* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.7 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.7@49399
git-svn-id: http://core.svn.wordpress.org/branches/4.7@49158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages.
While this feature is very helpful, it has always been limited to the 'page' post type and not was not available to other post types.
By opening up the page template functionality to all post types, we continue to improve the template hierarchy's flexibility.
In addition to the `Template Name` file header, the post types supported by a template can be specified using `Template Post Type: post, foo, bar`.
When at least one template exists for a post type, the 'Post Attributes' meta box will be displayed in the back end, without the need to add post type support for `'page-attributes'`. 'Post Attributes' can be customized per post type using the `'attributes'` label when registering a post type.
Props johnbillion, Mte90, dipesh.kakadiya, swissspidy.
Fixes#18375.
Built from https://develop.svn.wordpress.org/trunk@38951
git-svn-id: http://core.svn.wordpress.org/trunk@38894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.
The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.
Props ocean90, ipm-frommen, swissspidy.
Fixes#29783.
Built from https://develop.svn.wordpress.org/trunk@38705
git-svn-id: http://core.svn.wordpress.org/trunk@38648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
Built from https://develop.svn.wordpress.org/trunk@38672
git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38399
git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML for the toggle gets appended to the widget name which is later used for the widget title and the screen reader text of the toggle button. Storing the original widget name in the arguments allows us to use the name without the HTML for the screen reader text and doesn't require further changes by plugin developers.
Props nicholas_io, swissspidy.
Fixes#35021.
Built from https://develop.svn.wordpress.org/trunk@37972
git-svn-id: http://core.svn.wordpress.org/trunk@37913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, objects containing all data about a term were stored in each
object's term cache. Besides being wasteful, this approach caused invalidation
issues, as when a modified term count required a flush for all objects
belonging to the term.
Backward compatibility is maintained for plugins that continue to put object
data directly into the `{$taxonomy}_relationships` cache bucket.
Fixes#36814.
Built from https://develop.svn.wordpress.org/trunk@37573
git-svn-id: http://core.svn.wordpress.org/trunk@37541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Show a "Media attachment reattached."/"Media attachment detached." message when only one attachment was attached/detached.
* Use the string placeholder as `number_format_i18n()` returns a string.
* Add translator comments.
* Update help text to refer to the new dropdown menus.
* Add a more generic title to the attach modal.
Fixes#33237.
Built from https://develop.svn.wordpress.org/trunk@36328
git-svn-id: http://core.svn.wordpress.org/trunk@36295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619.
Built from https://develop.svn.wordpress.org/trunk@33891
git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd