Commit Graph

641 Commits

Author SHA1 Message Date
whyisjake
9a0b89f7a8 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@46498


git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:09:23 +00:00
Dominik Schilling
bda00ecf73 Query: Ensure that queries work correctly with post type names with special characters.
Merge of [39952] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39959


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:51:03 +00:00
Boone Gorges
f2410b407d Query: Ignore search terms consisting of a single dash.
Due to the "exclude" support added in WP 4.4, single dashes were being
converted to "NOT LIKE '%%'" clauses, causing all searches to fail.

Ports [36989] to the 4.4 branch.

Props RomSocial, swissspidy.
Fixes #36195.

Built from https://develop.svn.wordpress.org/branches/4.4@37082


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 18:41:27 +00:00
Dion Hulse
b2275a579b Query: Avoid invalid SQL when building ORDER BY clause using long search strings.
The introduction of negative search terms in 4.4 [34934] introduced the
possibility that the ORDER BY clause of a search query could be assembled in
such a way as to create invalid syntax. The current changeset fixes this by
ensuring that the ORDER BY clause corresponding to the search terms is
excluded when it would otherwise be empty.

Merges [36251] to the 4.4 branch.
Props salvoaranzulla, boonebgorges.
Fixes #35361.

Built from https://develop.svn.wordpress.org/branches/4.4@36354


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-20 04:38:27 +00:00
Dion Hulse
3a05448edf Canonical / Query: After [36280] remove the unit tests which are no longer supported for 4.4.
This also removes the `is_feed()` code to avoid confusion - only pages & embeds will be redirected.
See #35344

Built from https://develop.svn.wordpress.org/branches/4.4@36281


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-13 08:49:26 +00:00
Dion Hulse
26c5f0137f Canonical / Query: Restore the is_404() check in wp_old_slug_redirect() which was removed in [34659].
This reverts part of [34659] due to excessive canonical problems it's caused in 4.4.x.

Fixes #35344, #21602 for the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@36280


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-13 08:20:28 +00:00
Gary Pendergast
715dba65bc Redirects: Prevent redirects if a queried object exists.
After [34659], it became possible to cause an incorrect redirect, by changing the slug of a post, then creating a new post with the old slug. The correct behaviour is to prevent redirecting to the old post.

Props dd32, pento.

Merge of [36128] to the 4.4 branch.

Fixes #35031.


Built from https://develop.svn.wordpress.org/branches/4.4@36129


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-31 03:09:22 +00:00
Boone Gorges
31219ee677 In WP_Query, set is_home to false during REST requests.
Props danielbachhuber.
Fixes #34373.
Built from https://develop.svn.wordpress.org/trunk@35690


git-svn-id: http://core.svn.wordpress.org/trunk@35654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 21:18:26 +00:00
Scott Taylor
af0282891d Rewrite: alleviate conflicts between image attachment pages and posts when permalink structure is /%postname%/.
Adds unit test.

Props SergeyBiryukov.
Fixes #24612.

Built from https://develop.svn.wordpress.org/trunk@35679


git-svn-id: http://core.svn.wordpress.org/trunk@35643 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:59:25 +00:00
Drew Jaynes
7771205935 Query: Introduce the content_pagination filter, which makes it possible to manipulate how post content is split into "pages" in WP_Query::setup_postdata().
The "pages" — or chunks of post content – are determined by splitting based on the presence of `<!-- nextpage -->` tags in the post content.

Props sirzooro, chriscct7.
Fixes #9911.

Built from https://develop.svn.wordpress.org/trunk@35285


git-svn-id: http://core.svn.wordpress.org/trunk@35251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 06:33:27 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Boone Gorges
07b7e7b3c7 Remove dead code from WP_Query::lazyload_term_meta().
Built from https://develop.svn.wordpress.org/trunk@35111


git-svn-id: http://core.svn.wordpress.org/trunk@35076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 02:36:25 +00:00
John Blackbourn
2dd5ad6327 Correct the @since doc for WP_Query::is_embed().
See #32522

Built from https://develop.svn.wordpress.org/trunk@35084


git-svn-id: http://core.svn.wordpress.org/trunk@35049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-12 22:13:25 +00:00
Boone Gorges
c2a0d593ac Allow excluded keywords when searching posts.
Pass a keyword with a leading hyphen to exclude posts containing that keyword.
For example, 'taco -onions' will return posts that contain the word 'taco' but
do not contain the word 'onions'.

Props akibjorklund.
Fixes #33988.
Built from https://develop.svn.wordpress.org/trunk@34934


git-svn-id: http://core.svn.wordpress.org/trunk@34899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 03:18:24 +00:00
Gary Pendergast
83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00
John Blackbourn
ab413e89bf Include post__in as a value available to the orderby parameter in the docs for WP_Query::parse_query().
See #32246

Built from https://develop.svn.wordpress.org/trunk@34836


git-svn-id: http://core.svn.wordpress.org/trunk@34801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 20:58:29 +00:00
Boone Gorges
f6b2797bd3 Remove search_terms from WP_Query doc block.
It's not actually a query param.

Introduced in [28887].
Built from https://develop.svn.wordpress.org/trunk@34795


git-svn-id: http://core.svn.wordpress.org/trunk@34760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 04:36:27 +00:00
Boone Gorges
51ddf2ca9c Correct some WP_Query metadata lazyloading docs.
Props dlh.
Fixes #34047.
Built from https://develop.svn.wordpress.org/trunk@34732


git-svn-id: http://core.svn.wordpress.org/trunk@34696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 04:01:48 +00:00
Boone Gorges
80654eb17a s/add_action()/add_filter() in WP_Query metadata lazyloading.
Props dlh.
See #34047.
Built from https://develop.svn.wordpress.org/trunk@34731


git-svn-id: http://core.svn.wordpress.org/trunk@34695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 04:01:24 +00:00
Boone Gorges
654eeb3785 Improve lazyloading of comment meta in WP_Query loops.
Lazy-loading logic is moved to a method on `WP_Query`. This makes it possible
for comment feeds to take advantage of metadata lazyloading, in addition to
comments loaded via `comments_template()`.

This new technique parallels the termmeta lazyloading technique introduced in
[34704].

Fixes #34047.
Built from https://develop.svn.wordpress.org/trunk@34711


git-svn-id: http://core.svn.wordpress.org/trunk@34675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-30 01:35:26 +00:00
Boone Gorges
db880777f4 Improve lazyloading of term metadata in WP_Query loops.
[34529] introduced lazyloading for the metadata belonging to terms matching
posts in the main `WP_Query`. The current changeset improves this technique
in the following ways:

* Term meta lazyloading is now performed on the results of all `WP_Query` queries, not just the main query.
* Fewer global variable touches and greater encapsulation.
* The logic for looping through posts to identify terms is now only performed once per `WP_Query`.

Props dlh, boonebgorges.
See #34047.
Built from https://develop.svn.wordpress.org/trunk@34704


git-svn-id: http://core.svn.wordpress.org/trunk@34668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 22:00:24 +00:00
Boone Gorges
c36d4fb8a9 WP_Query should not ignore an offset of 0.
Props mazurstas.
Fixes #34060.
Built from https://develop.svn.wordpress.org/trunk@34697


git-svn-id: http://core.svn.wordpress.org/trunk@34661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 19:37:23 +00:00
Gary Pendergast
cf173408cd Permalinks: Add pretty permalinks for unattached attachments.
Previously, unattached attachments would have unsightly `/?attachment_id=1` URLs. As we've moved away from attachments being specifically attached to posts, instead being Media items, this has made the unattached URLs a more common occurrence.

We can breath easy once more, knowing that the world is a little bit safer from the horror of unnecessarily ugly URLs.

Props SergeyBiryukov, wonderboymusic, pento.

Fixes #1914.


Built from https://develop.svn.wordpress.org/trunk@34690


git-svn-id: http://core.svn.wordpress.org/trunk@34654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 09:42:26 +00:00
Gary Pendergast
1db89dd3bf Rewrite: Redirect attachment URLs when their slug changes.
Using the same logic that we use to redirect posts when their slug changes, we can provide the same functionality for attachments. Attachment pages are posts, too.

Props swissspdy.

Fixes #34043.


Built from https://develop.svn.wordpress.org/trunk@34685


git-svn-id: http://core.svn.wordpress.org/trunk@34649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 04:58:25 +00:00
Gary Pendergast
635d3bb34e Rewrite: When redirecting old slugs, include URL endpoints.
Historically, `wp_old_slug_redirect()` has only ever redirected the old slug of posts, it hasn't included URL endpoints, or worked with comment feed URLs. By adding support for these, we ensure a greater range of URLs aren't killed when the slug changes.

Props swissspdy.

Fixes #33920.


Built from https://develop.svn.wordpress.org/trunk@34659


git-svn-id: http://core.svn.wordpress.org/trunk@34623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 06:57:26 +00:00
Drew Jaynes
b818747870 Docs: Add more explicit optional parameter types and return descriptions in the DocBlocks for is_page(), is_single(), is_singular().
Also adds explicit types and return descriptions to the corresponding `WP_Query` methods: `WP_Query::is_page()`, `WP_Query::is_single()`, and `WP_Query::is_singular()`.

Props Shelob9 for the initial patch.
Fixes #33907.

Built from https://develop.svn.wordpress.org/trunk@34502


git-svn-id: http://core.svn.wordpress.org/trunk@34466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 16:18:24 +00:00
Scott Taylor
e19e604a74 Docs: is_main_query()'s _doing_it_wrong() notice suggests using WP_Query statically (WP_Query::is_main_query()). Use an alternate syntax: WP_Query->is_main_query(), to not confuse.
Props DrewAPicture, micahwave.
Fixes #25680.

Built from https://develop.svn.wordpress.org/trunk@34366


git-svn-id: http://core.svn.wordpress.org/trunk@34330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-21 15:31:26 +00:00
Scott Taylor
cb54b8d5a7 WP Query: Avoid using HTML tags in translation strings, add translator strings.
Props ramiy.	
Fixes #31868.

Built from https://develop.svn.wordpress.org/trunk@34345


git-svn-id: http://core.svn.wordpress.org/trunk@34309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:04:24 +00:00
Drew Jaynes
f93dcf9226 Docs: Add descriptions for $wp_query global phpDoc references in wp-includes/query.php, partially documented in [32620].
Fixes #32139.

Built from https://develop.svn.wordpress.org/trunk@34337


git-svn-id: http://core.svn.wordpress.org/trunk@34301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 00:05:26 +00:00
Drew Jaynes
d870f4c9f9 Docs: Fix some syntactical issues in the DocBlock for set_query_var().
Adds descriptions for the global `WP_Query` instance and the `$value` parameter.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@34287


git-svn-id: http://core.svn.wordpress.org/trunk@34251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 10:29:25 +00:00
Drew Jaynes
18adeb92fa Docs: Fix some syntactical issues in the documentation for get_queried_object_id().
Adds descriptions for the global `WP_Query` instance and the return.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@34286


git-svn-id: http://core.svn.wordpress.org/trunk@34250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 10:27:24 +00:00
Drew Jaynes
7a73dfbfb6 Docs: Fix some syntactical isses in the DocBlock for get_queried_object().
Also add descriptions for the return and the `WP_Query` global.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@34285


git-svn-id: http://core.svn.wordpress.org/trunk@34249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 10:21:26 +00:00
Drew Jaynes
05f4e52541 Docs: Add documentation to get_query_var() and WP_Query::get() for the optional $default argument, introduced in 3.9 in [27304].
Props swissspidy.
Fixes #33856.

Built from https://develop.svn.wordpress.org/trunk@34284


git-svn-id: http://core.svn.wordpress.org/trunk@34248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 09:41:27 +00:00
Scott Taylor
af593128a7 Revert [33925], by-reference array manipulation is breaking comments in some themes.
This implementation is losing its shine.

See #16894.

Built from https://develop.svn.wordpress.org/trunk@34245


git-svn-id: http://core.svn.wordpress.org/trunk@34209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 18:14:25 +00:00
Boone Gorges
c0a0d4ba50 Use stricter sanitization for meta query clause keys.
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.
Built from https://develop.svn.wordpress.org/trunk@34090


git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:06:24 +00:00
Boone Gorges
fc884dc7ec Allow setup_postdata() to accept a post ID.
Previously, it accepted only a full post object.

Props sc0ttclark, mordauk, wonderboymusic.
Fixes #30970.
Built from https://develop.svn.wordpress.org/trunk@34089


git-svn-id: http://core.svn.wordpress.org/trunk@34057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:58:23 +00:00
Boone Gorges
1a203b5328 Better default values in WP_Query::get_queried_object().
Setting the default value of the `queried_object_id` property to `0` meant
that, when called early enough in the WP bootstrap, `get_queried_object()`
could short-circuit the normal query by fooling it into thinking that the
request was for a page with id 0. Setting the default value to `null` instead
avoids this problem.

Props gradyetc, jazbek.
Fixes #31355.
Built from https://develop.svn.wordpress.org/trunk@34073


git-svn-id: http://core.svn.wordpress.org/trunk@34041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 03:37:23 +00:00
Scott Taylor
d973339738 After [33891], get_comment() returns global $comment if no args are passed and the global is set (after setting the default to null here). This allows us to ditch global comment imports.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@33963


git-svn-id: http://core.svn.wordpress.org/trunk@33932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 02:51:24 +00:00
Scott Taylor
c231add9fe In wp_list_comments(), update the comment meta cache when the comments derive from WP_Query and the new ->comment_meta_cached prop is false.
There are no uses of `wp_list_comments()` in Core where `$comments` are passed as the 2nd argument.

Adds unit tests.

Props wonderboymusic, bradt.
Fixes #16894.

Built from https://develop.svn.wordpress.org/trunk@33925


git-svn-id: http://core.svn.wordpress.org/trunk@33894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 22:25:24 +00:00
Scott Taylor
e73ee5ac98 Introduce WP_Comment class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Boone Gorges
8a95b13cab In WP_Query::parse_tax_query(), allow 'cat' and 'tag' querystrings to be formatted as arrays.
See [33095] #32454 for a previous fix related to custom taxonomies.

Props Veraxus.
Fixes #33532.
Built from https://develop.svn.wordpress.org/trunk@33724


git-svn-id: http://core.svn.wordpress.org/trunk@33691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-24 21:22:26 +00:00
Scott Taylor
d345a6012c WP_Query: add changelog for the title param after [33706]
Props dimadin.
Fixes #33074.

Built from https://develop.svn.wordpress.org/trunk@33722


git-svn-id: http://core.svn.wordpress.org/trunk@33689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-24 20:10:26 +00:00
Scott Taylor
523b51a359 Query:
Add a query var, `title`, that allows you to query posts by `post_title`. To accomplish this now, you have to do something like:

{{{
$tacos = get_posts( [
  'post_type' => 'taco',
  's' => $name,
  'exact' => true,
  'sentence' => true,
  'post_status' => 'publish',
  'fields' => 'ids',
  'posts_per_page' => 1
] );
}}}

Adds unit tests.

Fixes #33074.

Built from https://develop.svn.wordpress.org/trunk@33706


git-svn-id: http://core.svn.wordpress.org/trunk@33673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-22 16:59:26 +00:00
Dominik Schilling
6d45b63562 WordPress 4.3 has just passed 2,222,222 downloads.
(Fix typo in [33653].)
Built from https://develop.svn.wordpress.org/trunk@33661


git-svn-id: http://core.svn.wordpress.org/trunk@33628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 16:00:28 +00:00
Boone Gorges
7c0d3ab83a Introduce post_name__in parameter for WP_Query.
Props enshrined.
Fixes #33065.
Built from https://develop.svn.wordpress.org/trunk@33653


git-svn-id: http://core.svn.wordpress.org/trunk@33620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 02:19:25 +00:00
Boone Gorges
2096b451c7 In WP_Query::parse_tax_query(), allow taxonomy querystring to be formatted as an array.
Props Veraxus.
Fixes #32454.
Built from https://develop.svn.wordpress.org/trunk@33095


git-svn-id: http://core.svn.wordpress.org/trunk@33066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-06 20:37:24 +00:00
Scott Taylor
1ef11d7789 Add missing doc blocks to query.php.
Clarify `@return` values where necessary.
Some wrapper functions don't need to return if the function they wrap doesn't return.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32620


git-svn-id: http://core.svn.wordpress.org/trunk@32590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 18:15:25 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor
bce851dcf2 Replace array_shift() with reset() where appropriate for performance.
Props SergeyBiryukov.
Fixes #31259.

Built from https://develop.svn.wordpress.org/trunk@31829


git-svn-id: http://core.svn.wordpress.org/trunk@31811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-19 03:56:27 +00:00