Commit Graph

596 Commits

Author SHA1 Message Date
whyisjake 7077580716 User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.2 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.2@47657


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:52:22 +00:00
whyisjake 1fcbdb46e6 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@46500


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:15:22 +00:00
Dominik Schilling b7509648b8 Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39961


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:52:00 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor bce851dcf2 Replace `array_shift()` with `reset()` where appropriate for performance.
Props SergeyBiryukov.
Fixes #31259.

Built from https://develop.svn.wordpress.org/trunk@31829


git-svn-id: http://core.svn.wordpress.org/trunk@31811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-19 03:56:27 +00:00
Boone Gorges 7dcb041d5a More careful type conversion in `WP_Query` `is_*()` methods.
`is_array( 1, '1-foo' )` returns true, which means that `is_page( 1 )`
was returning true when on a page with the slug '1-foo'. We avoid this odd
behavior by casting the queried object ID to a string before testing against
the value passed to the conditional function.

This also helps to avoid a problem where an arbitrary value for `$page` would
cause `is_page( $page )` to return true if the query had been manipulated by
a plugin to show that the current page's ID is 0.

Props boonebgorges, r-a-y, nunomorgadinho, wonderboymusic, clifgriffin.
Fixes #24674.
Built from https://develop.svn.wordpress.org/trunk@31458


git-svn-id: http://core.svn.wordpress.org/trunk@31439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-14 02:09:25 +00:00
Boone Gorges 90639872e8 In `WP_Query::get_queried_object()`, avoid PHP notices when `is_tax` is paired with an empty `tax_query`.
It's possible to have an empty `tax_query` and `is_tax=true` when the initial
query contains a taxonomy var (and is processed as such during
`WP_Query::parse_query()`) but the taxonomy var is unset during a 'parse_query'
callback. While this kind of behavior is not necessarily something we need to
support, we should continue to avoid PHP notices in such cases, as we did prior
to WP 4.1.

Fixes #31246.
Built from https://develop.svn.wordpress.org/trunk@31366


git-svn-id: http://core.svn.wordpress.org/trunk@31347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-07 19:50:24 +00:00
Boone Gorges 7bde88d02e Modify `meta_query orderby syntax to use array keys as clause "handles".
The implementation of `meta_query` orderby introduced in [31312] put clause
identifiers into a 'name' parameter of the clause. For greater clarity, this
changeset updates the syntax to use the associative array key used when
defining `meta_query` parameters, instead of the 'name' parameter.

Props Funkatronic, DrewAPicture.
Fixes #31045.
Built from https://develop.svn.wordpress.org/trunk@31340


git-svn-id: http://core.svn.wordpress.org/trunk@31321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-05 19:38:23 +00:00
Sergey Biryukov 7c97e59ed6 When using WP_Query's `'fields' => 'ids'` (or `'fields' => 'id=>parent'`), make sure the returned result is always an array of integers.
fixes #31194. see #27252.
Built from https://develop.svn.wordpress.org/trunk@31324


git-svn-id: http://core.svn.wordpress.org/trunk@31305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-03 02:29:25 +00:00
Boone Gorges 55dafd966b When querying for a specific post, allow posts with a non-public status to be returned as long as that status is specified.
This makes it possible to, for example, retrieve a specific post using the
`p` parameter of `WP_Query`, even if the post is in the Trash, by including
the `post_status=trash` parameter.

Props ebinnion.
Fixes #29167.
Built from https://develop.svn.wordpress.org/trunk@31321


git-svn-id: http://core.svn.wordpress.org/trunk@31302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-01 20:26:25 +00:00
Boone Gorges ca30c725a0 Improve support for ordering `WP_Query` results by postmeta.
`WP_Meta_Query` clauses now support a 'name' parameter. When building a
`WP_Query` object, the value of 'orderby' can reference this 'name', so that
it's possible to order by any clause in a meta_query, not just the first one
(as when using 'orderby=meta_value'). This improvement also makes it possible
to order by multiple meta query clauses (or by any other eligible field plus
a meta query clause), using the array syntax for 'orderby' introduced in [29027].

Props Funkatronic, boonebgorges.
Fixes #31045.
Built from https://develop.svn.wordpress.org/trunk@31312


git-svn-id: http://core.svn.wordpress.org/trunk@31293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-31 15:48:24 +00:00
Scott Taylor eeda68bbda Fix some erroneous `@param` annotations.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31219


git-svn-id: http://core.svn.wordpress.org/trunk@31200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 22:44:25 +00:00
Scott Taylor bc55996a0b `@param` cleanup:
* `get_metadata()` will return literally anything, needs to be `mixed`
* `wp()` and `WP_Query::__construct()` no longer just take a query string
* Clarify a few others

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31212


git-svn-id: http://core.svn.wordpress.org/trunk@31193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 19:03:23 +00:00
Scott Taylor eed3698c49 In `WP_Query`, only call magic method internals again whitelists of properties and methods, `$compat_fields` and `$compat_methods`. Remove `__unset()` since `__set()` is not implemented.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31151


git-svn-id: http://core.svn.wordpress.org/trunk@31132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:41:24 +00:00
Scott Taylor 0a511680f4 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31126


git-svn-id: http://core.svn.wordpress.org/trunk@31107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:54:23 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Scott Taylor 80915aaf16 `WP_Query->parse_tax_query()` - for BC, this method is not marked as protected. See [28987]. It needs an access modifier, it shall have `public`. The comment remains.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31081


git-svn-id: http://core.svn.wordpress.org/trunk@31062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 05:54:44 +00:00
Scott Taylor 786caa4d55 Correct the `@param` docs for arguments that are truthy/falsey.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@30983


git-svn-id: http://core.svn.wordpress.org/trunk@30969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-20 23:04:23 +00:00
Boone Gorges 7e69e5484f In `WP_Query::get_queried_object()`, use the new format for referencing tax query clauses.
`queried_terms`, rather than `queries`, is the tax_query property where a flat
index of terms is stored.

See [29901] for a similar fix in `redirect_canonical()`. See #29738.

Props dd32.
Fixes #30623.
Built from https://develop.svn.wordpress.org/trunk@30771


git-svn-id: http://core.svn.wordpress.org/trunk@30761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-07 14:58:22 +00:00
Scott Taylor 37a23b2c73 Improve various `@param` docs.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30682


git-svn-id: http://core.svn.wordpress.org/trunk@30672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 02:17:21 +00:00
Scott Taylor ba914c7df1 Improve various `@param` docs.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30673


git-svn-id: http://core.svn.wordpress.org/trunk@30663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:56:25 +00:00
Drew Jaynes fdb0b54389 4.1 Docs Audit: Improve inline documentation for the new `WP_Query::setup_postdata()` method.
See #30469.

Built from https://develop.svn.wordpress.org/trunk@30620


git-svn-id: http://core.svn.wordpress.org/trunk@30610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 12:18:22 +00:00
Boone Gorges 912cdc5978 Pass query object to 'the_post' filter.
Props tlovett1.
Fixes #30327.
Built from https://develop.svn.wordpress.org/trunk@30323


git-svn-id: http://core.svn.wordpress.org/trunk@30322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 02:25:22 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Boone Gorges d7a62c01c4 Improve global variable setting in `setup_postdata()`.
`setup_postdata()` is responsible for setting a number of global variables
that are used for post pagination (`$pages`, `$page`, `$nextpage`) and the
generation of post excerpts (`$more`). These variables should be sensitive to
the currently running instance of `WP_Query` - rather than the main query -
so that these features work properly inside of secondary `WP_Query` loops.

This changeset moves the logic of `setup_postdata()` into a method on `WP_Query`,
and converts `setup_postdata()` to a wrapper.

Props boonebgorges, wonderboymusic.
See #25349.
Fixes #9256, #20904.
Built from https://develop.svn.wordpress.org/trunk@30085


git-svn-id: http://core.svn.wordpress.org/trunk@30085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-29 02:32:24 +00:00
Boone Gorges 1470990892 Check that search value is scalar before parsing.
Prevents PHP notices when non-scalar values are passed.

Includes unit tests.

Props tivnet.
Fixes #29736.
Built from https://develop.svn.wordpress.org/trunk@29912


git-svn-id: http://core.svn.wordpress.org/trunk@29666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-16 03:32:20 +00:00
Boone Gorges 0143196338 Introduce support for nested queries in WP_Tax_Query.
Previously, tax query arguments could be joined by a single AND or OR relation.
Now, these queries can be arbitrarily nested, allowing clauses to be linked
together with multiple relations.

In a few places, WP_Query runs through a list of clauses in a tax_query in order
to set certain query vars for backward compatibility. The necessary changes have
been made to WP_Query to support this feature with the new complex structure of
tax_query. Unit tests are included for these backward compatibility fixes.

Unit tests for the new nesting syntax are included.

Props boonebgorges.
Fixes #29718. See #29738.
Built from https://develop.svn.wordpress.org/trunk@29891


git-svn-id: http://core.svn.wordpress.org/trunk@29647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-14 04:03:19 +00:00
Konstantin Kovshenin 5f17e0952d Use the primary `meta_query` clause when parsing `orderby` in `WP_Query`.
When using legacy `meta_key`, `meta_value`, etc. arguments in `WP_Query`,
they're converted into the first clause of a `meta_query`. By using that
clause instead of the original arguments, we make sure that behavior is
consistent between the two available formats.

props boonebgorges.
fixes #16814.

Built from https://develop.svn.wordpress.org/trunk@29855


git-svn-id: http://core.svn.wordpress.org/trunk@29618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-08 15:12:20 +00:00
Scott Taylor ee9d74dc05 Ordering by `RAND()`:
The shortcode callbacks for `gallery` and `playlist` check for `'RAND' == $atts['order']`, which isn't a valid value for `order`. Remove those checks and update the docs.

In `WP_Query`, if the value of `orderby` is `rand`, `order` is irrelevant and should be unset.

Adds unit tests.

Fixes #29629.

Built from https://develop.svn.wordpress.org/trunk@29760


git-svn-id: http://core.svn.wordpress.org/trunk@29532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-23 03:52:15 +00:00
Andrew Nacin 9718e8413a Query: Add comment to the parse_tax_query() method reflecting [28987].
see #28739.

Built from https://develop.svn.wordpress.org/trunk@29658


git-svn-id: http://core.svn.wordpress.org/trunk@29432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-01 19:51:16 +00:00
Drew Jaynes 09c3fd98d0 Fix a couple of misplaced/misordered argument descriptions in the `WP_Query` arguments hash notation.
See #25367.

Built from https://develop.svn.wordpress.org/trunk@29578


git-svn-id: http://core.svn.wordpress.org/trunk@29352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-23 19:36:17 +00:00
Sergey Biryukov 358209baa7 Correct 'no_found_rows' parameter description.
see #25367.
Built from https://develop.svn.wordpress.org/trunk@29538


git-svn-id: http://core.svn.wordpress.org/trunk@29314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-19 07:28:15 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Sergey Biryukov b3f6108438 Remove a redundant condition for comment feeds from WP_Query::get_posts().
props engelen.
fixes #28401.
Built from https://develop.svn.wordpress.org/trunk@29257


git-svn-id: http://core.svn.wordpress.org/trunk@29040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-21 15:38:14 +00:00
Drew Jaynes 66119947ee Fill out inline documentation for magic methods added to the `WP_Query` class in [28523].
See #27881, #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29141


git-svn-id: http://core.svn.wordpress.org/trunk@28925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:36:14 +00:00
John Blackbourn 5a43586db1 Add support for a full path parameter to `is_page()` and `is_single()`. Props Jesper800, engelen, johnbillion. Fixes #16802.
Built from https://develop.svn.wordpress.org/trunk@29039


git-svn-id: http://core.svn.wordpress.org/trunk@28827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-09 16:04:16 +00:00
Scott Taylor dc7c246da3 Allow an `array()` to be passed as the value for `orderby` to `WP_Query`. Allows for an independent `order` value for each key.
Example: `'orderby' => array( 'title' => 'DESC', 'menu_order' => 'ASC' )`.

Adds docs and unit tests.

Props wonderboymusic, johnbillion, DrewAPicture, dd32, andy.
See #17065.

Built from https://develop.svn.wordpress.org/trunk@29027


git-svn-id: http://core.svn.wordpress.org/trunk@28815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:16:15 +00:00
Scott Taylor 9d123aa326 `WP_Query::parse_tax_query()` has always been documented as `protected`. Plugins should never have used it. However, it did not have a `protected` access modifier, so its visibility was `public` by default. If the access modifier had been present, accessing the method in a plugin would have produced a fatal error. The access modifier was added in [28523], along with magic methods to allow it to be accessed for BC. This one method is problematic because it expects to be passed a reference. The `WP_Query::__call()` logic does not go out of its way to fix this signature discrepancy, and so a warning is thrown: `Parameter 1 to WP_Query::parse_tax_query() expected to be a reference, value given`.
Remove the `protected` access modifier from `WP_Query::parse_tax_query()`.

Fixes #28739.

Built from https://develop.svn.wordpress.org/trunk@28987


git-svn-id: http://core.svn.wordpress.org/trunk@28776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-04 01:29:14 +00:00
Drew Jaynes ff109ddc5a First-run documention of `WP_Query` argument defaults.
Props siobhan for some language tweaks. Props DrewAPicture.
See #25367.

Built from https://develop.svn.wordpress.org/trunk@28887


git-svn-id: http://core.svn.wordpress.org/trunk@28686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-28 23:03:17 +00:00
Sergey Biryukov aebf8f0fea Make sure the first number in LIMIT clause in WP_Query::get_posts() is always an integer.
fixes #23383.
Built from https://develop.svn.wordpress.org/trunk@28864


git-svn-id: http://core.svn.wordpress.org/trunk@28664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-27 00:04:16 +00:00
Sergey Biryukov ab06b01eb8 Don't kill an empty search query.
see #11330.
Built from https://develop.svn.wordpress.org/trunk@28804


git-svn-id: http://core.svn.wordpress.org/trunk@28613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-23 13:34:15 +00:00
Sergey Biryukov d2fc1773ae Prevent multiple hierarchical posts with the same slug from being displayed in single post template.
fixes #28611.
Built from https://develop.svn.wordpress.org/trunk@28803


git-svn-id: http://core.svn.wordpress.org/trunk@28612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-23 13:15:16 +00:00
Scott Taylor 22e5b6932a Revert [28613] and [28664]. A good idea, but too much BC baggage.
See #28099.


Built from https://develop.svn.wordpress.org/trunk@28783


git-svn-id: http://core.svn.wordpress.org/trunk@28596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 16:21:17 +00:00
Scott Taylor c1e7c2d1de Don't use variable variables in `WP_Query::get_posts()`.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28737


git-svn-id: http://core.svn.wordpress.org/trunk@28551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 17:50:16 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Sergey Biryukov f598eaa89b Move is_admin check to a more appropriate place.
see #11330.
Built from https://develop.svn.wordpress.org/trunk@28668


git-svn-id: http://core.svn.wordpress.org/trunk@28486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 23:47:15 +00:00
Sergey Biryukov b33c95079b Avoid a PHP notice when using WP_Query::get_queried_object() in pre_get_posts action.
props wpsmith.
fixes #28412.
Built from https://develop.svn.wordpress.org/trunk@28667


git-svn-id: http://core.svn.wordpress.org/trunk@28485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 23:43:15 +00:00
Scott Taylor 1aaa80f48e Prevent admin breakage for `s` in `WP_Query` after [28623].
See #11330.


Built from https://develop.svn.wordpress.org/trunk@28666


git-svn-id: http://core.svn.wordpress.org/trunk@28484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 20:03:15 +00:00
Scott Taylor 23a53beb7e After [28613], also kill queries that explicityly pass empty arrays to `category__in`, `tag__in`, `tag_slug__in`, and `author__in` to `WP_Query`.
Adds unit tests.
Fixes #28099.

Built from https://develop.svn.wordpress.org/trunk@28664


git-svn-id: http://core.svn.wordpress.org/trunk@28482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 17:50:15 +00:00