* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.3 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.3@49393
git-svn-id: http://core.svn.wordpress.org/branches/5.3@49152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that `wp_validate_redirect()` sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend `set-screen-option`.
Merges [47948-47951] to the 5.3 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.3@47959
git-svn-id: http://core.svn.wordpress.org/branches/5.3@47731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The test reports a failure if the default timezone was changed with `date_default_timezone_set()` to anything other than `UTC`.
WordPress historically uses `UTC` as the default timezone for calculating date and time offsets, overriding it is not recommended and can cause widespread and obscure issues.
Props Rarst, Clorith, TimothyBlynJacobs.
Merges [46797] to the 5.3 branch.
Fixes#48692.
Built from https://develop.svn.wordpress.org/branches/5.3@46798
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove the SVG from the upper right corner.
* Make sure admin notices that should be hidden stay hidden.
* Address a11y issues with contrast.
* Fix an issue with the active nav tab hover.
* Prevent names on the credits from breaking out of the box.
* Update two strings with a more accurate information.
* Remove extra padding on the Credits tab.
Previously [46556], [46572], [46616].
Reviewed by SergeyBiryukov.
Props ryelle, afercia, audrasjb, francina, mapk, desrosj, YordanSoares, melchoyce, azaozz, johnbillion, davidbaumwald, luminuu, bwmarkle, la-geek, SergeyBiryukov.
Merges [46705] and [46709] to the 5.3 branch.
Fixes#47708.
Built from https://develop.svn.wordpress.org/branches/5.3@46710
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Run the `wp_generate_attachment_metadata` filter at the end in `wp_update_image_subsizes()` when new metadata was generated and additional image sub-sizes were created.
- Add another arg in the `wp_generate_attachment_metadata` filter for additional context.
- Fix inline docs and ensure the new image meta is always saved before starting image post-processing.
Props SergeyBiryukov, azaozz.
Merges [46621], [46622], and [46651] to the 5.3 branch.
Fixes#48472.
Built from https://develop.svn.wordpress.org/branches/5.3@46655
git-svn-id: http://core.svn.wordpress.org/branches/5.3@46455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to a confusion with `add_menu_page()`, which takes the `$icon_url` parameter, while `add_submenu_page()` does not, some plugins were passing in a string instead of integer as `$position`, causing backward compatibility issues.
A `_doing_it_wrong()` message is now added to alert developers of the wrong parameter type.
Props david.binda, desrosj, 123host, dennis_f, MattyRob.
Reviewed by desrosj.
Fixes#48249.
Built from https://develop.svn.wordpress.org/trunk@46570
git-svn-id: http://core.svn.wordpress.org/trunk@46367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows update failures caused when the native PHP JSON extension is missing to be distinguished from updates that fail because the site does not meet the minimum PHP requirements.
Follow up of [46455].
Reviewed by desrosj, jorbin, johnbillion.
Fixes#47699.
Built from https://develop.svn.wordpress.org/trunk@46560
git-svn-id: http://core.svn.wordpress.org/trunk@46357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The PHP native JSON extension has been bundled and compiled with PHP by default since version 5.2.0. Because the minimum version of PHP required by WordPress is now 5.6.20 (see #46594 and [45058]), the related polyfills and workarounds have been removed (see [46205-46206,46208]).
However, even though the JSON extension is now included in PHP by default, it is still possible to disable the extension in a custom configuration. This change will prevent sites from upgrading if the JSON extension is disabled to prevent compatibility issues.
Props jrf, jorbin, dd32, desrosj.
Fixes#47699.
Built from https://develop.svn.wordpress.org/trunk@46455
git-svn-id: http://core.svn.wordpress.org/trunk@46253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit switches a comparison to a Yoda condition, performs a more strict `intval()` check on the value of the Site Status column, and prevents a specific Site State from appearing in List Table rows when filtering by that same Site State already (to match the behavior of other List Table State implementations.)
Fixes#37684. Props pbiron.
Built from https://develop.svn.wordpress.org/trunk@46441
git-svn-id: http://core.svn.wordpress.org/trunk@46239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Visible `<label>` elements benefit all users. The `placeholder` attribute should not be used as a replacement for visible labels.
Instead, it's supposed to be used only for a short hint to aid users with data entry e.g. a sample value or a brief description of the expected format.
Screen readers may not announce a `placeholder` attribute at all. Other users may suffer from the lack of a visible label and a placeholder used as replacement, for example:
- users with cognitive disabilities may have trouble remembering what the filled field does
- speech recognition users cannot see the name they can speak to set focus on the field
- low-vision users with high text-size may not be able to see the whole placeholder even when it's visible, if its value is clipped by the edge of the input
Props anevins, audrasjb, karmatosed, azaozz, SergeyBiryukov, afercia.
See #40331.
Fixes#47138.
Built from https://develop.svn.wordpress.org/trunk@46418
git-svn-id: http://core.svn.wordpress.org/trunk@46216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Each item that `Walker_Nav_Menu_Checklist` displays is accompanied by several hidden `<input/>` fields that specify default values for each item when added to a menu. These values are passed in JavaScript to the AJAX call triggered when an item is added to a menu.
The hidden field for the title attribute field incorrectly had an underscore instead of a hyphen. Because of this, it was impossible to supply a default value for the Title Attribute field of a nav menu item.
Props yanngarcia, davidbaumwald.
See #47838.
Built from https://develop.svn.wordpress.org/trunk@46380
git-svn-id: http://core.svn.wordpress.org/trunk@46179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
