Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
Built from https://develop.svn.wordpress.org/trunk@39181
git-svn-id: http://core.svn.wordpress.org/trunk@39121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
Built from https://develop.svn.wordpress.org/trunk@39179
git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The CSS property `background-attachment: fixed` is disabled in some mobile browsers for performance reasons. So here, the fix increases the breakpoint where the `background-attachment: fixed` is applied to the front page images. Doing this removes the fixed backgrounds and the issue from all smaller screens, but the downside is that it also removes the fixed backgrounds from smaller laptops. It's also possible future devices could fall into this breakpoint, but this seems to be the most practical solution.
Props laurelfulford.
Fixes#38395.
Built from https://develop.svn.wordpress.org/trunk@39176
git-svn-id: http://core.svn.wordpress.org/trunk@39116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
Built from https://develop.svn.wordpress.org/trunk@39169
git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes `aria-hidden` argument. Lets `aria-hidden="true"` be there by default and sets it empty when there is `title` and `desc`.
* Adds unique IDs for title and desc for accessible implementation options.
* Removes absolute path in the Customizer. It didn't work in Internet Explorer, and the original bug is fixed in #30028.
* Add whitespace around `<use>`, from #38387.
Props sami.keijonen, swissspidy, laurelfulford.
Fixes#38659.
See #38387.
Built from https://develop.svn.wordpress.org/trunk@39164
git-svn-id: http://core.svn.wordpress.org/trunk@39104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.
Props rmccue, rachelbacker, danielbachhuber.
Fixes#38629.
Built from https://develop.svn.wordpress.org/trunk@39162
git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The combination of font-size and weight for post navigation made lower case "i"s illegible in some cases. Using `15px` seemed to be the best choice all around. Also adjusts the spacing around the arrows a bit, since they touch the text on small screen sizes.
Props laurelfulford.
Fixes#38670.
Built from https://develop.svn.wordpress.org/trunk@39152
git-svn-id: http://core.svn.wordpress.org/trunk@39092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [39128], this removes the validation logic for Vimeo URLs from
`_validate_external_header_video()` since WP does not support the
display of videos from Vimeo by default.
This also includes a change to using `esc_url_raw()` instead of `esc_url()`
on the URL value to avoid unexpected behavior from the inclusion of HTML
entities.
Props peterwilsoncc, westonruter.
Fixes#38544.
Built from https://develop.svn.wordpress.org/trunk@39148
git-svn-id: http://core.svn.wordpress.org/trunk@39088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TwentySeventeen attempts to highlight media found in post content by using `get_media_embedded_in_content()` to extract videos from the content and display their HTML differently. However, the HTML being generated by the playlist shortcode relies on JavaScript to update the video element with the markup needed to display the playlist properly. The `get_media_embedded_in_content()` function wasn't designed to handle this use case.
The patch looks for the presence of `wp-playlist-script` in the content and shows the standard content rather than trying to pluck the media elements from the content using `get_media_embedded_in_content()`.
Props joemcgill.
Fixes#38390.
Built from https://develop.svn.wordpress.org/trunk@39146
git-svn-id: http://core.svn.wordpress.org/trunk@39086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes regression introduced with the addition of control notifications in [37476]. The container element for notifications is injected after the `.customize-control-title` element if the `.customize-control-notifications-container` element does not already exist in the control's template. Also adds missing margin between current image and uploaded images.
Props bradyvercher.
See #34893.
Fixes#38561.
Built from https://develop.svn.wordpress.org/trunk@39145
git-svn-id: http://core.svn.wordpress.org/trunk@39085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, the "Collapse menu" item is not focusable and keyboard users can't collapse/expand the admin menu. This aims to fix it so that screen readers no longer announce it as a clickable but it remains unfocusable and thus unusable. So it's now a button.
Quoting joedolson at WordCamp Chicago 2014:
"If it's supposed to act like a button, it should be a button."
Also includes a grunt:precommit run that picked up some postcss changes to src/wp-includes/css/customize-preview.css
Fixes#29958.
Props ajercia, ipm-frommen for an iterative patch, valendesigns for an iterative patch, GaryJ for feedback, joedolson for feedback, helen for feedback
Built from https://develop.svn.wordpress.org/trunk@39141
git-svn-id: http://core.svn.wordpress.org/trunk@39081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a great goal for core, and is close, but it is not in shape to be shipped for 4.7 and there is not enough time left in the development cycle to alter and polish sufficiently. There are bugs, but more than that, there are more fundamental questions around the use of existing UI, general UX, and how findable themes are (not) on the .org side.
see #37661.
Built from https://develop.svn.wordpress.org/trunk@39140
git-svn-id: http://core.svn.wordpress.org/trunk@39080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This also reduces the number of browsers detected and patched with this fix. Most modern browsers have patched this common bug, where an anchor link does not move focus when clicked. Twenty Seventeen will only worry about older versions of Internet Explorer in this regard.
Props afercia, sami.keijonen.
See #38604.
Built from https://develop.svn.wordpress.org/trunk@39135
git-svn-id: http://core.svn.wordpress.org/trunk@39075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In -r39124, some additional issues were introduced:
* The 'overflow: hidden' on the `.site-header;` was added to prevent a side-scrolling issue, but it ended up cutting off the menu. It looks like the cause of the side-scroll was related to how the scroll down icon was rotated, so it's addressed by rotating the icon and not the `<a>`.
* Also, `min-height` doesn't play well with `display: table;` in Firefox. So it's addressed with just `height`.
Props laurelfulford, sami.keijonen.
See #38543.
Built from https://develop.svn.wordpress.org/trunk@39129
git-svn-id: http://core.svn.wordpress.org/trunk@39069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Vimeo's API requires a Pro account to display videos as background videos
(i.e., without player controls), thus we shouldn't support Vimeo
URLs by default in custom header videos. This removes the reference of Vimeo
from the control description in the customizer.
Fixes#38544.
Built from https://develop.svn.wordpress.org/trunk@39128
git-svn-id: http://core.svn.wordpress.org/trunk@39068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Leverages `get_user_locale()` in `load_*_textdomain()` and `_load_textdomain_just_in_time()` to always load translations in the user's language when in the admin.
This re-introduces [39069], but now with additional tests and a `function_exists( 'wp_get_current_user' )` check in `get_user_locale()` in case it gets used early.
Props swissspidy, ocean90.
Fixes#38485.
Built from https://develop.svn.wordpress.org/trunk@39127
git-svn-id: http://core.svn.wordpress.org/trunk@39067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
Built from https://develop.svn.wordpress.org/trunk@39126
git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When themes register default headers, they can use sprintf style placeholder
strings in place of the template directory URI, which WordPress transforms
in several places by running the value of
`get_theme_support( 'custom-header', 'default-image' )` through `sprintf()`.
This fixes a few places where WordPress skipped the `sprintf()` step and
referenced the `get_theme_support()` value directly.
Props bradyvercher for initial patch.
See #38557.
Built from https://develop.svn.wordpress.org/trunk@39123
git-svn-id: http://core.svn.wordpress.org/trunk@39063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_header_image_tag()` relies on the data returned by `get_custom_header()`
to build the attributes for the header `<img>` element. However,
`get_custom_header()` relies on data from the `header_image_data` theme
mod rather than the `header_image` theme mod that `get_header_image()` uses.
This can create inconsistencies when no header image is set, but a theme
supports a default header image.
This fixes the issue by making `get_custom_image_tag()` rely on the URL
returned by `get_header_image()` instead.
Props bradyvercher.
Fixes#38633.
Built from https://develop.svn.wordpress.org/trunk@39121
git-svn-id: http://core.svn.wordpress.org/trunk@39061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sets `screwIE8` to false as it is now enabled by default
Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js
Changelog:
2016-07-19 v2.0.0 Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19 v1.0.2 Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.
See #38199.
Built from https://develop.svn.wordpress.org/trunk@39117
git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changlog:
2016-04-14 v1.2.0 Add support for filtering running modules using command line (--modules) Removed 'grunt.warn' output from error.onError handler, onus now on end user binding to event. Update docs.
See #38199.
Built from https://develop.svn.wordpress.org/trunk@39113
git-svn-id: http://core.svn.wordpress.org/trunk@39055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a value is sanitized in PHP and differs from the JS value in the pane, a `change` event for the setting is triggered upon refresh. This should be avoided since the value just came from the server as being sanitized. This also fixes periodic issue where selective refresh happens immediately after a full refresh.
Fixes#37032.
Built from https://develop.svn.wordpress.org/trunk@39112
git-svn-id: http://core.svn.wordpress.org/trunk@39054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.
Props rmccue.
Fixes#38547.
Built from https://develop.svn.wordpress.org/trunk@39109
git-svn-id: http://core.svn.wordpress.org/trunk@39051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38985], we used jQuery to trigger a custom event once a video
handler has completed so themes, like Twenty Fourteen, can execute
their own adjustments after the header video has loaded.
This replaces the jQuery `trigger()` method with a native event and
updates Twenty Fourteen accordingly.
Props adamsilverstein, joemcgill.
Fixes#38550.
Built from https://develop.svn.wordpress.org/trunk@39102
git-svn-id: http://core.svn.wordpress.org/trunk@39044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
Built from https://develop.svn.wordpress.org/trunk@39101
git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While "Menu/Theme locations" was descriptive of what the choices listed were, in the context of editing an individual nav menu it is more descriptive to use a setting label that tells you what it is you are affecting for that nav menu, which is where it will be displayed. Technically multiple locations can be chosen, but in practice that appears to be rare enough that we can avoid an awkward "location(s)" type string.
props Fencer04 for the initial patch.
fixes#38525.
Built from https://develop.svn.wordpress.org/trunk@39098
git-svn-id: http://core.svn.wordpress.org/trunk@39040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.
Props joehoyle, rachelbaker.
Fixes#38529.
Built from https://develop.svn.wordpress.org/trunk@39089
git-svn-id: http://core.svn.wordpress.org/trunk@39031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.
props Kau-Boy, stephenharris.
fixes#35598.
Built from https://develop.svn.wordpress.org/trunk@39086
git-svn-id: http://core.svn.wordpress.org/trunk@39028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, it's been difficult to extend user roles, but reasonable to work around by waiting until after `init` has fired, to add custom roles and capabilities. With the addition of Locale Switching, Core now potentially loads roles before `init` has fired, leaving a window where custom roles and capabilities are not handled.
The new filter allows plugins to add their own custom roles whenever they're initialised (on page load, or when switching sites, for example), so that they can always be obeyed.
`WP_Roles` has also been tidied up a little bit, to remove duplicate code.
Props johnjamesjacoby, pento.
Fixes#23016.
Built from https://develop.svn.wordpress.org/trunk@39082
git-svn-id: http://core.svn.wordpress.org/trunk@39024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Makes sure the page layout setting also applies to pages, and is not completely hidden from them when a sidebar widget is present. Pages do not have a sidebar, so that was incorrect.
* Updates description in Customizer for brevity and accuracy.
* Applies setting to archive pages as well.
* Updates CSS to reflect changes.
Props celloexpressions, laurelfulford.
Fixes#38538.
Built from https://develop.svn.wordpress.org/trunk@39078
git-svn-id: http://core.svn.wordpress.org/trunk@39020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Relies on header skip link instead of l10n variables in JavaScript.
* Fixes issue where scroll down arrow appeared next to the navigation on the front page with no header image or video. It now only appears with a big header.
Props enodekciw, laurelfulford.
Fixes#38502.
Built from https://develop.svn.wordpress.org/trunk@39073
git-svn-id: http://core.svn.wordpress.org/trunk@39015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The blog post, while originally canonical, was later updated to include additional changes. The ticket includes all the changes and alot of rational for why things changed.
Props Mista-Flo, DrewAPicture, morganestes.
Fixes#38254.
Built from https://develop.svn.wordpress.org/trunk@39066
git-svn-id: http://core.svn.wordpress.org/trunk@39008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`test_default_theme_in_default_theme_list()` was always being skipped after #31550, this causes it to once again check that the unit tests are up to date and include the latest default theme.
`test_default_themes_have_textdomain()` didn't play happy when a default theme wasn't installed on a site.
See #31550, #29925, #38551.
Built from https://develop.svn.wordpress.org/trunk@39065
git-svn-id: http://core.svn.wordpress.org/trunk@39007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This partially reverts [35738], which has shown to provide a bad user experience for users seeking to experiment with TwentySeventeen.
This will result in TwentySixteen being installed in addition to TwentySeventeen.
See #38551.
Built from https://develop.svn.wordpress.org/trunk@39064
git-svn-id: http://core.svn.wordpress.org/trunk@39006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.
Props ajoah, johnbillion, peterwilsoncc
Fixes#38293
Built from https://develop.svn.wordpress.org/trunk@39062
git-svn-id: http://core.svn.wordpress.org/trunk@39004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow history to be manipulated before DOM ready by sourcing state params from the current URL instead of from the `wp.customize.settings` object, since they will be the same anyway. This fixes a JS error since `wp.customize.settings` is not defined before DOM ready.
Amends [38810].
See #30937.
Fixes#38592.
Built from https://develop.svn.wordpress.org/trunk@39060
git-svn-id: http://core.svn.wordpress.org/trunk@39002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.
Props flixos90.
Fixes#38393.
Built from https://develop.svn.wordpress.org/trunk@39058
git-svn-id: http://core.svn.wordpress.org/trunk@39000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
Built from https://develop.svn.wordpress.org/trunk@39046
git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
Built from https://develop.svn.wordpress.org/trunk@39038
git-svn-id: http://core.svn.wordpress.org/trunk@38980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.
Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.
Props Ankit K Gupta.
Fixes#38459.
Built from https://develop.svn.wordpress.org/trunk@39006
git-svn-id: http://core.svn.wordpress.org/trunk@38948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
Built from https://develop.svn.wordpress.org/trunk@39005
git-svn-id: http://core.svn.wordpress.org/trunk@38947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Hides page numbers visually at smaller screen sizes.
* Reduced padding around `.wrap` class on smaller screens.
* Fixed issue with the page numbers not displaying the underline on `:hover`. This has been updated in the custom colors files, too.
Props laurelfulford, caspie.
Fixes#38394.
Built from https://develop.svn.wordpress.org/trunk@38996
git-svn-id: http://core.svn.wordpress.org/trunk@38938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.
* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.
Props helen, westonruter, ocean90.
Fixes#38114, #38533.
Built from https://develop.svn.wordpress.org/trunk@38991
git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd