Commit Graph

201 Commits

Author SHA1 Message Date
whyisjake abc5355d75 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.6 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.6@49400


git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:00:24 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Sergey Biryukov f9a4120299 I18N: Remove `<strong>` tags from translatable strings in `wp-admin/custom-header.php`.
Add translator comments.

Props ramiy.
Fixes #35675.
Built from https://develop.svn.wordpress.org/trunk@36658


git-svn-id: http://core.svn.wordpress.org/trunk@36625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 23:43:26 +00:00
Dominik Schilling 3f3fe5a7ed Themes: Use the attachment ID as the key in `get_uploaded_header_images()`.
Prevents missing header images when an image has the same name as another header image.

Props sirbrillig.
Fixes #31786.
Built from https://develop.svn.wordpress.org/trunk@36539


git-svn-id: http://core.svn.wordpress.org/trunk@36506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 22:12:27 +00:00
John Blackbourn a4facedfee Docs: Various docblock corrections.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36250


git-svn-id: http://core.svn.wordpress.org/trunk@36217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-10 01:26:25 +00:00
Andrea Fercia fa80eb011f Accessibility: remove title attributes from the available headers in the (no more used) `custom-header.php` screen.
Fixes #35062.
Built from https://develop.svn.wordpress.org/trunk@35905


git-svn-id: http://core.svn.wordpress.org/trunk@35869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-14 00:09:27 +00:00
Scott Taylor e649fabb6a Accessibility: add missing `alt` attributes to a gaggle of `<img>`s.
Props afercia.
Fixes #34583.

Built from https://develop.svn.wordpress.org/trunk@35567


git-svn-id: http://core.svn.wordpress.org/trunk@35531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 16:12:27 +00:00
John Blackbourn aa35e473f7 `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Drew Jaynes f1532ccde8 Docs: Add a summary, version, and `@access` tag to the property DocBlock for `Custom_Image_Header->updated`.
See [14907] for where the property was initially introduced.
See [30187] for where the property was actually declared.

Props brentvr.
See #30224. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34491


git-svn-id: http://core.svn.wordpress.org/trunk@34455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 13:39:25 +00:00
Drew Jaynes c52a7d863e Docs: Add a changelog entry for the switch to using `wp_get_attachment_url()` instead of the guid for determining the header image URL in `Custom_Image_Header::step_3()`.
The change was introduced in [34188].

See #33319.

Built from https://develop.svn.wordpress.org/trunk@34228


git-svn-id: http://core.svn.wordpress.org/trunk@34192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 10:43:25 +00:00
Scott Taylor 57d2420ae5 Similar to #33386, don't use `guid` when retrieving URL for a cropped header image in the Customizer.
Props polevaultweb.
Fixes #33319.

Built from https://develop.svn.wordpress.org/trunk@34188


git-svn-id: http://core.svn.wordpress.org/trunk@34156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 14:46:32 +00:00
Scott Taylor 191400f9e6 Don't ever use the `guid` value when retrieving URLs for media, use `wp_get_attachment_url()`. Use `get_attached_file()` for path to file.
Fixes #33386.

Built from https://develop.svn.wordpress.org/trunk@34163


git-svn-id: http://core.svn.wordpress.org/trunk@34131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 02:50:25 +00:00
Sergey Biryukov cf69e6deb3 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/custom-header.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33667. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33854


git-svn-id: http://core.svn.wordpress.org/trunk@33822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 16:29:21 +00:00
Konstantin Obenland 13ab10fff7 Site Icon: Improve a11y in Settings.
Props afercia.
Fixes #32970.


Built from https://develop.svn.wordpress.org/trunk@33180


git-svn-id: http://core.svn.wordpress.org/trunk@33152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-12 19:43:24 +00:00
Konstantin Obenland 36b24b073d Provide alt text for uploaded header images.
The custom header screen will use it rather then the description,
if an alt text is set.

Props francoeurdavid, voldemortensen, valendesigns.
Fixes #27959.


Built from https://develop.svn.wordpress.org/trunk@32998


git-svn-id: http://core.svn.wordpress.org/trunk@32969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 21:32:26 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor f61501f57f The `query-attachments` AJAX action immediately errors out if the user doesn't have the `upload_files` cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.
See #32654.

Built from https://develop.svn.wordpress.org/trunk@32913


git-svn-id: http://core.svn.wordpress.org/trunk@32884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-23 18:20:27 +00:00
Scott Taylor 55b3ec92f4 Fix some malformed doc blocks in `Custom_Image_Header`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32735


git-svn-id: http://core.svn.wordpress.org/trunk@32706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:35:26 +00:00
Scott Taylor c6a4512b1b Add missing doc blocks to `wp-admin/includes/*`.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Scott Taylor b56b9b3e5c Add `@global` annotations for `wp-admin/*`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Sergey Biryukov ed0da72d97 Replace `echo __()` with `_e()`.
props marsjaninzmarsa.
fixes #32239.
Built from https://develop.svn.wordpress.org/trunk@32333


git-svn-id: http://core.svn.wordpress.org/trunk@32304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-03 16:18:28 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor f6b1b01ecd Make a new function, `wp_delete_file()`. Use it.
Props scribu, wonderboymusic.
Fixes #17864.

Built from https://develop.svn.wordpress.org/trunk@31575


git-svn-id: http://core.svn.wordpress.org/trunk@31556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-27 16:51:25 +00:00
Scott Taylor a56d920454 In `Custom_Image_Header`:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` values
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 4 properties marked `private`: `$uploaded_headers`, `$default_headers`, `$page`, and `$updated` - `$page` and `$uploaded_headers` are never used and `$updated` was added by me in [30187] during 4.1. `$default_headers` does not necessarily need to be `private`

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the `$uploaded_headers` property - it is used nowhere and is dead code.
Set `$default_headers` to `public`.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31134


git-svn-id: http://core.svn.wordpress.org/trunk@31115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 22:11:22 +00:00
Scott Taylor a6d6ba957b `get_header_image()` can return `false`. In `Custom_Image_Header->step_1()`, check the value before setting the `background-image` portion of the `style` attribute. Setting the the URL to empty string will cause the current request to be set as the source of the background image.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31130


git-svn-id: http://core.svn.wordpress.org/trunk@31111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:08:22 +00:00
Scott Taylor da99d29a59 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value - anything that is returned is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31125


git-svn-id: http://core.svn.wordpress.org/trunk@31106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:13:22 +00:00
Scott Taylor 709698a579 In `Custom_Background` and `Custom_Header`:
* In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. 
* Bail if `add_theme_page()` returns `false`
* `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31116


git-svn-id: http://core.svn.wordpress.org/trunk@31097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:07:22 +00:00
Scott Taylor af0e5cc851 Inline `<script>`s that are only printed in the admin for pages that are served with the HTML5 doctype absolutely do not need `CDATA` comments.
Props tw2113 for the initial patch.
See #18788.

Built from https://develop.svn.wordpress.org/trunk@31034


git-svn-id: http://core.svn.wordpress.org/trunk@31015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 05:46:25 +00:00
Drew Jaynes ad297dab6d Correctly capitalize JavaScript throughout core docs.
Fixes #30569.

Built from https://develop.svn.wordpress.org/trunk@30695


git-svn-id: http://core.svn.wordpress.org/trunk@30685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-02 00:31:22 +00:00
Dominik Schilling 15df631e76 Make notices added in [30459] less ugly.
see #25569, #25571, [30505].
Built from https://develop.svn.wordpress.org/trunk@30657


git-svn-id: http://core.svn.wordpress.org/trunk@30647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:21:22 +00:00
Dominik Schilling cffba3c1ba Customizer: Use deep-links for Backgrounds, Headers, and Widgets.
Replace links in admin menu and toolbar to Custom Background/Header screen with deep-links to the Customizer section.
On the Widgets screen display a link to the Customizer widgets panel.

props topher1kenobe, rzen, celloexpressions, westonruter
fixes #25569, #25571, #28032.
Built from https://develop.svn.wordpress.org/trunk@30459


git-svn-id: http://core.svn.wordpress.org/trunk@30450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 15:29:23 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Dominik Schilling 120cb5e6ef Improve keyboard accessibility on Custom Header and Custom Background screen.
props florianziegler.
fixes #29289.
Built from https://develop.svn.wordpress.org/trunk@30327


git-svn-id: http://core.svn.wordpress.org/trunk@30326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:00:57 +00:00
Scott Taylor 0eb038d97b In `Custom_Image_Header`:
* In `->process_default_headers()`, remove check on non-existent `$headers` property. Introduced in [13403]. 
* Declare `$updated` as a property.

See #30224.

Built from https://develop.svn.wordpress.org/trunk@30187


git-svn-id: http://core.svn.wordpress.org/trunk@30187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 05:15:22 +00:00
Scott Taylor fcbc7b5a78 In `Custom_Image_Header->step_2()`, `$type` is set internally but never used.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30136


git-svn-id: http://core.svn.wordpress.org/trunk@30136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 01:24:22 +00:00
John Blackbourn ee6d4968da Add a hidden submit button to the Appearance -> Header screen so keyboard users can submit the form correctly when a default image provided by the theme is in use.
Fixes #20880.
Props kovshenin, joedolson.

Built from https://develop.svn.wordpress.org/trunk@30095


git-svn-id: http://core.svn.wordpress.org/trunk@30095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-29 21:41:43 +00:00
Sergey Biryukov d4f1296098 Fix a copy/paste issue in Custom_Image_Header::get_header_dimensions() introduced in [27497].
props ipm-frommen.
fixes #30095.
Built from https://develop.svn.wordpress.org/trunk@30021


git-svn-id: http://core.svn.wordpress.org/trunk@30021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-25 15:56:19 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes d68725af80 Fill out inline documentation for magic methods added to the `Custom_Image_Header` class in [28481], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29150


git-svn-id: http://core.svn.wordpress.org/trunk@28934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:59:15 +00:00
Scott Taylor 85f73cf458 Classes that have `__set()` also need `__isset()` and `__unset()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28524


git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
Scott Taylor 821246b4ae Some classes with `__get()` method also need `__set()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28521


git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
Scott Taylor 6a765cdd03 Remove public keyword from some JS functions. Sorry.
Props ocean90.
See #22234.


Built from https://develop.svn.wordpress.org/trunk@28483


git-svn-id: http://core.svn.wordpress.org/trunk@28309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 21:43:14 +00:00
Scott Taylor 2e912d3108 Use proper access modifiers and add a magic `__get()` method to `Custom_Background` and `Custom_Image_Header`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28481


git-svn-id: http://core.svn.wordpress.org/trunk@28307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 21:31:16 +00:00
Scott Taylor 4c60b2e207 Eliminate use of `extract()` in `Custom_Image_Header::step_2()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28384


git-svn-id: http://core.svn.wordpress.org/trunk@28212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-13 04:54:14 +00:00
Drew Jaynes b4ca72583a Fix incomplete inline documentation for the `wp_header_image_attachment_metadata` filter.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28375


git-svn-id: http://core.svn.wordpress.org/trunk@28203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-13 04:13:15 +00:00
Dominik Schilling f7539feb4d Custom Header: Fix logic when a theme doesn't set `default-text-color`.
fixes #28042.
Built from https://develop.svn.wordpress.org/trunk@28294


git-svn-id: http://core.svn.wordpress.org/trunk@28122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 15:27:54 +00:00
Scott Taylor d3dd9916d8 In `wp-admin/custom-header.php`, `$default_color` is set twice before it is used. The first is unnecessary.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28290


git-svn-id: http://core.svn.wordpress.org/trunk@28118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 14:51:19 +00:00