- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56833], [56834], [56835], [56836], and [56838] to the 5.4 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.4@56878
git-svn-id: http://core.svn.wordpress.org/branches/5.4@56389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `implode()` function accepts two. parameters, `$glue` and `$pieces`. For historical reasons, these parameters have been accepted in any order, though it was recommended that the documented order of `$glue, $pieces` be used.
Starting in PHP 7.4, specifying the parameters in the reverse order will trigger a deprecation notice with the plan to remove this tolerance in PHP 8.0.
This change fixes the occurrences of reversed arguments in Core with the exception of those contained in included external libraries. These will be handled separately.
Props jrf, jorbin.
See #47746.
Built from https://develop.svn.wordpress.org/trunk@46155
git-svn-id: http://core.svn.wordpress.org/trunk@45967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When adding a Custom Link and leaving the "Link Text" field empty, WordPress used to set a default fallback text: "Menu Item".
The changes in [36379] broke this behavior making the fallback text: ` (Pending)`, with a leading space.
Pending major refactoring of the Menus page (which is going to use a block-based user interface) this change just restores the original behavior by adding the fallback text to the related AJAX response.
Props christophherr, Fencer04, thakkarhardik, backermann1978, audrasjb.
Fixes#38415.
Built from https://develop.svn.wordpress.org/trunk@45727
git-svn-id: http://core.svn.wordpress.org/trunk@45538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This renames the file containing the `Custom_Image_Header` class to conform to the coding standards.
This commit also includes:
- A new `custom-header.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.
See #47632.
Built from https://develop.svn.wordpress.org/trunk@45654
git-svn-id: http://core.svn.wordpress.org/trunk@45465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.
The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.
The capability is granted on the `user_has_cap` filter.
Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Fixes#46957.
Built from https://develop.svn.wordpress.org/trunk@45507
git-svn-id: http://core.svn.wordpress.org/trunk@45318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
Built from https://develop.svn.wordpress.org/trunk@45424
git-svn-id: http://core.svn.wordpress.org/trunk@45235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Change `recurse_dirsize()` to accept an array of excluded paths.
- Change so we don't calculate the sizes of dirs in wp-content twice.
- Add the size in bytes to the "debug" into.
- Add a custom DOM event after the dir sizes request is done. Can be used by plugins to "daisy chain" more requests.
- Move "WordPress directory location" and "WordPress directory size" to the top in the "Directories and Sizes" section.
- Move "Theme directory location" to the "Active Theme" section.
- Fix labels capitalization.
Props xkon, afercia, Clorith, azaozz.
Fixes#46707.
Built from https://develop.svn.wordpress.org/trunk@45220
git-svn-id: http://core.svn.wordpress.org/trunk@45029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- standardizes the Comment count string to `%s Comment in moderation', '%s Comments in moderation` so it can be bulk-updated
- adds the string as visually hidden text in the admin menu
- introduces an `updateInModerationText` JS simple function, responsible to correctly update all the related text using the data from the AJAX response
- adds a visually hidden text "1 Privacy Policy update" to the Privacy menu items count
- adds/improves translators comments
Changes that apply to all the count bubbles (Updates, plugins, etc.)
- makes the bubbles and their text slightly bigger
- improves the active menu item bubble contrast by changing the background color to red (option 2 in the screenshot attached in a previous comment)
Props adamsoucie, afercia.
Fixes#33030.
Built from https://develop.svn.wordpress.org/trunk@44924
git-svn-id: http://core.svn.wordpress.org/trunk@44755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Includes minor code layout fixes.
Patch `44360-wp-admin-includes-dir.patch` of the series.
Props flipkeijzer, alvarogois, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43598
git-svn-id: http://core.svn.wordpress.org/trunk@43427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
