Commit Graph

34659 Commits

Author SHA1 Message Date
Rachel Baker
240e3ec683 Comments: Strip html tags from comment content before blacklist_keys comparison.
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.

Props cfinke.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38047


git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 13:48:39 +00:00
Dominik Schilling
c73c23c423 Resource Hints: Increase priority of wp_resource_hints() so hints get printed before scripts and styles.
Also run `wp_resource_hints()` on the login screen and in the customizer. 

Props swissspidy.
Fixes #37317.
Built from https://develop.svn.wordpress.org/trunk@38046


git-svn-id: http://core.svn.wordpress.org/trunk@37987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 12:54:28 +00:00
Dominik Schilling
834f0809fc WP Mail: Remove an unused variable.
Unused since [34864].

Props vishalkakadiya.
Fixes #37346.
Built from https://develop.svn.wordpress.org/trunk@38045


git-svn-id: http://core.svn.wordpress.org/trunk@37986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 12:37:29 +00:00
Dominik Schilling
fb59d07c9b Database: Add unit test to test that a column type change for a table name with a hyphen is working after [37583].
Fixes #31679.
Built from https://develop.svn.wordpress.org/trunk@38044


git-svn-id: http://core.svn.wordpress.org/trunk@37985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 11:39:41 +00:00
John Blackbourn
7e7dfdea55 HTTP API: Remove duplicate documentation for the http_api_debug hook.
Fixes #37081

Built from https://develop.svn.wordpress.org/trunk@38043


git-svn-id: http://core.svn.wordpress.org/trunk@37984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 10:23:43 +00:00
Jeremy Felt
f3b3ece76a Multisite: Set default $args to an empty array in get_networks().
The empty string was not incorrect. Using `array()` here instead makes things a bit more consistent by aligning with `get_sites()`, `get_users()`, and `get_terms()`.

See #32504.

Built from https://develop.svn.wordpress.org/trunk@38042


git-svn-id: http://core.svn.wordpress.org/trunk@37983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 05:30:29 +00:00
Jeremy Felt
da40e89d06 Meta: Ensure filters are backwards compatible for pre-4.6 style meta registration.
When using `register_meta()` with the function signature from 4.5 and earlier, the `auth_{$type}_meta_{$key}` and `sanitize_{$type}_meta_{$key}` filters are used. Any calls to `register_meta()` expecting this behavior should continue to work. The new filters, which take advantage of object subtypes, should not be added unless the proper `$args` array is passed.

See #35658.

Built from https://develop.svn.wordpress.org/trunk@38041


git-svn-id: http://core.svn.wordpress.org/trunk@37982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 04:46:28 +00:00
Jeremy Felt
d5e14166f3 Meta: Remove filters when meta is unregistered.
If auth and/or sanitize callbacks are specified in the arguments for
`register_meta()`, filters are added to handle these callbacks. These
should be removed when calling `unregister_meta_key()` to avoid
unintentional filtering.

See #35658.

Built from https://develop.svn.wordpress.org/trunk@38040


git-svn-id: http://core.svn.wordpress.org/trunk@37981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 04:13:30 +00:00
Andrew Ozz
532e8f0204 TinyMCE: preserve <script> and <style> tags inside the editor.
Uses image placeholders for the tags and makes then visible. That way the tags can also be deleted from inside the editor.

Props iseulde, azaozz.
Fixes #32923.
Built from https://develop.svn.wordpress.org/trunk@38039


git-svn-id: http://core.svn.wordpress.org/trunk@37980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 22:09:31 +00:00
John Blackbourn
3a7137a7a5 Meta: Add a missing @since param for wp_object_type_exists().
See #35658

Built from https://develop.svn.wordpress.org/trunk@38038


git-svn-id: http://core.svn.wordpress.org/trunk@37979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 13:21:29 +00:00
Dominik Schilling
97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Dominik Schilling
e5f967ca99 Resource Hints: Remove schemes from dns-prefetch resource hint outputs.
"wordpress.org", "!http://wordpress.org", and "!https://wordpress.org" should all have the same DNS lookup.
Also, replace `\r\n` with `\n` and ensure that invalid URLs are skipped.

Props niallkennedy, peterwilsoncc.
Fixes #37240.
Built from https://develop.svn.wordpress.org/trunk@38036


git-svn-id: http://core.svn.wordpress.org/trunk@37977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:32:28 +00:00
Dominik Schilling
f160f2afd1 Toolbar: Allow 0 as a value for the tabindex property of a menu item.
To enhance accessibility for items without a link you can now define `tabindex="0"`, which makes descendant dropdowns accessible.

Props joedolson, afercia, ocean90.
Fixes #32495.
Built from https://develop.svn.wordpress.org/trunk@38035


git-svn-id: http://core.svn.wordpress.org/trunk@37976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:18:30 +00:00
Andrew Ozz
70fa27a953 TinyMCE: update to 4.4.0, changelog: https://github.com/tinymce/tinymce/blob/master/changelog.txt. Includes two bugfixes for #36434.
Fixes #37327.
Built from https://develop.svn.wordpress.org/trunk@38034


git-svn-id: http://core.svn.wordpress.org/trunk@37975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 00:20:29 +00:00
Pascal Birchler
e4eee7ef5c Plugins: Improve Ajax search of installed plugins.
Fixes a few accessibility issues, tweaks the design of the search form to match other Ajax search fields and improves compatibility with older browsers.

See #37230.
Built from https://develop.svn.wordpress.org/trunk@38033


git-svn-id: http://core.svn.wordpress.org/trunk@37974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-11 21:50:31 +00:00
Dominik Schilling
f8e7680cd6 Multisite: Use hash_equals() when comparing hashes to mitigate timing attacks.
Fixes #37324.
Built from https://develop.svn.wordpress.org/trunk@38032


git-svn-id: http://core.svn.wordpress.org/trunk@37973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:43:28 +00:00
Dominik Schilling
02424959e4 Accessibility: Add aria-button-if-js class to links in the media list table that behave like buttons when JavaScript is on.
Props joedolson, afercia.
See #26504.
Fixes #36555.
Built from https://develop.svn.wordpress.org/trunk@38031


git-svn-id: http://core.svn.wordpress.org/trunk@37972 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:31:31 +00:00
Drew Jaynes
844ae66820 Docs: The $labels property in WP_Post_Type is of type object as returned from get_post_type_labels(), not an array.
Props swissspidy.
See #36217.

Built from https://develop.svn.wordpress.org/trunk@38030


git-svn-id: http://core.svn.wordpress.org/trunk@37971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 17:41:30 +00:00
Drew Jaynes
31f150080a Docs: Standardize references to "meta box" or "meta boxes" as two distinct words throughout core documentation per the core spelling guide.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38029


git-svn-id: http://core.svn.wordpress.org/trunk@37970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:56:28 +00:00
Drew Jaynes
6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Drew Jaynes
4c029e870e Docs: Link the 4.6 changelog entry in the DocBlock for register_meta() to its corresponding dev note on make/core.
h/t ocean90.

See #35658. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38027


git-svn-id: http://core.svn.wordpress.org/trunk@37968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 16:50:35 +00:00
Tammie Lister
5bcc4e7b35 PHP 7 compatibility issues fixed in Twenty Thirteen and Twenty Fourteen
Props xknown
Fixes #37227
--This Line, and those below, will be ignored--

M    themes/twentyfourteen/functions.php
M    themes/twentythirteen/functions.php

Built from https://develop.svn.wordpress.org/trunk@38026


git-svn-id: http://core.svn.wordpress.org/trunk@37967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 15:11:33 +00:00
Dominik Schilling
559c6637bf Docs: Fix a typo in the DocBlock for themes_api(), themes_api, plugins_api(), and plugins_api.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@38025


git-svn-id: http://core.svn.wordpress.org/trunk@37966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:39:33 +00:00
Drew Jaynes
7eb6471461 Docs: Fix minor formatting and syntax for wp-admin/* elements introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38024


git-svn-id: http://core.svn.wordpress.org/trunk@37965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:00:31 +00:00
Drew Jaynes
a13164355f Docs: Cross-reference parent classes in DocBlocks for upgrader classes moved to their own files in 4.6
See #36618. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38023


git-svn-id: http://core.svn.wordpress.org/trunk@37964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:45:33 +00:00
Drew Jaynes
2ee0027bc1 Docs: Improve usefulness of DocBlocks for ajax-actions.php functions introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38022


git-svn-id: http://core.svn.wordpress.org/trunk@37963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:23:30 +00:00
Drew Jaynes
c009abcc98 Docs: Fix a typo in the hook doc description for the enable_loading_advanced_cache_dropin run-time filter.
See #34936. See #37318.

Built from https://develop.svn.wordpress.org/trunk@38021


git-svn-id: http://core.svn.wordpress.org/trunk@37962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 13:17:30 +00:00
Dominik Schilling
1036637afc Taxonomy: Remove an unnecessary double assignment in WP_Term_Query::get_terms().
Props birgire.
Fixes #37254.
Built from https://develop.svn.wordpress.org/trunk@38020


git-svn-id: http://core.svn.wordpress.org/trunk@37961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 11:49:29 +00:00
Pascal Birchler
aa4334cc50 Upgrade/Install: Do not remove event handlers when trying to update a theme.
Previously, when clicking "Update now" the callbacks were erroneously removed. This prevented opening the filesystem credentials modal for a second time.

Fixes #37285.
Built from https://develop.svn.wordpress.org/trunk@38019


git-svn-id: http://core.svn.wordpress.org/trunk@37960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 11:43:43 +00:00
Drew Jaynes
dac2988528 Docs: Fix a typo in an inline hook reference in the DocBlock for comment_form().
Props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38018


git-svn-id: http://core.svn.wordpress.org/trunk@37959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 23:56:32 +00:00
Dominik Schilling
9b2f385b07 Bootstrap: Make wp_is_ini_value_changeable() compatible with PHP 5.2.6 - 5.2.17.
There is a bug in PHP 5.2.6 - 5.2.17 (https://bugs.php.net/bug.php?id=44936, https://3v4l.org/IL0A2) which changes the access level of a setting to 63 after `ini_set()` was called.
To continue comparing the access value against `INI_ALL` and `INI_USER` use the bit operator `& 7`:

* `1 & 7 === 1` (INI_USER)
* `2 & 7 === 2` (INI_PERDIR)
* `4 & 7 === 4` (INI_SYSTEM)
* `7 & 7 === 7` (INI_ALL)
* `63 & 7 === 7` (INI_ALL)

See [38015].
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38017


git-svn-id: http://core.svn.wordpress.org/trunk@37958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 18:36:30 +00:00
Dominik Schilling
31d3147f4e Unit tests: Don't change the memory_limit setting during tests.
40M isn't enough and can lead to an "out of memory" error. Change `test_wp_raise_memory_limit()` to test that `wp_raise_memory_limit()` doesn't *lower* the memory limit.

See [38015].
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38016


git-svn-id: http://core.svn.wordpress.org/trunk@37957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 18:17:41 +00:00
Dominik Schilling
aa561e67a1 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.
Built from https://develop.svn.wordpress.org/trunk@38015


git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 14:37:30 +00:00
Sergey Biryukov
d1cd600733 Docs: Fix typo in a comment in Core_Upgrader::upgrade().
Props Zuige.
Fixes #37314.
Built from https://develop.svn.wordpress.org/trunk@38014


git-svn-id: http://core.svn.wordpress.org/trunk@37955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 13:19:30 +00:00
Dominik Schilling
682e028a5a Bootstrap: Clean up wp_convert_hr_to_bytes().
* Don't return a value higher than `PHP_INT_MAX`.
* Add unit tests.

Props jrf.
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38013


git-svn-id: http://core.svn.wordpress.org/trunk@37954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 12:54:28 +00:00
Dominik Schilling
5eae48b414 Boostrap: Move wp_convert_hr_to_bytes() to wp-includes/load.php.
`wp_convert_hr_to_bytes()` was previously defined in wp-includes/media.php because it's only used by `wp_max_upload_size()` in the same file.
Moving this function to load.php allows us to improve core's memory limit handling.

See #32075.
Built from https://develop.svn.wordpress.org/trunk@38012


git-svn-id: http://core.svn.wordpress.org/trunk@37953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 11:27:27 +00:00
Dominik Schilling
561018677f Constants: Move constants for data sizes before constants for memory limits.
This allows us to improve core's memory limit handling.

See #32075.
Built from https://develop.svn.wordpress.org/trunk@38011


git-svn-id: http://core.svn.wordpress.org/trunk@37952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 11:19:29 +00:00
Peter Wilson
b9b69676d8 Embeds: Include locale stylesheets after default styles.
Fire `locale_stylesheet` action after the `wp_print_styles` action in the embeds header to match the order in `wp_head`.

Props swissspidy.
Fixes #36839.

Built from https://develop.svn.wordpress.org/trunk@38010


git-svn-id: http://core.svn.wordpress.org/trunk@37951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 06:07:33 +00:00
Rachel Baker
c283b3c0c6 Revisions: Allow autosaves to be restored when revisions are disabled.
Fixes bug introduced in [23639] where autosaves are not restored if revisions are disabled.

Props adamsilverstein.
Fixes #36262.



Built from https://develop.svn.wordpress.org/trunk@38009


git-svn-id: http://core.svn.wordpress.org/trunk@37950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 01:16:31 +00:00
Jeremy Felt
602f231a26 Docs: Correct the description of the $network_id in WP_Site_Query.
Passing 0 for `network_id` results in a query across all networks.

See #35791.

Built from https://develop.svn.wordpress.org/trunk@38008


git-svn-id: http://core.svn.wordpress.org/trunk@37949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 20:36:30 +00:00
Jeremy Felt
771212f20a Multisite: Correct logic used to display an Edit User link after adding a user.
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.

Fixes #37223.

Built from https://develop.svn.wordpress.org/trunk@38007


git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:48:29 +00:00
Jeremy Felt
24804144de Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email.
Props scottbasgaard.
Fixes #36954.

Built from https://develop.svn.wordpress.org/trunk@38006


git-svn-id: http://core.svn.wordpress.org/trunk@37947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:13:27 +00:00
Boone Gorges
397f08e7d3 Tests: Ensure that test for invalid user ID actually uses an invalid user ID.
This prevents false positives when the ID column's incrementor has exceeded the
hardcoded invalid ID.

Fixes #37308.
Built from https://develop.svn.wordpress.org/trunk@38005


git-svn-id: http://core.svn.wordpress.org/trunk@37946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 16:48:28 +00:00
Dominik Schilling
30420b7d19 Screen API: After [37972], ensure that $box['args'] is an array before trying to access __widget_basename.
This prevents a PHP fatal error on the Nav Menus screen where `$args` is an object.

Props elrae.
Fixes #35021.
Built from https://develop.svn.wordpress.org/trunk@38004


git-svn-id: http://core.svn.wordpress.org/trunk@37945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 16:39:29 +00:00
Jeremy Felt
7b5cd0c021 Multisite: Don't store max_num_pages in WP_Network_Query query cache.
This value can be easily calculated with available data.

Props spacedmonkey.
Fixes #32504.

Built from https://develop.svn.wordpress.org/trunk@38003


git-svn-id: http://core.svn.wordpress.org/trunk@37944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 15:52:28 +00:00
Jeremy Felt
d11c9de613 Multisite: Don't store max_num_pages in WP_Site_Query query cache.
This value can be easily calculated with available data.

Props spacedmonkey.
Fixes #35791.

Built from https://develop.svn.wordpress.org/trunk@38002


git-svn-id: http://core.svn.wordpress.org/trunk@37943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 15:32:29 +00:00
Boone Gorges
c6d5f78241 Comments: Cache results of SELECT FOUND_ROWS() query.
When comment IDs are fetched from the cache rather than the database,
the subsequent `SELECT FOUND_ROWS()` query will not return the correct value.
To avoid unnecessary queries, we cache the results of the `found_comments`
query alongside the comment IDs.

Props spacedmonkey.
Fixes #37184.
Built from https://develop.svn.wordpress.org/trunk@38001


git-svn-id: http://core.svn.wordpress.org/trunk@37942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 14:27:38 +00:00
Dominik Schilling
1630c97795 Text Changes: Unify a few more permission error messages which were missed in [37914].
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37999


git-svn-id: http://core.svn.wordpress.org/trunk@37940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 11:33:33 +00:00
Dominik Schilling
65eb29ad46 Import: Merge two similar strings.
Props ramiy.
See #34521.
Built from https://develop.svn.wordpress.org/trunk@37998


git-svn-id: http://core.svn.wordpress.org/trunk@37939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 10:53:28 +00:00
Sergey Biryukov
6953feb795 Unit Tests: Add description for data_get_comments_number_text_declension().
See #13651.
Built from https://develop.svn.wordpress.org/trunk@37997


git-svn-id: http://core.svn.wordpress.org/trunk@37938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 10:45:43 +00:00