@29583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 15:49:17 +00:00
Sergey Biryukov 0e28457536 * Declare $site_mimes before using it in check_upload_mimes().
* Use the same default value for 'upload_filetypes' as on Network Settings screen.

props rmccue.
fixes #29512 for trunk.
Built from https://develop.svn.wordpress.org/trunk@29718


git-svn-id: http://core.svn.wordpress.org/trunk@29492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-07 10:11:17 +00:00
Dominik Schilling d544610681 Language packs: No WPLANG anymore.
* The WPLANG constant is no longer needed. Remove define('WPLANG', ''); from wp-config-sample.php. Populate WPLANG option based on the WPLANG constant. When get_option('WPLANG') is an empty string it will override WPLANG.
* Introduce translations_api() which is available to communicate with the translation API. Move translation install related functions to a new file.
* Replace mu_dropdown_languages() with wp_dropdown_languages(). wp_dropdown_languages() is now populated by the translation API.
* Remove wp_install_load_language() and allow load_default_textdomain() to switch a core translation.

fixes #13069, #15677, #19760, #28730, #29281. 
Built from https://develop.svn.wordpress.org/trunk@29630


git-svn-id: http://core.svn.wordpress.org/trunk@29404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 19:59:16 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
John Blackbourn be12ea968a Implement email and url input types where appropriate. Props Kau-Boy. Fixes #22183.
Built from https://develop.svn.wordpress.org/trunk@29030


git-svn-id: http://core.svn.wordpress.org/trunk@28818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:52:14 +00:00
Scott Taylor 9f1eb2b13e Add new action 'delete_user_form' in `wp-admin/users.php` and `wp-admin/network/users.php`.
Props SergeyBiryukov, usermrpapa.
Fixes #27230.

Built from https://develop.svn.wordpress.org/trunk@28885


git-svn-id: http://core.svn.wordpress.org/trunk@28684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-28 04:43:16 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Sergey Biryukov 66bfea485a Display the site scheme, not the current scheme on Edit Site screen in network admin.
props johnbillion.
fixes #28406.
Built from https://develop.svn.wordpress.org/trunk@28643


git-svn-id: http://core.svn.wordpress.org/trunk@28461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 22:01:15 +00:00
Scott Taylor 2f513d3320 Fix some `hackificator` odds and ends in `wp-admin`:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Scott Taylor 130771a383 `hackificator` doesn't like mixed quote styles in some generated HTML. The switch from single to double allows these files to be parsed.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28497


git-svn-id: http://core.svn.wordpress.org/trunk@28323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 01:59:15 +00:00
Scott Taylor 0f8fb8a148 In `wp-admin/network/users.php`, `break` is unreachabled after `exit`.
See #27882.


Built from https://develop.svn.wordpress.org/trunk@28309


git-svn-id: http://core.svn.wordpress.org/trunk@28137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 18:11:14 +00:00
Scott Taylor 64418c0192 In `wp-admin/network/themes.php`, `break` is unreachabled after `exit`.
See #27882.


Built from https://develop.svn.wordpress.org/trunk@28308


git-svn-id: http://core.svn.wordpress.org/trunk@28136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 18:08:14 +00:00
Drew Jaynes 5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
Andrew Nacin c538d8b52b Network Admin: Case-insensitive comparisons for the network-site comparison in the bootstrap.
props jeremyfelt.
fixes #17168.

Built from https://develop.svn.wordpress.org/trunk@27725


git-svn-id: http://core.svn.wordpress.org/trunk@27562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 21:07:15 +00:00
Andrew Nacin 11e5eaa6d5 Network Admin: Fix pagination on site-themes and site-users.
props kawauso, jeremyfelt.
fixes #17545.

Built from https://develop.svn.wordpress.org/trunk@27715


git-svn-id: http://core.svn.wordpress.org/trunk@27554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 16:57:15 +00:00
Andrew Nacin 1e6f48044c Remove HTML from a new string. see #26709.
Built from https://develop.svn.wordpress.org/trunk@27605


git-svn-id: http://core.svn.wordpress.org/trunk@27448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-19 05:28:16 +00:00
Andrew Nacin dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Dominik Schilling f66096e4b4 Add missing Dashicons classes to Network Admin menu, see #26630.
Built from https://develop.svn.wordpress.org/trunk@27444


git-svn-id: http://core.svn.wordpress.org/trunk@27291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-06 22:52:15 +00:00
Dominik Schilling d23cd0aa50 Introduce a `.dashicons-before` CSS class.
If you want to use a Dashicon before an element you can use the class because it will not change the elements content styling. With that you don't need to copy the entire `.dashicons` styling to your :before styling anymore.
To demonstrate this change, Admin Menu now uses Dashicons classes directly.

And it fixes a glitch in IE.

fixes #26630.
Built from https://develop.svn.wordpress.org/trunk@27418


git-svn-id: http://core.svn.wordpress.org/trunk@27265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 20:04:14 +00:00
Helen Hou-Sandí 84946c75e3 Indicate that the user deletion process affects all content attributed to a given user, not just posts. props seanchayes. fixes #26709.
Built from https://develop.svn.wordpress.org/trunk@27416


git-svn-id: http://core.svn.wordpress.org/trunk@27263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 19:20:14 +00:00
Sergey Biryukov dc32494f74 Display site deletion confirmation as a regular admin page.
props jeremyfelt.
fixes #27223.
Built from https://develop.svn.wordpress.org/trunk@27348


git-svn-id: http://core.svn.wordpress.org/trunk@27200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 08:39:15 +00:00