Commit Graph

45 Commits

Author SHA1 Message Date
atimmer a814e5d34e Build tools: Allow building WordPress to `src`.
After the JavaScript reorganization in [43309], it was no longer possible to test WordPress from the `src` folder. That meant a build step was required to test PHP modifications. That is suboptimal as even a simple copy is slower than a web server just serving the new file.

We achieve building to `src` by setting a `WORKING_DIR` constant in the Gruntfile that is `build` by default, but changes to `src` when the `--dev` flag is present on any Grunt command. We provide sensible defaults so some commands, such as copying `version.php`, always build to `build`.

Because testing from `build` is no longer required, we change the messages present in `index.php` and `wp-admin/index.php` to be more broadly about building WordPress.

We also change the webpack config to have more straightforward behavior based on the `buildTarget` argument. It only determines the build target now and has no implicit behavior anymore. `grunt build` still works as it worked before, to make sure that the build server produces the same `wordpress.zip` we are used to.

We do all this instead of a symlink setup because symlinks don't work on every platform.

Props omarreiss, netweb, flixos90, SergeyBiryukov.
Fixes #44492.

Built from https://develop.svn.wordpress.org/trunk@44359


git-svn-id: http://core.svn.wordpress.org/trunk@44189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-24 13:29:50 +00:00
Gary Pendergast 9c8a29c889 General: Fix some code formatting issues.
A handful of code formatting issues were introduced in recent commits, runs the auto-fixer on them.


Built from https://develop.svn.wordpress.org/trunk@44155


git-svn-id: http://core.svn.wordpress.org/trunk@43985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:25:40 +00:00
Gary Pendergast c925b89152 Embeds: Filter HTML response in oEmbed proxy controller.
Adapts the response from `WP_oEmbed_Controller::get_proxy_item()` so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new `get_oembed_response_data_for_url()` function for preparing internal oEmbed responses.

Merges [43810] from the 5.0 branch to trunk.

Props danielbachhuber, imath, swissspidy.
Fixes #45142.


Built from https://develop.svn.wordpress.org/trunk@44154


git-svn-id: http://core.svn.wordpress.org/trunk@43984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:20:37 +00:00
atimmer 0a372b57d0 Build/Test: Update dependencies for 5.0
Updates package dependencies to more modern versions, also adds .nvmrc and package-lock.json as followups to [43683] and [43571].

Merge notes: trunk already had an identical .nvmrc. package-lock.json exists in trunk, but has some changes based on the dependency updates.

Props jorbin.
Merges [43684], [43685] and [43686] to trunk.
See #44600.
Fixes #45064.

Built from https://develop.svn.wordpress.org/trunk@43977


git-svn-id: http://core.svn.wordpress.org/trunk@43809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-11 16:13:26 +00:00
Sergey Biryukov e1b0d4ed7a Embeds: After [43593], move the new check to a separate line to avoid `test_js_no_ampersands_in_compiled` failure caused by UglifyJS task.
See #44832.
Built from https://develop.svn.wordpress.org/trunk@43597


git-svn-id: http://core.svn.wordpress.org/trunk@43426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 12:40:26 +00:00
Sergey Biryukov 07e2fba981 Embeds: Avoid a JS error in `wp.receiveEmbedMessage` if `data` parameter is not set.
Props dsifford, kadamwhite.
Fixes #44832.
Built from https://develop.svn.wordpress.org/trunk@43593


git-svn-id: http://core.svn.wordpress.org/trunk@43422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 10:30:24 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast 922f83a69f Once upon a midnight dreary, while I coded, weak and weary,
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
            Only this and nothing more.”

Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
            Guten-ready for evermore.

Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
            Let’s move on, we’re all aboard.”

Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
            Quoth Omar, “In WordPress Core.”

Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes #43055.


Built from https://develop.svn.wordpress.org/trunk@43309


git-svn-id: http://core.svn.wordpress.org/trunk@43138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 10:05:31 +00:00
John Blackbourn 2361ca884f Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42876


git-svn-id: http://core.svn.wordpress.org/trunk@42706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 19:33:31 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Weston Ruter 76f590b99b Customize: Introduce a new experience for discovering, installing, and previewing themes within the customizer.
Unify the theme-browsing and theme-customization experiences by introducing a comprehensive theme browser and installer directly accessible in the customizer. Replaces the customizer theme switcher with a full-screen panel for discovering/browsing and installing themes available on WordPress.org. Themes can now be installed and previewed directly in the customizer without entering the wp-admin context. Also includes an extensible framework for browsing and installing themes from other sources.

Also includes CSS auto-prefixing added via `grunt precommit:css`.

For details, see: https://make.wordpress.org/core/2016/10/03/feature-proposal-a-new-experience-for-discovering-installing-and-previewing-themes-in-the-customizer/

Previously [38813] but reverted in [39140].
Fixes #37661, #34843, #38666.
Props celloexpressions, folletto, westonruter, karmatosed, melchoyce, afercia.

Built from https://develop.svn.wordpress.org/trunk@41648


git-svn-id: http://core.svn.wordpress.org/trunk@41482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-29 20:13:50 +00:00
Dominik Schilling 9e097490af Embeds: In switched state, restore previous state if no post ID is found.
Fixes #40673.
Built from https://develop.svn.wordpress.org/trunk@41634


git-svn-id: http://core.svn.wordpress.org/trunk@41469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-28 16:29:45 +00:00
Andrea Fercia c65fe27ba1 Accessibility: Update and standardize the admin `screen-reader-text` CSS class.
Given the new WordPress browsers support policy, the `screen-reader-text` css
class used in the admin can be updated to use modern CSS and correct syntax. See
https://github.com/wpaccessibility/a11ythemepatterns/blob/master/read-more-links/style.css

Worth noting the `clip` property is deprecated and kept for IE11 and Edge.

- uses `clip-path` for modern browsers
- keeps `clip` for old browsers and update its value to a correct syntax
- resets `clip-path` to `none` where the class is used to dynamically reveal elements
- removes an old rule that made `screen-reader-text` completely invisible in the help tabs `#screen-meta`
- standardizes the rule across CSS files

Fixes #40970.

Built from https://develop.svn.wordpress.org/trunk@41622


git-svn-id: http://core.svn.wordpress.org/trunk@41457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 17:27:45 +00:00
Pascal Birchler 81a8f1cffe Embeds: Maintain switched state when embedding a post on Multisite.
Props bor0.
Fixes #40673.

Built from https://develop.svn.wordpress.org/trunk@41606


git-svn-id: http://core.svn.wordpress.org/trunk@41441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 08:36:48 +00:00
Pascal Birchler 742fc18cca Embeds: Improve performance when embedding a post on Multisite.
After [37798], this fixes embeds coming from a different site in the network.

Props imath.
Fixes #40673. See #36767. 

Built from https://develop.svn.wordpress.org/trunk@41600


git-svn-id: http://core.svn.wordpress.org/trunk@41435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-26 08:40:47 +00:00
Aaron Campbell 1115a36cda oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
Built from https://develop.svn.wordpress.org/trunk@41448


git-svn-id: http://core.svn.wordpress.org/trunk@41281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 13:43:05 +00:00
Aaron Jorbin 50cb2c5e28 Update autoprefixer browser support matrix
WordPress no longer supports many old old browsers: https://make.wordpress.org/core/2017/04/23/target-browser-coverage/

This also removes alot of no longer necessary CSS. It served us well, but we are never getting back together with IE8,9,10.

So, in the (paraphrased) words of Taylor Swift:

I remember when we dropped support  the first time
Saying, "This is it, I've had enough, " 'cause like
We hadn't seen many users in a month
When you said you needed flexbox. (What?)
Then you postMessage again and say
"IE8, I miss you and I swear I'm gonna change, trust me."
Remember how that lasted for a day?
I say, "I hate the box model, " we break up, you call me, "I love css-grids."
Ooh, we called it off again last night
But ooh, this time I'm telling you, I'm telling you

We are never ever ever supporting IE 8,9,10,
We are never ever ever supporting IE 8,9,10,
You go talk to EDGE, talk to my FIREFOX, talk to CHROME
But we are never ever ever ever getting back together
Like, ever...

Fixes #37651.
Props stunnedbeast, netweb, jorbin.



Built from https://develop.svn.wordpress.org/trunk@41062


git-svn-id: http://core.svn.wordpress.org/trunk@40912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-16 01:15:46 +00:00
Drew Jaynes 30719312fb Docs: Add a clarification to the description about what the `$output` parameter in the `embed_html` filter doc represents.
Props musus.
Fixes #37752.

Built from https://develop.svn.wordpress.org/trunk@40945


git-svn-id: http://core.svn.wordpress.org/trunk@40795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-25 21:46:39 +00:00
Dominik Schilling 419c8d97ce Embeds: URL encode YouTube video IDs for broader compatibility.
Built from https://develop.svn.wordpress.org/trunk@40160


git-svn-id: http://core.svn.wordpress.org/trunk@40099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 11:42:40 +00:00
Pascal Birchler 98e8bf7ba2 Embeds: Correctly remove security attribute from iframes in IE 10 and IE 11.
This was originally added in 4.4, but presumably broke with [35708], which prevented these browsers from actually reaching the relevant code section.
Let's make embeds work again in IE 10 and IE 11.

Fixes #38694.
Built from https://develop.svn.wordpress.org/trunk@39347


git-svn-id: http://core.svn.wordpress.org/trunk@39287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 13:38:33 +00:00
Aaron Jorbin 32be6f7bb7 Bump grunt-contrib-uglify from 1.0.1 to 2.0.0
Sets `screwIE8` to false as it is now enabled by default

Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js

Changelog:
2016-07-19   v2.0.0   Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19   v1.0.2   Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.

See #38199.


Built from https://develop.svn.wordpress.org/trunk@39117


git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 05:40:34 +00:00
Scott Taylor ff59281441 OEmbed: move `_wp_oembed_get_object()` to `embed.php`, where all of the other embed functions live. `WP_oEmbed` is then in a file by itself. Load `class-oembed.php` in `wp-settings.php` and remove extraneous include calls.
See #37827.

Built from https://develop.svn.wordpress.org/trunk@38361


git-svn-id: http://core.svn.wordpress.org/trunk@38302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 09:49:28 +00:00
Sergey Biryukov c86199ddb2 Embeds: In `get_oembed_endpoint_url()`, avoid inadvertent stomping of the `$format` parameter passed to `oembed_endpoint_url` filter.
Props danhgilmore.
Fixes #37751.
Built from https://develop.svn.wordpress.org/trunk@38321


git-svn-id: http://core.svn.wordpress.org/trunk@38262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 00:05:30 +00:00
Dominik Schilling 51579c49a8 Embeds: After [37745], check if a featured image exists before attaching an event listener.
Props swissspidy.
Fixes #35657.
Built from https://develop.svn.wordpress.org/trunk@37977


git-svn-id: http://core.svn.wordpress.org/trunk@37918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-05 16:16:57 +00:00
Pascal Birchler e176835791 Embeds: Improve height calculation for slow loading images.
When the featured image takes longer to load, the browser might not know its exact dimensions yet and therefore sends an incorrect document height to the embedding site.

By sending the document's height again after the featured image has been loaded, we ensure that the iframe doesn't get cut off.

Fixes #35657.
Built from https://develop.svn.wordpress.org/trunk@37745


git-svn-id: http://core.svn.wordpress.org/trunk@37710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-18 10:00:29 +00:00
Pascal Birchler ae56f468e3 Embeds: Remove support for Google Video.
While the service has been retired for years, it now has completely stopped working. Thus there is no reason to keep it.

Props Viper007Bond.
Fixes #36304.
Built from https://develop.svn.wordpress.org/trunk@37744


git-svn-id: http://core.svn.wordpress.org/trunk@37709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-18 09:47:29 +00:00
Helen Hou-Sandí 8776694a33 Use numeric font weights instead of keywords.
When Open Sans was in use, the `300`, `400`, and `600` weights were loaded. `400` is the equivalent of `normal`; however, `bold` is equivalent to `700`, not `600`. With the move to system fonts, we need to be specific rather than relying on the lack of a `700` weight. Not all system fonts include a `600` weight; in those instances, they will use the `bold`/`700` weight.

The WordPress CSS Coding Standards have been updated accordingly.

props coderste.
see #36753.

Built from https://develop.svn.wordpress.org/trunk@37740


git-svn-id: http://core.svn.wordpress.org/trunk@37705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-17 18:37:28 +00:00
Pascal Birchler bf3fdc35b3 Embeds: Enforce a valid post ID when embedding a post from the current site.
Otherwise `wp_filter_pre_oembed_result()` could erroneously return the HTML of the current post instead of the intended result.

Props kraftbj.
See #36767.
Built from https://develop.svn.wordpress.org/trunk@37729


git-svn-id: http://core.svn.wordpress.org/trunk@37695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 17:18:28 +00:00
Pascal Birchler 629b43769b Embeds: Improve performance when embedding a post from the current site.
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Fixes #36767 for trunk.
Built from https://develop.svn.wordpress.org/trunk@37708


git-svn-id: http://core.svn.wordpress.org/trunk@37674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-15 11:23:28 +00:00
Gary Pendergast 733ccfe08a Embeds: Ensure embed widths are integers.
This prevents a warning in PHP trunk when a non-integer width is passed.

See #36435.


Built from https://develop.svn.wordpress.org/trunk@37549


git-svn-id: http://core.svn.wordpress.org/trunk@37517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-24 06:15:28 +00:00
Drew Jaynes d28f1a08ef Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Drew Jaynes abbd18dbb7 Docs: Standardize filter docs in wp-includes/embed.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37513


git-svn-id: http://core.svn.wordpress.org/trunk@37481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:42:27 +00:00
Helen Hou-Sandí 848501711a System font: The stack does not work with the `font` shorthand property.
see #36753.

Built from https://develop.svn.wordpress.org/trunk@37442


git-svn-id: http://core.svn.wordpress.org/trunk@37410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-17 01:45:27 +00:00
Helen Hou-Sandí a800cf654b Drop Open Sans in the admin in favor of system fonts.
Rejoice, for your admins will feel more native to your surrounding computing environment and likely load faster, especially when offline, as they no longer have to talk to The Google Overlord.

At the time of introduction in 3.8, there were not good system fonts common to all platforms at the time. In the years since, Windows, Android, OS X, iOS, Firefox OS, and various flavors of Linux have all gotten their own (good) system UI fonts.

There will definitely be visual bugs, mainly around alignment and spacing; these should be documented and reported on the ticket and fixed more atomically so that our current and future selves have a better understanding of what happened and why.

The style remains registered, as it is almost certainly in use by themes and plugins.

props mattmiklic.
see #36753.

Built from https://develop.svn.wordpress.org/trunk@37361


git-svn-id: http://core.svn.wordpress.org/trunk@37327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-04 22:07:37 +00:00
Aaron Jorbin 1972aa2a2a Add grunt prerelease task
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.

See #35557

Built from https://develop.svn.wordpress.org/trunk@36930


git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-10 05:37:27 +00:00
Pascal Birchler 5d6513f0bc Embeds: Adjust the iframe title attribute for improved accessibility.
Changes the title attribute from `Embedded WordPress Post` to `"Post name" — site title`.

Props ramiy.
Fixes #35804.
Built from https://develop.svn.wordpress.org/trunk@36873


git-svn-id: http://core.svn.wordpress.org/trunk@36840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-07 10:00:29 +00:00
Pascal Birchler 0425e01d21 Embeds: Use a more accessible way to initially hide the iframe.
This fixes a bug in Firefox where assets inside the iframe aren't being displayed because they have no computed style.

See #35894.
Built from https://develop.svn.wordpress.org/trunk@36708


git-svn-id: http://core.svn.wordpress.org/trunk@36675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 10:23:27 +00:00
Drew Jaynes 0fc00feec3 Embeds: Introduce embed templates into the template hierarchy via theme-compat.
Splits wp-includes/embed-template.php, introduced in 4.4, into five new templates that can be individually overridden by themes:

* embed.php
* embed-404.php
* embed-content.php
* header-embed.php
* footer-embed.php

Also introduces a new template tag for outputting the site title, `the_embed_site_title()`.

The five new templates live in theme-compat, allowing for graceful fallbacks should themes prefer not to override any or all of them.

Props swissspidy, imath, ocean90, DrewAPicture.
See #34561.

Built from https://develop.svn.wordpress.org/trunk@36693


git-svn-id: http://core.svn.wordpress.org/trunk@36660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 20:57:26 +00:00
Pascal Birchler 383c422527 Embeds: Only display an iframe when it was successfully loaded.
This prevents showing a blank iframe by first checking if a message was successfully received from it.

Fixes #35894.
Built from https://develop.svn.wordpress.org/trunk@36648


git-svn-id: http://core.svn.wordpress.org/trunk@36615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 20:23:25 +00:00
Pascal Birchler 0c242d0666 Embeds: Make the click event handler work for dynamically added links.
Props JamesDiGioia.
Fixes #35630.
Built from https://develop.svn.wordpress.org/trunk@36637


git-svn-id: http://core.svn.wordpress.org/trunk@36604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 17:16:26 +00:00
Pascal Birchler b0b13aff2f Embeds: Allow embedding static front pages and pages having a child page with an `embed` slug.
This makes `embed` a special slug that can't be used for new pages/posts. When `https://example.com/foo/embed/` is an existing page, embeds fall back to `https://example.com/foo/?embed=true`.
Adds unit tests.

Fixes #34971.
Built from https://develop.svn.wordpress.org/trunk@36307


git-svn-id: http://core.svn.wordpress.org/trunk@36274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 07:56:26 +00:00
Gary Pendergast 324cbf5d7e Embeds: Don't show embed discovery link on a static front page.
There's currently no iframe content being generated for a static front page. Giving out a link to that isn't an ideal user experience.

Props peterwilsoncc.

Fixes #35194 for trunk.


Built from https://develop.svn.wordpress.org/trunk@36059


git-svn-id: http://core.svn.wordpress.org/trunk@36024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-22 10:50:31 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Dominik Schilling 22fe87c3b3 Build: Update source for `includes:embed` after [35718].
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00