Commit Graph

406 Commits

Author SHA1 Message Date
Gary Pendergast 83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00
Scott Taylor 2003bc15ba Multisite: in `wpmu_validate_blog_signup()`, pass `embed` to the array passed to `subdirectory_reserved_names`.
See #32522.

Built from https://develop.svn.wordpress.org/trunk@34853


git-svn-id: http://core.svn.wordpress.org/trunk@34818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 04:05:24 +00:00
Boone Gorges 0e7c1d3b14 Use `wp_installing()` instead of `WP_INSTALLING` constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Scott Taylor 7c8c216bec HTTP: move classes into their own files, `http.php` loads the new files, so this is 100% BC if someone is loading `http.php` directly. New files created using `svn cp`.
`class-http.php` requires functions from `http.php`, so loading it by itself wouldn't have worked.

Creates: 
`class-wp-http-cookie.php` 
`class-wp-http-curl.php` 
`class-wp-http-encoding.php` 
`class-wp-http-proxy.php` 
`class-wp-http-streams.php` 
`http-functions.php` 

`WP_Http` remains in `class-http.php`.

`http.php` contains only top-level code. Class files only contain classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33748


git-svn-id: http://core.svn.wordpress.org/trunk@33716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 03:55:21 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Andrew Ozz eaadfde950 Define `SCRIPT_DEBUG` early on every load, similarly to `WP_DEBUG`. Remove `defined( 'SCRIPT_DEBUG' )` checks.
Fixes #32333.
Built from https://develop.svn.wordpress.org/trunk@32935


git-svn-id: http://core.svn.wordpress.org/trunk@32906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-25 02:29:31 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Sergey Biryukov c2260dc85b Remove obsolete inline comment.
props travisnorthcutt.
fixes #30924.
Built from https://develop.svn.wordpress.org/trunk@31056


git-svn-id: http://core.svn.wordpress.org/trunk@31037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 01:57:22 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Scott Taylor ef436cb6e0 Revert [28563]. See #18298.
Built from https://develop.svn.wordpress.org/trunk@29044


git-svn-id: http://core.svn.wordpress.org/trunk@28832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-09 18:07:16 +00:00
Sergey Biryukov 7a47b7585d Move ms-load.php and ms-default-constants.php inclusion back to ms-settings.php to avoid breaking WP-CLI.
Use require_once() to allow for ms-settings.php to be included multiple times while testing.

props jeremyfelt.
see #27884.
Built from https://develop.svn.wordpress.org/trunk@28934


git-svn-id: http://core.svn.wordpress.org/trunk@28732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 23:50:15 +00:00
Andrew Nacin 4695573f51 Add initial unit tests for multisite's bootstrap.
props jeremyfelt.
fixes #27884.

Built from https://develop.svn.wordpress.org/trunk@28910


git-svn-id: http://core.svn.wordpress.org/trunk@28709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:51:16 +00:00
Scott Taylor b75c79500b Replaces all uses of `TEMPLATEPATH` and `STYLESHEETPATH` in core with `get_template_directory()` and `get_stylesheet_directory()`.
Add `@deprecated` annotations to `TEMPLATEPATH` and `STYLESHEETPATH` definitions.

Props obenland, aaroncampbell. 
Fixes #18298.

Built from https://develop.svn.wordpress.org/trunk@28563


git-svn-id: http://core.svn.wordpress.org/trunk@28389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-23 20:12:15 +00:00
Andrew Nacin 0b5729216d Don't try to resolve symlinks for single-file plugins. plugins_url() should not be used in this context anyway.
props rmccue.
fixes #16953.

Built from https://develop.svn.wordpress.org/trunk@27999


git-svn-id: http://core.svn.wordpress.org/trunk@27829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 20:15:15 +00:00
Andrew Nacin 5f0981788d Detect and handle symlinking of plugins in plugin_basename().
props rmccue, MikeSchinkel, jdgrimes.
see #16953.

Built from https://develop.svn.wordpress.org/trunk@27158


git-svn-id: http://core.svn.wordpress.org/trunk@27024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-10 23:00:15 +00:00
Nikolay Bachiyski 74ace0517c Excplitcly globalized call to $wp later in wp-settings.php
Props xknown, fixes #26867.

Built from https://develop.svn.wordpress.org/trunk@26997


git-svn-id: http://core.svn.wordpress.org/trunk@26874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-22 14:48:11 +00:00
Nikolay Bachiyski 80af25060b Explicitly globalize some missing query globals in wp-settings.php
When WordPress is loaded in a function (e.g. unit tests) the variables initialized at the top level aren't globals, but we expect them to be.

Fixes #26867

Built from https://develop.svn.wordpress.org/trunk@26996


git-svn-id: http://core.svn.wordpress.org/trunk@26873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-22 08:25:12 +00:00
Scott Taylor 92ba8748aa When WordPress is loaded in a function (e.g. unit tests) the variables initialized at the top level aren't globals, but we expect them to be. Explicitly make the version variables global.
Props nbachiyski.
Fixes #23685.


Built from https://develop.svn.wordpress.org/trunk@26008


git-svn-id: http://core.svn.wordpress.org/trunk@25939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-05 00:24:10 +00:00
Andrew Nacin d0cfa40983 Add jshintrc to qunit.
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
Andrew Nacin de7977d66c Move upgrader_process_complete for core to its proper place in Core_Upgrader.
This means it will be firing as a JS redirect is taking place if the update is from pre-3.4. Acceptable.

props dd32.
fixes #25659.

Built from https://develop.svn.wordpress.org/trunk@25861


git-svn-id: http://core.svn.wordpress.org/trunk@25861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:58:23 +00:00
Drew Jaynes 4d1482cd0d Inline documentation for the `WP_Date_Query` class in wp-includes/date.php.
- Adds a complete hash notation for the `WP_Date_Query` arguments array.
- Adds missing documentation for the `date_query_valid_columns` and `get_date_sql` filter hooks.

Props aeg0125 for the incremental patches.
Fixes #25552.

Built from https://develop.svn.wordpress.org/trunk@25860


git-svn-id: http://core.svn.wordpress.org/trunk@25860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:58:12 +00:00
Drew Jaynes 54b569b44d Inline documentation for hooks in wp-settings.php.
Props miyauchi.
Fixes #25469

Built from https://develop.svn.wordpress.org/trunk@25721


git-svn-id: http://core.svn.wordpress.org/trunk@25634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 19:34:09 +00:00
Andrew Nacin 41f1cd687b WP_Date_Query.
props Viper007Bond.
see #18694.

Built from https://develop.svn.wordpress.org/trunk@25139


git-svn-id: http://core.svn.wordpress.org/trunk@25119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-27 16:39:09 +00:00
Andrew Nacin b88b1c1f53 Move revisions/autosave and post format functions from wp-includes/post.php into revision.php and post-formats.php.
git-svn-id: http://core.svn.wordpress.org/trunk@23466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-21 21:24:34 +00:00
Peter Westwood f683fc7677 Tighten our braces. Fixes #23118 props evansolomon.
git-svn-id: http://core.svn.wordpress.org/trunk@23265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-04 10:13:51 +00:00
Andrew Nacin 9120cf3375 WP_Image_Editor: the last stand.
* Have wp_get_image_editor() rather than WP_Image_Editor::get_instance(). Having static factory methods would be less confusing if there weren't also static methods tied to individual editor implementations.
 * Lazy-load the WP_Image_Editor base class and editor implementations.
 * Have WP_Image_Editor_GD::supports_mime_type() actually check which types it supports.
 * Deprecate gd_edit_image_support() in favor of wp_image_editor_supports().

props DH-Shredder, scribu, markoheijnen. fixes #22356. see #6821.



git-svn-id: http://core.svn.wordpress.org/trunk@22817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-22 09:52:16 +00:00
Ryan Boren 33fe750dce Don't assign wp_the_query to wp_query by reference. Removing the ref avoids accidentally stomping wp_the_query.
Props scribu, wpmuguru
fixes #22125


git-svn-id: http://core.svn.wordpress.org/trunk@22434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 20:03:28 +00:00
Ryan Boren b4d0be2d1a Introduce WP_Image_Editor, WP_Image_Editor_Imagick, and WP_Image_Editor_GD. Abstracts image editing API and adds support for ImageMagick.
Props DH-Shredder, kurtpayne, markoheijnen
see #6821


git-svn-id: http://core.svn.wordpress.org/trunk@22094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-01 20:59:06 +00:00
Andrew Nacin 4e0c89c236 Move WP_Embed into its own file. props ocean90. fixes #20533.
git-svn-id: http://core.svn.wordpress.org/trunk@21999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 08:39:26 +00:00
Andrew Nacin 9d12d7df9c We no longer need to check function_exists() for date_default_timezone_set(). props Gary-J, j-idris. fixes #20501.
git-svn-id: http://core.svn.wordpress.org/trunk@21544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-17 23:40:09 +00:00
ryan d286875515 switch_to_blog() and restore_current_blog() housekeeping.
wp-includes/admin-bar.php:

* Replace get_admin_url() and get_home_url() with admin_url() and home_url() and place them inside a switch/restore. Likewise replace current_user_can_for_blog() with current_user_can(). This avoids doing multiple switch restores.

wp-includes/ms-blogs.php:

* Deprecate the $validate argument to switch_to_blog(). This avoids a not very necessary call to get_blog_details(), possibly saving a few queries.
* Use $_wp_switched and $_wp_switched_stack instead of $switched and $switched_stack to make it less likely these globals will be stomped.
* Use GLOBALS to access blog_id and other globals. I've preferred this style lately since it makes it obvious a global is being used and avoids global blog_id being stomped by a local variable.
* Lose some is_object() checks. wp_get_current_user() always returns an object, for example.
* Call the new WP_Roles::reinit() method.

wp-includes/class-wp-xmlrpc-server.php:

* Replace current_user_can_for_blog() with current_user_can() and move it inside the switch/restore pair. This eliminates a switch/restore.

wp-includes/capabilities.php:

* Use array_keys() instead of $role => $data since $data is unused. I *think* this is a bit faster.
* Introduce WP_Roles::reinit(). This reinitializes WP_Roles and is used after switch_to_blog() has already update the blog ID in the wpdb object. If a global roles array is being used instead of the db, reinit is skipped.
* current_user_can_for_blog() now does a switch/restore. It didn't before meaning it could be reinitializing the user with the wrong role information for the current blog.

wp-includes/ms-settings.php:

* Define $_wp_switched_stack and $_wp_switched. This way switch_to_blog() and restore_current_blog() can rely on it being set.

wp-settings.php:

* Instantiate the WP_Roles global. This was it is always defined during init. To remove the WP_Roles checks from WP_Role and WP_User this would probably have to move before plugins are loaded, which might not be a good thing.

wp-includes/functions.php:

* Update wp_upload_dir() to reference _wp_switched.



git-svn-id: http://core.svn.wordpress.org/trunk@21485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-09 16:28:15 +00:00
nacin 9dca2c6876 Remove old code unsetting a few variables in wp-settings.php. fixes #21115.
git-svn-id: http://core.svn.wordpress.org/trunk@21186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 20:57:09 +00:00
nacin ace51e5f6d Deprecate require_if_theme_supports(). Always require post-thumbnail-template.php. fixes #20556. fixes #20409.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-27 04:54:36 +00:00
nacin d130a63e25 Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 21:24:44 +00:00
nacin e4bfd6ecc1 Move the template loading functions from wp-includes/theme.php to wp-includes/template.php. This includes get_query_template(), locate_template(), and friends. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 01:49:49 +00:00
nacin bf68de769e WP_LANG_DIR is trusted, just need to check $locale. props SergeyBiryukov, fixes #19924.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-04 00:32:34 +00:00
nacin ecedc9152f Only set text_direction based on a locale being RTL if we successfully loaded a locale.mo file. Otherwise we may be in RTL land based on a WPLANG constant but nothing else. fixes #19924.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 14:30:36 +00:00
nacin 81ed9a7563 Introduce wp_load_translations_early(), which can be used before the locale is properly loaded in order to translate early error strings. Internationalize setup-config.php -- translators no longer have a reason to modify this file. fixes #18180.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-26 20:34:27 +00:00
nacin e76ff1769e It's L10n (or i18n). Not too sure what l18n stands for. (Typo from [12762].)
git-svn-id: http://svn.automattic.com/wordpress/trunk@19758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-26 00:16:01 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
nacin e7a3480e61 Globalize wp_rewrite in wp-settings. props mrtorrent, fixes #17749.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 20:43:15 +00:00
nacin 97f9966f3a Explicitly globalize $table_prefix in wp-settings.php in case WordPress isn't loaded in global scope. Use $_SERVER['PHP_SELF'], not $PHP_SELF. We need to keep $PHP_SELF for backwards compatibility reasons (many, many plugins rely on it). props mrtorrent, fixes #17749.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-18 19:37:07 +00:00
nacin 39d6c8e659 Explicitly globalize wp_locale for the UT framework. props scribu, fixes #17749.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-22 22:49:30 +00:00
nacin 1fd123aa40 Use ini_set instead of set_magic_quotes_runtime() to prevent silenced E_DEPRECATED notice. props wonderboymusic.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-15 06:42:43 +00:00
nbachiyski abe8b47351 Explicitly globalize some variables, so that unit tests can run WordPress inside a function. Fixes #17749
git-svn-id: http://svn.automattic.com/wordpress/trunk@18532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-11 04:45:14 +00:00
ryan db8c49d886 Call register_shutdown_function() for SHORTINIT. Props jtclarke. fixes #16389
git-svn-id: http://svn.automattic.com/wordpress/trunk@18450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 19:37:47 +00:00
nacin db78833264 Mark a few files as needing to be parsable by PHP4 in order to show the proper error messages. Non-exhaustive. see #17934.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-29 16:50:07 +00:00
nacin ad1e1df0f2 wp_check_php_mysql_versions() during setup and install. see #17934.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-29 16:46:46 +00:00
ryan 593659b8d0 Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 15:56:42 +00:00