This updates the 4.6 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.
In addition to backporting the package updates that happened after branching 4.6, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185] to the 4.6 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/4.6@50206
git-svn-id: http://core.svn.wordpress.org/branches/4.6@49879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.6 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.6@49400
git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This corrects the selector for the delete link in `wp.updates.deletePlugin()` so the text can be changed to 'Deleting…'. `wp.updates.deleteTheme()` already worked on wp-admin/themes.php but not on wp-admin/network/themes.php because the network screen is similar to the plugins list table, this is now fixed too.
The `credential-modal-cancel` handler has been updated to support canceled delete jobs.
Merge of [38227] to the 4.6 branch.
Props swissspidy.
Props jorbin for review.
See #37603.
Built from https://develop.svn.wordpress.org/branches/4.6@38228
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38221] to the 4.6 branch.
Before this change, when a bulk update was canceled due dismissing the FTP credentials modal, part of the actions didn't get canceled. This meant the "There is a new version of…” notices become blank and the updates you had checked became unchecked. Now, the notices remain and you are essentially returned to the screen you had before. Strings are also updated to improve ARIA usage.
Fixes#37563.
Props ocean90, swissspidy, obenland, afercia.
Built from https://develop.svn.wordpress.org/branches/4.6@38222
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merges [38218] in to 4.6 branch.
Custom JS events are triggered on the document in order for plugins to have something to hook into. The standard began in #31819 is dash separated and begins with wp to signify the namespace, followed by the subject of our action ( "theme", "plugin", etc.) followed by the action and an optional indicator of status ( "install-success", "deleting" ).
This brings some of the theme hooks in line with the standard. As of now, all plugin actions in src/wp-admin/js/updates.js have an equal corresponding theme action.
Fixes#37598.
See #37512, #37216, #31819.
Props olarmarius, ocean90.
Built from https://develop.svn.wordpress.org/branches/4.6@38219
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* "-1" is an invalid nonce error, show 'An error has occurred. Please reload the page and try again.'.
* "error" means that the connection to the server was lost, show 'Connection lost or the server is busy. Please try again later.'.
* Escape the message in `wp-updates-admin-notice` because the response may include HTML.
* Remove HTML tags in `wp.updates.isValidResponse()` to make PHP's error messages more readable.
Merge of [38205] to the 4.6 branch.
Props azaozz for review.
See #37583.
Built from https://develop.svn.wordpress.org/branches/4.6@38206
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An upgrader class is used in conjunction with an upgrader skin class. A skin class handles the logging for an upgrade and informs a user about the progress and failures.
The current Ajax install/update handlers are using the `Automatic_Upgrader_Skin` class because during an Ajax request no output is intended. The difference between Ajax updates and automatic updates is that you will see the full log (usually by email) while Ajax updates focus only on success or failure. For that `Automatic_Upgrader_Skin` has one disadvantage: It doesn't provide a way to retrieve failure messages which were passed through `WP_Upgrader_Skin::error()` by the upgrader.
To solve this issue a new skin `WP_Ajax_Upgrader_Skin` has been introduced. The skin extends `Automatic_Upgrader_Skin` and overrides the `error()` and `feedback()` methods to intercept all errors, which can be a `WP_Error` object or a string.
This updates all four Ajax handler for installing/updating themes/plugins to use the new skin. They now also check the skin for any intercepted errors and pass them on to the user.
Merge of [38199] to the 4.6 branch.
Props flixos90, obenland, ocean90.
Props DrewAPicture, pento for review.
See #37531.
Built from https://develop.svn.wordpress.org/branches/4.6@38200
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Merge of [38185] to the 4.6 branch
When doing a bulk update, if there are failures the user needs to know about that. This makes it clearer that you can click on the notification to see more details, especially for screen reader users.
Fixes#37510.
Props juhise, Ankit K Gupta, afercia, jorbin, ocean90.
Built from https://develop.svn.wordpress.org/branches/4.6@38187
git-svn-id: http://core.svn.wordpress.org/branches/4.6@38128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Events for updating exist, but they lack context. This adds args so that plugins can detec t what plugin/theme is being installed. Additionally, events for bulk actions, deleting and that and install is starting didn't exist, so this adds them.
Fixes#37512.
Props DavidAnderson, and ocean90, swissspidy for review.
Built from https://develop.svn.wordpress.org/trunk@38175
git-svn-id: http://core.svn.wordpress.org/trunk@38116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [37221] the upload form is added to every plugin install screen via `install_plugins_upload()`. Previously the form was added through the `install_plugins_upload` (alias of `install_plugins_$tab`) action which allowed plugin authors to replace the form. This restores the previous behaviour.
* Add the form only to non-upload plugin install screens.
* Replace `install_plugins_upload()` with the `install_plugins_upload` and `install_plugins_pre_upload` actions.
* Remove `$upload_tab_class` and add a CSS class for the current tab to `.wrap`
* Adjust CSS selectors and toggle the whole container to support upload without an `upload-plugin` class.
Props DavidAnderson, ocean90.
Fixes#37495.
Built from https://develop.svn.wordpress.org/trunk@38172
git-svn-id: http://core.svn.wordpress.org/trunk@38113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both list tables provide different actions based on where they are loaded, regular admin or network admin. Since there is only one Ajax handler for both screens we have to set the current screen before using the list tables.
Props swissspidy, ocean90.
Fixes#37373.
Built from https://develop.svn.wordpress.org/trunk@38091
git-svn-id: http://core.svn.wordpress.org/trunk@38032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improves the `containFocus()` function to always get the correct first and last
focusable elements, even when the theme browser shows the active theme details.
Also, when on the first and last theme, adds a `disabled` attribute on the
previous and next navigation buttons to make them not focusable.
Fixes#37383.
Built from https://develop.svn.wordpress.org/trunk@38084
git-svn-id: http://core.svn.wordpress.org/trunk@38025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove title attributes.
* Show "Install Now" and "Details" links if the importer isn't installed yet.
* Show a "Run Importer" link if the importer is installed. It also handles activation if the plugin isn't activated.
* Add `aria-label` attributes to each link.
* Unify the importer descriptions to make them independent from the plugin state. The API was changed in [meta3690].
* Adjust JavaScript callbacks for ajaxified importer installs.
Props afercia, swissspidy, ocean90.
See #24766.
Fixes#35191.
Built from https://develop.svn.wordpress.org/trunk@38075
git-svn-id: http://core.svn.wordpress.org/trunk@38016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin details modal has been greatly improved in [37714]. However, Shiny Updates aren't yet implemented on the Dashboard. Therefore, we need to fall back to The Bleak Screen of Sadness. Otherwise nothing happens when trying to install an update from inside the modal.
Fixes#37131. See #37126.
Built from https://develop.svn.wordpress.org/trunk@37974
git-svn-id: http://core.svn.wordpress.org/trunk@37915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin details modal has been greatly improved in [37714]. However, Shiny Updates aren't yet implemented on the WordPress Updates screen. Therefore, we need to fall back to The Bleak Screen of Sadness. Otherwise nothing happens when trying to install an update from inside the modal.
Props Nikschavan.
Fixes#37126.
Built from https://develop.svn.wordpress.org/trunk@37973
git-svn-id: http://core.svn.wordpress.org/trunk@37914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use the same check for a numeric value used on the crop fields on all the other fields: don't display "NaN", just empty the field.
* Remove the inline script that runs the initialization of the image editor and call it after the editor UI is fully ready.
Props afercia.
Fixes#36316.
Built from https://develop.svn.wordpress.org/trunk@37966
git-svn-id: http://core.svn.wordpress.org/trunk@37907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents JavaScript errors by checking zxcvbn is defined before calling.
Changes `wp.passwordStrength.meter()` to return `-1` if the strength of the password is unknown.
On the user profile screen, `generatePassword()` checks if the user has entered the password before setting the value of the password input box.
Props peterwilsoncc, adamsilverstein.
Fixes#34905.
Built from https://develop.svn.wordpress.org/trunk@37940
git-svn-id: http://core.svn.wordpress.org/trunk@37881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
UI controls that "do something" on a page shouldn't be links. This link behaves
like a toggle to expand the uploader panel and should be a `button` element with
an aria-expanded attribute. Also:
- improves consistency with the Plugin uploader
- keeps the themes list visible when the uploader is open
- displays a notice when JavaScript is off
- adds some `hide-if-no-js` CSS classes
- removes the `themes.router.navigate()` "upload" route: seems unnecessary and breaks history
Fixes#35457.
Built from https://develop.svn.wordpress.org/trunk@37742
git-svn-id: http://core.svn.wordpress.org/trunk@37707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Gone are the days of isolation and feelings of "meh", brought on by The Bleak Screen of Sadness. For a shiny knight has arrived to usher our plugins and themes along their arduous journey of installation, updates, and the inevitable fate of ultimate deletion.
Props swissspidy, adamsilverstein, mapk, afragen, ocean90, ryelle, j-falk, michael-arestad, melchoyce, DrewAPicture, AdamSoucie, ethitter, pento, dd32, kraftbj, Ipstenu, jorbin, afercia, stephdau, paulwilde, jipmoors, khag7, svovaf, jipmoors, obenland.
Fixes#22029, #25828, #31002, #31529, #31530, #31773, #33637, #35032.
Built from https://develop.svn.wordpress.org/trunk@37714
git-svn-id: http://core.svn.wordpress.org/trunk@37680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Send back setting validities with full refreshes and selective refreshes so that invalid settings can have notifications displayed immediately before attempting save, and so that these notifications can be cleared as soon as the input is corrected.
* Splits out JS logic for listing controls into separate methods `wp.customize.Setting.prototype.findControls()` and `wp.customize.findControlsForSettings()`.
* Adds a `setting` property to the `data` on notifications added to controls that are synced from their settings.
* Adds `selective-refresh-setting-validities` message sent from preview to pane.
* Changes `WP_Customize_Manager::validate_setting_values()` to return when settings are valid as well as invalid.
* Adds `WP_Customize_Manager::prepare_setting_validity_for_js()`.
* Add setting validities to data exported to JS in Customizer Preview and in selective refresh responses.
Fixes#36944.
Built from https://develop.svn.wordpress.org/trunk@37700
git-svn-id: http://core.svn.wordpress.org/trunk@37666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `?tab=upload` page still exists for no-js support and for users who may
access it directly (e.g. from bookmarks or history) or plugins doing the same.
In this page, the "Browse plugins" link should always behave like a link.
Fixes#35429.
Built from https://develop.svn.wordpress.org/trunk@37681
git-svn-id: http://core.svn.wordpress.org/trunk@37647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
desrosj
whyisjake
Aaron Campbell
Dominik Schilling
Jeremy Felt
Andrew Ozz
Aaron Jorbin
Andrea Fercia
Pascal Birchler
Gary Pendergast
Peter Wilson
Konstantin Obenland
Weston Ruter
Ella Iseulde Van Dorpe