- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56834], [56835], [56836], [56838], and [56840] to the 4.8 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.8@56864
git-svn-id: http://core.svn.wordpress.org/branches/4.8@56375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The addition of the `pre_do_shortcode_tag` in [38506] allows plugins to short-circuit the shortcode execution process, which is particularly helpful for caching expensive shortcodes.
The `do_shortcode_tag` is the corresponding part of that system - when a shortcode hasn't been executed previously, there needs to be a clean method of populating the cache.
Props flixos90.
Fixes#32790.
Built from https://develop.svn.wordpress.org/trunk@38713
git-svn-id: http://core.svn.wordpress.org/trunk@38656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Move pattern from `wptexturize()` into a separate function.
* Move pattern from `wp_html_split()` into a separate function.
* Beautify code for `wp_html_split()`.
* Remove unnecessary instances of `/s` modifier in patterns that don't use dots.
* Add `tests/phpunit/data/formatting/whole-posts.php` for testing larger strings.
* Add function `benchmark_pcre_backtracking()`.
* Add tests for `wp_html_split()`.
* Add tests for `wptexturize()`.
* Add tests for `get_shortcode_regex()`.
Props miqrogroove.
Fixes#34121.
Built from https://develop.svn.wordpress.org/trunk@34761
git-svn-id: http://core.svn.wordpress.org/trunk@34726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()`
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`
Adds unit tests.
Props miqrogroove, kitchin, azaozz.
Fixes#33106.
Built from https://develop.svn.wordpress.org/trunk@33469
git-svn-id: http://core.svn.wordpress.org/trunk@33436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Affects DocBlocks for the following core elements:
* Backtick-escape HTML tags in several argument descriptions for `wp_link_pages()`
* Remove an HTML tag from the summary for `prepend_attachment()`
* Backtick-escape inline code in the description for `get_extended()`
* Backtick-escape inline code in the description for `get_post_type_labels()`
* Various markdown formatting in the description for `add_rewrite_endpoint()`
* Markdown-indent a code snippet in the file header for wp-includes/shortcodes.php
* Markdown-indent code snippets in the description for `add_shortcode()
Props rarst.
See #30473.
Built from https://develop.svn.wordpress.org/trunk@30545
git-svn-id: http://core.svn.wordpress.org/trunk@30534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes#30191.
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Revert parts of [28773] and [28727] and [29748].
* Do not crash PHP. Make the shortcode quantifier possessive to avoid backtracks.
* Reduce backtracking in long HTML comments by 100x.
* Do not ignore unclosed HTML comments.
* Do not break unregistered shortcodes, e.g. `[hello attr="value"]`.
* Do not break HTML in shortcode attributes, e.g. `[hello attr="<"]`.
* Do not match for shortcodes when there is extra whitespace, e.g. `[ hello ]`.
* Add unit tests to show #12690 was not fully resolved.
* Tested PHP 5.2.4, 5.2.13, 5.4.32, and 5.5.8.
Adds/modifies unit tests.
Props miqrogroove.
See #29557.
Built from https://develop.svn.wordpress.org/trunk@29781
git-svn-id: http://core.svn.wordpress.org/trunk@29553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Expand the `wptexturize()` RegEx to include the list of registered shortcodes.
* Avoid backtracking after `[` chars by not filtering params in registered shortcodes. This will cause escaped shortcodes and their params to become texturized if not registered.
* Registered shortcode params will never be texturized, even when escaped.
* Move all tests involving unregistered shortcodes to a new and improved unit.
* Update one test involving HTML within shortcode params.
Props miqrogroove.
See #29557.
Built from https://develop.svn.wordpress.org/trunk@29748
git-svn-id: http://core.svn.wordpress.org/trunk@29520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a significant performance improvement for processing content without shortcodes, and only the slightest hit when content contains shortcodes (which must then undergo processing anyway). Performance results on the ticket.
props TobiasBg.
fixes#23855.
Built from https://develop.svn.wordpress.org/trunk@27394
git-svn-id: http://core.svn.wordpress.org/trunk@27242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
