* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.4 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.4@49402
git-svn-id: http://core.svn.wordpress.org/branches/4.4@49161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619.
Built from https://develop.svn.wordpress.org/trunk@33891
git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.
Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.
Built from https://develop.svn.wordpress.org/trunk@32994
git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`admin-filters.php`
`ms-admin-filters.php`
There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.
See #32529.
Built from https://develop.svn.wordpress.org/trunk@32653
git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Users are frequently confused as to why the content they've entered or the page template they've selected doesn't apply for this one page. Showing and saving items that don't do anything hurts trust.
Developers can elect to turn on the editor should they be using it for something. If the content isn't empty, the editor will show so that users still have access to their content.
props alexkingorg for the initial, long-suffering patch.
fixes#17470.
Built from https://develop.svn.wordpress.org/trunk@31550
git-svn-id: http://core.svn.wordpress.org/trunk@31531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.
To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.
`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.
Props markoheijnen, wonderboymusic.
Fixes#25672.
Built from https://develop.svn.wordpress.org/trunk@31188
git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Note that this does not fix issues related to comment quick edit. Internal linking also continues to use the `.alternate` class for now. IE8 and below gracefully degrade by not having zebra striping.
There is some hoop jumping with adding an extra table row to maintain zebra striping during quick edit. Documenting that here for future reference; it is also in the inline documentation.
fixes#30981 and #26060. see #25060.
Built from https://develop.svn.wordpress.org/trunk@31181
git-svn-id: http://core.svn.wordpress.org/trunk@31162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
whyisjake
John Blackbourn
Nikolay Bachiyski
Helen Hou-Sandí
Sergey Biryukov
Andrew Nacin
Scott Taylor
Drew Jaynes
Boone Gorges
Dion Hulse
Ella Iseulde Van Dorpe
Konstantin Obenland
Gary Pendergast
Andrew Ozz