Commit Graph

15881 Commits

Author SHA1 Message Date
Jeremy Felt
40bcb404a3 Update home and siteurl after path slashes are validated in update_blog_details()
When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.

Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.

Props earnjam.

Fixes #30417.

Built from https://develop.svn.wordpress.org/trunk@31156


git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 01:57:23 +00:00
Jeremy Felt
eaf7f8df74 Enforce leading and trailing slashes on paths updated with update_blog_details()
In multisite, core expects the stored value for a site's path to have leading and trailing slashes. When these slashes are missing, it becomes impossible to visit the site.

This enforces proper `/path/` creation in `update_blog_details()`, most likely used when updating an existing site through `site-info.php`.

Props earnjam, simonwheatley.

Fixes #18117. Fixes #23865.

Built from https://develop.svn.wordpress.org/trunk@31155


git-svn-id: http://core.svn.wordpress.org/trunk@31136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 01:43:22 +00:00
Gary Pendergast
34636a0e41 If get_avatar_data() is passed an empty value for the default avatar, we should be using the site's avatar_default option instead.
See #21195

Built from https://develop.svn.wordpress.org/trunk@31154


git-svn-id: http://core.svn.wordpress.org/trunk@31135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:23:24 +00:00
Gary Pendergast
3d051df3c9 In get_avatar_data(), there's no need to return false if we couldn't find an avatar, as Gravatar can handle being given an empty email hash. This allows the default avatar to show when no email address is given.
See #21195


Built from https://develop.svn.wordpress.org/trunk@31153


git-svn-id: http://core.svn.wordpress.org/trunk@31134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:20:24 +00:00
Gary Pendergast
4bc89fef32 In get_avatar(), revert the <img> tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the <img> tag.
See #21195


Built from https://develop.svn.wordpress.org/trunk@31152


git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:03:24 +00:00
Scott Taylor
eed3698c49 In WP_Query, only call magic method internals again whitelists of properties and methods, $compat_fields and $compat_methods. Remove __unset() since __set() is not implemented.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31151


git-svn-id: http://core.svn.wordpress.org/trunk@31132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:41:24 +00:00
Scott Taylor
61e12e00c1 In WP_Comment_Query, only allow __call() to run against ->get_search_sql().
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31150


git-svn-id: http://core.svn.wordpress.org/trunk@31131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:33:24 +00:00
Scott Taylor
0e84d59de5 In wp_xmlrpc_server, only allow __call() to run against ->_multisite_getUsersBlogs().
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31149


git-svn-id: http://core.svn.wordpress.org/trunk@31130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:31:22 +00:00
Scott Taylor
ed4e7b01d4 In WP_oEmbed, only allow __call() to run against a whitelist of methods, $compat_methods.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31148


git-svn-id: http://core.svn.wordpress.org/trunk@31129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:27:23 +00:00
Scott Taylor
a4092e90f0 In WP_Roles, only allow __call() to run against ->_init().
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31147


git-svn-id: http://core.svn.wordpress.org/trunk@31128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:23:23 +00:00
Scott Taylor
e6fc90f973 In WP_List_Table, only call magic method internals again whitelists of properties and methods, $compat_fields and $compat_methods.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31146


git-svn-id: http://core.svn.wordpress.org/trunk@31127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:20:22 +00:00
Scott Taylor
2749e46178 In WP_Filesystem_Base, make the only private member, $cache, public and remove magic methods. $cache was always public until [28487], has been essentially public via a magic method since.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31145


git-svn-id: http://core.svn.wordpress.org/trunk@31126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:04:22 +00:00
Scott Taylor
a79c242038 In WP_User_Query, only call magic method internals against a whitelist of properties, $compat_fields.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31144


git-svn-id: http://core.svn.wordpress.org/trunk@31125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:00:23 +00:00
Andrew Ozz
d079899553 TinyMCE wpView: when clicking in the editor optimize the caret placement before or after a view. Props avryl, fixes #30938.
Built from https://develop.svn.wordpress.org/trunk@31143


git-svn-id: http://core.svn.wordpress.org/trunk@31124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 20:42:23 +00:00
Andrew Ozz
49c0b22828 TinyMCE: fix (switch) the indent/outdent icons in RTL mode so the arrow points at the proper direction. Props avryl, fixes #21281.
Built from https://develop.svn.wordpress.org/trunk@31142


git-svn-id: http://core.svn.wordpress.org/trunk@31123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 20:30:26 +00:00
Boone Gorges
77875a273e Walker::$has_children should be public for backward compatibility.
See [31137]. See #30891.
Built from https://develop.svn.wordpress.org/trunk@31141


git-svn-id: http://core.svn.wordpress.org/trunk@31122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 01:56:22 +00:00
Boone Gorges
5c0ddb8602 Default $parent in category_exists() should default to null rather than 0.
[29863] made the corresponding change in `term_exists()`. Failure to change the
default value in `category_exists()` meant that an unspecified value for
`$parent` would limit results to top-level categories.

Includes unit tests and corrected function documentation.

Props hissy.
Fixes #30975 for trunk.
Built from https://develop.svn.wordpress.org/trunk@31140


git-svn-id: http://core.svn.wordpress.org/trunk@31121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 01:26:27 +00:00
Scott Taylor
c9bc1cc46e WP_Ajax_Response has one property only, $responses. It was public until [28508], when it became private in name only. Is it worth 4 magic methods to pretend that this property is private? It is not.
Make it `public` and remove the magic methods.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31139


git-svn-id: http://core.svn.wordpress.org/trunk@31120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 00:13:23 +00:00
Scott Taylor
d8e5aabab5 In WP_Error:
* `wp_send_json_error()` accesses `$errors` on an instance, it must be `public`
* `$error_data` is a local message cache for error codes and doesn't particularly hide info, would be the only non-public field or method in the class

Make `$errors` and `$error_data` public and remove magic methods.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31138


git-svn-id: http://core.svn.wordpress.org/trunk@31119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 00:01:22 +00:00
Scott Taylor
b962499be6 In Walker:
* Every subclass of `Walker` overrides `$db_fields` and makes it public
* `wp_list_comments()` accesses `->max_pages` on an instance of `Walker`, it must be public
* `$has_children` was added as `protected` in 4.0. doesn't need BC

Make `$db_fields` and `$max_pages` public and remove magic methods.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31137


git-svn-id: http://core.svn.wordpress.org/trunk@31118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 23:44:23 +00:00
Scott Taylor
eab3aa7802 In WP_MatchesMapRegex:
* Exactly one method was made private in [28516], and is only used internally.
* 2 properties were made private, but they just store variables passed to the constructor.
* Instances of this class are never created in core. `WP_MatchesMapRegex::apply()` is called statically in `WP->parse_request()` and `url_to_postid()`. 

The chances that: 
1) this class is used as an instance somewhere and 
2) the properties that have always been marked `@access private` and begin with `_` were used publicly

...is extremely low.

Remove the magic methods, I should not have added them.

While we're at it, use the PHP5-style `__construct()` instead of the class name.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31136


git-svn-id: http://core.svn.wordpress.org/trunk@31117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 23:27:21 +00:00
Scott Taylor
65a459b34f In WP_Text_Diff_Renderer_Table:
* In [28525], `$_diff_threshold`, `$inline_diff_renderer`, and `$_show_split_view` were marked `protected`; magic methods were also added.
* The magic methods should only perform operations on a whitelisted set of properties, now specified in `$compat_fields`
* Remove `__call()`, is unnecessary and can wreak havoc on the parent class.

This class is used in one place: `wp_text_diff()`.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31135


git-svn-id: http://core.svn.wordpress.org/trunk@31116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 22:58:24 +00:00
Scott Taylor
a56d920454 In Custom_Image_Header:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` values
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 4 properties marked `private`: `$uploaded_headers`, `$default_headers`, `$page`, and `$updated` - `$page` and `$uploaded_headers` are never used and `$updated` was added by me in [30187] during 4.1. `$default_headers` does not necessarily need to be `private`

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the `$uploaded_headers` property - it is used nowhere and is dead code.
Set `$default_headers` to `public`.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31134


git-svn-id: http://core.svn.wordpress.org/trunk@31115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 22:11:22 +00:00
Scott Taylor
61f5cc459e In Custom_Background:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` value
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 2 properties marked `private`, `$page` and `$updated` - `$page` is never used and `$updated` was added by me in [30186] during 4.1

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31133


git-svn-id: http://core.svn.wordpress.org/trunk@31114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:59:22 +00:00
Scott Taylor
806b2e9bae get_post() takes $output as its 2nd param. The @return annotation should reflect the function's ability to return an array.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31132


git-svn-id: http://core.svn.wordpress.org/trunk@31113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:38:23 +00:00
Scott Taylor
56d6682461 In edit-form-advanced.php:
* `get_permalink( $post_ID )` can return `false`, set it to a variable and check it
* Using the variable allows us to replace 11 separate calls to `get_permalink( $post_ID )` in the file
* These notices were triggered by the potential for `false` to be passed to `esc_url()`

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31131


git-svn-id: http://core.svn.wordpress.org/trunk@31112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:21:22 +00:00
Scott Taylor
a6d6ba957b get_header_image() can return false. In Custom_Image_Header->step_1(), check the value before setting the background-image portion of the style attribute. Setting the the URL to empty string will cause the current request to be set as the source of the background image.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31130


git-svn-id: http://core.svn.wordpress.org/trunk@31111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:08:22 +00:00
Scott Taylor
aaae4e9df0 Since get_theme_mod() returns false on failure, $background_image_thumb can be set to it and checked instead of calling get_background_image() 3 times in Custom_Background->admin_page().
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31129


git-svn-id: http://core.svn.wordpress.org/trunk@31110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 20:44:22 +00:00
Scott Taylor
2b6b7c0235 Declare $action as a global in wp-admin/comment.php.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31128


git-svn-id: http://core.svn.wordpress.org/trunk@31109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 20:42:24 +00:00
Scott Taylor
5547115dc2 Fix some @param docs that have chars too close them.
Add `@property` annotations to `WP_User` and `WP_Post`.
Remove erroneous `@param`s from image editor class methods.
Officially add the property `$_column_headers` to `WP_List_Table`.	

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31127


git-svn-id: http://core.svn.wordpress.org/trunk@31108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:57:22 +00:00
Scott Taylor
0a511680f4 Adding a @return annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31126


git-svn-id: http://core.svn.wordpress.org/trunk@31107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:54:23 +00:00
Scott Taylor
da99d29a59 Adding a @return annotation to constructors is generally not recommended as a constructor does not have a meaningful return value - anything that is returned is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31125


git-svn-id: http://core.svn.wordpress.org/trunk@31106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:13:22 +00:00
Scott Taylor
1b3f91f500 Declare $wp_version, $required_php_version, and $required_mysql_version as globals in install and upgrade admin files.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31124


git-svn-id: http://core.svn.wordpress.org/trunk@31105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 05:57:22 +00:00
Scott Taylor
1bac6fb886 In wp-admin/includes/revision.php, $post->modified is a coding error. It should be $post->post_modified.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31123


git-svn-id: http://core.svn.wordpress.org/trunk@31104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 05:50:22 +00:00
Scott Taylor
d6ce5dd553 WP_Upgrader will take any "skin" that is passed to it, and set ->skin via composition. The default type of ->skin is WP_Upgrader_Skin, which doesn't have methods declared for ->bulk_header() and ->bulk_footer(). Add noop methods to WP_Upgrader_Skin.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31122


git-svn-id: http://core.svn.wordpress.org/trunk@31103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 05:42:22 +00:00
Scott Taylor
84867b3e9c Admin globals:
* Declare `$wp_importers` as a global in `admin.php`
* Declare `$post_type`, `$post_type_object`, and  `$post` as globals where applicable

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31121


git-svn-id: http://core.svn.wordpress.org/trunk@31102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 05:29:22 +00:00
Scott Taylor
ac654632fe Use PHP_SAPI constant instead of php_sapi_name() in iis7_supports_permalinks(), wp_fix_server_vars(), and wp_redirect().
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Scott Taylor
afd09f1f04 In wp_ajax_upload_attachment(), wp_check_filetype_and_ext() doesn't need a 3rd param - it already defaults to null. Passing false would fail a strict check
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31119


git-svn-id: http://core.svn.wordpress.org/trunk@31100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:55:25 +00:00
Andrew Ozz
3324fb71f6 TinyMCE editor-expand: when kitchensink is off hide the statusbar on loading, and when the editor is shorter then the viewport. Props avryl, fixes #30961.
Built from https://develop.svn.wordpress.org/trunk@31118


git-svn-id: http://core.svn.wordpress.org/trunk@31099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 01:32:26 +00:00
Andrew Ozz
71885dceca Media modal: do not attempt to focus the hidden file input field added by Plupload when tabbing. Props afercia, fixes #30392.
Built from https://develop.svn.wordpress.org/trunk@31117


git-svn-id: http://core.svn.wordpress.org/trunk@31098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:47:29 +00:00
Scott Taylor
709698a579 In Custom_Background and Custom_Header:
* In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. 
* Bail if `add_theme_page()` returns `false`
* `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31116


git-svn-id: http://core.svn.wordpress.org/trunk@31097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:07:22 +00:00
Scott Taylor
236d8ae9dc After [31016], would be cool if we actually included the froogaloop file to interact with Vimeo.
Props dimadin.
Fixes #29267.

Built from https://develop.svn.wordpress.org/trunk@31115


git-svn-id: http://core.svn.wordpress.org/trunk@31096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 20:04:23 +00:00
Boone Gorges
df945fcdcb In get_permalink(), don't resolve to pretty permalink if post has 'future' status.
We already do this for other non-public statuses, to prevent leaking non-public
information about unpublished posts.

Props e.mazovetskiy, CalEvans.
Fixes #30910.
Built from https://develop.svn.wordpress.org/trunk@31114


git-svn-id: http://core.svn.wordpress.org/trunk@31095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 16:40:22 +00:00
Sergey Biryukov
7b04e6d4f4 Add variable type for sync_category_tag_slugs() parameters.
props tillkruess.
fixes #30718.
Built from https://develop.svn.wordpress.org/trunk@31113


git-svn-id: http://core.svn.wordpress.org/trunk@31094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 11:19:22 +00:00
Sergey Biryukov
2be2af7789 Avoid a PHP notice in _WP_Editors::wp_fullscreen_html() when no $post global is set.
props marcochiesi.
fixes #30071.
Built from https://develop.svn.wordpress.org/trunk@31112


git-svn-id: http://core.svn.wordpress.org/trunk@31093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 10:28:23 +00:00
Sergey Biryukov
a2f9b410f8 Toolbar: Make network admin accessible via keyboard.
props Cheffheid.
fixes #29422.
Built from https://develop.svn.wordpress.org/trunk@31111


git-svn-id: http://core.svn.wordpress.org/trunk@31092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 09:51:22 +00:00
Sergey Biryukov
e214fce67f Use localized format for Last Updated date in plugin details modal, for consistency with [31055].
see #30717.
Built from https://develop.svn.wordpress.org/trunk@31110


git-svn-id: http://core.svn.wordpress.org/trunk@31091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 06:21:22 +00:00
Sergey Biryukov
d5d0b367ab Improve documentation for media_handle_upload().
props ericlewis.
fixes #30962.
Built from https://develop.svn.wordpress.org/trunk@31109


git-svn-id: http://core.svn.wordpress.org/trunk@31090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 05:05:23 +00:00
Sergey Biryukov
e24b443f50 Correct @return value for WP_Theme::load_textdomain() after [30681].
see #30224.
Built from https://develop.svn.wordpress.org/trunk@31108


git-svn-id: http://core.svn.wordpress.org/trunk@31089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:54:24 +00:00
Gary Pendergast
5ee3ff435d Add get_avatar_url(), for retrieving just the URL of an avatar, rather than the entire <img> tag that get_avatar() produces.
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.

Fixes #21195.

Props mdawaffe, pento, pathawks, DrewAPicture


Built from https://develop.svn.wordpress.org/trunk@31107


git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:43:23 +00:00