Commit Graph

16209 Commits

Author SHA1 Message Date
John Blackbourn 547fd42bfe Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Merges [42258] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@42272


git-svn-id: http://core.svn.wordpress.org/branches/4.7@42101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:17:35 +00:00
Gary Pendergast b14e1b3d42 Bump 4.7 branch to version 4.7.7.
Built from https://develop.svn.wordpress.org/branches/4.7@42070


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:13:33 +00:00
Dominik Schilling 0a70974b31 Taxonomy/Users: Use correct escaping function for URLs.
Merge of [41522] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@41524


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:21:35 +00:00
Dominik Schilling f920f99c1c Bump 4.7 branch to version 4.7.6.
Built from https://develop.svn.wordpress.org/branches/4.7@41511


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:56:36 +00:00
Dominik Schilling ec72da84f3 Bump 4.7 branch to version 4.7.3.
Built from https://develop.svn.wordpress.org/branches/4.7@41510


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 19:51:32 +00:00
John Blackbourn 2915a1c876 Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Merges [41457] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41459


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:38:34 +00:00
Dominik Schilling a0af012ed0 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Merge of [41398] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@41418


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:12:08 +00:00
John Blackbourn 7c8fbd2966 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Merges [41412] to the 4.7 branch

See #13377

Built from https://develop.svn.wordpress.org/branches/4.7@41413


git-svn-id: http://core.svn.wordpress.org/branches/4.7@41246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 10:21:48 +00:00
Aaron Campbell 9fad803761 Bump 4.7 branch to version 4.7.5.
Built from https://develop.svn.wordpress.org/branches/4.7@40748


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 21:48:33 +00:00
Aaron Campbell a86f61290e Add nonce for updating file system credentials.
Merges [40723] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40724


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:51:35 +00:00
Dominik Schilling 2d7fa9d0dc Customize: Ignore invalid customization sessions.
Merge of [40704] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40705


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 12:14:35 +00:00
Dion Hulse 0516c67beb List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again.
Unprop afercia.
Merges [40268] to the 4.7 branch.
Fixes #40056.

Built from https://develop.svn.wordpress.org/branches/4.7@40512


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-21 07:36:37 +00:00
Pascal Birchler 8cf8ada93d Bump 4.7 branch to version 4.7.4.
Built from https://develop.svn.wordpress.org/branches/4.7@40487


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-20 16:21:36 +00:00
Pascal Birchler d9681fd881 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40460


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:00:35 +00:00
Pascal Birchler 3623849a05 Customize: Verify availability of `history.replaceState` (in IE9) before attempting to populate `changeset_uuid` parameter.
Props westonruter, timmydcrawford for testing.
Amends [39686].
See #39227.
Fixes #40405.

Merges[40405] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40420


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-13 12:32:35 +00:00
Pascal Birchler 6736569b43 Customize: Auto-expand a widget area section when expanding the Widgets panel if there is only one registered sidebar and it is active.
Introduces WP_Customize_Panel::$auto_expand_sole_section property which allows panels to opt-in to the behavior, which the Widgets panel is made to do by default.

Props delawski, westonruter, melchoyce.
Fixes #37471.

Merges [40395] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40402


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-10 12:36:34 +00:00
Pascal Birchler df7c706b34 Customize: Fix behavior of clicking Delete Menu link and keep available nav menu items panel open when doing bulk deletion.
Props maguiar, adamsilverstein for testing.
Amends [39548].
Fixes #38953.

Merges [40396] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40401


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-10 12:29:38 +00:00
Pascal Birchler 0a91666a7e Customize: Fix reversal of nav menu item's `type` and `object` properties for
page stub added in customizer.

Amends [38906].
See #38164.
Fixes #40277.

Merges [40380] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40383


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-06 17:18:36 +00:00
Pascal Birchler c0f0a7739a Customize: Fix failure to collapse expanded sections and panels that become deactivated.
Improve jsdoc for `onChangeActive` function. Restores fix from [34557] which got dropped in [38648].

Props dlh, westonruter.
See #34391, #33509.
Fixes #39430.

Merges [40304] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40375


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 02:20:25 +00:00
Pascal Birchler a394c05654 Customize: Use `get_user_locale()` in customizer body class.
Otherwise CSS specific to the site's locale would be applied, even though the customizer is displayed in the user's locale.

See #29783.
Fixes #40271.

Merges [40368] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40369


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 02:16:34 +00:00
Pascal Birchler 5a10b5c879 Administration: Fix minor misalignments caused by the `button-link` CSS class.
After [40059] the CSS class `button-link` uses `text-align: left` by default.
This change now requires to limit as much as possible the use of `button-link`
to controls that should really look like links and to explicitly set
`text-align: center` in a few other cases.

Fixes #39983.

Merges [40358] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40367


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 02:15:18 +00:00
Pascal Birchler 1b7455c6d3 Quick/Bulk Edit: Fix the Tag suggestions position on the Bulk Edit textarea.
Always passes the complete `position` object to the jQuery autocomplete widget.
Also checks if an autocomplete instance already exists on the Bulk Edit textarea.

Props davidbenton.
Fixes #40242.

Merges [40357] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40365


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 02:14:11 +00:00
Pascal Birchler 511b47afd9 Customize: Prevent client-side validation from being cleared when no corresponding server-side validation is present.
See #36944.
Fixes #39770.

Merges [40319] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40345


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-28 07:22:37 +00:00
Pascal Birchler 52f0c65fc5 Customize: Prevent links to `customize.php` from being generated which have query vars from `wp_removable_query_args()` present.
Props dlh.
See #23367, #32692.
Fixes #31850.

Merges [40313] to the 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@40331


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-25 13:35:38 +00:00
John Blackbourn bfa0cc8b91 Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the `siteurl` network option.
This reverts [38619].

See #34084, #39497

Merges [40320] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40321


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-23 19:03:37 +00:00
James Nylen 8622d105f5 Bump 4.7 branch to version 4.7.3.
Built from https://develop.svn.wordpress.org/branches/4.7@40202


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 15:56:33 +00:00
John Blackbourn 882ac7830f Press This: Verify intent before fetching in-page resources using Press This.
Props vortfu

Merges [40195] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40196


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:56:35 +00:00
John Blackbourn 0066640479 Taxonomy: Correct the formatting of HTML entities when generating the screen reader text for tag removal.
Props adamsilverstein

Merges [40181] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40182


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:16:35 +00:00
Aaron Campbell 177b19d9ec Plugins: Add file check to plugin deletions.
Merges [40169] to 4.7 branch.


Built from https://develop.svn.wordpress.org/branches/4.7@40170


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 12:58:35 +00:00
Jeremy Felt a80351f7ed Validate video and audio metadata.
merge of [40148] to the 4.7 branch

Built from https://develop.svn.wordpress.org/branches/4.7@40149


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:03:35 +00:00
Joe McGill 498f71615f Media: Keep PDF previews from overwriting files.
Since support for PDF previews were added in [38949], it's possible
that the generated image file could overwrite an existing image file
with the same name. This uses wp_unique_filename() to avoid this
issue and adds a '-pdf' identifier on the end of filenames.

Props gitlost, desrosj, mikeschroder, joemcgill.
Merges [40130] and [40131] to the 4.7 branch.
Fixes #39875. See #31050.

Built from https://develop.svn.wordpress.org/branches/4.7@40133


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-27 19:25:34 +00:00
Sergey Biryukov ecf9c19e04 Plugins: After [38703], adjust the selector for checkbox selection to account for nested tables.
Props afercia, swissspidy, reldev.
Merges [40118] to the 4.7 branch.
Fixes #39739.
Built from https://develop.svn.wordpress.org/branches/4.7@40119


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 23:13:34 +00:00
Dion Hulse a0edd9b006 Customize: Trim whitespace from nav menu item titles so that the underlying object's original title appears as input placeholder and in the control's title.
Whitespace is trimmed from titles in PHP when saved in any case, so this aligns the client-side behavior with what happens on the server.

Amends [38618].
Merges [39994] to the 4.7 branch.
See #38015.
Fixes #39600.

Built from https://develop.svn.wordpress.org/branches/4.7@40094


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-21 06:52:35 +00:00
Dion Hulse 2a891e4456 Customize: Update `customize.php` URL with `changeset_uuid` param the instant a change is made instead of deferring until the changeset update request responds.
Props asalce, westonruter.
Merges [39686] to the 4.7 branch.
Fixes #39227.

Built from https://develop.svn.wordpress.org/branches/4.7@40093


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-21 06:50:41 +00:00
Dion Hulse e18e5acce8 Formatting: fix `wpautop()` to stop adding paragraph tags around `<figcaption>`.
Props azaozz, pbearne for tests.
Merges [39912], [39914] to the 4.7 branch.
Fixes #39307 for 4.7.


Built from https://develop.svn.wordpress.org/branches/4.7@40091


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-21 03:42:38 +00:00
Sergey Biryukov f65de13e9f About page: Remove `autoplay` and `loop` attributes on "Theme Starter Content", "Edit Shortcuts", and "Video Headers" videos, originally added as a part of [39512].
For UX and accessibility reasons, it's better to always avoid playing videos automatically.

Props bor0.
Merges [40089] to the 4.7 branch.
Fixes #39560.
Built from https://develop.svn.wordpress.org/branches/4.7@40090


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-20 13:09:34 +00:00
Aaron Campbell befa21d88e Bump 4.7 branch to version 4.7.2.
Built from https://develop.svn.wordpress.org/branches/4.7@39995


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 18:14:35 +00:00
John Blackbourn fa47298720 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@39990


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 15:12:34 +00:00
Dominik Schilling ad0f68291a Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@39969


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:01:34 +00:00
Aaron Campbell 5094cbd599 Bump 4.7 branch to version 4.7.1.
Built from https://develop.svn.wordpress.org/branches/4.7@39845


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 15:15:35 +00:00
Dominik Schilling 3176a085da Updates: Translate plugin data on the Updates screen.
Merge of [39808] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@39820


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 11:39:34 +00:00
Aaron Campbell 189e5449a3 Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39760] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@39761


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:40:34 +00:00
Dion Hulse 6cdd4b1250 Customize: Prevent removal of underline upon hover/focus for nav menu deletion links.
Props monikarao.
Amends [38503].
See #37527.
Merges [39677] to the 4.7 branch.
Fixes #39444.

Built from https://develop.svn.wordpress.org/branches/4.7@39696


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:17:37 +00:00
Dion Hulse 8cc3c97b85 Updates: Properly define `$filesystemForm` to handle error in modals.
Amends [39657].
Merges [39689] to the 4.7 branch.
See #39057.

Built from https://develop.svn.wordpress.org/branches/4.7@39690


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 07:28:36 +00:00
Dion Hulse e87ab24ef8 Updates: Show the Authentication key settings after selecting the SSH transport in both the modal, and also on the plugin/theme updates screen.
Props afercia.
Merges [39657] to the 4.7 branch.
Fixes #39057.

Built from https://develop.svn.wordpress.org/branches/4.7@39658


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 07:46:35 +00:00
Dion Hulse fb52c9599d Customize: Fix visible edit shortcuts for `wp_nav_menu()` instances using the `menu` arg (such as in the Custom Menu widget) instead of the `theme_location` arg.
Also fix logic for `focus-control-for-setting` handler to focus on the first control (lowest `priority` value) associated with a given setting instead of the last control encountered when iterating over all controls, as this ensures the first control in a `nav_menu` section is focused rather than the last one.

Props westonruter, sirbrillig.
See #27403.
Merges [39622] to the 4.7 branch.
Fixes #39101.

Built from https://develop.svn.wordpress.org/branches/4.7@39653


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 06:13:34 +00:00
Dion Hulse 8f7e4969bc Taxonomy: Redirect to current taxonomy when adding a term without AJAX.
Fixes a regression in which adding terms via a full page refresh, ie without AJAX, would always redirect to the tags taxonomy.

Props szaqal21, peterwilsoncc.
Merges [39649] to the 4.7 branch.
Fixes #39328 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39652


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 05:55:32 +00:00
Ella Iseulde Van Dorpe 559e81937b Editor: Let the Add New link disappear in DFW mode.
The link was moved outside the heading in [38983].

Merges [39619] to the 4.7 branch.
Fixes #39313.


Built from https://develop.svn.wordpress.org/branches/4.7@39634


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 14:56:34 +00:00
Gary Pendergast 8a2525a88d Media: Allow PDF fallbacks filter to process custom sizes.
This fixes an oversight in [39246], which added a hook for filtering the array of sizes used for PDF thumbnails, but failed to provide a way for sizes added through `add_image_size()` to be processed.

Merge of [39617] to the 4.7 branch.

Props gitlost.
Fixes #39231. See #38594.


Built from https://develop.svn.wordpress.org/branches/4.7@39633


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:53:33 +00:00
Gary Pendergast bba21b983c REST API: Add support for filename search in media endpoint.
In [38625], the functionality to search for attachments by filename was added via the `posts_clauses` filter and the `_filter_query_attachment_filenames()` function. This moves `_filter_query_attachment_filenames()` from `wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be applied in the same manner in the REST API media endpoint.

Merge of [39598] to the 4.7 branch.

Props jblz, tyxla.
Fixes #39092.


Built from https://develop.svn.wordpress.org/branches/4.7@39629


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:19:34 +00:00