Commit Graph

33083 Commits

Author SHA1 Message Date
Andrew Nacin
9834e9993a Embeds: Enforce, via unit tests, the no-ampersand rule for wp-embed.js.
fixes #34698.

Built from https://develop.svn.wordpress.org/trunk@35762


git-svn-id: http://core.svn.wordpress.org/trunk@35726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 05:46:25 +00:00
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Helen Hou-Sandí
2f287af8aa Media: Avoid rel="rel=" situations.
props lucymtc, swissspidy.
fixes #34826. see #32074.

Built from https://develop.svn.wordpress.org/trunk@35760


git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Gary Pendergast
caf4b8270c Readme: Bump recommended MySQL version to 5.6, as 5.5 is now over 5 years old.
Happy birthday, MySQL 5.5! 

Fixes #34840.


Built from https://develop.svn.wordpress.org/trunk@35759


git-svn-id: http://core.svn.wordpress.org/trunk@35723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:46:26 +00:00
Mark Jaquith
6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Boone Gorges
939291df9f Ensure that order is specified when querying for comment descendants.
Props tellyworth.
Fixes #34838.
Built from https://develop.svn.wordpress.org/trunk@35757


git-svn-id: http://core.svn.wordpress.org/trunk@35721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 15:50:27 +00:00
Scott Taylor
fc349932c0 Install: after [35508], the margin on the header for the Install screen is too big.
Props SergeyBiryukov.
Fixes #34819.

Built from https://develop.svn.wordpress.org/trunk@35756


git-svn-id: http://core.svn.wordpress.org/trunk@35720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 21:02:25 +00:00
Scott Taylor
9b5ffe8062 Responsive Images: Currently images are included in the srcset if the aspect ratio difference is smaller than 0.01. This number is too high, set it to 0.002
Props joemcgill.
Fixes #34810.

Built from https://develop.svn.wordpress.org/trunk@35755


git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor
c0f8bd0de2 Customize Unit Tests: also remove_action( 'after_setup_theme', 'twentysixteen_setup' ). TwentyFifteen is already removed.
See #31550.

Built from https://develop.svn.wordpress.org/trunk@35754


git-svn-id: http://core.svn.wordpress.org/trunk@35718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:56:24 +00:00
Scott Taylor
eaae2546f5 Media: don't use get_media_embedded_in_content() in wp_make_content_images_responsive().
Adds unit test.

Props azaozz.
Fixes #34807.

Built from https://develop.svn.wordpress.org/trunk@35753


git-svn-id: http://core.svn.wordpress.org/trunk@35717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:50:25 +00:00
Scott Taylor
d569b9609e Media: show Trash filter for Media list table when MEDIA_TRASH is true.
Props chacha102.
Fixes #34795.

Built from https://develop.svn.wordpress.org/trunk@35752


git-svn-id: http://core.svn.wordpress.org/trunk@35716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:48:25 +00:00
Scott Taylor
cd9515d306 Unit Tests: fix responsive image unit tests. Correct the logic in video shortcode unit test for width.
Props joemcgill, wonderboymusic.
Fixes #34790.

Built from https://develop.svn.wordpress.org/trunk@35751


git-svn-id: http://core.svn.wordpress.org/trunk@35715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:45:28 +00:00
Ryan McCue
d1436af513 REST API: Unabbreviate error string.
Props daniel-koskinen.
Fixes #34818.

Built from https://develop.svn.wordpress.org/trunk@35750


git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 09:51:27 +00:00
Mark Jaquith
1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
John Blackbourn
ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
John Blackbourn
6f37afb6ec When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
Fixes #33694

Built from https://develop.svn.wordpress.org/trunk@35747


git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
John Blackbourn
2b81411a0d Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development.
Fixes #34801
Props rodrigosprimo

Built from https://develop.svn.wordpress.org/trunk@35746


git-svn-id: http://core.svn.wordpress.org/trunk@35710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:37:27 +00:00
John Blackbourn
28c78799c3 Ensure the correct error message is returned when a user attempts to comment on a post to which they do not have access.
Adds more tests.

Built from https://develop.svn.wordpress.org/trunk@35745


git-svn-id: http://core.svn.wordpress.org/trunk@35709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-28 18:29:32 +00:00
Scott Taylor
aa624c4029 WordPress 4.4 RC 1 version bump
Built from https://develop.svn.wordpress.org/trunk@35744


git-svn-id: http://core.svn.wordpress.org/trunk@35708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 23:02:24 +00:00
Scott Taylor
cbed27ccf0 WordPress 4.4 RC 1
Built from https://develop.svn.wordpress.org/trunk@35743


git-svn-id: http://core.svn.wordpress.org/trunk@35707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:53:27 +00:00
Dominik Schilling
9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Ryan McCue
7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Helen Hou-Sandí
e24681632e Avoid potential fatal errors after [35718].
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.

In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)

fixes #33413.

Built from https://develop.svn.wordpress.org/trunk@35740


git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Helen Hou-Sandí
2eb60b8278 Set Twenty Sixteen as the default theme.
With thanks to all those who contributed.

props iamtakashi, karmatosed, iandstewart, dd32, mor10, grapplerulrich, davidakennedy, frank-klein, tywayne, wenthemes, monika, metodiew, nhuja, headonfire, Chrisdc1, philiparthurmoore, karpstrucking, cais, mt8.biz, fjarrett, sdavis2702, SergeyBiryukov, eduardozulian, webdevmattcrom, ehtis, peterwilsoncc, tfrommen, fsylum, wonderboymusic, ocean90, obenland, cainm, mrahmadawais, drewapicture, trenzterra, tevko, kraftbj, walbo, nacin.
fixes #34306.

Built from https://develop.svn.wordpress.org/trunk@35739


git-svn-id: http://core.svn.wordpress.org/trunk@35703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:52:26 +00:00
Scott Taylor
79a2915a9b Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining CORE_UPGRADE_SKIP_NEW_BUNDLED as false.
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do. 

Props nacin, jeremyfelt, dd32.
See #34306.

Built from https://develop.svn.wordpress.org/trunk@35738


git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Konstantin Obenland
77c6154881 Template: Defining a default value for show_home breaks back compat.
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.

Fixes #11095.


Built from https://develop.svn.wordpress.org/trunk@35737


git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:55:26 +00:00
Scott Taylor
a2ec7caf93 Add a unit test for wp_nav_menu() with container => ''
See #32464.


Built from https://develop.svn.wordpress.org/trunk@35736


git-svn-id: http://core.svn.wordpress.org/trunk@35700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 18:19:27 +00:00
Dominik Schilling
0632e4ab84 Passwords: Support the pre-4.3 behavior of wp_new_user_notification().
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.

You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?

Props danielbachhuber.
Fixes #34377.
Built from https://develop.svn.wordpress.org/trunk@35735


git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 23:07:26 +00:00
Dominik Schilling
16b95ab2a7 HTTP Tests: Use login.wordpress.org/wp-login.php in test_get_response_cookies().
The old URL redirects to `login.wordpress.org` because it's the new canonical URL for all logins on wordpress.org.

Fixes #34782.
Built from https://develop.svn.wordpress.org/trunk@35734


git-svn-id: http://core.svn.wordpress.org/trunk@35698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 22:00:26 +00:00
Dominik Schilling
7f3082491d Passwords: Re-enable password fields before submitting the form.
Avoids an PHP undefined notice when creating new users.

Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35733


git-svn-id: http://core.svn.wordpress.org/trunk@35697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 21:17:27 +00:00
Sergey Biryukov
64fdd0c6a0 Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.
See #28435, #29880.
Built from https://develop.svn.wordpress.org/trunk@35732


git-svn-id: http://core.svn.wordpress.org/trunk@35696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 18:40:25 +00:00
Sergey Biryukov
60c8e272f5 Docs: Improve DocBlock formatting for add_menu_page() and add_submenu_page() wrappers.
See #34360.
Built from https://develop.svn.wordpress.org/trunk@35731


git-svn-id: http://core.svn.wordpress.org/trunk@35695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:56:26 +00:00
Helen Hou-Sandí
2cdeac7cf6 Pass the $post object as context to postmeta_form_keys.
see #33885, #18979.

Built from https://develop.svn.wordpress.org/trunk@35730


git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Gary Pendergast
d04396d0ad Docs: Replace a reference to WP.org with WordPress.org.
Built from https://develop.svn.wordpress.org/trunk@35729


git-svn-id: http://core.svn.wordpress.org/trunk@35693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 22:38:26 +00:00
Andrew Ozz
50a5fbb269 Editor: remove wpLink dependency on jQuery UI.
Props afercia.
Fixes #34716.
Built from https://develop.svn.wordpress.org/trunk@35728


git-svn-id: http://core.svn.wordpress.org/trunk@35692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:27:26 +00:00
Andrew Ozz
91759029e9 TinyMCE: fix the regexp used to protect line breaks inside script and pre tags to match <script> that load external scripts.
Fixes #34760.
Built from https://develop.svn.wordpress.org/trunk@35727


git-svn-id: http://core.svn.wordpress.org/trunk@35691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 19:13:28 +00:00
Sergey Biryukov
ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to moderated.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Sergey Biryukov
bc1e479fd0 After [35718], update the location of some files in This filter is documented in docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Weston Ruter
5dae1386aa Customize: Ensure that a setting (especially a multidimensional one) can still be previewed when the post value to preview is set after preview() is invoked.
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.

Includes unit tests with assertions to check the reported issues and validate the fixes.

Fixes defect introduced in [35007].
See #32103.
Fixes #34738.

Built from https://develop.svn.wordpress.org/trunk@35724


git-svn-id: http://core.svn.wordpress.org/trunk@35688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-21 02:52:27 +00:00
Sergey Biryukov
fd9bd77fe5 Comments: In comment_form(), introduce the comment_form_fields filter for comment fields, including the textarea.
Correct the docs for `comment_notes_before` and `comment_notes_after` arguments as well as `comment_form_before_fields` and `comment_form_after_fields` actions to better describe the current behaviour.

Fixes #34731.
Built from https://develop.svn.wordpress.org/trunk@35723


git-svn-id: http://core.svn.wordpress.org/trunk@35687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 18:56:27 +00:00
Sergey Biryukov
17af54fc7c Customizer: Use correct context and translator comments for menu location strings.
See #33431.
Built from https://develop.svn.wordpress.org/trunk@35722


git-svn-id: http://core.svn.wordpress.org/trunk@35686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 17:46:25 +00:00
Helen Hou-Sandí
277747f944 Postbox handle buttons don't need a focus outline.
see #33808, #34242.

Built from https://develop.svn.wordpress.org/trunk@35721


git-svn-id: http://core.svn.wordpress.org/trunk@35685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:56:25 +00:00
Dominik Schilling
22fe87c3b3 Build: Update source for includes:embed after [35718].
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 15:37:26 +00:00
Dominik Schilling
6fa25ac809 4.4-beta4-35719.
Built from https://develop.svn.wordpress.org/trunk@35719


git-svn-id: http://core.svn.wordpress.org/trunk@35683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 13:46:27 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Helen Hou-Sandí
e549e56f02 Custom fields: Allow for short-circuiting the meta key dropdown.
Adds the `postmeta_form_keys` filter which allows for a potentially expensive query against postmeta to be avoided.

props ericmann, tollmanz, nacin.
see #33885.

Built from https://develop.svn.wordpress.org/trunk@35717


git-svn-id: http://core.svn.wordpress.org/trunk@35681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:50 +00:00
Sergey Biryukov
4341637ba6 Docs: Remove redundant type strings from the wp_calculate_image_srcset filter DocBlock.
Props DH-Shredder, joemcgill.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35716


git-svn-id: http://core.svn.wordpress.org/trunk@35680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:26 +00:00
Sergey Biryukov
db4a87b0fd Docs: Add @see tags for wp_get_attachment_image_srcset() and wp_get_attachment_image_sizes().
Update `@see` tags for `wp_make_content_images_responsive()` and `wp_image_add_srcset_and_sizes()`.

Props jaspermdegroot.
See #34733.
Built from https://develop.svn.wordpress.org/trunk@35715


git-svn-id: http://core.svn.wordpress.org/trunk@35679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:13:26 +00:00
Dion Hulse
048f327bfc Merge the changes to GlotPress's POMO from upstream to WordPress's copy.
Fixes #34748

Built from https://develop.svn.wordpress.org/trunk@35714


git-svn-id: http://core.svn.wordpress.org/trunk@35678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 04:34:25 +00:00
Dion Hulse
870cdfb024 Bump the version of MediaElement in script-loader.php to match what we're shipping with.
See #33798
Fixes #34743

Built from https://develop.svn.wordpress.org/trunk@35713


git-svn-id: http://core.svn.wordpress.org/trunk@35677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 03:32:26 +00:00