By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
Built from https://develop.svn.wordpress.org/trunk@39046
git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
Built from https://develop.svn.wordpress.org/trunk@39038
git-svn-id: http://core.svn.wordpress.org/trunk@38980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.
Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.
Props Ankit K Gupta.
Fixes#38459.
Built from https://develop.svn.wordpress.org/trunk@39006
git-svn-id: http://core.svn.wordpress.org/trunk@38948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
Built from https://develop.svn.wordpress.org/trunk@39005
git-svn-id: http://core.svn.wordpress.org/trunk@38947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Hides page numbers visually at smaller screen sizes.
* Reduced padding around `.wrap` class on smaller screens.
* Fixed issue with the page numbers not displaying the underline on `:hover`. This has been updated in the custom colors files, too.
Props laurelfulford, caspie.
Fixes#38394.
Built from https://develop.svn.wordpress.org/trunk@38996
git-svn-id: http://core.svn.wordpress.org/trunk@38938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.
* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.
Props helen, westonruter, ocean90.
Fixes#38114, #38533.
Built from https://develop.svn.wordpress.org/trunk@38991
git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A background color style that was added to the front page during video header implementation did not get included in the `colors-dark.css`, causing a display issue with the dark color scheme.
Props laurelfulford.
See #38172.
Built from https://develop.svn.wordpress.org/trunk@38987
git-svn-id: http://core.svn.wordpress.org/trunk@38930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Rename customizer JS files to customize-preview.js and customize-controls.js to align with the core file naming and make it clearer where each file runs.
* Only show the colorscheme_hue control when there's a custom color scheme.
* Update preview JS handling for revised front page section handling, see below.
* Remove all references to "Theme Customizer" in code comments. It hasn't been called that since before 4.0.
* Clarify the purpose of the JS files by updated the code comments in the file headers.
* Improve code readability.
* Make the arbitrary number of front page sections filterable, for UI registration and output.
* Rename twentyseventeen_sanitize_layout to twentyseventeen_sanitize_page_layout to be clearer about what it sanitizes in case child themes or plugins consider reusing it.
* Rename page_options setting/control to page_layout as that's more reflective of what that option does; and again, helps for potential extensions.
* Make the page layout option contextual to pages and the sidebar being inactive, as the option only applies when there is no sidebar (per its description).
* Condense options into a single section.
* Add selective refresh for front page sections.
* Locate active_callback functions within customizer.php so that they're easier to find when editing customizer registrations, similarly to sanitize callbacks.
* Adjust the styling for placeholders for panels that aren't active.
* Ensure that the new visible edit shortcuts don't have any issues.
Props celloexpressions.
Fixes#38426.
Built from https://develop.svn.wordpress.org/trunk@38986
git-svn-id: http://core.svn.wordpress.org/trunk@38929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds the ability for themes to add support for videos in custom headers
by passing `'video' => true` as an argument when adding theme support for
custom headers.
Custom video headers are managed through the “Header Visuals” (i.e. “Header Image”)
panel in the Customizer where you can select a video from the media library or set a
URL to an external video (YouTube for now) for use in custom headers.
This introduces several new functions:
`has_header_video()` – Check whether a header video is set or not.
`get_header_video_url()` – Retrieve header video URL for custom header.
`the_header_video_url()` – Display header video URL.
`get_header_video_settings()` – Retrieve header video settings.
`has_custom_header()` – Check whether a custom header is set or not.
`get_custom_header_markup()` – Retrieve the markup for a custom header.
`the_custom_header_markup()` – Print the markup for a custom header.
And a new file, `wp-includes/js/wp-custom-header.js` that handles loading videos
in custom headers.
This also enables video headers in the Twenty Seventeen and Twenty Fourteen themes.
Props davidakennedy, celloexpressions, bradyvercher, laurelfulford, joemcgill.
Fixes#38172.
Built from https://develop.svn.wordpress.org/trunk@38985
git-svn-id: http://core.svn.wordpress.org/trunk@38928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
CSS generated content is going to be rendered for speech output more and more in
the next future. When it's not intended to be available for speech output, for
example with font icons, then special care should be used to hide it from
assistive technologies. At the moment, the only reliable way to do this is making
use of a wrapper element and set `aria-hidden="true"` on it.
Fixes#37513.
Built from https://develop.svn.wordpress.org/trunk@38984
git-svn-id: http://core.svn.wordpress.org/trunk@38927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A `null` value is returned in the response for any option that has a non-scalar value.
To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.
Props joehoyle, rachelbaker.
Fixes#38527.
Built from https://develop.svn.wordpress.org/trunk@38982
git-svn-id: http://core.svn.wordpress.org/trunk@38925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds hidden text to the pagination links
- slightly increases the links clickable area
- fixes a JS error when clicking on the current page number
- avoids to generate nested `<div>` elements at each click
Props xavortm, cwpnolen, afercia.
Fixes#35577.
Built from https://develop.svn.wordpress.org/trunk@38981
git-svn-id: http://core.svn.wordpress.org/trunk@38924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As sparrows' tears shed steadily
Make widest rivers filled,
`setUp()` routines run prodig'ly
Add minutes to a build.
So cull ye fixtures profligate!
Direct thine frugal gaze!
Our savings here - a half-minute -
When multiplied: Amaze!
See #30017.
Built from https://develop.svn.wordpress.org/trunk@38975
git-svn-id: http://core.svn.wordpress.org/trunk@38918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.
Fixes#38504.
Built from https://develop.svn.wordpress.org/trunk@38974
git-svn-id: http://core.svn.wordpress.org/trunk@38917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.
Props websupporter, rachelbaker.
Fixes#38378.
Built from https://develop.svn.wordpress.org/trunk@38968
git-svn-id: http://core.svn.wordpress.org/trunk@38911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Edit shortcuts show initially for a moment and then fade away so as to not get in the way of the preview.
* Visibility of edit shortcuts is toggled by clicking/touching anywhere inert in the document.
* Implements UI for mobile and touch devices which do not support shift-click.
* Adds `editShortcutVisibility` state.
* Adds new methods to `wp.customize.selectiveRefresh.Partial` for managing edit shortcuts.
Incorporates aspects of the Customize Direct Manipulation feature plugin.
Props sirbrillig, mattwiebe, celloexpressions, melchoyce, westonruter, afercia.
Fixes#27403.
Built from https://develop.svn.wordpress.org/trunk@38967
git-svn-id: http://core.svn.wordpress.org/trunk@38910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes the left padding on the first cell in a row, and the right padding on the last cell in each row - the padding is still there between cells, so the contents don't meet.
* Does the opposite for RTL, and fixes some spacing issues.
* Updates the editor styles to match.
Props laurelfulford, snacking.
Fixes#38447.
Built from https://develop.svn.wordpress.org/trunk@38963
git-svn-id: http://core.svn.wordpress.org/trunk@38906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Fixes the display issues with the header. The header doesn't look exactly like it does in newer browsers, but it's closer.
* Gets the font sizes a bit more consistent with how it looks like other browsers.
* IE8 doesn't support SVGs, so it's using the fallback styles for some of the icons. The fallbacks are limited to the absolutely necessary icons - so there is one for the submenu dropdown toggle icon, but not for the little 'hamburger' and X that sit in front of the 'menu' button.
Props laurelfulford.
Fixes#38472.
Built from https://develop.svn.wordpress.org/trunk@38962
git-svn-id: http://core.svn.wordpress.org/trunk@38905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.
This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.
`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).
Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes#26511.
Built from https://develop.svn.wordpress.org/trunk@38961
git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages.
While this feature is very helpful, it has always been limited to the 'page' post type and not was not available to other post types.
By opening up the page template functionality to all post types, we continue to improve the template hierarchy's flexibility.
In addition to the `Template Name` file header, the post types supported by a template can be specified using `Template Post Type: post, foo, bar`.
When at least one template exists for a post type, the 'Post Attributes' meta box will be displayed in the back end, without the need to add post type support for `'page-attributes'`. 'Post Attributes' can be customized per post type using the `'attributes'` label when registering a post type.
Props johnbillion, Mte90, dipesh.kakadiya, swissspidy.
Fixes#18375.
Built from https://develop.svn.wordpress.org/trunk@38951
git-svn-id: http://core.svn.wordpress.org/trunk@38894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When support for PDFs is available, on upload,
render 'Thumbnail', 'Medium', 'Large', and 'Full' sizes of
the first page, and save them in attachment meta.
Use these renders within Add Media, Media Gallery and List views,
Attachment Details, Post/Attachment Edit screens, and Attachment pages.
Support available by default via Imagick -> ImageMagick -> Ghostscript,
but can be provided by any `WP_Image_Editor` that supports PDFs.
Props adamsilverstein, azaozz, celloexpressions, desrosj, dglingren, ericlewis, ipstenu, joemcgill, joyously, markoheijnen, melchoyce, mikeschroder, tomauger.
Fixes#31050.
Built from https://develop.svn.wordpress.org/trunk@38949
git-svn-id: http://core.svn.wordpress.org/trunk@38892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new control for managing the background position. Adds control for setting the `background-size`.
Props cdog, celloexpressions, grapplerulrich, MikeHansenMe, FolioVision, afercia, helen, melchoyce, karmatosed, westonruter, Kelderic, sebastian.pisula.
Fixes#22058.
Built from https://develop.svn.wordpress.org/trunk@38948
git-svn-id: http://core.svn.wordpress.org/trunk@38891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Like its predecessor (`sanitize_text_field()`), `sanitize_textarea_field()` is a helper function to sanitise user input. As the name suggests, this function is for sanitising input from `textarea` fields - it strips tags and invalid UTF-8 characters, like `sanitize_text_field()`, but retains newlines and extra inline whitespace.
Props ottok, nbachiyski, chriscct7, pento.
Fixes#32257.
Built from https://develop.svn.wordpress.org/trunk@38944
git-svn-id: http://core.svn.wordpress.org/trunk@38887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a site is using a static front page, and that page is in a menu, it isn't given the CSS class `menu-item-home`, contrary to the developer documentation.
An incorrect solution was originally added in [35272], and is now gone. Let us never speak of it again.
Props mdgl, adamsilverstein, welcher, pento.
Fixes#35272.
Built from https://develop.svn.wordpress.org/trunk@38940
git-svn-id: http://core.svn.wordpress.org/trunk@38883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_site()` has replaced `get_blog_details()` throughout core and is the recommended way to retrieve a current or single site object.
The `blog_details` filter is applied when full details are requested from `get_blog_details()`.
To ensure backwards compatibility in the switch to `get_site()`, this `blog_details` filter is now applied in `WP_Site::get_details()` and marked as deprecated with a note to rely instead on the `site_details` filter introduced in 4.6.
Props flixos90.
See #37102.
Fixes#38491.
Built from https://develop.svn.wordpress.org/trunk@38936
git-svn-id: http://core.svn.wordpress.org/trunk@38879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The color control in the customizer can use the new mode by supplying the `mode` param with `hue` (as opposed to the new default `full` value). New control replaces the `range` control in Twenty Seventeen for `colorscheme_hue`. The `wpColorPicker` can opt for hue-only mode via supplying `hue` as the `type` option. Iris Color Picker is updated from v1.0.7 to v1.1.0-beta.
Props mattwiebe, celloexpressions.
Fixes#38263.
Built from https://develop.svn.wordpress.org/trunk@38931
git-svn-id: http://core.svn.wordpress.org/trunk@38874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In addition to `wp_list_filter()` for filtering a list of objects, and `wp_list_pluck()` for plucking a certain field out of each object in a list, this new function can be used for sorting a list of objects by specific fields. These functions are now all contained within the new `WP_List_Util()` class and `wp_list_sort()` is used in various parts of core for sorting lists.
This was previously committed in [38859] but got reverted in [38862] and [38863]. To fix the previous issues, `wp_list_sort()` supports now an additional argument to preserve array keys via `uasort()`.
Props flixos90, DrewAPicture, jorbin.
Fixes#37128.
Built from https://develop.svn.wordpress.org/trunk@38928
git-svn-id: http://core.svn.wordpress.org/trunk@38871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value. Example: a request for the comments feed for a site without any comments.
Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API. The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.
Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes#38027.
Built from https://develop.svn.wordpress.org/trunk@38925
git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the custom colors CSS in line with the stylesheet. Some selectors were missing since many changes occurred in `style.css` a few days before the original merge to Core.
Props celloexpressions, laurelfulford.
Fixes#38389.
Built from https://develop.svn.wordpress.org/trunk@38918
git-svn-id: http://core.svn.wordpress.org/trunk@38861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, if an invalid post status was assigned to a media object, the object would be returned with an unchanged status. After [38911], an error response is returned.
The assertion in test_get_items_invalid_status_param_is_discarded() needs to be updated to account for the expected error response. The test name has been changed to `test_get_items_invalid_status_param_is_error_response()`.
Fixes#38417.
Built from https://develop.svn.wordpress.org/trunk@38917
git-svn-id: http://core.svn.wordpress.org/trunk@38860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Pass `false` as the `$passed_default` value when the `default_option_{$option}` filter is applied in `update_option` as no default is ever passed.
This resolves an error in tests where the 3rd parameter is not available to `filter_default_option()`.
Fixes#38176.
Built from https://develop.svn.wordpress.org/trunk@38916
git-svn-id: http://core.svn.wordpress.org/trunk@38859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a `default` argument to `register_setting` that will be used an the default option value viet `get_option()` in the event of no other option being specified. This means (if chosen) developers can define their default once via `register_option` and not have to duplicate the value every time they make a call to `get_option()`.
Props rmccue, jorbin, jtsternberg.
Fixes#38176.
Built from https://develop.svn.wordpress.org/trunk@38910
git-svn-id: http://core.svn.wordpress.org/trunk@38853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_DEFAULT_THEME` was being defined in the wrong location.
Also, if WordPress has the original "default" theme installed, ensure that our test theme overrides it.
Props swissspidy for daring to dive into Themes of WordPress Past.
See #31550, #38457.
Built from https://develop.svn.wordpress.org/trunk@38908
git-svn-id: http://core.svn.wordpress.org/trunk@38851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This functionality was originally added in [38858], using `symlink()` to put a link to the theme in WordPress' `themes` directory. Unfortunately, not all installs have write access to the `themes` directory, causing unit tests to fail.
The new method is to add the test theme directory to `$wp_theme_directories`, and fix the handful of tests that don't expect `$wp_theme_directories` to have multiple entries.
The test install/bootstrap routines now also check that `WP_DEFAULT_THEME` is defined, in case the tests are being run on a system that hasn't upgraded its' `wp-tests-config.php`.
See #31550.
Fixes#38457.
Built from https://develop.svn.wordpress.org/trunk@38907
git-svn-id: http://core.svn.wordpress.org/trunk@38850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ability was previously added to nav menus via the available page items panel. The "Add New Page" button only appears when the `allow_addition` control param is supplied as `true`. Code is adapted from the Customize Posts feature plugin.
Props celloexpressions, westonruter.
See #38013, #34923.
Fixes#38164.
Built from https://develop.svn.wordpress.org/trunk@38906
git-svn-id: http://core.svn.wordpress.org/trunk@38849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An empty string causes some browsers to use the current URL as the `href`. When using `history.replaceState()` Chrome will re-fetch the favicon with each call, meaning that `customize.php` gets hit with wasted requests which tax the server.
Fixes#38377.
Built from https://develop.svn.wordpress.org/trunk@38901
git-svn-id: http://core.svn.wordpress.org/trunk@38844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously we ensured that the entry points to WordPress were parsable by PHP4 in order to display a friendly not-supported-php error message.
However, for the last two years the main entry points have not actually parsed, and we've only added extra parse errors since it last worked in 3.9, so it's time we just remove this 'feature'.
The PHP version checks are still there for PHP 5.0/5.1, and so it's inplace when we eventually drop PHP 5.2 support.
See #29489.
Built from https://develop.svn.wordpress.org/trunk@38899
git-svn-id: http://core.svn.wordpress.org/trunk@38842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
