Commit Graph

1498 Commits

Author SHA1 Message Date
John Blackbourn b9b4776800 Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.
This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

Built from https://develop.svn.wordpress.org/trunk@41164


git-svn-id: http://core.svn.wordpress.org/trunk@41004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 02:24:42 +00:00
Sergey Biryukov 118dba300e Docs: Add `@staticvar` entries for `$cache` and `$tested_paths` in `wp_upload_dir()`.
Props ajayghaghretiya1.
Fixes #41395.
Built from https://develop.svn.wordpress.org/trunk@41113


git-svn-id: http://core.svn.wordpress.org/trunk@40953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-21 10:15:44 +00:00
Sergey Biryukov 058c2c5ca4 Docs: Fix typo in `wp_suspend_cache_invalidation()` description.
Props euthelup, milana_cap.
Fixes #41301.
Built from https://develop.svn.wordpress.org/trunk@41031


git-svn-id: http://core.svn.wordpress.org/trunk@40881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 21:26:44 +00:00
Sergey Biryukov 11bae4ded3 Docs: Add a `@global` entry for `$post` variable in `wp_post_preview_js()`.
Props avinapatel.
Fixes #41194.
Built from https://develop.svn.wordpress.org/trunk@40959


git-svn-id: http://core.svn.wordpress.org/trunk@40809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-28 12:55:43 +00:00
Sergey Biryukov e441ee48d2 I18N: Add `@global` entry for `$wp_locale` in `wp_maybe_decline_date()`.
Props Dency.
Fixes #41046.
Built from https://develop.svn.wordpress.org/trunk@40911


git-svn-id: http://core.svn.wordpress.org/trunk@40761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-15 12:24:41 +00:00
Joe McGill efab6e06ca Media: Improve handling of non-image files in wp_get_image_mime.
This prevents non-image fileypes from returning a mime type of
"application/octet-stream" when `exif_imagetype()` returns `false`.

Props blobfolio.
Fixes #40017.

Built from https://develop.svn.wordpress.org/trunk@40397


git-svn-id: http://core.svn.wordpress.org/trunk@40304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-09 22:44:43 +00:00
Joe McGill 87ad9e31ab Media: Reduce failing uploads following 4.7.1.
[39831] introduced more strict MIME type checking for uploads, which
resulted in unintetionally blocking several filetypes that were
previously valid. This change uses  a more targeted approach to MIME
validation to restore previous behavior for most types.

Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill.
Fixes #39550, #39552.
Built from https://develop.svn.wordpress.org/trunk@40124


git-svn-id: http://core.svn.wordpress.org/trunk@40061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-25 16:08:44 +00:00
Sergey Biryukov 8f855f46b0 Media: In `wp_unique_filename()`, use explicit type casting when incrementing `$number`.
This prevents the "non-numeric value encountered" warning in PHP 7.1, caused by trying to increment an empty string on the first loop iteration.

Props drrobotnik for initial patch.
Fixes #39774.


Built from https://develop.svn.wordpress.org/trunk@40039


git-svn-id: http://core.svn.wordpress.org/trunk@39976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-03 20:58:42 +00:00
Peter Wilson c957e3acb0 Feeds: Prevent empty feeds from returning 404 errors.
Partial revert of [38929].

This reverts the source code from the commit for #30210 to prevent valid but empty feeds from returning 404 file not found errors for the home and custom feeds.

The tests in the commit that remain applicable are retained.

Props pavelevap for reporting, stevenkword for initial patch.
See #30210.
Fixes #39157.

Built from https://develop.svn.wordpress.org/trunk@40030


git-svn-id: http://core.svn.wordpress.org/trunk@39967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-29 23:09:41 +00:00
Sergey Biryukov b75023ee1a Docs: Add missing `@param` type for `wp_cache_get_last_changed()`.
Props afzalmultani, Soean.
Fixes #39571.
Built from https://develop.svn.wordpress.org/trunk@39900


git-svn-id: http://core.svn.wordpress.org/trunk@39837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-13 14:16:44 +00:00
Sergey Biryukov 11d81ecc7c Media: Use a consistent error message for file type errors on uploading.
Props pavelevap, jackreichert.
Fixes #33242.
Built from https://develop.svn.wordpress.org/trunk@39891


git-svn-id: http://core.svn.wordpress.org/trunk@39828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-12 06:29:43 +00:00
Joe McGill 52897df8cd Media: Fix exif_imagetype check in wp_get_image_mime
This is a follow up to [39831].

Props gitlost.
See #11946.
Built from https://develop.svn.wordpress.org/trunk@39850


git-svn-id: http://core.svn.wordpress.org/trunk@39787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 16:36:39 +00:00
Joe McGill 8eff927823 Media: Improve image filetype checking.
This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

See #11946.
Built from https://develop.svn.wordpress.org/trunk@39831


git-svn-id: http://core.svn.wordpress.org/trunk@39769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 13:08:44 +00:00
John Blackbourn 80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn d327c92e4b Docs: Add and correct `@since` docs for a variety of functions and methods.
Props keesiemeijer, chris_dev
Fixes #39343, #39357, #39344
See #39130

Built from https://develop.svn.wordpress.org/trunk@39638


git-svn-id: http://core.svn.wordpress.org/trunk@39578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:21:44 +00:00
John Blackbourn 4cf5550d8d I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
Adds context to one string used in two different contexts for the new user and new site signup email notification.

More to come.

See #38882

Built from https://develop.svn.wordpress.org/trunk@39323


git-svn-id: http://core.svn.wordpress.org/trunk@39263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 01:22:32 +00:00
Sergey Biryukov 1c110b8474 I18N: Use 'WordPress hook name' instead of 'PHP hook name' in translator comments added in [39315].
See #38862.
Built from https://develop.svn.wordpress.org/trunk@39316


git-svn-id: http://core.svn.wordpress.org/trunk@39256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:44:30 +00:00
Sergey Biryukov 725a04d815 I18N: Add translator comments for strings in `_deprecated_*()` functions.
See #38862.
Built from https://develop.svn.wordpress.org/trunk@39315


git-svn-id: http://core.svn.wordpress.org/trunk@39255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:39:33 +00:00
Pascal Birchler 8df80ae3ee I18N: Show available timezones in the user's locale on the settings screen.
Adds a `$locale` parameter to `wp_timezone_choice()` to only reload translations when necessary.

Props yale01.
See #38485.
Built from https://develop.svn.wordpress.org/trunk@39068


git-svn-id: http://core.svn.wordpress.org/trunk@39010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-01 09:16:31 +00:00
Weston Ruter 75535c596b Customize: Introduce starter content and site freshness state.
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.

* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.

Props helen, westonruter, ocean90.
Fixes #38114, #38533.

Built from https://develop.svn.wordpress.org/trunk@38991


git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:57:35 +00:00
John Blackbourn 6161ad9020 Formatting: Don't overwrite the status header for Ajax responses that use output buffering or otherwise set their headers early.
Fixes #35666

Built from https://develop.svn.wordpress.org/trunk@38956


git-svn-id: http://core.svn.wordpress.org/trunk@38899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 14:32:28 +00:00
John Blackbourn 1e6a12db38 Feeds: Don't attempt to generate RSS feeds for invalid feed URLs such as `wp-content/feed`.
Props stevenkword, JRGould, lyubomir_popov, johnbillion
Fixes #30210

Built from https://develop.svn.wordpress.org/trunk@38929


git-svn-id: http://core.svn.wordpress.org/trunk@38872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 21:54:31 +00:00
Dominik Schilling 7cce73a634 General: Introduce a `wp_list_sort()` helper function, v2.
In addition to `wp_list_filter()` for filtering a list of objects, and `wp_list_pluck()` for plucking a certain field out of each object in a list, this new function can be used for sorting a list of objects by specific fields. These functions are now all contained within the new `WP_List_Util()` class and `wp_list_sort()` is used in various parts of core for sorting lists.

This was previously committed in [38859] but got reverted in [38862] and [38863]. To fix the previous issues, `wp_list_sort()` supports now an additional argument to preserve array keys via `uasort()`.

Props flixos90, DrewAPicture, jorbin.
Fixes #37128.
Built from https://develop.svn.wordpress.org/trunk@38928


git-svn-id: http://core.svn.wordpress.org/trunk@38871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 21:26:32 +00:00
John Blackbourn 2dfc3a7572 General: Correct the docs for the default HTTP status code used by `wp_die()`.
See #37770

Built from https://develop.svn.wordpress.org/trunk@38884


git-svn-id: http://core.svn.wordpress.org/trunk@38827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-24 13:13:58 +00:00
Dominik Schilling 6c8508023f Revert [38859] due to an incomplete implementation.
See https://core.trac.wordpress.org/ticket/37128#comment:27.
See #37128.
Built from https://develop.svn.wordpress.org/trunk@38863


git-svn-id: http://core.svn.wordpress.org/trunk@38806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 17:01:32 +00:00
Pascal Birchler f54558e75b General: Introduce a `wp_list_sort()` helper function.
In addition to `wp_list_filter()` for filtering a list of objects, and `wp_list_pluck()` for plucking a certain field out of each object in a list, this new function can be used for sorting a list of objects by specific fields. These functions are now all contained within the new `WP_List_Util()` class and `wp_list_sort()` is used in various parts of core for sorting lists.

Props flixos90, DrewAPicture, jorbin.
Fixes #37128.
Built from https://develop.svn.wordpress.org/trunk@38859


git-svn-id: http://core.svn.wordpress.org/trunk@38802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 11:12:51 +00:00
Aaron Jorbin 82911b1756 Cache API: introduce wp_cache_get_last_changed to improve DRY
One thing fairly common to the cache groups is a block of code to look to see when the cache was last changed, and if there isn't one, to set it for the current microtime(). It appears in 8 different places in core. This adds a new helper `wp_cache_get_last_changed` to DRY things up a bit.

Since `wp-includes/cache.php` isn't guaranteed to be loaded, this new function is in `wp-includes/functions.php`

Props spacedmonkey, desrosj.
Fixes #37464.


Built from https://develop.svn.wordpress.org/trunk@38849


git-svn-id: http://core.svn.wordpress.org/trunk@38792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 02:54:34 +00:00
Rachel Baker e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00
Jeremy Felt 1560fbcbc5 Multisite: Use `get_network()` and `get_current_network_id()` for current network data.
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.

This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.

Props flixos90.
Fixes #37414.

Built from https://develop.svn.wordpress.org/trunk@38814


git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 04:47:30 +00:00
Weston Ruter f1ba1918c9 Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.

See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/

Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.

Built from https://develop.svn.wordpress.org/trunk@38810


git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 20:05:31 +00:00
Gary Pendergast f6d85de626 Charset: Allow `_canonical_charset()` to handle mixed-case strings.
Add improved unit tests, and collect existing unit tests together.

Props pbearne.
Fixes #38337.


Built from https://develop.svn.wordpress.org/trunk@38809


git-svn-id: http://core.svn.wordpress.org/trunk@38752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-17 23:54:30 +00:00
Pascal Birchler ffdef38f5b Date/Time: Remove some legacy logic in `date_i18n()`.
Since there's no difference between using `date()` and `gmdate()` in WordPress, we can simply use the former in `date_i18n()` to reduce its complexity.

Adds tests.

Props jdgrimes for initial patch.
Fixes #37910.
Built from https://develop.svn.wordpress.org/trunk@38804


git-svn-id: http://core.svn.wordpress.org/trunk@38747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-17 08:10:30 +00:00
Dominik Schilling 30573dc7b2 Add 'urn' to the list of URI protocols whitelisted by default.
Props geekysoft, jorbin.
Fixes #37300.
Built from https://develop.svn.wordpress.org/trunk@38686


git-svn-id: http://core.svn.wordpress.org/trunk@38629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 13:15:28 +00:00
Pascal Birchler cfa32db674 Docs: Improve parameter description for `wp_parse_args()`.
Props dimadin for initial patch.
Fixes #38167.
Built from https://develop.svn.wordpress.org/trunk@38670


git-svn-id: http://core.svn.wordpress.org/trunk@38613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 08:41:29 +00:00
Jeremy Felt 58f107fa95 Multisite: Revert [38388].
Restore `get_current_site()` to a multisite only function. Providing this in single site may be a possibility in the future, but should have a dedicated ticket and discussion.

See #37699.

Built from https://develop.svn.wordpress.org/trunk@38636


git-svn-id: http://core.svn.wordpress.org/trunk@38579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-20 21:39:29 +00:00
Jeremy Felt 63664c1282 Multisite: Use `get_networks()` in `get_main_network_id()`.
The manual query for the main network ID can now be replaced with a cached `get_networks()` query. This allows us to eliminate the `primary_network_id` cache key entirely.

Props spacedmonkey.
Fixes #37218.

Built from https://develop.svn.wordpress.org/trunk@38632


git-svn-id: http://core.svn.wordpress.org/trunk@38575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-20 18:47:27 +00:00
Sergey Biryukov 9c6da56cc7 Docs: Use a third-person singular verb for `smilies` filter added in [38504].
See #35905.
Built from https://develop.svn.wordpress.org/trunk@38608


git-svn-id: http://core.svn.wordpress.org/trunk@38551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-14 21:53:29 +00:00
John Blackbourn 3afaf2147c Formatting: Don't send an HTTP status code in `wp_send_json()` by default. This avoids clobbering an HTTP status code that may have been set prior to calling this function.
Props westonruter
See #35666

Built from https://develop.svn.wordpress.org/trunk@38576


git-svn-id: http://core.svn.wordpress.org/trunk@38519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-08 13:45:34 +00:00
Drew Jaynes f0bb2bc3c0 Docs: Update the `$message` parameter for `_default_wp_die_handler()` to notate that it can also accept a `WP_Error` object.
Additionally, update the `$message` parameter description in the DocBlock for `wp_die()` to make it explicitly clear messages derived from a passed `WP_Error` object will only be evaluated if not performing an Ajax or XML-RPC request (as both default handlers completely ignore `WP_Error` object messages).

See #37770.

Built from https://develop.svn.wordpress.org/trunk@38518


git-svn-id: http://core.svn.wordpress.org/trunk@38459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-04 03:41:31 +00:00
Sergey Biryukov 8682603166 Docs: Correct `@since` entry for the `smilies` filter added in [38504].
See #35905.
Built from https://develop.svn.wordpress.org/trunk@38505


git-svn-id: http://core.svn.wordpress.org/trunk@38446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-02 00:08:30 +00:00
Gary Pendergast cce2ffaed5 Smilies: Add the `smilies` filter.
This new filter allows the smilies array to be modified with a filter, instead of having to directly access the global.

Props mte90, jorbin.
Fixes #35905.


Built from https://develop.svn.wordpress.org/trunk@38504


git-svn-id: http://core.svn.wordpress.org/trunk@38445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-02 00:00:30 +00:00
Scott Taylor a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor 7e8d7f8a81 General: revert [38386], `functions.php` was probably too tempting for some people to not load by itself.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38469


git-svn-id: http://core.svn.wordpress.org/trunk@38410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 15:24:29 +00:00
John Blackbourn 348c50b2a8 Formatting: Add a parameter to `wp_send_json_error()`, `wp_send_json_success()`, and `wp_send_json()` for specifying the HTTP response code.
Defaults to `200` in all cases, but can be used, for example, to return a `403` when using `wp_send_json_error()`.

Fixes #35666
Props stephenharris

Built from https://develop.svn.wordpress.org/trunk@38422


git-svn-id: http://core.svn.wordpress.org/trunk@38363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:42:28 +00:00
John Blackbourn a1d61a95e1 Security: Return a `403` instead of a `200` HTTP status when `check_ajax_referer()` fails.
This is, unfortunately, untestable in the current test suite, even in the AJAX tests.

Fixes #36362

Built from https://develop.svn.wordpress.org/trunk@38421


git-svn-id: http://core.svn.wordpress.org/trunk@38362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:31:30 +00:00
Scott Taylor 390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse 0e31a46161 Bootstrap: Revert [38399] as it's broken `/build/` and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor 6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor 08233c6aff Multisite: move `get_current_site()` to `load.php` so that it can be used in more places, instead of importing `global $current_site`.
See #37699.

Built from https://develop.svn.wordpress.org/trunk@38388


git-svn-id: http://core.svn.wordpress.org/trunk@38329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 21:35:30 +00:00
Scott Taylor b9f516e55e Bootstrap: load `option.php` in `wp-settings.php`, not in `functions.php`.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38386


git-svn-id: http://core.svn.wordpress.org/trunk@38327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 21:11:29 +00:00