Commit Graph

145 Commits

Author SHA1 Message Date
davidbaumwald
3dd30db613 Grouped backports to the 4.5 branch.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.5 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.5@56857


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 18:10:07 +00:00
Rachel Baker
f99ec3db18 Comments: In the comments list table, only link rows inside the “Submitted On” column to the comment if it is publicly viewable.
The date within the comments list table “Submitted On” column will only be wrapped in `get_comment_link()` if the comment is approved and associated with a valid `comment_post_ID`.

Fixes #35279.
Built from https://develop.svn.wordpress.org/trunk@36521


git-svn-id: http://core.svn.wordpress.org/trunk@36488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-12 21:43:26 +00:00
Boone Gorges
b5d12e130c Comments: Restore the ability to bypass post_id filter using 0 or '0'.
The changes introduced in [36381], while logical and clearly awesome, introduce
the potential for much breakage. Those who want to query for comments with a
null `comment_post_ID` should use `'post_in' => array( 0 )` instead.

Reverts [36381], [36387].
See #35090.

Built from https://develop.svn.wordpress.org/trunk@36480


git-svn-id: http://core.svn.wordpress.org/trunk@36447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-05 18:50:25 +00:00
Boone Gorges
00cf77999d In comments list table, $post_id should default to false rather than 0.
After [36381], the default value of `0` was causing the list table at
edit-comments.php to be empty. `false` prevents this.

This fix is likely temporary, while more research is done into the backward
compatibility concerns tied to [36381].

See #35090.
Built from https://develop.svn.wordpress.org/trunk@36387


git-svn-id: http://core.svn.wordpress.org/trunk@36354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-23 22:16:26 +00:00
Rachel Baker
9065794462 List Tables: Use the $GLOBALS array when unsetting the global post and comment in WP_Comments_List_Table::single_row().
In r35674 only the local variables were unset, when using `unset()` with a global variable the `$GLOBALS` array must be used.


Fixes #35506.

Built from https://develop.svn.wordpress.org/trunk@36339


git-svn-id: http://core.svn.wordpress.org/trunk@36306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-18 02:50:27 +00:00
Andrea Fercia
2d76f3cb83 Accessibility: Remove title attributes from the Comments screen.
Fixes #35304.
Built from https://develop.svn.wordpress.org/trunk@36298


git-svn-id: http://core.svn.wordpress.org/trunk@36265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-14 16:04:27 +00:00
John Blackbourn
f63dc802cb Comments: Correct the docblocks for various methods in the comment list table class.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36248


git-svn-id: http://core.svn.wordpress.org/trunk@36215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-10 00:52:25 +00:00
Ella Iseulde Van Dorpe
657d3b50af Make date format consistent across the admin
The 'date_format' and 'time_format' options shouldn't affect the backend.

See #30864


Built from https://develop.svn.wordpress.org/trunk@35811


git-svn-id: http://core.svn.wordpress.org/trunk@35775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 04:26:27 +00:00
John Blackbourn
ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
Sergey Biryukov
ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to moderated.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Scott Taylor
838592c1ba List Tables: because we can never eradicate the existence of globals, ensure that $comment is hoisted into the global space inside WP_Comments_List_Table::single_row().
Fixes #34654.

Built from https://develop.svn.wordpress.org/trunk@35674


git-svn-id: http://core.svn.wordpress.org/trunk@35638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:05:30 +00:00
Sergey Biryukov
bc41f44158 I18N: After [34424], replace the placeholder with comments count after translate_nooped_plural() runs, not before.
Props hnle.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35670


git-svn-id: http://core.svn.wordpress.org/trunk@35634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 18:04:28 +00:00
Sergey Biryukov
0d4cf36199 I18N: Remove <a> tag from translatable string in wp-admin/includes/class-wp-comments-list-table.php.
Props ramiy.
Fixes #34686.
Built from https://develop.svn.wordpress.org/trunk@35666


git-svn-id: http://core.svn.wordpress.org/trunk@35630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 17:34:27 +00:00
Drew Jaynes
64f5e0683a Docs: Document use of the $comment_status global in the DocBlock for WP_Comments_List_Table::handle_row_actions().
Props shimakyohsuke.
Fixes #34425.

Built from https://develop.svn.wordpress.org/trunk@35490


git-svn-id: http://core.svn.wordpress.org/trunk@35454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-02 21:33:27 +00:00
Dion Hulse
d2aca078b6 Comments: Use a full URL rather than a relative one for links which can contain IPv6 addresses to avoid an issue where the URL was being eaten by escaping functions.
See #34407, #34202
Fixes #34054

Built from https://develop.svn.wordpress.org/trunk@35368


git-svn-id: http://core.svn.wordpress.org/trunk@35332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 05:14:25 +00:00
Drew Jaynes
8a386cb24f Docs: Add missing file headers to the list table classes and adjust class DocBlocks accordingly.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@35241


git-svn-id: http://core.svn.wordpress.org/trunk@35207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-17 15:13:25 +00:00
Scott Taylor
0c2b2a0e3d List Tables/WP_Screen: in WP_Screen, add methods to store, retrieve, and render screen reader text, primarily used by list table screens.
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all

Props afercia.
Fixes #32147.

Built from https://develop.svn.wordpress.org/trunk@34891


git-svn-id: http://core.svn.wordpress.org/trunk@34856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 01:28:25 +00:00
Andrea Fercia
6fdd384fe0 Comments List Table: fix the translators comment for all count after [34506].
See #17275.
Built from https://develop.svn.wordpress.org/trunk@34508


git-svn-id: http://core.svn.wordpress.org/trunk@34472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 18:40:24 +00:00
Scott Taylor
4671e03766 Comments List Table: include count for "All". Dynamically update.
Fixes #17275.

Built from https://develop.svn.wordpress.org/trunk@34506


git-svn-id: http://core.svn.wordpress.org/trunk@34470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 17:57:25 +00:00
Scott Taylor
bc5eb3a623 Comments: add date column to WP_Comments_List_Table to allow sorting and to break out the date/time from the comment content column.
Props jshreve.
Fixes #15520.

Built from https://develop.svn.wordpress.org/trunk@34504


git-svn-id: http://core.svn.wordpress.org/trunk@34468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 17:27:26 +00:00
Sergey Biryukov
8db1c75a7e Remove extra HTML from translatable strings in WP_Comments_List_Table::get_views().
Add a context and translator comments.

Props Tmeister for initial patch.
Fixes #31859.
Built from https://develop.svn.wordpress.org/trunk@34424


git-svn-id: http://core.svn.wordpress.org/trunk@34388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 14:33:25 +00:00
Scott Taylor
f9c2a88a8a List Tables: when comparing string literals (non-numeric in nature) against vars, strict comparison can/should be used.
Props wonderboymusic, Viper007Bond.
Fixes #21249.

Built from https://develop.svn.wordpress.org/trunk@34383


git-svn-id: http://core.svn.wordpress.org/trunk@34347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 06:06:25 +00:00
Sergey Biryukov
7adaef50bb Include placeholders in translator comments.
See #31857.
Built from https://develop.svn.wordpress.org/trunk@34304


git-svn-id: http://core.svn.wordpress.org/trunk@34268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:58:24 +00:00
Scott Taylor
ec01716bb2 Don't use HTML tags in translation strings for "In Reply To" links for comments in the admin.
Props ramiy.
Fixes #31857.

Built from https://develop.svn.wordpress.org/trunk@34297


git-svn-id: http://core.svn.wordpress.org/trunk@34261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:36:24 +00:00
Scott Taylor
5920e8eb13 Move WP_Post_Comments_List_Table to its own file.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34223


git-svn-id: http://core.svn.wordpress.org/trunk@34187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 06:53:24 +00:00
Scott Taylor
98acab10ea Comments/PHP Notices: check that a parent comment exists before displaying an orphan's link to it in the admin.
Props rachelbaker.
Fixes #33710.

Built from https://develop.svn.wordpress.org/trunk@34015


git-svn-id: http://core.svn.wordpress.org/trunk@33984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 20:51:23 +00:00
Scott Taylor
52516a68ab After the global churn in [33964], also set $post to null at the end of WP_Comments_List_Table::single_row() to ensure that an orphaned comment doesn't inherit the previous row's $post context.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33986


git-svn-id: http://core.svn.wordpress.org/trunk@33955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:12:23 +00:00
Scott Taylor
71f955dc84 In WP_Comments_List_Table, favor passing WP_Comment instances instead of $comment_ID to template functions. This allows us to bypass unnecessary cache lookups and simply pass the object through when it is set.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33964


git-svn-id: http://core.svn.wordpress.org/trunk@33933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:00:24 +00:00
Scott Taylor
80a20e5c3d Handle more cases (untrailingslashit, HTTPS urls) for sanitizing an author URL for display in the comments list table.
Props afercia, mehulkaklotar, swissspidy, johnbillion.
Fixes #33291.

Built from https://develop.svn.wordpress.org/trunk@33894


git-svn-id: http://core.svn.wordpress.org/trunk@33863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 23:23:24 +00:00
Drew Jaynes
375d30f699 Docs: Add a duplicate filter comment to the comment_email filter call in WP_Comments_List_Table, introduced in [33829].
See #11566.

Built from https://develop.svn.wordpress.org/trunk@33830


git-svn-id: http://core.svn.wordpress.org/trunk@33798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 21:22:21 +00:00
Scott Taylor
a5b157ffde Remove the hamburger global'ing from [33828]: since no args are passed to comment_author_email_link(), the internals can be simplified and applied inline.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33829


git-svn-id: http://core.svn.wordpress.org/trunk@33797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 21:09:21 +00:00
Scott Taylor
d0a1a47708 Fix warnings after [33826]. Only only one function call needs a global $comment, we shall hamburger it.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33828


git-svn-id: http://core.svn.wordpress.org/trunk@33796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:59:21 +00:00
Scott Taylor
7ab015c5ab WP_Comments_List_Table::single_row() has no reason to set the $comment global. No other methods use it, and we are not in template/loop context. This can mess with the response of get_comment() elsewhere, since get_comment() internally bypasses the cache/db when a global is set.
See #11566. 

Built from https://develop.svn.wordpress.org/trunk@33826


git-svn-id: http://core.svn.wordpress.org/trunk@33794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:42:21 +00:00
Sergey Biryukov
8b1fe986c3 Use wp_html_excerpt() to properly cut comment author URL for display on Comments screen.
props brettz95, solarissmoke.
fixes #15659.
Built from https://develop.svn.wordpress.org/trunk@33825


git-svn-id: http://core.svn.wordpress.org/trunk@33793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:41:21 +00:00
Scott Taylor
20f6db2b18 Comment List Tables:
* Ensure that dynamic bubble counts are in sync by `comment_post_ID`
* Scope `:animated` to `#the-comment-list`

See #11200.


Built from https://develop.svn.wordpress.org/trunk@33662


git-svn-id: http://core.svn.wordpress.org/trunk@33629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 16:36:25 +00:00
Scott Taylor
2e2223ae74 Comments List Table:
* In a view that initially has comments, but they get removed due to user actions: show the `No Items` row instead of bombing out and showing nothing (which looks broken)
* To accomplish this, in `WP_Comments_List_Table::display()`: call `->display_rows_or_placeholder()` instead of `->display()`
* Listen for the end of row `.fadeOut()`s if necessary using jQuery Promises

Fixes #11200.

Built from https://develop.svn.wordpress.org/trunk@33657


git-svn-id: http://core.svn.wordpress.org/trunk@33624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 05:54:25 +00:00
Scott Taylor
df618f3461 Comments List Table:
* Show count next to "Approved"
* Properly increment/decrement counts when row actions are clicked
* In `_wp_ajax_delete_comment_response()`, return the comment's `status` with the `supplemental` data
* Handle counts properly on each scenario of `undo`

See #11200.

Built from https://develop.svn.wordpress.org/trunk@33655


git-svn-id: http://core.svn.wordpress.org/trunk@33622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 02:51:25 +00:00
Dominik Schilling
f74a907eac Capabilities: Fall back to the edit_posts capability for orphaned comments.
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.

props pento, dd32.
fixes #33154.
Built from https://develop.svn.wordpress.org/trunk@33614


git-svn-id: http://core.svn.wordpress.org/trunk@33581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 22:31:24 +00:00
Helen Hou-Sandí
7b7ae2ee25 Comments list table: Display that cute lil comment bubble.
The comments list table suffers from "wall of text" problems, which the two plain text links compounded.

props obenland. fixes #33149.

Built from https://develop.svn.wordpress.org/trunk@33490


git-svn-id: http://core.svn.wordpress.org/trunk@33457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 18:08:25 +00:00
Sergey Biryukov
48a1c86245 Comment string tweaks:
* Merge two strings about an invalid comment ID.
* Add missing context to 'Mark as Spam' string.
* Merge two 'In Response To' strings, replace redundant context with a translator comment.

props pavelevap.
fixes #32334.
Built from https://develop.svn.wordpress.org/trunk@33436


git-svn-id: http://core.svn.wordpress.org/trunk@33403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 23:36:24 +00:00
Scott Taylor
4d34e37311 List Tables:
* In `->handle_row_actions()`, bail immediately if `$primary` and `$column_name` do not match. Saves us a nesting level and avoids declaring code that is unusable.
* In `WP_List_Table::single_row_columns()`, allow `_column_{$name}` to be called dynamically by core to avoid having to override the entirety of `->single_row_columns()` in `WP_MS_Users_List_Table` and `WP_Posts_List_Table`
* In `WP_MS_Sites_List_Table`, `id` is not a column.

Props wonderboymusic, paulwilde.
Fixes #29881.

Built from https://develop.svn.wordpress.org/trunk@33270


git-svn-id: http://core.svn.wordpress.org/trunk@33242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-14 17:47:24 +00:00
Helen Hou-Sandí
6e73f1282e List tables: Better accessibility and design for the comments bubble.
It is now plain text in the comments list table's "In Response To" column, where it was visually a bit confusing to have the bubble. For other list tables, it now shows a little notification bubble with the number of pending comments. The bubble and notification become plain text in the responsive list table view. It also shows no bubble when there are no comments at all, reducing some of the visual noise.

props picard102, afercia, karinchristen.
fixes #32152.

Built from https://develop.svn.wordpress.org/trunk@33155


git-svn-id: http://core.svn.wordpress.org/trunk@33127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-10 21:44:25 +00:00
Helen Hou-Sandí
df220685a0 List tables: Account for comments being reused on the post edit screen.
Adding the `.wp-list-table` class gets us a few responsive goodies for free. And now it won't show a strange button outline.

see #32395.

Built from https://develop.svn.wordpress.org/trunk@33101


git-svn-id: http://core.svn.wordpress.org/trunk@33072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-07 00:09:24 +00:00
Helen Hou-Sandí
8eb7f71e6b List tables: A better responsive view.
Instead of truncating columns, the data that's already in the markup can now be toggled into view. Only seems appropriate to celebrate four years of contributing by finally doing the first thing I ever mocked up.

Known issues / concerns:
* Custom list tables that don't define a primary column will show nothing at all. These are not extremely common, as `WP_List_Table` isn't really recommended for plugin consumption, but it happens. We need to come up with some kind of fallback.
* Some visual elements, particularly whitespace, could use refining.
* Needs a11y review.
* Touch performance on iOS feels sluggish - is there anything we can do about that?
* Would this be better accordion-style (only one expanded at a time)?
* Is `wp_strip_all_tags()` good enough for column titles that have HTML in them? It's essentially a workaround for the fact that core's comments column does that for the icon, which maybe it shouldn't. Perhaps worth another ticket, as a markup change would be fairly independent.
* Visual hierarchy is not great when expanded (also worthy of another ticket).
* Quick edit now becomes noticeably more annoying to cancel out of, as you have to scroll all the way down and you lose your position from before it was opened. Again, worthy of another ticket.

props Michael Arestad, helen.
see #32395.

Built from https://develop.svn.wordpress.org/trunk@33016


git-svn-id: http://core.svn.wordpress.org/trunk@32987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 01:31:25 +00:00
Scott Taylor
5c6b63d3a6 if is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor
f88b42be94 In WP_Comments_List_Table::column_comment(), $post and $the_comment_status are unused, as is the $comment_status global.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32736


git-svn-id: http://core.svn.wordpress.org/trunk@32707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:39:25 +00:00
Drew Jaynes
5457eb4933 Add missing return descriptions and fix formatting of inline documentation introduced in [32644].
See #25408. See #32246.

Built from https://develop.svn.wordpress.org/trunk@32660


git-svn-id: http://core.svn.wordpress.org/trunk@32630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-31 01:18:26 +00:00
Scott Taylor
6a08b00632 Add @access annotations to methods that have no doc block in wp-admin/includes/*.
Makes it easier to search for no doc blocks via `}[\n\t\r ]+(protected|private|public)`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32656


git-svn-id: http://core.svn.wordpress.org/trunk@32626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 21:32:24 +00:00
Scott Taylor
c6a4512b1b Add missing doc blocks to wp-admin/includes/*.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Helen Hou-Sandí
f5646cd9e5 Define a primary column for WP_Post_Comments_List_Table.
props boonebgorges.
see #25408.

Built from https://develop.svn.wordpress.org/trunk@32651


git-svn-id: http://core.svn.wordpress.org/trunk@32621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:52:25 +00:00