Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents `WP_Customize_Manager::get_return_url()` from using `wp-login.php` as a referer.
Merges [36261] to the 4.4 branch.
Props chandrapatel.
See #32637.
Fixes#35355.
Built from https://develop.svn.wordpress.org/branches/4.4@36363
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to calculate comment pagination when newest comments are displayed
first, `comments_template()` must perform a separate query to determine the
total number of paginating comments available on a post. See [34729], #8071,
pagination calculation - can be defined as a top-level comment, or a comment
with `parent=0`. However, when comment threading is disabled, yet comments
exist in the database that have parents, all comments - even those with a
parent - are "paginating". (This typically happens when comments threading was
once enabled, but has since been turned off.) As such, the total-paginating-
comments query should only be limited to top-level comments when
'thread_comments' is disabled.
Merges [36275] to the 4.4 branch.
Props jmdodd.
Fixes#35419.
Built from https://develop.svn.wordpress.org/branches/4.4@36362
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The refactor of `WP_Comment_Query`'s SQL generation in [34542] introduced a bug
that caused only the last post-related filter to be respected in comment
queries. In other words, if querying for comments using params
`post_status=draft&post_author=3`, only the last-processed of these params
would be respected. The current changeset fixes the logic so that these clauses
don't overwrite each other.
Merges [36326] to the 4.4 branch.
Props chriscct7.
Fixes#35478.
Built from https://develop.svn.wordpress.org/branches/4.4@36361
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[36157] fixed a problem, introduced in 4.4, that caused custom pagination
parameters passed to `wp_list_comments()`. However, the fix introduced in that
changeset was limited to the `is_singular()` context, so that the bug remained
when `wp_list_comments()` is used within a non-singular `WP_Query` loop. We
fix this by removing the `is_singular()` check and using the more general
`get_the_ID()` to identify the correct post_id to use for the secondary
comment query.
Merges [36324] to the 4.4 branch.
Props boonebgorges.
Fixes#35402.
Built from https://develop.svn.wordpress.org/branches/4.4@36360
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34999] modified the cache strategy for terms in the context of
`wp_get_object_terms()`. As part of these changes, the `object_id` property of
term objects had to be unset before being cached. To avoid modifying passed-by-
reference terms, `update_term_cache()` attempted to make a copy of the terms
passed to the function; however, it failed to use the `clone` keyword, and thus
only created a reference instead of a copy.
Merges [36323] to the 4.4 branch.
Props berengerzyla.
Fixes#35462.
Built from https://develop.svn.wordpress.org/branches/4.4@36358
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The descendant query in `WP_Comment_Query::fill_descendants()` uses the clauses
of the main `get_comment_ids()` query as a basis, discarding the `parent`,
`parent__in`, and `parent__not_in` clauses. As implemented in WP 4.4 [34546],
the WHERE clause was assembled in such a way that any modifications applied
using the `comments_clauses` filter were not inherited by `fill_descendants()`.
This resulted in descendant queries that did not always properly filter
results, and sometimes contained syntax errors.
The current changeset fixes the problem by using the post-filter WHERE clause
as the basis for the `fill_descendants()` query. This change requires a new
approach for eliminating the unneeded parent-related clauses: instead of
eliminating values in an associative array, we must use regular expressions.
Merges [36277] to the 4.4 branch.
Props boonebgorges, firebird75.
Fixes#35192.
Built from https://develop.svn.wordpress.org/branches/4.4@36357
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[36157] fixed a bug whereby `wp_list_comments()` would not properly recognize
custom pagination arguments. See #35175. However, it inadvertently introduced
a bug that caused any `$comments` array explicitly passed to the function to be
ignored, when that array was accompanied by pagination arguments that differ
from those in `$wp_query`. We address this bug by moving the logic introduced
in [36157] inside a block that only fires when no `$comments` array has been
provided to the function.
Merges [36276] to the 4.4 branch.
Props ivankristianto, boonebgorges.
Fixes#35356.
Built from https://develop.svn.wordpress.org/branches/4.4@36356
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The introduction of negative search terms in 4.4 [34934] introduced the
possibility that the ORDER BY clause of a search query could be assembled in
such a way as to create invalid syntax. The current changeset fixes this by
ensuring that the ORDER BY clause corresponding to the search terms is
excluded when it would otherwise be empty.
Merges [36251] to the 4.4 branch.
Props salvoaranzulla, boonebgorges.
Fixes#35361.
Built from https://develop.svn.wordpress.org/branches/4.4@36354
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When hierarchical=true, WP_Comment_Query will always fetch comments according to the comment hierarchy, even if 'thread_comments' is disabled for the site.
This can cause problems when comment threading is disabled after threaded comments have been recorded on the site; comments will no longer be returned in a strictly chronological order.
We address the issue by refraining from querying hierarchically when comment threading is disabled.
Merges [36226] to the 4.4 branch.
Props jmdodd.
Fixes#35378.
Built from https://develop.svn.wordpress.org/branches/4.4@36353
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset is a more basic version of [36180], clearing the extra now redundant schedule.
As the functionality for this was introduced in 3.9, [28129] has been backported to 3.7/3.8, allowing the API TTL to be respected by those versions.
See #27772.
Fixes#35323.
Built from https://develop.svn.wordpress.org/trunk@36184
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to 4.4, it was possible to pass 'page' and 'per_page' values to
`wp_list_comments()` that do not match the corresponding global query vars.
This ability was lost in 4.4 with the refactor of how `comments_template()`
queries for comments; when the main comment query started fetching only the
comments that ought to appear on a page, instead of all of a post's comments,
it became impossible for the comment walker to select comments corresponding to
custom pagination parameters. See #8071.
We restore the previous behavior by (a) detecting when a 'page' or 'per_page'
parameter has been passed to `wp_list_comments()` that does not match the
corresponding query vars (so that the desired comments will not be found in
`$wp_query`), and if so, then (b) querying for all of the post's comments and
passing them to the comment walker for pagination, as was the case before 4.4.
Merges [36157] to the 4.4 branch.
Props boonebgorges, smerriman.
Fixes#35175.
Built from https://develop.svn.wordpress.org/branches/4.4@36158
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These checkboxes are used on the Menus screen options and the Customizer Menus options.
Their IDs were removed in [34991] but they're needed to get the checkboxes to be saved
via AJAX. Also, avoids a useless AJAX call.
Merge [36137] to the 4.4 branch.
Props afercia.
Fixes#35112.
Built from https://develop.svn.wordpress.org/branches/4.4@36145
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [34659], it became possible to cause an incorrect redirect, by changing the slug of a post, then creating a new post with the old slug. The correct behaviour is to prevent redirecting to the old post.
Props dd32, pento.
Merge of [36128] to the 4.4 branch.
Fixes#35031.
Built from https://develop.svn.wordpress.org/branches/4.4@36129
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35333] implemented `public=false` for taxonomies. The implementation prevented
non-public taxonomies from having their archives accessed via query_var during
a normal request. But it didn't prevent non-public taxonomies from registering
their query vars in the `$wp_taxonomies` global. The latter implementation
details causes problems specifically when a taxonomy is registered with
`query_var=true`; for public taxonomies, `register_taxonomy()` translates this
into a query_var equivalent to the taxonomy name, but in the case of non-public
taxonomies, the query_var was set to the boolean itself. The boolean then
causes problems when using non-strict comparison to filter taxonomy objects by
query_var, as when using `get_taxonomies()`.
This changeset addresses the issue by forcing the query_var property of
non-public taxonomies to `false`.
Merges [36108] to the 4.4 branch.
Fixes#35089.
Built from https://develop.svn.wordpress.org/branches/4.4@36109
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34370] made the order that tabs are returned respect the order they are added, however it broke the respect of priority. By using a ksort instead of a sort, we can restore that default behavior. This adjusts the unit tests so that both order added and priority are tested.
Merges [36089] to the 4.4 branch.
Props meitar, swissspidy, jorbin
Fixes#35215. See #33941.
Built from https://develop.svn.wordpress.org/branches/4.4@36104
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34217] removed the `ORDER BY` clause from `update_object_term_cache()`, for
improved performance. But this proved to cause problems in cases where users
were expecting the results of `get_the_terms()` to be ordered by 'name'. Let's
revert the change for the time being, and look into more disciplined ordering
in a future release.
Merges [36056] to the 4.4 branch.
Props afercia.
See #28922. Fixes#35180.
Built from https://develop.svn.wordpress.org/branches/4.4@36057
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since 4.4, when fetching the first page of comments and the 'newest' comments
are set to display first, `comments_template()` must perform arithmetic to
determine which comments to show. See #8071. This arithmetic requires the
total comment count for the current post, which is calculated with a separate
`WP_Comment_Query`. This secondary comment query did not properly account for
non-approved comment statuses; all unapproved comments should be part of the
comment count for admins, and individual users should have their own
unapproved comments included in the count. As a result, `comments_template()`
was, in some cases, being fooled into thinking that a post had fewer comments
available for pagination than it actually had, which resulted in empty pages
of comments.
We correct this problem by mirroring 'status' and 'include_unapproved' params
of the main comment query within the secondary query used to calculate pagination.
Merges [36040] to the 4.4 branch.
Fixes#35068.
Built from https://develop.svn.wordpress.org/branches/4.4@36041
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.
Merge of [36036] to the 4.4 branch.
Fixes#35008.
Built from https://develop.svn.wordpress.org/branches/4.4@36037
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34696] introduced a regression whereby comma-separated values for 'exclude'
and 'exclude_tree' would be handled improperly when merging the two parameters,
resulting in category IDs being incorrectly dropped from the combined array.
Merges [36005] to the 4.4 branch.
Props gblsm, hnle.
Fixes#35156.
Built from https://develop.svn.wordpress.org/branches/4.4@36006
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The introduction of 'meta_query' to `get_terms()` in 4.4 made it possible for
`get_terms()` to erroneously return duplicate results. To address the issue,
we add the `DISTINCT` keyword to the SQL query when a 'meta_query' parameter
has been provided.
Merges [36003] to the 4.4 branch.
Props @jadpm.
Fixes#35137.
Built from https://develop.svn.wordpress.org/branches/4.4@36004
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WP 4.4 changed the way comment pagination is calculated. See #8071. In the
context of `get_comment_link()`, these changes introduced a regression that
causes `cpage` (or its pretty-permalink correlate `comment-page-x`) to appear
in comment links when comment pagination is disabled. The current changeset
fixes the regression.
Merges [35933] to the 4.4 branch.
Fixes#34946.
Built from https://develop.svn.wordpress.org/branches/4.4@35934
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`array_merge()` is much slower than building the combined array using a
`foreach` loop. The performance difference was causing a speed regression with
the `get_children()` functionality introduced in 4.4.
Merges [35931] to the 4.4 branch.
Props rogerhub.
Fixes#35025.
Built from https://develop.svn.wordpress.org/branches/4.4@35932
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most browsers no longer trust 1024bit certificates, or certificates signed by them, instead verifying them by a trusted intermediate or a cross-sign from another trusted certificate.
Unfortunately, as it turns out, OpenSSL prior to 1.0.1g cannot correctly handle certificates chains such as this, even if one of the intermediates is trusted.
The solution is that we need to continue to trust the 1024bit legacy root certificates forthe foreseeable future
This adds the following certificates back into our trust store:
{{{
GTE CyberTrust Global Root
Thawte Server CA
Thawte Premium Server CA
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
ValiCert Class 1 VA
ValiCert Class 2 VA
RSA Root Certificate 1
Entrust.net Secure Server CA
Equifax Secure Global eBusiness CA
Equifax Secure eBusiness CA 1
America Online Root Certification Authority 1
America Online Root Certification Authority 2
NetLock Business (Class B) Root
NetLock Express (Class C) Root
Verisign Class 3 Public Primary Certification Authority
}}}
Props rmccue.
Merges [35919] to the 4.4 branch.
Fixes#34935.
Built from https://develop.svn.wordpress.org/branches/4.4@35921
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_object_terms()` can return a `WP_Error` object. As such, the
`get_the_terms()` cache wrapper should handle them properly. To wit:
* Don't try to map an error object to `get_term()`. Introduced in [35032].
* Don't cache an error object as taxonomy relationships. Introduced in at least [16487], maybe earlier.
Ports [35850] to the 4.4 branch.
Props stephenharris.
Fixes#34723.
Built from https://develop.svn.wordpress.org/branches/4.4@35851
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes.
To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the
meta from the attachment ID in the class.
Merge of [35820] to the 4.4 branch.
Props azaozz, kovshenin, joemcgill, mikeschroder.
See #34898.
Built from https://develop.svn.wordpress.org/branches/4.4@35821
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.
Second Permanent Committer sign off was by WonderBoyMusic
See #15520Fixes#34791
Props afercia, azaozz
Built from https://develop.svn.wordpress.org/trunk@35771
git-svn-id: http://core.svn.wordpress.org/trunk@35735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
Built from https://develop.svn.wordpress.org/trunk@35761
git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes#33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742
git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do.
Props nacin, jeremyfelt, dd32.
See #34306.
Built from https://develop.svn.wordpress.org/trunk@35738
git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.
Fixes#11095.
Built from https://develop.svn.wordpress.org/trunk@35737
git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.
You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?
Props danielbachhuber.
Fixes#34377.
Built from https://develop.svn.wordpress.org/trunk@35735
git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd