Commit Graph

661 Commits

Author SHA1 Message Date
davidbaumwald 69e59764eb Grouped backports to the 4.6 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.6 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.6@56859


git-svn-id: http://core.svn.wordpress.org/branches/4.6@56370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:10:52 +00:00
Sergey Biryukov 846b0a57b8 Grouped backports to the 4.6 branch.
- Media: Prevent CSRF setting attachment thumbnails.
- Embeds: Add protocol validation for WordPress Embed code.

Merges [55763] and [55764] to the 4.6 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.
Built from https://develop.svn.wordpress.org/branches/4.6@55783


git-svn-id: http://core.svn.wordpress.org/branches/4.6@55295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 15:45:21 +00:00
Joe McGill 28a132dfee Media: Prevent `image_get_intermediate_size()` from returning cropped images.
When `$size` is passed to `image_get_intermediate_size()` as an array of width
and height values and an exact image size matching those values isn't available,
the function loops through the available attachment sizes and returns the
smallest image larger than the requested dimensions with the same aspect ratio.

The aspect ratio check is skipped for the 'thumbnail' size to provide a fallback
for small sizes when no other image option is available. This resulted in a poor
selection when the size requested was smaller than the 'thumbnail' dimensions
but a larger size matching the requested ratio existed.

This refactors the internals of `image_get_intermediate_size()` to ensure the
'thumbnail' size is only returned as a fallback to small sizes once all other
options have been considered, and makes the control flow easier to follow.

This also introduces a new helper function, `wp_image_matches_ratio()` for
testing whether the aspect ratios of two sets of dimensions match. This function
is also now used in `wp_calculate_image_srcset()` during the selection process.

Props flixos, joemcgill.
Fixes #34384, #34980.
Built from https://develop.svn.wordpress.org/trunk@38086


git-svn-id: http://core.svn.wordpress.org/trunk@38027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-18 02:14:29 +00:00
Joe McGill 2ecdbf36cb Media: URL encode spaces in `srcset` attributes.
In some cases, images in the media library may contain spaces in
their filenames. This results in an invalid `srcset` attribute,
causing broken images on the front end. This change fixes the issue
by replacing spaces in URLs with URL encoded '%20' characters before
returning the `srcset` string.

Props underdude, joemcgill.
Fixes #36549.
Built from https://develop.svn.wordpress.org/trunk@38052


git-svn-id: http://core.svn.wordpress.org/trunk@37993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 15:24:55 +00:00
Dominik Schilling 5eae48b414 Boostrap: Move `wp_convert_hr_to_bytes()` to wp-includes/load.php.
`wp_convert_hr_to_bytes()` was previously defined in wp-includes/media.php because it's only used by `wp_max_upload_size()` in the same file.
Moving this function to load.php allows us to improve core's memory limit handling.

See #32075.
Built from https://develop.svn.wordpress.org/trunk@38012


git-svn-id: http://core.svn.wordpress.org/trunk@37953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 11:27:27 +00:00
Joe McGill 7e5885b874 Media: Don't use 'full' as array key in `wp_calculate_image_srcset()`.
In `wp_calculate_image_srcset()` we get an array of image sizes
associated with an attachment and then add the original image's
information to the array before processing the `srcset`. In doing
so, we set the original data to a `$image_sizes['full']` key, which
could stomp on any custom image sizes using `full` as a size name.

This avoid the issues by adding the original data without a named
key, which is never referenced anyway.

Props jaspermdegroot.
Fixes #36345.
Built from https://develop.svn.wordpress.org/trunk@37986


git-svn-id: http://core.svn.wordpress.org/trunk@37927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 14:05:29 +00:00
Sergey Biryukov e64b88cb34 Media: Avoid PHP notices when trying to show a parent post title of an orphaned post type.
Props littler.chicken.
See #37186.
Built from https://develop.svn.wordpress.org/trunk@37952


git-svn-id: http://core.svn.wordpress.org/trunk@37893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-04 19:34:28 +00:00
Helen Hou-Sandí 20b329ba08 Media: Only show parent post titles when the user can read said post.
fixes #37186.

Built from https://develop.svn.wordpress.org/trunk@37941


git-svn-id: http://core.svn.wordpress.org/trunk@37882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 15:07:36 +00:00
Dominik Schilling 4e403b2752 Media: Pass allowed file extensions to Plupload.
Plupload's `mime_types` filter (http://www.plupload.com/docs/Options#filters.mime_types) allows us to inform a user about an unsupported file before the file gets uploaded.

Props polevaultweb.
Fixes #14244.
Built from https://develop.svn.wordpress.org/trunk@37727


git-svn-id: http://core.svn.wordpress.org/trunk@37693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 15:39:28 +00:00
Drew Jaynes bef05b469b Docs: Standardize DocBlock summaries for hooks that serve to "print" something to use third-person singular verbs.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37560


git-svn-id: http://core.svn.wordpress.org/trunk@37528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-25 16:05:27 +00:00
Ella Iseulde Van Dorpe 2934f338cf Media: unhide audio fallback
Introduced in [28182].
Fixes #36888.


Built from https://develop.svn.wordpress.org/trunk@37556


git-svn-id: http://core.svn.wordpress.org/trunk@37524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-25 13:33:29 +00:00
Drew Jaynes d28f1a08ef Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Drew Jaynes eb83bf3700 Docs: Standardize filter docs in wp-includes/media.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37505


git-svn-id: http://core.svn.wordpress.org/trunk@37473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:32:27 +00:00
Andrew Ozz d508fcdb51 Responsive Images: the `src` of the image has to be first in the `srcset`, because of a bug in iOS8. Update the unit tests to reflect the changes.
Props jaspermdegroot, joemcgill, azaozz.
Fixes #35030.
Built from https://develop.svn.wordpress.org/trunk@37034


git-svn-id: http://core.svn.wordpress.org/trunk@37001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-18 19:45:26 +00:00
John Blackbourn 5330f669f2 Media: When generating the base URL to be used in the `srcset` attribute, use an `https` scheme when the image base URL's host matches that of the current host, and the request is being served over HTTPS. This prevents mixed content warnings caused by `http` embedded media.
See #34945
Props joemcgill

Built from https://develop.svn.wordpress.org/trunk@37022


git-svn-id: http://core.svn.wordpress.org/trunk@36989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 22:49:26 +00:00
Dominik Schilling 7f4b93e61e Responsive images: Skip images with a missing `$image_meta['file']` value.
Props joemcgill.
See [37002].
Fixes #35480.
Built from https://develop.svn.wordpress.org/trunk@37018


git-svn-id: http://core.svn.wordpress.org/trunk@36985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 17:48:26 +00:00
Andrew Ozz effedfdff4 Responsive images: do not attempt to create srcset when the image meta is missing or corrupted.
Props overclokk, jaspermdegroot, joemcgill.
Fixes #35480.
Built from https://develop.svn.wordpress.org/trunk@37002


git-svn-id: http://core.svn.wordpress.org/trunk@36969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 02:18:25 +00:00
Dominik Schilling 7e8e3429e1 Media: Change wording for media files which aren't attached.
The media library can contain files which aren't attached yet. When attaching a file you currently get "Media attachment reattached.", or the opposite "Media attachment detached.". That's redundant and can be inaccurate. It's also not easy to translate in some languages.

This change generalizes the strings to refer to a "media file" instead.

Props SergeyBiryukov, ocean90, netweb.
Fixes #36089.
Built from https://develop.svn.wordpress.org/trunk@36887


git-svn-id: http://core.svn.wordpress.org/trunk@36854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-08 17:43:25 +00:00
Andrew Ozz 2d94e025a2 Replace `wp_upload_dir()` with the new `wp_get_upload_dir()` in all cases where a file is not being uploaded. Deprecate `_wp_upload_dir_baseurl()`, and replace it with `wp_get_upload_dir()`.
See #34359.
Built from https://develop.svn.wordpress.org/trunk@36569


git-svn-id: http://core.svn.wordpress.org/trunk@36536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-18 00:24:27 +00:00
Rachel Baker cf0288e291 Media: Fix inline docs typo inside `wp_calculate_image_srcset()` function.
mathces -> matches.

Props neoxx.

Fixes #35714.
Built from https://develop.svn.wordpress.org/trunk@36517


git-svn-id: http://core.svn.wordpress.org/trunk@36484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-12 18:15:30 +00:00
Pascal Birchler fdb6bbfa10 Media: After [36240], remove some unneeded whitespace.
Props ocean90.
See #35367.
Built from https://develop.svn.wordpress.org/trunk@36241


git-svn-id: http://core.svn.wordpress.org/trunk@36208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 14:29:26 +00:00
Pascal Birchler 8ee945d82f Media: Fix `wp_audio_shortcode` and `wp_video_shortcode` attributes handling.
Although documented, the `class` and `style` attributes were simply ignored.
Adds unit tests.

Fixes #35367.
Built from https://develop.svn.wordpress.org/trunk@36240


git-svn-id: http://core.svn.wordpress.org/trunk@36207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 14:18:27 +00:00
Andrew Ozz d03333735f Responsive images: fix the check whether the attachment meta matches the image src to work with http/https and CDNs.
Props webaware, joemcgill, azaozz.
Fixes #35045 and #35102 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36121


git-svn-id: http://core.svn.wordpress.org/trunk@36087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-30 01:04:27 +00:00
Andrew Ozz 597bbf0318 Responsive images: add compatibility for versions < 2.7 when the full image path was stored in the metadata. Introduces `_wp_get_attachment_relative_path()` and uses it in `wp_get_attachment_url()`.
Props dd32, SergeyBiryukov.
Fixes #35106 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36120


git-svn-id: http://core.svn.wordpress.org/trunk@36086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-30 00:06:28 +00:00
Andrew Ozz 698b825760 Responsive images: when creating `srcset` do not exclude the image size which is in the `src` attribute even when it is larger than `max_srcset_image_width`.
Props joemcgill.
Fixes #35108 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36110


git-svn-id: http://core.svn.wordpress.org/trunk@36075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-28 02:29:28 +00:00
Andrew Ozz 6e49a963b1 Responsive images: fix calculations when determining whether to include particular image file in `srcset`.
Props joemcgill.
Fixes #34955 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36031


git-svn-id: http://core.svn.wordpress.org/trunk@35996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-20 02:39:32 +00:00
Mike Schroder 6f3da8d57b Media: Don't generate responsive image attributes if `src` does not match ID in `wp-image-` class.
We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes.
To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the
meta from the attachment ID in the class.

Props azaozz, kovshenin, joemcgill.
Fixes: #34898.

Built from https://develop.svn.wordpress.org/trunk@35820


git-svn-id: http://core.svn.wordpress.org/trunk@35784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 20:08:51 +00:00
Ella Iseulde Van Dorpe 657d3b50af Make date format consistent across the admin
The 'date_format' and 'time_format' options shouldn't affect the backend.

See #30864


Built from https://develop.svn.wordpress.org/trunk@35811


git-svn-id: http://core.svn.wordpress.org/trunk@35775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 04:26:27 +00:00
Scott Taylor 9b5ffe8062 Responsive Images: Currently images are included in the `srcset` if the aspect ratio difference is smaller than `0.01`. This number is too high, set it to `0.002`
Props joemcgill.
Fixes #34810.

Built from https://develop.svn.wordpress.org/trunk@35755


git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor eaae2546f5 Media: don't use `get_media_embedded_in_content()` in `wp_make_content_images_responsive()`.
Adds unit test.

Props azaozz.
Fixes #34807.

Built from https://develop.svn.wordpress.org/trunk@35753


git-svn-id: http://core.svn.wordpress.org/trunk@35717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:50:25 +00:00
Sergey Biryukov bc1e479fd0 After [35718], update the location of some files in `This filter is documented in` docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Sergey Biryukov 4341637ba6 Docs: Remove redundant `type` strings from the `wp_calculate_image_srcset` filter DocBlock.
Props DH-Shredder, joemcgill.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35716


git-svn-id: http://core.svn.wordpress.org/trunk@35680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:26 +00:00
Sergey Biryukov db4a87b0fd Docs: Add `@see` tags for `wp_get_attachment_image_srcset()` and `wp_get_attachment_image_sizes()`.
Update `@see` tags for `wp_make_content_images_responsive()` and `wp_image_add_srcset_and_sizes()`.

Props jaspermdegroot.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35715


git-svn-id: http://core.svn.wordpress.org/trunk@35679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:13:26 +00:00
Drew Jaynes b10a946c2c Docs: Clarify some parameter and return descriptions in the DocBlocks for `wp_get_attachment_image_srcset()` and `wp_calculate_image_srcset()`, `wp_get_attachment_image_sizes()`, and the `wp_calculate_image_srcset` filter.
Props joemcgill.
See #34733.

Built from https://develop.svn.wordpress.org/trunk@35696


git-svn-id: http://core.svn.wordpress.org/trunk@35660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 22:44:27 +00:00
Scott Taylor 13ea469061 Media: when making images responsive, check if they already have a `sizes` attribute.
Adds unit test.

Props jaspermdegroot.
Fixes #34678.

Built from https://develop.svn.wordpress.org/trunk@35678


git-svn-id: http://core.svn.wordpress.org/trunk@35642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:48:26 +00:00
Drew Jaynes 3a45270a43 Docs: Properly mark optional parameters as such in the DocBlock and function signature for `wp_calculate_image_sizes()`.
Also updates the subsequent hook docs for the `wp_calculate_image_sizes` filter.

Props joemcgill.
Fixes #34612.

Built from https://develop.svn.wordpress.org/trunk@35672


git-svn-id: http://core.svn.wordpress.org/trunk@35636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 18:53:27 +00:00
Drew Jaynes a90d108b82 Docs: Remove an empty line from the hook doc for the `wp_calculate_image_srcset` filter, introduced in [35592].
Props kraftbj.
See #34612.

Built from https://develop.svn.wordpress.org/trunk@35601


git-svn-id: http://core.svn.wordpress.org/trunk@35565 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 17:15:29 +00:00
Drew Jaynes c98b62c452 Docs: Fix some formatting in the hook doc for the `wp_calculate_image_srcset` filter and clarify the summary.
See #34612.

Built from https://develop.svn.wordpress.org/trunk@35592


git-svn-id: http://core.svn.wordpress.org/trunk@35556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 23:34:27 +00:00
Andrew Ozz 7d0aa3a54a Responsive images: properly arrange the parameters for the `wp_calculate_image_srcset` filter and add fix the inline documentation.
Props joemcgill.
Fixes #34612.
Built from https://develop.svn.wordpress.org/trunk@35591


git-svn-id: http://core.svn.wordpress.org/trunk@35555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 23:30:26 +00:00
Andrew Ozz 1b44ae6663 Responsive images: make the new functions and filters signatures more consistent.
Props joemcgill.
Fixes #34612.
Built from https://develop.svn.wordpress.org/trunk@35569


git-svn-id: http://core.svn.wordpress.org/trunk@35533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 21:36:27 +00:00
Scott Taylor e649fabb6a Accessibility: add missing `alt` attributes to a gaggle of `<img>`s.
Props afercia.
Fixes #34583.

Built from https://develop.svn.wordpress.org/trunk@35567


git-svn-id: http://core.svn.wordpress.org/trunk@35531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 16:12:27 +00:00
Andrew Ozz 72a1124c45 Responsive images: omit full size images from srcset attributes when the original file is an intermediate sized GIF so we don't accidentally add animation to an otherwise flat image. Update the tests to cover this case.
Props joemcgill, H-Shredder, SergeyBiryukov.
Fixes #34528.
Built from https://develop.svn.wordpress.org/trunk@35561


git-svn-id: http://core.svn.wordpress.org/trunk@35525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-07 02:10:25 +00:00
Andrew Ozz 09c16cb4ac Responsive images: do not generate `srcset` for GIFs that are inserted at full size. Prevents breaking animated GIFs.
Props joemcgill.
Fixes #34528.
Built from https://develop.svn.wordpress.org/trunk@35524


git-svn-id: http://core.svn.wordpress.org/trunk@35488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 21:44:25 +00:00
Andrew Ozz 9e436c7e0f Responsive images:
- Fix `_wp_upload_dir_baseurl()` to cache by blog_id.
- Replace `path_join()` with `trailingslashit()`, it's much faster.
- Rename $image_url to $image_src for consistency (used at about 50 other places).
- Couple of tests fixes.

See #34430.
Built from https://develop.svn.wordpress.org/trunk@35498


git-svn-id: http://core.svn.wordpress.org/trunk@35462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 00:22:26 +00:00
Andrew Ozz ea3d7c7962 Responsive images:
- More fixes to inline docs.
- Replace the last `wp_get_attachment_metadata()` with `get_post_meta()`.
- For consistency only accept array or named size in `wp_get_attachment_image_sizes()`.

Props jaspermdegroot.
See #34430.
Built from https://develop.svn.wordpress.org/trunk@35491


git-svn-id: http://core.svn.wordpress.org/trunk@35455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-03 00:19:28 +00:00
Andrew Ozz 26b6acd081 Responsive images: add `$image_url` parameter to `wp_get_attachment_image_sizes()` and use it in the filter. This allows themes and plugins to identify the image.
Props joemcgill.
Fixes #34477.
Built from https://develop.svn.wordpress.org/trunk@35481


git-svn-id: http://core.svn.wordpress.org/trunk@35445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 22:49:24 +00:00
Scott Taylor d8eacd51d8 Media: add a new image size, `medium_large`. Bumps db version to add new options.
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Andrew Ozz 8edcfabf9c Responsive images: few more inline docs fixes.
Props jaspermdegroot.
See #34430.
Built from https://develop.svn.wordpress.org/trunk@35465


git-svn-id: http://core.svn.wordpress.org/trunk@35429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-30 23:36:25 +00:00
Andrew Ozz 2021bc0da2 Responsive images:
- Merge `wp_image_srcset_attr()` into `wp_calculate_image_srcset()`.
- Remove the `wp_image_srcset` filter.
- Fix the tests for the above changes. 

See #34430.
Built from https://develop.svn.wordpress.org/trunk@35464


git-svn-id: http://core.svn.wordpress.org/trunk@35428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-30 23:27:24 +00:00
Andrew Ozz d7da5970fa Responsive images: add inline docs for private functions.
Props swissspidy.
See #34430.
Built from https://develop.svn.wordpress.org/trunk@35426


git-svn-id: http://core.svn.wordpress.org/trunk@35390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-28 21:55:24 +00:00