Commit Graph

314 Commits

Author SHA1 Message Date
desrosj
0d6541c100 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option. 

Merges [47948-47951] to the 5.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@47960


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:12:52 +00:00
whyisjake
da95cca74c Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Prevent  stored XSS through wp_targeted_link_rel().

Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 5.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

Prevent stored XSS in the block editor.

Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras.

Built from https://develop.svn.wordpress.org/branches/5.2@46901


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:18:54 +00:00
Peter Wilson
426d43abb7 Site health: Introduce view_site_health_checks capability.
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.

The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.

The capability is granted on the `user_has_cap` filter.

Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Merges [45507] to the 5.2 branch.
Fixes #46957 for 5.2.2.


Built from https://develop.svn.wordpress.org/branches/5.2@45508


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 07:50:53 +00:00
Felix Arntz
3a77265148 Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44973


git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 21:53:51 +00:00
Andrea Fercia
b2ae00cd21 Accessibility: Ensure embed iframes have a title attribute.
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).

- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe

Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes #40245.

Built from https://develop.svn.wordpress.org/trunk@44942


git-svn-id: http://core.svn.wordpress.org/trunk@44773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 17:22:51 +00:00
Boone Gorges
05fa2363ab Posts: Avoid the use of globals in get_the_content() and related functions.
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.

The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.

Props spacedmonkey, kraftbj, Shital Patel.
Fixes #42814.
Built from https://develop.svn.wordpress.org/trunk@44941


git-svn-id: http://core.svn.wordpress.org/trunk@44772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 15:49:49 +00:00
Peter Wilson
d9a1f99d9c Customize: Remove wp_targeted_link_rel pre-save filter from change-sets.
The pre-save filters added to links in [43732] could invalidate JSON data when saving Customizer change-sets.

This removes the filters when saving and publishing change-sets.

Props peterwilsoncc, nikeo for testing.
See #45292.


Built from https://develop.svn.wordpress.org/trunk@44714


git-svn-id: http://core.svn.wordpress.org/trunk@44545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-29 21:29:50 +00:00
desrosj
102b13cdb9 Styles: Add helper functions for loading block styles.
Blocks are able to register styles that used in the editor and the frontend, or only in the editor. These functions ensure the correct styles are loaded in the correct place.

Props pento.

Merges [43812] to trunk.

See #45065.
Built from https://develop.svn.wordpress.org/trunk@44157


git-svn-id: http://core.svn.wordpress.org/trunk@43987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:36:38 +00:00
desrosj
c2f3636e4a Blocks: Parse blocks when displaying posts.
Posts containing blocks are now correctly handled when displaying on the front end, including dynamic blocks and nested blocks.

Props pento.

Merges [43752] to trunk.

See #45109.
Built from https://develop.svn.wordpress.org/trunk@44118


git-svn-id: http://core.svn.wordpress.org/trunk@43948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 22:22:38 +00:00
desrosj
5db34748e6 Script loader: Adjust JS packages registration.
Adjusts the packages registration after [43723]:

    Combine the different registration functions into one `wp_default_packages` function. To reach this goal move the prefix logic into a function so it can be called from different locations. Use a static variable there to prevent duplicate inclusion of `version.php`.

    Call this function from the `wp_default_scripts` action by registering it as a default filter.

    Combine some of the logic in `_WP_Editors::print_tinymce_scripts` into `wp_register_tinymce_scripts`. The logic to force an uncompressed TinyMCE script file stays in `_WP_Editors::force_uncompressed_tinymce` because that logic is very specific to the classic editor.

    The script handle `wp-tinymce` is now a dependency of the editor script handle. In combination with the previous item, this makes the classic editor work.

    Adjust the syntax of the script paths to be more consistent with other WordPress code.

    Always use "production" mode for the media files to prevent people from inadvertently committing development files.

Props pento, omarreiss, atimmer.

Merges [43738] into trunk.

Fixes #45065.
Built from https://develop.svn.wordpress.org/trunk@44115


git-svn-id: http://core.svn.wordpress.org/trunk@43945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 17:27:38 +00:00
Jeremy Felt
2dce718157 REST API: Move object type-specific metadata integrations from the wrapper functions to the low-level Meta API functions.
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.

Merges [43729] to trunk.

Props flixos90, spacedmonkey.
Fixes #44467.

Built from https://develop.svn.wordpress.org/trunk@43982


git-svn-id: http://core.svn.wordpress.org/trunk@43814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 03:02:24 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov
ae2b929294 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.
Built from https://develop.svn.wordpress.org/trunk@43232


git-svn-id: http://core.svn.wordpress.org/trunk@43061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:53:21 +00:00
iandunn
8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
iandunn
06fd54dab6 Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
See #43967.

Built from https://develop.svn.wordpress.org/trunk@43211


git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 05:00:20 +00:00
Andrew Ozz
362e9754f3 Privacy: increase filter priority of the User group in Personal Data Exports.
Props allendav desrosj.
See #43966.
Built from https://develop.svn.wordpress.org/trunk@43195


git-svn-id: http://core.svn.wordpress.org/trunk@43024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:12:21 +00:00
Andrew Ozz
f4e6b7a29c Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.

Built from https://develop.svn.wordpress.org/trunk@43055


git-svn-id: http://core.svn.wordpress.org/trunk@42884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:59:21 +00:00
Andrew Ozz
c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Andrew Ozz
81668f8312 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.
Built from https://develop.svn.wordpress.org/trunk@42994


git-svn-id: http://core.svn.wordpress.org/trunk@42823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 12:19:21 +00:00
Andrew Ozz
3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
Andrew Ozz
4fed9aa6bd Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Fixes #43440.
Built from https://develop.svn.wordpress.org/trunk@42888


git-svn-id: http://core.svn.wordpress.org/trunk@42718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 17:25:31 +00:00
Andrew Ozz
8ae59374f3 Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz.
See #43436.
Built from https://develop.svn.wordpress.org/trunk@42772


git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00
Andrew Ozz
de8936588c Add pre-save content filter to make target=_blank always secure.
Props notnownikki, iseulde, azaozz
Fixes #43187
Built from https://develop.svn.wordpress.org/trunk@42770


git-svn-id: http://core.svn.wordpress.org/trunk@42600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-02 14:42:31 +00:00
Peter Wilson
a492541c35 Formatting: Do not run formatting and texturization on author bios.
Removes the formatting and texturization added to author bios in #40040 due to back-compatibility concerns.

Reverts [41172], [41173].

Props 0x6f0, rabmalin for review.
Fixes #42578.


Built from https://develop.svn.wordpress.org/trunk@42441


git-svn-id: http://core.svn.wordpress.org/trunk@42271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-13 01:11:49 +00:00
Gary Pendergast
6da54f0d9b Canonical URLs: Redirect to the correct URL when the post date changes.
When a post slug is changed, we store a copy of the old slug, so that we can redirect visitors visiting the old URL to the new URL.

In the same way, this stores a copy of the old date, when the post date changes, so we can redirect visitors to the new URL.

Props nickmomrik.
Fixes #15397 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42401


git-svn-id: http://core.svn.wordpress.org/trunk@42230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-15 08:31:47 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Aaron Jorbin
b8fc8cb59c Dashboard: Remove "Try Gutenberg" callout.
Reverting this for 4.9. It will be added back in a future version of WordPress. This doesn't mean that you shouldn't be trying Gutenberg, just that it isn't ready for a call out to a larger audience. But if you are the type to read commit messages, https://github.com/WordPress/gutenberg could use your pull requests and comments on issues.

Reverts [41931] [41900] [41896] [41895]
See #41316


Built from https://develop.svn.wordpress.org/trunk@41978


git-svn-id: http://core.svn.wordpress.org/trunk@41812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 20:48:47 +00:00
Dion Hulse
26f9c6b909 Transients: Clear expired transients from the database in a daily cron task.
Fixes #41699

Built from https://develop.svn.wordpress.org/trunk@41963


git-svn-id: http://core.svn.wordpress.org/trunk@41797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-21 13:22:49 +00:00
Gary Pendergast
3981736cd6 Dashboard: Introduce a "Try Gutenberg" callout.
To encourage more people to try Gutenberg, this new Dashboard box allows site users to easily install and try out Gutenberg.

Props pento, melchoyce, joen, karmatosed.
Fixes #41316.


Built from https://develop.svn.wordpress.org/trunk@41895


git-svn-id: http://core.svn.wordpress.org/trunk@41729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 10:04:47 +00:00
John Blackbourn
50948669eb Users: Revert [41613], [41614], and [41623] as this feature needs some more work.
See #38741

Built from https://develop.svn.wordpress.org/trunk@41753


git-svn-id: http://core.svn.wordpress.org/trunk@41587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 22:17:46 +00:00
John Blackbourn
807bc5a6c9 Users: Introduce the concept of a large site in order to speed up the Users screen when there are many users.
Calling the `count_users()` function is expensive, regardless of the counting strategy that's used, and it gets
slower the more users there are on a site. In order to speed up the Users screen in the admin area, calling
`count_users()` can be avoided entirely while still displaying the total count for users.

This introduces some new functions:

* `wp_is_large_user_count()`
* `wp_get_active_user_count()`
* `wp_update_active_user_count()`

A corresponding `wp_is_large_user_count` filter is also introduced.

Props tharsheblows, johnbillion

Fixes #38741

Built from https://develop.svn.wordpress.org/trunk@41613


git-svn-id: http://core.svn.wordpress.org/trunk@41448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 13:04:47 +00:00
Weston Ruter
84d2c51153 Widgets: Add shortcode support inside Text widgets.
* Used now in core to facilitate displaying inserted media. See #40854.
* The `[embed]` shortcode is not supported because there is no post context for caching oEmbed responses. This depends on #34115.
* Add `do_shortcode()` to the `widget_text_content` filter in the same way it is added for `the_content` at priority 11, with `shortcode_unautop()` called at priority 10 after `wpautop()`.
* For Text widget in legacy mode, manually apply `do_shortcode()` (and `shortcode_unautop()` if auto-paragraph checked) if the core-added `widget_text_content` filter remains, unless a plugin added `do_shortcode()` to `widget_text` to prevent applying shortcodes twice.
* Ensure that global `$post` is `null` while filters apply in the Text widget so shortcode handlers won't run with unexpected contexts.

Props westonruter, nacin, aaroncampbell.
See #40854, #34115.
Fixes #10457.

Built from https://develop.svn.wordpress.org/trunk@41361


git-svn-id: http://core.svn.wordpress.org/trunk@41194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 06:33:44 +00:00
Felix Arntz
f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
Konstantin Obenland
e183d59acb Map nav menu locations on theme switch
This will send nav menu locations through three levels of mapping:
1. If both themes have only one location, that gets mapped.
2. If both themes have locations with the same slug, they get mapped.
3. Locations that (even partially) match slugs from a similar kind of menu location will get mapped.

Menu locations are mapped for Live Previews in the Customizer and during theme switches.

Props westonruter, obenland, welcher, melchoyce.
Fixes #39692.


Built from https://develop.svn.wordpress.org/trunk@41237


git-svn-id: http://core.svn.wordpress.org/trunk@41077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-09 21:04:47 +00:00
John Blackbourn
41f71598f7 Formatting: Introduce get_the_post_type_description() to allow post type archive descriptions to be formatted the same as author and term archives.
Props henry.wright

Fixes #40040

Built from https://develop.svn.wordpress.org/trunk@41232


git-svn-id: http://core.svn.wordpress.org/trunk@41072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-04 23:01:44 +00:00
John Blackbourn
01e64d9ed0 Formatting: Add formatting and texturization to author descriptions so they match the formatting of term descriptions.
Props henry.wright

Fixes #40040

Built from https://develop.svn.wordpress.org/trunk@41172


git-svn-id: http://core.svn.wordpress.org/trunk@41012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 15:10:42 +00:00
Weston Ruter
1a005d853f Widgets: Replace adding balanceTags on widget_custom_html_content filter in favor of just applying widget_text filters in the Custom HTML widget.
Ensures that users who copy HTML from the Text widget in legacy mode over to the Custom HTML widget will continue to get all of the same filters applied, including tag balancing and shortcodes, if a plugin added support. Plugins still have the `widget_text_content` and `widget_custom_html_content` filters they can use to target the specific widget types.

Amends [40893].
See #40951.
Fixes #40907 for trunk.

Built from https://develop.svn.wordpress.org/trunk@41086


git-svn-id: http://core.svn.wordpress.org/trunk@40926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-18 22:11:44 +00:00
Weston Ruter
a46d94efeb Widgets: Rename "HTML Code" widget to "Custom HTML" widget.
Correspondingly renames files, ID base from `html_code` to `custom_html`, and the filter from `widget_html_code_content` to `widget_custom_html_content`.

See #40907.

Built from https://develop.svn.wordpress.org/trunk@40926


git-svn-id: http://core.svn.wordpress.org/trunk@40776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-24 00:00:45 +00:00
Weston Ruter
38db73cff8 Widgets: Add widget dedicated for HTML Code, taking over this role of the Text widget.
Props westonruter, timmydcrawford.
See #40951, #35243.
Fixes #40907.

Built from https://develop.svn.wordpress.org/trunk@40893


git-svn-id: http://core.svn.wordpress.org/trunk@40743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-09 23:54:42 +00:00
Konstantin Obenland
9bbbc719d4 Dashboard: Properly localize data for events
Moves localization to script-loader and removes dependency for two strings.

Props dd32, iandunn.
See #40702.

Built from https://develop.svn.wordpress.org/trunk@40776


git-svn-id: http://core.svn.wordpress.org/trunk@40634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-18 14:34:43 +00:00
Weston Ruter
d8f94986b2 Customize: Keep alive auto-drafts created for page/post stubs when parent changeset is updated, and delete when changeset is garbage-collected.
Props utkarshpatel, westonruter.
See #31089.
Fixes #39715.

Built from https://develop.svn.wordpress.org/trunk@40676


git-svn-id: http://core.svn.wordpress.org/trunk@40539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 05:37:44 +00:00
Weston Ruter
40ebb188cd Widgets: Extend the Text widget with TinyMCE.
Introduces rich text formatting: bold, italic, lists, links.

Props westonruter, azaozz, timmydcrawford, obenland, melchoyce.
See #35760.
Fixes #35243.

Built from https://develop.svn.wordpress.org/trunk@40631


git-svn-id: http://core.svn.wordpress.org/trunk@40492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 18:55:43 +00:00
Weston Ruter
7349c22b73 Customize: Fix clearing of fresh_site option flag when editing sidebars on widgets admin screen.
Amends [38991].
See #38114, #38533.
Fixes #40722.

Built from https://develop.svn.wordpress.org/trunk@40608


git-svn-id: http://core.svn.wordpress.org/trunk@40478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 21:25:41 +00:00
Sergey Biryukov
2b48ca580e Embeds: Change the embed_autourls option filter from default_option_* to pre_option_* to avoid a DB query.
The option was removed from core in [21998], but still might be used by plugins.

Props dlh.
Fixes #38924.
Built from https://develop.svn.wordpress.org/trunk@40360


git-svn-id: http://core.svn.wordpress.org/trunk@40267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 13:56:43 +00:00
Weston Ruter
15ddaa269e Customize: Bump wp_custom_css_cb from running at wp_head priority 11 to 101 to ensure Custom CSS overrides other CSS.
Aligns `wp_head` action priority with Jetpack's Custom CSS.

Amends [38829].
See #35395, #38672.
Fixes #39270.

Built from https://develop.svn.wordpress.org/trunk@39616


git-svn-id: http://core.svn.wordpress.org/trunk@39556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-16 07:29:42 +00:00
Weston Ruter
e35ac97641 Customize: Remove premature (and verbose) check of fresh_site option due to database not being ready on multisite.
Fixes regression in [38991].
See #38114.

Built from https://develop.svn.wordpress.org/trunk@38994


git-svn-id: http://core.svn.wordpress.org/trunk@38936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 03:43:30 +00:00
Weston Ruter
75535c596b Customize: Introduce starter content and site freshness state.
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.

* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.

Props helen, westonruter, ocean90.
Fixes #38114, #38533.

Built from https://develop.svn.wordpress.org/trunk@38991


git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:57:35 +00:00
Dominik Schilling
7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00