Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
Built from https://develop.svn.wordpress.org/trunk@39181
git-svn-id: http://core.svn.wordpress.org/trunk@39121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
Built from https://develop.svn.wordpress.org/trunk@39179
git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The CSS property `background-attachment: fixed` is disabled in some mobile browsers for performance reasons. So here, the fix increases the breakpoint where the `background-attachment: fixed` is applied to the front page images. Doing this removes the fixed backgrounds and the issue from all smaller screens, but the downside is that it also removes the fixed backgrounds from smaller laptops. It's also possible future devices could fall into this breakpoint, but this seems to be the most practical solution.
Props laurelfulford.
Fixes#38395.
Built from https://develop.svn.wordpress.org/trunk@39176
git-svn-id: http://core.svn.wordpress.org/trunk@39116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
Built from https://develop.svn.wordpress.org/trunk@39169
git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes `aria-hidden` argument. Lets `aria-hidden="true"` be there by default and sets it empty when there is `title` and `desc`.
* Adds unique IDs for title and desc for accessible implementation options.
* Removes absolute path in the Customizer. It didn't work in Internet Explorer, and the original bug is fixed in #30028.
* Add whitespace around `<use>`, from #38387.
Props sami.keijonen, swissspidy, laurelfulford.
Fixes#38659.
See #38387.
Built from https://develop.svn.wordpress.org/trunk@39164
git-svn-id: http://core.svn.wordpress.org/trunk@39104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.
Props rmccue, rachelbacker, danielbachhuber.
Fixes#38629.
Built from https://develop.svn.wordpress.org/trunk@39162
git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The combination of font-size and weight for post navigation made lower case "i"s illegible in some cases. Using `15px` seemed to be the best choice all around. Also adjusts the spacing around the arrows a bit, since they touch the text on small screen sizes.
Props laurelfulford.
Fixes#38670.
Built from https://develop.svn.wordpress.org/trunk@39152
git-svn-id: http://core.svn.wordpress.org/trunk@39092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [39128], this removes the validation logic for Vimeo URLs from
`_validate_external_header_video()` since WP does not support the
display of videos from Vimeo by default.
This also includes a change to using `esc_url_raw()` instead of `esc_url()`
on the URL value to avoid unexpected behavior from the inclusion of HTML
entities.
Props peterwilsoncc, westonruter.
Fixes#38544.
Built from https://develop.svn.wordpress.org/trunk@39148
git-svn-id: http://core.svn.wordpress.org/trunk@39088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TwentySeventeen attempts to highlight media found in post content by using `get_media_embedded_in_content()` to extract videos from the content and display their HTML differently. However, the HTML being generated by the playlist shortcode relies on JavaScript to update the video element with the markup needed to display the playlist properly. The `get_media_embedded_in_content()` function wasn't designed to handle this use case.
The patch looks for the presence of `wp-playlist-script` in the content and shows the standard content rather than trying to pluck the media elements from the content using `get_media_embedded_in_content()`.
Props joemcgill.
Fixes#38390.
Built from https://develop.svn.wordpress.org/trunk@39146
git-svn-id: http://core.svn.wordpress.org/trunk@39086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes regression introduced with the addition of control notifications in [37476]. The container element for notifications is injected after the `.customize-control-title` element if the `.customize-control-notifications-container` element does not already exist in the control's template. Also adds missing margin between current image and uploaded images.
Props bradyvercher.
See #34893.
Fixes#38561.
Built from https://develop.svn.wordpress.org/trunk@39145
git-svn-id: http://core.svn.wordpress.org/trunk@39085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, the "Collapse menu" item is not focusable and keyboard users can't collapse/expand the admin menu. This aims to fix it so that screen readers no longer announce it as a clickable but it remains unfocusable and thus unusable. So it's now a button.
Quoting joedolson at WordCamp Chicago 2014:
"If it's supposed to act like a button, it should be a button."
Also includes a grunt:precommit run that picked up some postcss changes to src/wp-includes/css/customize-preview.css
Fixes#29958.
Props ajercia, ipm-frommen for an iterative patch, valendesigns for an iterative patch, GaryJ for feedback, joedolson for feedback, helen for feedback
Built from https://develop.svn.wordpress.org/trunk@39141
git-svn-id: http://core.svn.wordpress.org/trunk@39081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a great goal for core, and is close, but it is not in shape to be shipped for 4.7 and there is not enough time left in the development cycle to alter and polish sufficiently. There are bugs, but more than that, there are more fundamental questions around the use of existing UI, general UX, and how findable themes are (not) on the .org side.
see #37661.
Built from https://develop.svn.wordpress.org/trunk@39140
git-svn-id: http://core.svn.wordpress.org/trunk@39080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This also reduces the number of browsers detected and patched with this fix. Most modern browsers have patched this common bug, where an anchor link does not move focus when clicked. Twenty Seventeen will only worry about older versions of Internet Explorer in this regard.
Props afercia, sami.keijonen.
See #38604.
Built from https://develop.svn.wordpress.org/trunk@39135
git-svn-id: http://core.svn.wordpress.org/trunk@39075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In -r39124, some additional issues were introduced:
* The 'overflow: hidden' on the `.site-header;` was added to prevent a side-scrolling issue, but it ended up cutting off the menu. It looks like the cause of the side-scroll was related to how the scroll down icon was rotated, so it's addressed by rotating the icon and not the `<a>`.
* Also, `min-height` doesn't play well with `display: table;` in Firefox. So it's addressed with just `height`.
Props laurelfulford, sami.keijonen.
See #38543.
Built from https://develop.svn.wordpress.org/trunk@39129
git-svn-id: http://core.svn.wordpress.org/trunk@39069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Vimeo's API requires a Pro account to display videos as background videos
(i.e., without player controls), thus we shouldn't support Vimeo
URLs by default in custom header videos. This removes the reference of Vimeo
from the control description in the customizer.
Fixes#38544.
Built from https://develop.svn.wordpress.org/trunk@39128
git-svn-id: http://core.svn.wordpress.org/trunk@39068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Leverages `get_user_locale()` in `load_*_textdomain()` and `_load_textdomain_just_in_time()` to always load translations in the user's language when in the admin.
This re-introduces [39069], but now with additional tests and a `function_exists( 'wp_get_current_user' )` check in `get_user_locale()` in case it gets used early.
Props swissspidy, ocean90.
Fixes#38485.
Built from https://develop.svn.wordpress.org/trunk@39127
git-svn-id: http://core.svn.wordpress.org/trunk@39067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
Built from https://develop.svn.wordpress.org/trunk@39126
git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When themes register default headers, they can use sprintf style placeholder
strings in place of the template directory URI, which WordPress transforms
in several places by running the value of
`get_theme_support( 'custom-header', 'default-image' )` through `sprintf()`.
This fixes a few places where WordPress skipped the `sprintf()` step and
referenced the `get_theme_support()` value directly.
Props bradyvercher for initial patch.
See #38557.
Built from https://develop.svn.wordpress.org/trunk@39123
git-svn-id: http://core.svn.wordpress.org/trunk@39063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_header_image_tag()` relies on the data returned by `get_custom_header()`
to build the attributes for the header `<img>` element. However,
`get_custom_header()` relies on data from the `header_image_data` theme
mod rather than the `header_image` theme mod that `get_header_image()` uses.
This can create inconsistencies when no header image is set, but a theme
supports a default header image.
This fixes the issue by making `get_custom_image_tag()` rely on the URL
returned by `get_header_image()` instead.
Props bradyvercher.
Fixes#38633.
Built from https://develop.svn.wordpress.org/trunk@39121
git-svn-id: http://core.svn.wordpress.org/trunk@39061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sets `screwIE8` to false as it is now enabled by default
Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js
Changelog:
2016-07-19 v2.0.0 Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19 v1.0.2 Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.
See #38199.
Built from https://develop.svn.wordpress.org/trunk@39117
git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changlog:
2016-04-14 v1.2.0 Add support for filtering running modules using command line (--modules) Removed 'grunt.warn' output from error.onError handler, onus now on end user binding to event. Update docs.
See #38199.
Built from https://develop.svn.wordpress.org/trunk@39113
git-svn-id: http://core.svn.wordpress.org/trunk@39055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a value is sanitized in PHP and differs from the JS value in the pane, a `change` event for the setting is triggered upon refresh. This should be avoided since the value just came from the server as being sanitized. This also fixes periodic issue where selective refresh happens immediately after a full refresh.
Fixes#37032.
Built from https://develop.svn.wordpress.org/trunk@39112
git-svn-id: http://core.svn.wordpress.org/trunk@39054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.
Props rmccue.
Fixes#38547.
Built from https://develop.svn.wordpress.org/trunk@39109
git-svn-id: http://core.svn.wordpress.org/trunk@39051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38985], we used jQuery to trigger a custom event once a video
handler has completed so themes, like Twenty Fourteen, can execute
their own adjustments after the header video has loaded.
This replaces the jQuery `trigger()` method with a native event and
updates Twenty Fourteen accordingly.
Props adamsilverstein, joemcgill.
Fixes#38550.
Built from https://develop.svn.wordpress.org/trunk@39102
git-svn-id: http://core.svn.wordpress.org/trunk@39044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
Built from https://develop.svn.wordpress.org/trunk@39101
git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While "Menu/Theme locations" was descriptive of what the choices listed were, in the context of editing an individual nav menu it is more descriptive to use a setting label that tells you what it is you are affecting for that nav menu, which is where it will be displayed. Technically multiple locations can be chosen, but in practice that appears to be rare enough that we can avoid an awkward "location(s)" type string.
props Fencer04 for the initial patch.
fixes#38525.
Built from https://develop.svn.wordpress.org/trunk@39098
git-svn-id: http://core.svn.wordpress.org/trunk@39040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.
Props joehoyle, rachelbaker.
Fixes#38529.
Built from https://develop.svn.wordpress.org/trunk@39089
git-svn-id: http://core.svn.wordpress.org/trunk@39031 1a063a9b-81f0-0310-95a4-ce76da25c4cd