Commit Graph

33043 Commits

Author SHA1 Message Date
Boone Gorges 43d1ab4720 Use 'invalid_username' error code when tripping 'illegal_user_logins'.
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.

Props markjaquith.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35772


git-svn-id: http://core.svn.wordpress.org/trunk@35736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:25:26 +00:00
Aaron Jorbin c589ceb880 Make comment screen row actions focusable
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.

Second Permanent Committer sign off was by WonderBoyMusic

See #15520
Fixes #34791
Props afercia, azaozz


Built from https://develop.svn.wordpress.org/trunk@35771


git-svn-id: http://core.svn.wordpress.org/trunk@35735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:13:24 +00:00
Scott Taylor 9ea3f9f676 Canonical: introduce `strip_fragment_from_url()` and use when comparing URLs in `redirect_canonical()`.
Props tellyworth.
Fixes #19918.

Built from https://develop.svn.wordpress.org/trunk@35770


git-svn-id: http://core.svn.wordpress.org/trunk@35734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:11:26 +00:00
Drew Jaynes ef1280f770 About page: Make strings translatable.
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35769


git-svn-id: http://core.svn.wordpress.org/trunk@35733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 18:09:25 +00:00
Drew Jaynes 7b20f48413 About page: Final string changes.
Props petya, ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35768


git-svn-id: http://core.svn.wordpress.org/trunk@35732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 17:55:28 +00:00
Dominik Schilling 3be896b142 Unit Tests: Implement `addWarning()` method in SpeedTrapListener.
The method was introduced in PHPUnit 5.1.0, released today.

Fixes #34846.
Built from https://develop.svn.wordpress.org/trunk@35767


git-svn-id: http://core.svn.wordpress.org/trunk@35731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:41:26 +00:00
Drew Jaynes 65fb187505 About page: Add non-breaking spaces to "Reddit Comments" and "Speaker Deck" oEmbed provider names to prevent line wrapping between the words.
Props ocean90.
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35766


git-svn-id: http://core.svn.wordpress.org/trunk@35730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:27:25 +00:00
Drew Jaynes 3e1f22c196 About page: Fix some minor string errors and simplify URL-building for the plugin install link for capable users.
Props ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35765


git-svn-id: http://core.svn.wordpress.org/trunk@35729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:13:28 +00:00
Dominik Schilling 7250749032 Reset Password: Add a missing `new` operator for `WP_Error` in `get_password_reset_key()`.
Missed in [34923].

Fixes #34180.

Built from https://develop.svn.wordpress.org/trunk@35764


git-svn-id: http://core.svn.wordpress.org/trunk@35728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 15:31:26 +00:00
Drew Jaynes de586c98c4 First pass of the 4.4 about page. Adds strings (not yet translatable) and screen shots (not CDN).
Props wonderboymusic, markjaquith, helen, nacin, liljimmi, mordauk, melchoyce, ryelle, ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35763


git-svn-id: http://core.svn.wordpress.org/trunk@35727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 12:24:26 +00:00
Andrew Nacin 9834e9993a Embeds: Enforce, via unit tests, the no-ampersand rule for wp-embed.js.
fixes #34698.

Built from https://develop.svn.wordpress.org/trunk@35762


git-svn-id: http://core.svn.wordpress.org/trunk@35726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 05:46:25 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Helen Hou-Sandí 2f287af8aa Media: Avoid `rel="rel="` situations.
props lucymtc, swissspidy.
fixes #34826. see #32074.

Built from https://develop.svn.wordpress.org/trunk@35760


git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Gary Pendergast caf4b8270c Readme: Bump recommended MySQL version to 5.6, as 5.5 is now over 5 years old.
Happy birthday, MySQL 5.5! 

Fixes #34840.


Built from https://develop.svn.wordpress.org/trunk@35759


git-svn-id: http://core.svn.wordpress.org/trunk@35723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:46:26 +00:00
Mark Jaquith 6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Boone Gorges 939291df9f Ensure that order is specified when querying for comment descendants.
Props tellyworth.
Fixes #34838.
Built from https://develop.svn.wordpress.org/trunk@35757


git-svn-id: http://core.svn.wordpress.org/trunk@35721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 15:50:27 +00:00
Scott Taylor fc349932c0 Install: after [35508], the margin on the header for the Install screen is too big.
Props SergeyBiryukov.
Fixes #34819.

Built from https://develop.svn.wordpress.org/trunk@35756


git-svn-id: http://core.svn.wordpress.org/trunk@35720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 21:02:25 +00:00
Scott Taylor 9b5ffe8062 Responsive Images: Currently images are included in the `srcset` if the aspect ratio difference is smaller than `0.01`. This number is too high, set it to `0.002`
Props joemcgill.
Fixes #34810.

Built from https://develop.svn.wordpress.org/trunk@35755


git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor c0f8bd0de2 Customize Unit Tests: also `remove_action( 'after_setup_theme', 'twentysixteen_setup' )`. TwentyFifteen is already removed.
See #31550.

Built from https://develop.svn.wordpress.org/trunk@35754


git-svn-id: http://core.svn.wordpress.org/trunk@35718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:56:24 +00:00
Scott Taylor eaae2546f5 Media: don't use `get_media_embedded_in_content()` in `wp_make_content_images_responsive()`.
Adds unit test.

Props azaozz.
Fixes #34807.

Built from https://develop.svn.wordpress.org/trunk@35753


git-svn-id: http://core.svn.wordpress.org/trunk@35717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:50:25 +00:00
Scott Taylor d569b9609e Media: show Trash filter for Media list table when `MEDIA_TRASH` is true.
Props chacha102.
Fixes #34795.

Built from https://develop.svn.wordpress.org/trunk@35752


git-svn-id: http://core.svn.wordpress.org/trunk@35716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:48:25 +00:00
Scott Taylor cd9515d306 Unit Tests: fix responsive image unit tests. Correct the logic in video shortcode unit test for width.
Props joemcgill, wonderboymusic.
Fixes #34790.

Built from https://develop.svn.wordpress.org/trunk@35751


git-svn-id: http://core.svn.wordpress.org/trunk@35715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:45:28 +00:00
Ryan McCue d1436af513 REST API: Unabbreviate error string.
Props daniel-koskinen.
Fixes #34818.

Built from https://develop.svn.wordpress.org/trunk@35750


git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 09:51:27 +00:00
Mark Jaquith 1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
John Blackbourn ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
John Blackbourn 6f37afb6ec When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
Fixes #33694

Built from https://develop.svn.wordpress.org/trunk@35747


git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
John Blackbourn 2b81411a0d Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
Fixes #34801
Props rodrigosprimo

Built from https://develop.svn.wordpress.org/trunk@35746


git-svn-id: http://core.svn.wordpress.org/trunk@35710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:37:27 +00:00
John Blackbourn 28c78799c3 Ensure the correct error message is returned when a user attempts to comment on a post to which they do not have access.
Adds more tests.

Built from https://develop.svn.wordpress.org/trunk@35745


git-svn-id: http://core.svn.wordpress.org/trunk@35709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:29:32 +00:00
Scott Taylor aa624c4029 WordPress 4.4 RC 1 version bump
Built from https://develop.svn.wordpress.org/trunk@35744


git-svn-id: http://core.svn.wordpress.org/trunk@35708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 23:02:24 +00:00
Scott Taylor cbed27ccf0 WordPress 4.4 RC 1
Built from https://develop.svn.wordpress.org/trunk@35743


git-svn-id: http://core.svn.wordpress.org/trunk@35707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:53:27 +00:00
Dominik Schilling 9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Ryan McCue 7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Helen Hou-Sandí e24681632e Avoid potential fatal errors after [35718].
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.

In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)

fixes #33413.

Built from https://develop.svn.wordpress.org/trunk@35740


git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Helen Hou-Sandí 2eb60b8278 Set Twenty Sixteen as the default theme.
With thanks to all those who contributed.

props iamtakashi, karmatosed, iandstewart, dd32, mor10, grapplerulrich, davidakennedy, frank-klein, tywayne, wenthemes, monika, metodiew, nhuja, headonfire, Chrisdc1, philiparthurmoore, karpstrucking, cais, mt8.biz, fjarrett, sdavis2702, SergeyBiryukov, eduardozulian, webdevmattcrom, ehtis, peterwilsoncc, tfrommen, fsylum, wonderboymusic, ocean90, obenland, cainm, mrahmadawais, drewapicture, trenzterra, tevko, kraftbj, walbo, nacin.
fixes #34306.

Built from https://develop.svn.wordpress.org/trunk@35739


git-svn-id: http://core.svn.wordpress.org/trunk@35703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:52:26 +00:00
Scott Taylor 79a2915a9b Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining `CORE_UPGRADE_SKIP_NEW_BUNDLED` as `false`.
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do. 

Props nacin, jeremyfelt, dd32.
See #34306.

Built from https://develop.svn.wordpress.org/trunk@35738


git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Konstantin Obenland 77c6154881 Template: Defining a default value for `show_home` breaks back compat.
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.

Fixes #11095.


Built from https://develop.svn.wordpress.org/trunk@35737


git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:55:26 +00:00
Scott Taylor a2ec7caf93 Add a unit test for `wp_nav_menu()` with `container => ''`
See #32464.


Built from https://develop.svn.wordpress.org/trunk@35736


git-svn-id: http://core.svn.wordpress.org/trunk@35700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:19:27 +00:00
Dominik Schilling 0632e4ab84 Passwords: Support the pre-4.3 behavior of `wp_new_user_notification()`.
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.

You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?

Props danielbachhuber.
Fixes #34377.
Built from https://develop.svn.wordpress.org/trunk@35735


git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 23:07:26 +00:00
Dominik Schilling 16b95ab2a7 HTTP Tests: Use `login.wordpress.org/wp-login.php` in `test_get_response_cookies()`.
The old URL redirects to `login.wordpress.org` because it's the new canonical URL for all logins on wordpress.org.

Fixes #34782.
Built from https://develop.svn.wordpress.org/trunk@35734


git-svn-id: http://core.svn.wordpress.org/trunk@35698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 22:00:26 +00:00
Dominik Schilling 7f3082491d Passwords: Re-enable password fields before submitting the form.
Avoids an PHP undefined notice when creating new users.

Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35733


git-svn-id: http://core.svn.wordpress.org/trunk@35697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 21:17:27 +00:00
Sergey Biryukov 64fdd0c6a0 Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.
See #28435, #29880.
Built from https://develop.svn.wordpress.org/trunk@35732


git-svn-id: http://core.svn.wordpress.org/trunk@35696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 18:40:25 +00:00
Sergey Biryukov 60c8e272f5 Docs: Improve DocBlock formatting for `add_menu_page()` and `add_submenu_page()` wrappers.
See #34360.
Built from https://develop.svn.wordpress.org/trunk@35731


git-svn-id: http://core.svn.wordpress.org/trunk@35695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:56:26 +00:00
Helen Hou-Sandí 2cdeac7cf6 Pass the `$post` object as context to `postmeta_form_keys`.
see #33885, #18979.

Built from https://develop.svn.wordpress.org/trunk@35730


git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Gary Pendergast d04396d0ad Docs: Replace a reference to WP.org with WordPress.org.
Built from https://develop.svn.wordpress.org/trunk@35729


git-svn-id: http://core.svn.wordpress.org/trunk@35693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 22:38:26 +00:00
Andrew Ozz 50a5fbb269 Editor: remove wpLink dependency on jQuery UI.
Props afercia.
Fixes #34716.
Built from https://develop.svn.wordpress.org/trunk@35728


git-svn-id: http://core.svn.wordpress.org/trunk@35692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:27:26 +00:00
Andrew Ozz 91759029e9 TinyMCE: fix the regexp used to protect line breaks inside script and pre tags to match `<script>` that load external scripts.
Fixes #34760.
Built from https://develop.svn.wordpress.org/trunk@35727


git-svn-id: http://core.svn.wordpress.org/trunk@35691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:13:28 +00:00
Sergey Biryukov ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to `moderated`.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Sergey Biryukov bc1e479fd0 After [35718], update the location of some files in `This filter is documented in` docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Weston Ruter 5dae1386aa Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after `preview()` is invoked.
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.

Includes unit tests with assertions to check the reported issues and validate the fixes.

Fixes defect introduced in [35007].
See #32103.
Fixes #34738.

Built from https://develop.svn.wordpress.org/trunk@35724


git-svn-id: http://core.svn.wordpress.org/trunk@35688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-21 02:52:27 +00:00
Sergey Biryukov fd9bd77fe5 Comments: In `comment_form()`, introduce the `comment_form_fields` filter for comment fields, including the textarea.
Correct the docs for `comment_notes_before` and `comment_notes_after` arguments as well as `comment_form_before_fields` and `comment_form_after_fields` actions to better describe the current behaviour.

Fixes #34731.
Built from https://develop.svn.wordpress.org/trunk@35723


git-svn-id: http://core.svn.wordpress.org/trunk@35687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 18:56:27 +00:00