Commit Graph

399 Commits

Author SHA1 Message Date
whyisjake
51d665a4a5 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@46496


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:02:25 +00:00
Sergey Biryukov
139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Jeremy Felt
6f3f00ea97 Multisite: Change WP_Network id property to an integer.
For consistency and developer sanity.

Props flixos90.
Fixes #37050.

Built from https://develop.svn.wordpress.org/trunk@37870


git-svn-id: http://core.svn.wordpress.org/trunk@37811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-26 14:26:29 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Drew Jaynes
6d06e53dba Docs: Improve the DocBlock summary for add_theme_support().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@37673


git-svn-id: http://core.svn.wordpress.org/trunk@37639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 00:07:30 +00:00
Drew Jaynes
6e8102dae6 Docs: Add documentation for the variadic second parameter, $args, accepted by add_theme_support().
h/t kevinwhoffman
Fixes #37067.

Built from https://develop.svn.wordpress.org/trunk@37672


git-svn-id: http://core.svn.wordpress.org/trunk@37638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 00:03:28 +00:00
Drew Jaynes
916a055361 Docs: Improve documentation for the $feature parameter in the DocBlock for add_theme_support().
See #32246. See #37067.

Built from https://develop.svn.wordpress.org/trunk@37671


git-svn-id: http://core.svn.wordpress.org/trunk@37637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 20:34:55 +00:00
Drew Jaynes
9193013158 Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes
136296c111 Docs: Standardize filter docs in wp-includes/theme.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37493


git-svn-id: http://core.svn.wordpress.org/trunk@37461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:18:29 +00:00
Drew Jaynes
f52a8cb1fa Docs: Remove/replace invalid inline @link tags in DocBlocks in wp-includes/*.
Fixes #36910.

Built from https://develop.svn.wordpress.org/trunk@37487


git-svn-id: http://core.svn.wordpress.org/trunk@37455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 17:39:28 +00:00
Drew Jaynes
b1804afeaf Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs.
Also use 'back-compat' in some inline comments where backward compatibility is the subject and shorthand feels more natural.

Note: 'backwards compatibility/compatibile' can also be considered correct, though it's primary seen in regular use in British English.

Props ocean90.
Fixes #36835.

Built from https://develop.svn.wordpress.org/trunk@37431


git-svn-id: http://core.svn.wordpress.org/trunk@37397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 18:41:31 +00:00
Rachel Baker
ddbde15454 Post Thumbnails: Fix logic bug and tests from [37308] where post-thumbnails support wasn’t added if there were no previous post_types with support already.
See #22080
Built from https://develop.svn.wordpress.org/trunk@37313


git-svn-id: http://core.svn.wordpress.org/trunk@37279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-26 20:29:27 +00:00
Rachel Baker
af5c5a9a25 Post Thumbnails: When using add_theme_support( ‘post-thumbnails’, array( $post_types) ) merge the supported post_types.
Allow the adding of post-thumbnail support for one or more post_types without unsetting any previously added post_types. This matches the behavior of other uses of `add_theme_support()` and the expectations of a function with a prefix of “add”.
To unset post-thumbnail support use `remove_theme_support()` instead.

Fixes #22080

Props alexkingorg, jmichaelward, and flixos90.
Built from https://develop.svn.wordpress.org/trunk@37308


git-svn-id: http://core.svn.wordpress.org/trunk@37274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-26 17:05:31 +00:00
Aaron Jorbin
c1d684383c Prevent PHP Warnings when using Custom Logo with no params
The parsing of defaults assumes that $args will be an array. This solves it for Custom Logo the same way it is solved for custom-header and custom-background.

Props obenland.
Fixes #36332.


Built from https://develop.svn.wordpress.org/trunk@37092


git-svn-id: http://core.svn.wordpress.org/trunk@37059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 02:22:26 +00:00
Drew Jaynes
cb457da489 Docs: Improve the DocBlocks for get_header_textcolor() and header_textcolor() to mention that they both retrieve color values in the HEX format.
Props theMikeD.
Fixes #36336.

Built from https://develop.svn.wordpress.org/trunk@37083


git-svn-id: http://core.svn.wordpress.org/trunk@37050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-25 23:06:27 +00:00
Konstantin Obenland
cbbf361c03 Customize: Bring custom-logo args closer to custom-header.
Allows themes to specify the desired width and height of logos, and whether
that is flexible or not. Has the benefit of not having to generate a logo-sized
file for every image uploaded.

Props westonruter, celloexpressions.
Fixes #36255.


Built from https://develop.svn.wordpress.org/trunk@37077


git-svn-id: http://core.svn.wordpress.org/trunk@37044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-24 02:02:27 +00:00
Weston Ruter
f3f84d2f21 Customize: Require opt-in for selective refresh of widgets.
* Introduces `customize-selective-refresh-widgets` theme support feature and adds to themes.
* Introduces `customize_selective_refresh` arg for `WP_Widget::$widget_options` and adds to all core widgets.
* Remove `selective_refresh` from being a component that can be removed via `customize_loaded_components` filter.
* Add `WP_Customize_Widgets::get_selective_refreshable_widgets()` and `WP_Customize_Widgets::is_widget_selective_refreshable()`.
* Fix default `selector` for `Partial` instances.
* Implement and improve Masronry sidebar refresh logic in Twenty Thirteen and Twenty Fourteen, including preservation of initial widget position after refresh.
* Re-initialize ME.js when refreshing `Twenty_Fourteen_Ephemera_Widget`.

See #27355.
Fixes #35855.

Built from https://develop.svn.wordpress.org/trunk@37040


git-svn-id: http://core.svn.wordpress.org/trunk@37007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-21 21:59:29 +00:00
Aaron Jorbin
1972aa2a2a Add grunt prerelease task
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.

See #35557

Built from https://develop.svn.wordpress.org/trunk@36930


git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-10 05:37:27 +00:00
Konstantin Obenland
dabfefcee2 Themes: Support second argument in theme support for custom logo.
See #33755.

Built from https://develop.svn.wordpress.org/trunk@36909


git-svn-id: http://core.svn.wordpress.org/trunk@36877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-09 21:51:27 +00:00
Dominik Schilling
3f3fe5a7ed Themes: Use the attachment ID as the key in get_uploaded_header_images().
Prevents missing header images when an image has the same name as another header image.

Props sirbrillig.
Fixes #31786.
Built from https://develop.svn.wordpress.org/trunk@36539


git-svn-id: http://core.svn.wordpress.org/trunk@36506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 22:12:27 +00:00
Drew Jaynes
deeb5f1471 Themes: Pass information about the old theme in the form of a WP_Theme object when the switch_theme action is fired.
Props MikeHansenMe.
See #22401.

Built from https://develop.svn.wordpress.org/trunk@36502


git-svn-id: http://core.svn.wordpress.org/trunk@36469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-07 08:26:25 +00:00
Pascal Birchler
fa9b71e423 Docs: Document the default value for the $validate parameter in the validate_current_theme hook docs.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@35976


git-svn-id: http://core.svn.wordpress.org/trunk@35941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 20:10:25 +00:00
Pascal Birchler
4e6e728703 Docs: Correct a parameter name for the validate_current_theme filter.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@35972


git-svn-id: http://core.svn.wordpress.org/trunk@35937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 19:36:28 +00:00
Pascal Birchler
f522e69a57 Docs: Fix a typo in the stylesheet_directory filter docs.
Props ixkaito.
Fixes #34859.
Built from https://develop.svn.wordpress.org/trunk@35799


git-svn-id: http://core.svn.wordpress.org/trunk@35763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:57:24 +00:00
Konstantin Kovshenin
919867b090 Docs: Remove some more dittography.
See #34885, r35793.

Built from https://develop.svn.wordpress.org/trunk@35796


git-svn-id: http://core.svn.wordpress.org/trunk@35760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:50:25 +00:00
Scott Taylor
79a2915a9b Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining CORE_UPGRADE_SKIP_NEW_BUNDLED as false.
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do. 

Props nacin, jeremyfelt, dd32.
See #34306.

Built from https://develop.svn.wordpress.org/trunk@35738


git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Andrew Ozz
f34c16674a Responsive images: fix args order and streamline the srcset and sizes generation and better inline docs in get_header_image_tag().
See #21389.
Built from https://develop.svn.wordpress.org/trunk@35595


git-svn-id: http://core.svn.wordpress.org/trunk@35559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 01:59:25 +00:00
Andrew Ozz
a86cac1676 Responsive images: add template helper functions to generate the tag for a (responsive) header image that includes srcset and sizes attributes.
Props Otto42, joemcgill, DH-Shredder, azaozz.
Fixes #21389.
Built from https://develop.svn.wordpress.org/trunk@35594


git-svn-id: http://core.svn.wordpress.org/trunk@35558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 01:17:26 +00:00
Konstantin Obenland
c69e96422b Themes: Improve document title output.
Introduces more flexibility in filtering all parts of the document title,the
separator, and a way to short-circuit title generation. Plugins can now also
check for theme support and reliably filter the entire output. See #18548.
Deprecates `wp_title()`.

Fixes #31078.


Built from https://develop.svn.wordpress.org/trunk@35294


git-svn-id: http://core.svn.wordpress.org/trunk@35260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 16:21:25 +00:00
Boone Gorges
0e7c1d3b14 Use wp_installing() instead of WP_INSTALLING constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Weston Ruter
aedb4c3ee2 Customizer: Flesh out phpdoc description for _wp_customize_include().
Also add brackets around single-statement inline `if` statement.

Fixes #33488.

Built from https://develop.svn.wordpress.org/trunk@34554


git-svn-id: http://core.svn.wordpress.org/trunk@34518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 19:36:25 +00:00
Aaron Jorbin
c09b0477b2 Flush rewrite rules upon theme switch
Themes can ( and do ) but shouldn't include custom rewrite rules.This can lead to hard to debug issues for theme authors. Theme changes are not a ultra common conclusion. Flushing the rewrite rules on theme switch will lead to a clean slate for each theme which helps make debugging easier.

And @nacin said we should do this 5 years ago at WordCamp Mid Atlantic.

Fixes #14849


Built from https://develop.svn.wordpress.org/trunk@34028


git-svn-id: http://core.svn.wordpress.org/trunk@33997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 23:50:24 +00:00
Konstantin Obenland
1e9372b699 Themes: Get the correct theme when template and stylesheet were both passed as arguments.
Fixes a bug where `$new_theme` got set before the second argument was
appropriately handled, causing the `current_theme` option to later always be
updated to the parent theme's name.

Introduced in [21131].

Props obenland, wonderboymusic.
Fixes #32635.


Built from https://develop.svn.wordpress.org/trunk@33815


git-svn-id: http://core.svn.wordpress.org/trunk@33783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-30 21:45:23 +00:00
Scott Taylor
32110c7f77 Switching themes: if the new theme doesn't have nav_menu_locations defined, but the old theme does, copy the old theme's nav_menu_locations into the new theme's theme mods.
cc melchoyce

Fixes #18588.

Built from https://develop.svn.wordpress.org/trunk@33808


git-svn-id: http://core.svn.wordpress.org/trunk@33776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-30 03:01:21 +00:00
Scott Taylor
3d780c6a4b Clarify doc entry for _wp_customize_include()
Props ericlewis. 
Fixes #33488.

Built from https://develop.svn.wordpress.org/trunk@33694


git-svn-id: http://core.svn.wordpress.org/trunk@33661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 17:45:25 +00:00
Dominik Schilling
8679a93f16 Themes: Remove legacy theme preview.
The pre-3.4 theme previewer doesn't work when using a static front page.
We kept the old theme preview for no-JS and some browsers that were less capable. But since browsers are doing a better job today we don't need to continue fixing/shipping this legacy code. Bye!

fixes #33178.
Built from https://develop.svn.wordpress.org/trunk@33492


git-svn-id: http://core.svn.wordpress.org/trunk@33459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 18:36:26 +00:00
Konstantin Obenland
080a4adfba Properly clean up header image data when the attachment is deleted.
Props CreativeInfusion.
Fixes #33005.


Built from https://develop.svn.wordpress.org/trunk@33278


git-svn-id: http://core.svn.wordpress.org/trunk@33250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-15 16:28:25 +00:00
Drew Jaynes
f4328b27b6 Add an extra line before the hook doc for the editor_stylesheets filter begins.
The parser really likes it when there's breathing room.

See [32928]. See #32891.

Built from https://develop.svn.wordpress.org/trunk@33240


git-svn-id: http://core.svn.wordpress.org/trunk@33212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:01:24 +00:00
Konstantin Obenland
36b24b073d Provide alt text for uploaded header images.
The custom header screen will use it rather then the description,
if an alt text is set.

Props francoeurdavid, voldemortensen, valendesigns.
Fixes #27959.


Built from https://develop.svn.wordpress.org/trunk@32998


git-svn-id: http://core.svn.wordpress.org/trunk@32969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 21:32:26 +00:00
Scott Taylor
a0e373ef80 For doc block types, favor bool over the few remaining booleans
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32964


git-svn-id: http://core.svn.wordpress.org/trunk@32935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 01:03:25 +00:00
Sergey Biryukov
3f448d7cd5 Add editor_stylesheets filter to get_editor_stylesheets().
props danielbachhuber, MikeHansenMe.
fixes #31672.
Built from https://develop.svn.wordpress.org/trunk@32928


git-svn-id: http://core.svn.wordpress.org/trunk@32899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-24 13:32:32 +00:00
Weston Ruter
489db97ea3 Customizer: Allow sections and panels to be exported to JS.
Also fix param docs for `customize_dynamic_setting_class` filter, and use `require_once` for `class-wp-customize-manager.php` in bootstrap function `_wp_customize_include()`.

See #30737, #32576.

Built from https://develop.svn.wordpress.org/trunk@32744


git-svn-id: http://core.svn.wordpress.org/trunk@32715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 22:54:25 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Andrew Nacin
65c382d550 Fix return error in get_theme_mods() from [32629].
Split a line with both an assignment and a conditional, not to mention an interpolated variable. Lots going on, easy mistake to make.

props BrianLayman.
fixes #32516.

Built from https://develop.svn.wordpress.org/trunk@32632


git-svn-id: http://core.svn.wordpress.org/trunk@32602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 05:51:25 +00:00
Scott Taylor
b4eccbd5a0 Add missing doc blocks to theme.php.
Correct some `@return` values.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32629


git-svn-id: http://core.svn.wordpress.org/trunk@32599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 22:21:25 +00:00
Drew Jaynes
44289a8ac5 Add a missing return description for has_header_image().
See [31224]. See #31888.

Built from https://develop.svn.wordpress.org/trunk@32048


git-svn-id: http://core.svn.wordpress.org/trunk@32027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 17:11:28 +00:00
Dominik Schilling
2ae3dfa119 Customizer: Add title attributes to iframes.
props afercia.
fixes #31202.
Built from https://develop.svn.wordpress.org/trunk@31704


git-svn-id: http://core.svn.wordpress.org/trunk@31685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-10 21:20:26 +00:00
Scott Taylor
0ec87e4584 There are a few functions that have the ability to return false instead of a string, so the return value should be checked before being passed to functions that expect string.
These are trivial, but they clear out some Scrutinizer issues.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31681


git-svn-id: http://core.svn.wordpress.org/trunk@31662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-09 02:11:28 +00:00
Sergey Biryukov
b87b8f2bb3 Introduce has_header_image() to check whether a header image is set.
props GunGeekATX, voldemortensen.
fixes #16268.
Built from https://develop.svn.wordpress.org/trunk@31224


git-svn-id: http://core.svn.wordpress.org/trunk@31205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-17 06:34:23 +00:00
Scott Taylor
eeda68bbda Fix some erroneous @param annotations.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31219


git-svn-id: http://core.svn.wordpress.org/trunk@31200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 22:44:25 +00:00