[32353] changed the way the 'name' param in `get_terms()` is sanitized, by
running it through `sanitize_term_field( 'name' )` before performing the SQL
query. An unintentional side effect of this change was that the string is
double-escaped: once by `wp_filter_kses()`, and once by `esc_sql()`. The
double-escaping was causing 'name' queries to fail when the param contained
apostrophes or other escaped characters.
Fixes#35493.
Built from https://develop.svn.wordpress.org/trunk@36348
git-svn-id: http://core.svn.wordpress.org/trunk@36315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [36338], a template loading error was shown only to users with the `install_themes` capability. This is now displayed users with the `switch_themes` capability, as users with this cap can at least switch to a different theme. Also, this will now show for site administrators in multisite, whereas `install_themes` is limited to superadmins.
Props dd32.
See #21931.
Built from https://develop.svn.wordpress.org/trunk@36344
git-svn-id: http://core.svn.wordpress.org/trunk@36311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [36335], if a template file is not loaded, an error is displayed
to logged-in users. As logged-in users may have no capabilities,
this check is insubstantial. Limit the display of this error to users
with the `install_themes` capability, i.e. someone who has the capacity
to deal with the error.
See #21931.
Built from https://develop.svn.wordpress.org/trunk@36338
git-svn-id: http://core.svn.wordpress.org/trunk@36305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the off-chance the active theme folder is renamed or deleted, a "white screen
of death" was displayed to the user. Instead, the user is shown a useful error
screen displaying any errors the theme has (e.g. if the theme can't be found).
Props MikeHansenMe, SergeyBiryukov.
See #21931.
Built from https://develop.svn.wordpress.org/trunk@36335
git-svn-id: http://core.svn.wordpress.org/trunk@36302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Show a "Media attachment reattached."/"Media attachment detached." message when only one attachment was attached/detached.
* Use the string placeholder as `number_format_i18n()` returns a string.
* Add translator comments.
* Update help text to refer to the new dropdown menus.
* Add a more generic title to the attach modal.
Fixes#33237.
Built from https://develop.svn.wordpress.org/trunk@36328
git-svn-id: http://core.svn.wordpress.org/trunk@36295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The refactor of `WP_Comment_Query`'s SQL generation in [34542] introduced a bug
that caused only the last post-related filter to be respected in comment
queries. In other words, if querying for comments using params
`post_status=draft&post_author=3`, only the last-processed of these params
would be respected. The current changeset fixes the logic so that these clauses
don't overwrite each other.
Props chriscct7.
Fixes#35478.
Built from https://develop.svn.wordpress.org/trunk@36326
git-svn-id: http://core.svn.wordpress.org/trunk@36293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[36157] fixed a problem, introduced in 4.4, that caused custom pagination
parameters passed to `wp_list_comments()`. However, the fix introduced in that
changeset was limited to the `is_singular()` context, so that the bug remained
when `wp_list_comments()` is used within a non-singular `WP_Query` loop. We
fix this by removing the `is_singular()` check and using the more general
`get_the_ID()` to identify the correct post_id to use for the secondary
comment query.
Fixes#35402.
Built from https://develop.svn.wordpress.org/trunk@36324
git-svn-id: http://core.svn.wordpress.org/trunk@36291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34999] modified the cache strategy for terms in the context of
`wp_get_object_terms()`. As part of these changes, the `object_id` property of
term objects had to be unset before being cached. To avoid modifying passed-by-
reference terms, `update_term_cache()` attempted to make a copy of the terms
passed to the function; however, it failed to use the `clone` keyword, and thus
only created a reference instead of a copy.
Props berengerzyla.
Fixes#35462.
Built from https://develop.svn.wordpress.org/trunk@36323
git-svn-id: http://core.svn.wordpress.org/trunk@36290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows getting the excerpt for a specific post, similar to how most other template tags work.
A deprecation notice is thrown if a boolean value is passed, which is deprecated since 2.3 and has not been used for a long time.
Adds unit tests.
Fixes#27246.
Built from https://develop.svn.wordpress.org/trunk@36319
git-svn-id: http://core.svn.wordpress.org/trunk@36286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It encourages an ugly pattern like `global $userdata; get_currentuserinfo();` in plugins/themes. `wp_get_current_user()` should be used instead, e.g. `$current_user = wp_get_current_user();`.
Props scribu for initial patch.
Fixes#19615.
Built from https://develop.svn.wordpress.org/trunk@36311
git-svn-id: http://core.svn.wordpress.org/trunk@36278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Subviews are stored internally on the Subview manager as an object. The object
is composed of key-value pairs where the key is a jQuery selector for a view,
and the value is an array of views that matching the selector.
To extract subviews, `_.flatten()` was used to collate the nested arrays of
views into a single view. However, `_.flatten()` is not intended to be used
for objects, and this unintended functionality breaks in newer versions of
Underscore.js.
Instead, we'll use `_.values()` to extract the arrays of views first,
and then flatten the array of arrays.
Props adamsilverstein.
See #34350.
Built from https://develop.svn.wordpress.org/trunk@36305
git-svn-id: http://core.svn.wordpress.org/trunk@36272 1a063a9b-81f0-0310-95a4-ce76da25c4cd