9a0b89f7a8
Backporting several bug fixes.
...
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.
Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@46498
git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:09:23 +00:00
7da4f3910f
Multisite: Validate activation links.
...
Merges [44048] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@44061
git-svn-id: http://core.svn.wordpress.org/branches/4.4@43891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 01:47:21 +00:00
b4f299c6f9
In `WP::handle_404()`, make sure `$wp_query->post` is a `WP_Post` object before cloning it.
...
Merges [35994] to the 4.4 branch.
Props igmoweb, swissspidy.
Fixes #35013 .
Built from https://develop.svn.wordpress.org/branches/4.4@36064
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-23 01:42:25 +00:00
9510566056
Query: Remove `title` from the public query vars list.
...
[33706] added `title` as a public query var, but there's not really a practical need for this, and it interferes with any plugin that uses `title` as a query var for itself.
Merge of [36034] to the 4.4 branch.
Props tyxla.
Fixes #35115 .
Built from https://develop.svn.wordpress.org/branches/4.4@36035
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-21 02:31:23 +00:00
8be4a22f82
Embeds: Who put this REST API infrastructure in my WordPress?
...
Well, while it's here, we probably should make use of it. The oEmbed endpoint now uses the REST API infrastructure, instead of providing its own.
Props swissspidy.
Fixes #34207 .
Built from https://develop.svn.wordpress.org/trunk@35436
git-svn-id: http://core.svn.wordpress.org/trunk@35400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 22:51:24 +00:00
9088df3fee
Prevent non-public taxonomies from registering aquery var.
...
[34247] made the 'public' paramater of `register_taxonomy()` work by blocking
requests for non-public taxonomy archives during `parse_request()`. Blocking
taxonomy archive requests this late means that it's impossible to register an
independent query var that matches the slug of a non-public taxonomy. By
moving the block to `register_taxonomy()` - not allowing these taxonomies to
register their query vars in the first place - we free up the slug for other
use. In addition, we free up a bit of processing (no need to look for the query
var in `parse_request()` and better parallel the way non-public post types
work. See `register_post_type()`.
Non-public taxonomy archives that are requested using `?taxonomy=tax_name` are
still blocked during `parse_request`. It's only custom query vars -
`?tax_name=term` - that are affected by this change.
Props mboynes.
Fixes #21949 .
Built from https://develop.svn.wordpress.org/trunk@35333
git-svn-id: http://core.svn.wordpress.org/trunk@35299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 16:54:24 +00:00
2d540d0280
In `WP::parse_request()` and `url_to_postid()`, don't skip objects that have a post status with `'exclude_from_search' => false`, e.g. `inherit`.
...
This fixes pretty permalinks for attachments, broken in [35195].
Fixes #21970 .
Built from https://develop.svn.wordpress.org/trunk@35205
git-svn-id: http://core.svn.wordpress.org/trunk@35171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 17:53:24 +00:00
8a6d07f596
In `WP::parse_request()` and `url_to_postid()`, if a post slug clashes with a trashed page, return the post instead of the page.
...
Props kovshenin, SergeyBiryukov, igmoweb.
Fixes #21970 .
Built from https://develop.svn.wordpress.org/trunk@35195
git-svn-id: http://core.svn.wordpress.org/trunk@35161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 06:49:25 +00:00
83c3e3e00e
Embeds: Add oEmbed provider support.
...
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522 .
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00
9c46736476
Docs: Fix some syntatical issues in the DocBlock for `WP::send_headers()` following [34632].
...
See #20226 . See #32246 .
Built from https://develop.svn.wordpress.org/trunk@34635
git-svn-id: http://core.svn.wordpress.org/trunk@34599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 18:49:29 +00:00
8272a839cd
Update the docs in `WP` to explain the need to do [34476].
...
Fixes #20226 .
Built from https://develop.svn.wordpress.org/trunk@34632
git-svn-id: http://core.svn.wordpress.org/trunk@34596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 18:28:24 +00:00
b45178379b
After [34492], no need to import the global instance when we are, in fact, currently, that instance.
...
See #11694 .
Built from https://develop.svn.wordpress.org/trunk@34494
git-svn-id: http://core.svn.wordpress.org/trunk@34458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 14:20:24 +00:00
175d476b0e
Canonical/Rewrite: sanity check posts that are paged with `<!--nextpage-->`. Page numbers past the max number of pages are returning the last page of content and causing infinite duplicate content.
...
Awesome rewrite bug: the `page` query var was being set to `'/4'` in `$wp`. When cast to `int`, it returns `0` (Bless you, PHP). `WP_Query` calls `trim( $page, '/' )` when setting its own query var. The few places that were checking `page` before posts were queried now have sanity checks, so that these changes work without flushing rewrites.
Adds/updates unit tests.
Props wonderboymusic, dd32.
See #11694 .
Built from https://develop.svn.wordpress.org/trunk@34492
git-svn-id: http://core.svn.wordpress.org/trunk@34456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 14:04:24 +00:00
7a154ca666
WP: after [34443], calling `get_queried_object()` messes up unit tests. We can just clone the `$post` prop and call it a day.
...
Fixes #20226 .
Built from https://develop.svn.wordpress.org/trunk@34476
git-svn-id: http://core.svn.wordpress.org/trunk@34440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 03:54:24 +00:00
4cdd0b1688
PINGBACKS: After [34442], switch to `is_singular()` to check attachments and pages as well.
...
See #20226 .
Built from https://develop.svn.wordpress.org/trunk@34443
git-svn-id: http://core.svn.wordpress.org/trunk@34407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 19:10:29 +00:00
3bbd53c717
PINGBACKS: rather than sending the `X-Pingback` HTTP header on every single request for fun, perhaps only send it on single posts with pings open.
...
See #20226 .
Built from https://develop.svn.wordpress.org/trunk@34442
git-svn-id: http://core.svn.wordpress.org/trunk@34406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 18:47:25 +00:00
471fc6d9a5
Allow taxonomies to be non-public.
...
[13216] introduced the 'public' argument for `register_taxonomy()`. This param
was used to set defaults for 'show_ui' and a number of other params, but it
never did anything itself.
With this changeset, taxonomies registered with `public=false` will no longer
be queryable on the front end, ie via taxonomy archive queries.
Props wpsmith, ocean90, nacin, ericlewis, boonebgorges.
Fixes #21949 .
Built from https://develop.svn.wordpress.org/trunk@34247
git-svn-id: http://core.svn.wordpress.org/trunk@34211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 19:05:23 +00:00
8573a86def
In `WP::parse_request()`, don't add query vars of non-viewable post types to `WP::public_query_vars`. In `register_post_type()`, don't add query vars of non-viewable post types to `WP::public_query_vars`.
...
In `_unregister_post_type()` (unit tests), don't add query vars of non-viewable post types to `WP::public_query_vars`.
Adds unit test.
Fixes #30018 .
Built from https://develop.svn.wordpress.org/trunk@34215
git-svn-id: http://core.svn.wordpress.org/trunk@34179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 18:54:30 +00:00
ef87172270
`foreach` is a statement, not a function.
...
See #33491 .
Built from https://develop.svn.wordpress.org/trunk@33734
git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
523b51a359
Query:
...
Add a query var, `title`, that allows you to query posts by `post_title`. To accomplish this now, you have to do something like:
{{{
$tacos = get_posts( [
'post_type' => 'taco',
's' => $name,
'exact' => true,
'sentence' => true,
'post_status' => 'publish',
'fields' => 'ids',
'posts_per_page' => 1
] );
}}}
Adds unit tests.
Fixes #33074 .
Built from https://develop.svn.wordpress.org/trunk@33706
git-svn-id: http://core.svn.wordpress.org/trunk@33673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-22 16:59:26 +00:00
1fd0dcbc9e
Ensure that feeds are served with the proper `Content-Type` HTTP header.
...
Props stevenkword.
Fixes #32024 .
Built from https://develop.svn.wordpress.org/trunk@33658
git-svn-id: http://core.svn.wordpress.org/trunk@33625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:10:24 +00:00
0549150843
Parse request: Quote regular expression characters in home path.
...
Adds unit tests.
props akirk.
fixes #30438 .
Built from https://develop.svn.wordpress.org/trunk@32708
git-svn-id: http://core.svn.wordpress.org/trunk@32678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-08 13:29:26 +00:00
ebac76facc
When parsing what appears to be a date archive request, check for a post with a clashing permalink before resolving to the archive.
...
A URL like `example.com/2015/05/15/` generally resolves to the May 15, 2015 date
archive. But in certain cases, it could also be the permalink of a post with
the slug `'2015'`. When a conflict of this sort is detected, resolve to the post
instead of the archive.
URL conflicts of this sort should no longer occur for new posts; see [32647].
Props valendesigns, boonebgorges, Denis-de-Bernardy.
Fixes #5305 .
Built from https://develop.svn.wordpress.org/trunk@32648
git-svn-id: http://core.svn.wordpress.org/trunk@32618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 13:10:24 +00:00
f217f8c5d2
Add missing doc blockss in `class-wp.php`.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32551
git-svn-id: http://core.svn.wordpress.org/trunk@32521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 20:05:25 +00:00
cde4c83091
[31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`.
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31211
git-svn-id: http://core.svn.wordpress.org/trunk@31192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 18:37:24 +00:00
eab3aa7802
In `WP_MatchesMapRegex`:
...
* Exactly one method was made private in [28516], and is only used internally.
* 2 properties were made private, but they just store variables passed to the constructor.
* Instances of this class are never created in core. `WP_MatchesMapRegex::apply()` is called statically in `WP->parse_request()` and `url_to_postid()`.
The chances that:
1) this class is used as an instance somewhere and
2) the properties that have always been marked `@access private` and begin with `_` were used publicly
...is extremely low.
Remove the magic methods, I should not have added them.
While we're at it, use the PHP5-style `__construct()` instead of the class name.
See #30891 .
Built from https://develop.svn.wordpress.org/trunk@31136
git-svn-id: http://core.svn.wordpress.org/trunk@31117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 23:27:21 +00:00
60b0cd7943
The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
...
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs.
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31090
git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
c4b9da857a
Using let's properly in inline comments lets us move on to more pressing matters of inline documentation.
...
Props trepmal.
Fixes #30570 .
Built from https://develop.svn.wordpress.org/trunk@30703
git-svn-id: http://core.svn.wordpress.org/trunk@30693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-02 04:43:22 +00:00
f8657d5890
Remove redundant and erroneous `@uses` tag from most core inline documentation.
...
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes #30191 .
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
a8583d5f19
Fix some words that aren't words.
...
See #28885 .
Built from https://develop.svn.wordpress.org/trunk@29454
git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
47119960de
Don't 404 for empty feeds.
...
fixes #18505 .
Built from https://develop.svn.wordpress.org/trunk@29216
git-svn-id: http://core.svn.wordpress.org/trunk@29000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 22:22:15 +00:00
71eb75a159
Fill out inline documentation for magic methods added to the `WP_MatchesMapRegex` class in [28516].
...
See #27881 , #22234 and #28885 .
Built from https://develop.svn.wordpress.org/trunk@29142
git-svn-id: http://core.svn.wordpress.org/trunk@28926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:39:14 +00:00
85f73cf458
Classes that have `__set()` also need `__isset()` and `__unset()`.
...
See #27881 , #22234 .
Built from https://develop.svn.wordpress.org/trunk@28524
git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
821246b4ae
Some classes with `__get()` method also need `__set()`.
...
See #27881 , #22234 .
Built from https://develop.svn.wordpress.org/trunk@28521
git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
dc24cef605
Add missing access modifiers to methods in `WP` and `WP_MatchesMapRegex`. Add magic `__call()` and `__get()` methods to `WP_MatchesMapRegex` for BC.
...
See #27881 , #22234 .
Built from https://develop.svn.wordpress.org/trunk@28516
git-svn-id: http://core.svn.wordpress.org/trunk@28342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:12:14 +00:00
3eb91d047c
Add post_parent to the private query vars list. Fixes detached media queries.
...
props SergeyBiryukov.
fixes #27532 .
Built from https://develop.svn.wordpress.org/trunk@27782
git-svn-id: http://core.svn.wordpress.org/trunk@27618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-27 16:37:16 +00:00
86843194b8
Revert [27738] as the patient exhibited side effects. see #23862 .
...
Built from https://develop.svn.wordpress.org/trunk@27768
git-svn-id: http://core.svn.wordpress.org/trunk@27605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-27 01:31:15 +00:00
f5999e5d50
WP class: Remove duplication of the post_type query var, also specified as a public QV.
...
props prettyboymp.
fixes #23862 .
Built from https://develop.svn.wordpress.org/trunk@27738
git-svn-id: http://core.svn.wordpress.org/trunk@27575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 14:45:16 +00:00
d30ab62e44
Return 404 when querying author's posts who is not a member and has no posts on the site
...
fixes #20601 . props yoavf, nacin, SergeyBiryukov, wonderboymusic, markjaquith.
Built from https://develop.svn.wordpress.org/trunk@27290
git-svn-id: http://core.svn.wordpress.org/trunk@27146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 18:12:13 +00:00
7f1047ece1
Remove the experimental RSS.JS feed, and move it to a plugin for feature development. Unprops pento. See #25639
...
Built from https://develop.svn.wordpress.org/trunk@26644
git-svn-id: http://core.svn.wordpress.org/trunk@26534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-04 22:24:10 +00:00
c8bbc31c39
Add an experimental rssjs feed based on the experimental rss.js spec.
...
This is simply a JSON representation of the RSS 2.0 feed, accessible at /feed/rssjs/ anywhere.
props pento.
see #25639 .
Built from https://develop.svn.wordpress.org/trunk@26294
git-svn-id: http://core.svn.wordpress.org/trunk@26199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-20 22:58:09 +00:00
a5eb3208d7
`WP_UnitTestCase::go_to()` tried its best to clean up global space, but ultimately fell short. Because it was blowing away `WP` every time it was called, it was dropping all the query vars that were registered for custom taxonomies and custom post types (ouch).
...
Introduces `_cleanup_query_vars()`. This is a prerequisite for the unit tests on #20767 . All unit tests pass with this change.
See #20767 .
Fixes #25818 .
Built from https://develop.svn.wordpress.org/trunk@26006
git-svn-id: http://core.svn.wordpress.org/trunk@25937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-04 22:47:10 +00:00
d0cfa40983
Add jshintrc to qunit.
...
props jorbin.
see #25187 .
Built from https://develop.svn.wordpress.org/trunk@25992
git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
85ccb59294
Revert another instance where a `WP` property was assigned to a one-time variable for inline docs purposes.
...
Referencing a non-existent variable only in the docs here would have been the better choice.
See #25495 .
Built from https://develop.svn.wordpress.org/trunk@25946
git-svn-id: http://core.svn.wordpress.org/trunk@25905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 07:59:10 +00:00
c01501b516
Fix error introduced in [25940] where `$public_query_vars` should have only been used as a non-existent inline docs variable in the `query_vars` filter.
...
Restores `$this->public_query_vars` to the `query_vars` filter in wp-includes/class-wp.php.
Props mauryaratan.
Fixes #25495 . See #25719 .
Built from https://develop.svn.wordpress.org/trunk@25945
git-svn-id: http://core.svn.wordpress.org/trunk@25904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 07:49:09 +00:00
75e0cad6af
Inline documentation for hooks in wp-includes/class-wp.php.
...
Props dougwollison.
Fixes #25495 .
Built from https://develop.svn.wordpress.org/trunk@25940
git-svn-id: http://core.svn.wordpress.org/trunk@25899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 21:03:09 +00:00
9e15ed5b28
Ensure wp::send_headers() detects a comments feed when permalinks are disabled and thus the withcomments QV is omitted. This fixes Last-Modified.
...
props sweetie089.
fixes #24622 .
Built from https://develop.svn.wordpress.org/trunk@25683
git-svn-id: http://core.svn.wordpress.org/trunk@25599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-03 03:15:08 +00:00
e3d58a5b23
Make `url_to_postid()` work for custom post type URLs. Use `get_post_types()` and `get_taxonomies()` instead of directly accessing globals. Adds unit test.
...
Props faishal, for the globals fix.
Fixes #19744 .
Built from https://develop.svn.wordpress.org/trunk@25659
git-svn-id: http://core.svn.wordpress.org/trunk@25576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-02 19:42:09 +00:00
c2aa33de6a
Clean up the path calculations in wp::parse_request().
...
props evansolomon for initial cleanup.
fixes #22209 .
Built from https://develop.svn.wordpress.org/trunk@25617
git-svn-id: http://core.svn.wordpress.org/trunk@25534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:47:09 +00:00
cc19b4a397
Avoid a notice. see #14408 , [25574].
...
Built from https://develop.svn.wordpress.org/trunk@25585
git-svn-id: http://core.svn.wordpress.org/trunk@25502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-23 21:44:09 +00:00
whyisjake
Peter Wilson
Dion Hulse
Gary Pendergast
Boone Gorges
Sergey Biryukov
Drew Jaynes
Scott Taylor
Dominik Schilling
Andrew Nacin
Mark Jaquith