Commit Graph

40 Commits

Author SHA1 Message Date
whyisjake
29b77be4ae Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.1 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.1@47646


git-svn-id: http://core.svn.wordpress.org/branches/5.1@47421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:08:48 +00:00
whyisjake
2fc33ef47d Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.1 branch.


Built from https://develop.svn.wordpress.org/branches/5.1@46490


git-svn-id: http://core.svn.wordpress.org/branches/5.1@46288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:17:55 +00:00
desrosj
04dff0e2a9 Docs: Update since annotations for adding LIKE comparisons with meta keys.
Previously introduced in [42768].

Fixes #42409.
Built from https://develop.svn.wordpress.org/trunk@44518


git-svn-id: http://core.svn.wordpress.org/trunk@44349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 14:55:49 +00:00
Gary Pendergast
344348ba5b Query: Fix some code formatting issues introduced in [44452].
See #38034.


Built from https://develop.svn.wordpress.org/trunk@44456


git-svn-id: http://core.svn.wordpress.org/trunk@44287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 04:32:50 +00:00
Boone Gorges
5950f27205 Query: Standardize treatment of 'orderby' values post__in, post_parent__in, and post_name__in.
Ordering by `post__in` was introduced in [21776], but the code assumed that
`post__in` would be a comma-separated string listing post IDs. When an array
of post IDs was passed to the `post__in` query var, 'orderby=post__in' was
not respected. This changeset changes this behavior by handling
'orderby=post__in' in the same way as most other values of 'orderby',
which ensures that arrays as well as strings can be properly parsed.

The same treatment is given to the similar `post_name__in` and
`post_parent__in` options of 'orderby', so that most query generation for
orderby clauses happens in the same place, instead of in special cases.

A slight change in the resulting SQL (related to the whitespace around
parentheses and commas) necessitates a change to an existing REST API test
that does a string comparison against the SQL query.

Props mgibbs189, kelvink.
Fixes #38034.
Built from https://develop.svn.wordpress.org/trunk@44452


git-svn-id: http://core.svn.wordpress.org/trunk@44283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 03:33:49 +00:00
desrosj
c7c9bc7585 Query: Remove nextpage block delimiters when setting up global post data.
`WP_Query::setup_postdata()` splits the post up by `<!--nextpage-->`, which causes invalid block data to be contained in the post content.

This change removes the `<!-- wp:nextpage -->` and `<!-- /wp:nextpage -->`, as well.

Props pento, youknowriad, azaozz, noisysocks.

Merges [43940] into trunk.

See #45401.
Built from https://develop.svn.wordpress.org/trunk@44276


git-svn-id: http://core.svn.wordpress.org/trunk@44106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-17 19:29:51 +00:00
John Blackbourn
47d32decd6 Docs: Correct and improve various inline documentation.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43582


git-svn-id: http://core.svn.wordpress.org/trunk@43411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-27 14:28:26 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
John Blackbourn
2361ca884f Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42876


git-svn-id: http://core.svn.wordpress.org/trunk@42706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 19:33:31 +00:00
Dominik Schilling
5c291d49de Pinking shears.
See #41057.
Built from https://develop.svn.wordpress.org/trunk@42843


git-svn-id: http://core.svn.wordpress.org/trunk@42673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-18 14:23:33 +00:00
Boone Gorges
35ad9e9efc Allow LIKE queries against the 'key' value in meta queries.
The new `compare_key=LIKE` parameter works in conjunction with `key` in a
similar way to the `compare=LIKE` and `value`: by doing a "compares" `LIKE`
query. This allows developers to do partial matches against keys when
doing meta queries.

Props mariovalney, chasewg.
Fixes #42409.
Built from https://develop.svn.wordpress.org/trunk@42768


git-svn-id: http://core.svn.wordpress.org/trunk@42598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-01 04:03:33 +00:00
Aaron Jorbin
8a884f562a Query: Fix warning on counting non countable
Adds tests to continue the behavior for both null and strings.

See https://wiki.php.net/rfc/counting_non_countables for information on the PHP change.

Fixes #42860.
Props janak007 and ayeshrajans for initial patches.




Built from https://develop.svn.wordpress.org/trunk@42581


git-svn-id: http://core.svn.wordpress.org/trunk@42410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-24 01:21:31 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
c90cfa3b50 General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42228


git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
John Blackbourn
67c973f95e Docs: Correct parameter type documentation for various __call() methods.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42151


git-svn-id: http://core.svn.wordpress.org/trunk@41982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 22:56:47 +00:00
John Blackbourn
4a16295dc5 Docs: Standardise the format used for documenting parameters passed by reference.
See #35974, #41017

Built from https://develop.svn.wordpress.org/trunk@41688


git-svn-id: http://core.svn.wordpress.org/trunk@41522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:14:46 +00:00
John Blackbourn
9fdbe6538e Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Drew Jaynes
0860bb2771 Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
Drew Jaynes
beb67c9512 Docs: Improve the DocBlock summary for WP_Query::parse_orderby().
See #41017.

Built from https://develop.svn.wordpress.org/trunk@41042


git-svn-id: http://core.svn.wordpress.org/trunk@40892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-13 15:44:41 +00:00
Drew Jaynes
e1a227cf11 Docs: Document usage of the $wpdb global in WP_Query::parse_search() and WP_Query::parse_orderby().
Props avinapatel.
Fixes #41313.

Built from https://develop.svn.wordpress.org/trunk@41041


git-svn-id: http://core.svn.wordpress.org/trunk@40891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-13 15:42:44 +00:00
Boone Gorges
848bcf3b28 Introduce $comment_count param for WP_Query.
This parameter allows querying for posts with a specific value of
`comment_count`. It is also possible to query for posts that match
a `comment_count` comparison by passing an array with 'value' and
'compare' operators (eg `array( 'compare' => '>', 'value' => 5 )`).

Props ramon fincken.
Fixes #28399.
Built from https://develop.svn.wordpress.org/trunk@40978


git-svn-id: http://core.svn.wordpress.org/trunk@40828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 11:25:44 +00:00
Drew Jaynes
4b0e64aa8c Docs: Add missing @since, @access, and @global notations to the DocBlock for WP_Query::parse_search_order().
Props dixitadusara.
Fixes #41045.

Built from https://develop.svn.wordpress.org/trunk@40972


git-svn-id: http://core.svn.wordpress.org/trunk@40822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-30 16:08:44 +00:00
Drew Jaynes
af5b2ca7f5 Docs: Add more useful summaries to the DocBlocks for boolean $is_* properties in WP_Query.
Props megane9988 for the initial patch.
Fixes #34726.

Built from https://develop.svn.wordpress.org/trunk@40966


git-svn-id: http://core.svn.wordpress.org/trunk@40816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-30 03:44:46 +00:00
Boone Gorges
8951af8ebb Introduce loop_no_results action.
This action fires when a `WP_Query` query returns no results.

Props mgibbs189.
Props #40850.
Built from https://develop.svn.wordpress.org/trunk@40923


git-svn-id: http://core.svn.wordpress.org/trunk@40773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-23 01:55:44 +00:00
Sergey Biryukov
3abb3087df Docs: Correct parameter description for posts_join filter.
Props anhskohbo.
Fixes #40991.
Built from https://develop.svn.wordpress.org/trunk@40912


git-svn-id: http://core.svn.wordpress.org/trunk@40762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-15 12:46:41 +00:00
Sergey Biryukov
564d6a0c90 Docs: Update the description of is_singular() and WP_Query::is_singular() to be parsed correctly by developer.wordpress.org.
Props grapplerulrich.
Fixes #39948.
Built from https://develop.svn.wordpress.org/trunk@40103


git-svn-id: http://core.svn.wordpress.org/trunk@40040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 10:30:43 +00:00
Sergey Biryukov
9d7ea04936 I18N: Merge similar strings in _deprecated_argument() calls.
Add translator comments.

Props ramiy, SergeyBiryukov.
Fixes #39020.
Built from https://develop.svn.wordpress.org/trunk@40028


git-svn-id: http://core.svn.wordpress.org/trunk@39965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-29 11:50:41 +00:00
Dominik Schilling
85384297a6 Query: Ensure that queries work correctly with post type names with special characters.
Built from https://develop.svn.wordpress.org/trunk@39952


git-svn-id: http://core.svn.wordpress.org/trunk@39889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:33:45 +00:00
Boone Gorges
af885f45cf Query: Improve documentation for orderby=relevance in WP_Query.
Props dots.
Fixes #39336.
Built from https://develop.svn.wordpress.org/trunk@39636


git-svn-id: http://core.svn.wordpress.org/trunk@39576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-23 02:31:41 +00:00
Boone Gorges
97fd5ae77c Docs: Correct param definition for WP_Query::query().
Props Shelob9.
Fixes #38963.
Built from https://develop.svn.wordpress.org/trunk@39550


git-svn-id: http://core.svn.wordpress.org/trunk@39490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-09 16:23:42 +00:00
Drew Jaynes
568838bebd Docs: Update the DocBlock description for WP_Query::is_single() to mention that it works for any post types excluding pages.
Props ryankienstra.
Fixes #38225.

Built from https://develop.svn.wordpress.org/trunk@39052


git-svn-id: http://core.svn.wordpress.org/trunk@38994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:34:34 +00:00
Boone Gorges
bcc26664ed Query: Allow the prefix used for search term exclusion to be filtered.
[38792] allowed `WP_Query`'s hyphen-as-exclusion-prefix feature to be
disabled via filter. A more general solution is to allow the prefix to
be filtered; returning an empty value from a filter callback works to
disable the feature.

Props dlh.
Fixes #38099.
Built from https://develop.svn.wordpress.org/trunk@38844


git-svn-id: http://core.svn.wordpress.org/trunk@38787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 18:42:29 +00:00
Boone Gorges
9783a3df6b Query: Allow the hyphen-prefix-for-search-exclusion feature to be disabled by filter.
WordPress 4.4 introduced "hyphen exclusion" for search terms, so that
"foo -bar" would return posts containing "foo" AND not containing "bar".
The new filter 'wp_query_use_hyphen_for_exclusion' allows developers
to disable this feature when it's known that their content will contain
semantically important leading hyphens.

Props chriseverson, choongsavvii.
Fixes #38099.
Built from https://develop.svn.wordpress.org/trunk@38792


git-svn-id: http://core.svn.wordpress.org/trunk@38735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-14 20:06:28 +00:00
Gary Pendergast
af69f4ab1a General: Restore usage of $wpdb, instead of $this->db.
Hiding the `$wpdb` global behind a property decreases the readability of the code, as well as causing irrelevant output when dumping an object.

Reverts [38275], [38278], [38279], [38280], [38387].
See #37699.


Built from https://develop.svn.wordpress.org/trunk@38768


git-svn-id: http://core.svn.wordpress.org/trunk@38711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-10 06:38:31 +00:00
Boone Gorges
132f3d0d19 Query: Eliminate unnecessary wp_list_filter() call in get_queried_object().
The refactor in [30711] swapped out the old `queries` property for the
new `queried_terms`, but should also have gotten rid of the now-
superfluous `wp_list_filter()` call.

Fixes #37962.
Built from https://develop.svn.wordpress.org/trunk@38586


git-svn-id: http://core.svn.wordpress.org/trunk@38529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-09 19:49:29 +00:00
Boone Gorges
163d59f8e1 Query: Avoid PHP notice in get_queried_object() when query contains NOT EXISTS tax query.
Props johnjamesjacoby.
See #37962.
Built from https://develop.svn.wordpress.org/trunk@38585


git-svn-id: http://core.svn.wordpress.org/trunk@38528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-09 19:37:38 +00:00
Dion Hulse
227a80eba3 Query: Use AND in a SQL query rather than &&.
This appears to have been the only instance of `&&` being used in SQL, so for consistency lets remove it.

Props scrappy@hub.org.
Fixes #37903.

Built from https://develop.svn.wordpress.org/trunk@38491


git-svn-id: http://core.svn.wordpress.org/trunk@38432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-01 05:11:31 +00:00
Scott Taylor
af71985625 Query: r38356, you were not long for this world.
Fixes #37830.

Built from https://develop.svn.wordpress.org/trunk@38471


git-svn-id: http://core.svn.wordpress.org/trunk@38412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:53:29 +00:00
Scott Taylor
faccc617fb Query: collapse several of the is_* methods using __call(). Add @method annotations.
Fixes #37830.

Built from https://develop.svn.wordpress.org/trunk@38356


git-svn-id: http://core.svn.wordpress.org/trunk@38297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 19:42:43 +00:00
Scott Taylor
d5f28fdad8 Query: move WP_Query into its own file via svn cp.
See #37827.

Built from https://develop.svn.wordpress.org/trunk@38351


git-svn-id: http://core.svn.wordpress.org/trunk@38292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 17:20:38 +00:00