Commit Graph

205 Commits

Author SHA1 Message Date
Gary Pendergast
5e4d135411 Shiny Updates: Fix a PHP warning when installing new plugins.
Props lgladdy for the initial patch.

See #29820


Built from https://develop.svn.wordpress.org/trunk@31345


git-svn-id: http://core.svn.wordpress.org/trunk@31326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-06 00:34:21 +00:00
Gary Pendergast
27aa3e92d7 Shiny Updates: If the current user is not allowed to install/update plugins, we should return a JSON error, so it can be used by the JS handlers.
See #29820


Built from https://develop.svn.wordpress.org/trunk@31335


git-svn-id: http://core.svn.wordpress.org/trunk@31316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-05 06:16:23 +00:00
Gary Pendergast
b7926a518a Shiny Updates: Add capability checks to the ajax callbacks, to ensure the current user is allowed to install/update plugins.
See #29820


Built from https://develop.svn.wordpress.org/trunk@31334


git-svn-id: http://core.svn.wordpress.org/trunk@31315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-05 06:05:22 +00:00
Gary Pendergast
9c69213f2b Shiny Updates: Add ajax-y updates to the plugin list page, and ajax-y updates and installs to the plugin card page.
This also includes JS architecture that can be expanded to support theme, core and language pack updates.

Props pento, ericlewis, lgladdy, adamsilverstein, DrewAPicture

See #29820


Built from https://develop.svn.wordpress.org/trunk@31333


git-svn-id: http://core.svn.wordpress.org/trunk@31314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-05 04:19:23 +00:00
Boone Gorges
f345a72c58 Prevent terms in a show_in_quick_edit=false taxonomy from being updated by a faked AJAX request.
The UI for these taxonomies was hidden in [31308], but it remained possible to
send a direct POST request to the `inline-edit` endpoint to bypass the
restriction. The current changeset fixes this.

Props meloniq.
Fixes #26948.
Built from https://develop.svn.wordpress.org/trunk@31313


git-svn-id: http://core.svn.wordpress.org/trunk@31294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-31 19:38:24 +00:00
Scott Taylor
60c285aa22 In wp_ajax_parse_media_shortcode(), don't require a global $post for all passed shortcodes.
`embed` is the only shortcode that requires a post ID. This will allow MCE views to work for `playlist`, `audio`, and `video` outside of the Edit Post screen.

See #30835.

Built from https://develop.svn.wordpress.org/trunk@31201


git-svn-id: http://core.svn.wordpress.org/trunk@31182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 05:19:22 +00:00
Scott Taylor
afd09f1f04 In wp_ajax_upload_attachment(), wp_check_filetype_and_ext() doesn't need a 3rd param - it already defaults to null. Passing false would fail a strict check
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31119


git-svn-id: http://core.svn.wordpress.org/trunk@31100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:55:25 +00:00
Scott Taylor
60b0cd7943 The keyword elseif should be used instead of else if so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Scott Taylor
c5f9a7c26a Respect query vars for taxonomies passed as URL parameters when in grid mode of Media Library.
Fixes #30584.

Built from https://develop.svn.wordpress.org/trunk@31037


git-svn-id: http://core.svn.wordpress.org/trunk@31018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 08:24:22 +00:00
Scott Taylor
618c5b4333 When outputting JS with a Content-Type header:
`text/javascript` is obsolete, `application/x-javascript` was experimental. `application/javascript` is the recommended type per RFC 4329.

Props sergej.mueller.
Fixes #29196.

Built from https://develop.svn.wordpress.org/trunk@31029


git-svn-id: http://core.svn.wordpress.org/trunk@31010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 02:57:21 +00:00
Scott Taylor
952a5c9971 Support chromeless Vimeo via MEjs:
* Bump MediaElement script loader versions to 2.16.2 - missed in [30634], oops!
* Add `Froogaloop` to `js/mediaelement` scripts for Vimeo
* Check for Vimeo in the same locations that YouTube is checked
* Dynamically load Froogaloop script in admin when editing a TinyMCE view
* Edit MediaElement to call `mejs.$.extend` instead of `$.extend` in `mejs.HtmlMediaElementShim.createPlugin()`, since `$` is not available via WP's jQuery (I will report this upstream):
6f9a78e008/src/js/me-shim.js (L631)

Fixes #29267.

Built from https://develop.svn.wordpress.org/trunk@31016


git-svn-id: http://core.svn.wordpress.org/trunk@30997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-31 20:41:24 +00:00
Andrew Nacin
23f4b0f62f Updates to the 'Log out everywhere' implementation.
* Include a message and a disabled button when you're only logged in at one location.
 * Avoid leaking the session token in HTML.
 * Simplify, simplify, simplify.

see #30264.

Built from https://develop.svn.wordpress.org/trunk@30888


git-svn-id: http://core.svn.wordpress.org/trunk@30878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-16 09:15:23 +00:00
Sergey Biryukov
0a8b72866e Add missing periods to strings introduced in [30333].
props DrewAPicture.
see #30264.
Built from https://develop.svn.wordpress.org/trunk@30596


git-svn-id: http://core.svn.wordpress.org/trunk@30586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 06:26:22 +00:00
Drew Jaynes
a899bbaee7 Improve inline documentation in wp_ajax_destroy_sessions().
If the token is set (`$keep` is a string), this means the user is viewing their own profile-editing screen and destroying their own sessions (except the current one). If it isn't set (`$keep` is null), the user is editing another user's profile and destroying all of their sessions with no exceptions.

See #30264, #30469

Built from https://develop.svn.wordpress.org/trunk@30595


git-svn-id: http://core.svn.wordpress.org/trunk@30585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 03:48:22 +00:00
Andrew Ozz
9597159393 Better error message when the admin is ssl and non-ssl oEmbed previews are not available in the editor. Props Japh, fixes #30533.
Built from https://develop.svn.wordpress.org/trunk@30591


git-svn-id: http://core.svn.wordpress.org/trunk@30581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-27 22:37:24 +00:00
John Blackbourn
fd15794b5c Add some specific JSON responses when there are user permission errors for AJAX file uploads. Replace some usage of wp_json_encode() with wp_send_json_*().
See #25849
Props gcorne

Built from https://develop.svn.wordpress.org/trunk@30354


git-svn-id: http://core.svn.wordpress.org/trunk@30353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 05:47:21 +00:00
John Blackbourn
c02845330e Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
See #30264.
Props jorbin, ocean90, johnbillion


Built from https://develop.svn.wordpress.org/trunk@30333


git-svn-id: http://core.svn.wordpress.org/trunk@30332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 15:21:21 +00:00
Drew Jaynes
92c153aa8c Fix the syntax for some status-related documentation introduced in [30155].
* Variables in DocBlocks should be backtick-escaped
* Parameter and return types should be as specific as possible
* `@param` types and variables should align with each other, but not intentionally with the `@return` description

See #30230.

Built from https://develop.svn.wordpress.org/trunk@30284


git-svn-id: http://core.svn.wordpress.org/trunk@30284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-08 20:56:22 +00:00
Scott Taylor
6a109700d0 In wp_ajax_get_tagcloud(), bail immediately if $_POST['tax'] isn't set so that all of the variable setting can happen in the same nest scope as the rest of the function - wp_die() confuses Scrutinizer.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30168


git-svn-id: http://core.svn.wordpress.org/trunk@30168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 22:54:22 +00:00
Scott Taylor
a786fb779c In wp_ajax_ajax_tag_search(), bail immediately if $_GET['tax'] isn't set so that all of the variable setting can happen in the same nest scope as the rest of the function - wp_die() confuses Scrutinizer.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30167


git-svn-id: http://core.svn.wordpress.org/trunk@30167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 22:48:22 +00:00
Scott Taylor
be08f576df Improve some post_status-related documentation.
Props ericlewis.
See #30230.

Built from https://develop.svn.wordpress.org/trunk@30155


git-svn-id: http://core.svn.wordpress.org/trunk@30155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 20:20:23 +00:00
Boone Gorges
96b42c2fdc Allow resource_type to be specified in get_ancestors().
Being explicit about resource type (taxonomy vs post_type) allows for the
proper resolution of conflicts when a taxonomy and post_type share a slug.

Props filosofo.
Fixes #15029.
Built from https://develop.svn.wordpress.org/trunk@30141


git-svn-id: http://core.svn.wordpress.org/trunk@30141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 02:58:23 +00:00
Gary Pendergast
007ec52958 Add wp_json_encode(), a wrapper for json_encode() that ensures everything is converted to UTF-8.
Change all core calls from `json_encode()` to `wp_json_encode()`.

Fixes #28786.


Built from https://develop.svn.wordpress.org/trunk@30055


git-svn-id: http://core.svn.wordpress.org/trunk@30055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:35:19 +00:00
Scott Taylor
2f328cc4c1 In wp_ajax_replyto_comment(), if $_POST['comment_type'] is set, use it for the value of $comment_type, which the compact() call has assumed is set since [8720]. It never was.
`wp_comment_reply()`'s output can be complete overridden by the `wp_comment_reply` filter, so this check is justified and makes the AJAX callback more flexible.

Props nerrad.
Fixes #29704.

Built from https://develop.svn.wordpress.org/trunk@29758


git-svn-id: http://core.svn.wordpress.org/trunk@29530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-23 03:29:16 +00:00
Andrew Nacin
4080e96339 Ensure oEmbed previews listen to [embed] width/height attributes.
props azaozz.
fixes #29474.

Built from https://develop.svn.wordpress.org/trunk@29681


git-svn-id: http://core.svn.wordpress.org/trunk@29456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-03 00:40:16 +00:00
Scott Taylor
149346ff6e MCE View sandboxes:
* Use a `MutationObserver` to listen to the `body` class of the parent editor frame.
* In `wpview_media_sandbox_styles()`, only return the MEjs stylesheets.
* In `wp_ajax_parse_media_shortcode()` and `wp_ajax_parse_embed()`, return an object instead of an HTML blob to allow passing `body` and `head` separately	

Props avryl, azaozz.
Fixes #29048.

Built from https://develop.svn.wordpress.org/trunk@29615


git-svn-id: http://core.svn.wordpress.org/trunk@29389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 04:46:15 +00:00
Andrew Ozz
42258a6d89 TinyMCE wpView: fix showing errors for non-embeddable URLs, no-ssl or no items. Props avryl, fixes #29114, see #29268.
Built from https://develop.svn.wordpress.org/trunk@29577


git-svn-id: http://core.svn.wordpress.org/trunk@29351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-22 18:55:15 +00:00
Andrew Ozz
53c047263b TinyMCE wpView: add a filter for the stylesheet URLs loaded in the sandbox iframes. See #29048.
Built from https://develop.svn.wordpress.org/trunk@29559


git-svn-id: http://core.svn.wordpress.org/trunk@29334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-20 21:34:15 +00:00
Andrew Ozz
bb862e8221 TinyMCE wpView: show an error when no items are found while parsing a audio/video/playlist shortcode. Props avryl, fixes #29114.
Built from https://develop.svn.wordpress.org/trunk@29546


git-svn-id: http://core.svn.wordpress.org/trunk@29322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-19 23:23:16 +00:00
Scott Taylor
571111022e Media Grid, support MEDIA_TRASH:
* Add a setting to `_wpMediaViewsL10n.settings`: `mediaTrash`
* In the attachment edit modal, properly toggle between Trash/Untrash
* In `media.view.Attachment`, add a method for `untrashAttachment`
* When creating the grid toolbar, switch the setting order of subviews so that `media.view.DeleteSelectedButton` can listen to the instance of `media.view.AttachmentFilters.All` to update the text in its UI.
* Add a new filter to `media.view.AttachmentFilters.All`, `trash`, when `settings.mediaTrash` is true
* Allow the cached queries in `Query.get()` to be flushed when race conditions exist and collections need to be refreshed. This is currently only being used when `MEDIA_TRASH` is set, to refresh the filtered/mirrored collections related to `all`, `trash`, and any already queried filter.
* Cleanup the bootstrapping of `media.view.MediaFrame.Manage`
* Allow `wp_ajax_query_attachments()` to return items from the trash when `MEDIA_TRASH` is `true`
* Allow `wp_ajax_save_attachment()` to set `post_status` when `MEDIA_TRASH` is `true`. It allows `wp_delete_post()` to be called, which will trash the attachment instead of deleting when the flag is set.

Props koop for the knowledge sharing and thought partnership.
See #29145.

Built from https://develop.svn.wordpress.org/trunk@29490


git-svn-id: http://core.svn.wordpress.org/trunk@29268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-14 18:31:19 +00:00
Drew Jaynes
a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Dominik Schilling
608d505b24 Attach Media: Display the correct error message when search result is empty.
fixes #29093.
Built from https://develop.svn.wordpress.org/trunk@29356


git-svn-id: http://core.svn.wordpress.org/trunk@29132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-02 14:24:15 +00:00
Dominik Schilling
203c44581b To improve troubleshooting use esc_html() for a failed embed.
see #28195.
Built from https://develop.svn.wordpress.org/trunk@29354


git-svn-id: http://core.svn.wordpress.org/trunk@29130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-01 22:34:15 +00:00
Dominik Schilling
270a57075c Media Grid: Add a date filter.
props ericlewis.
fixes #28895.
Built from https://develop.svn.wordpress.org/trunk@29271


git-svn-id: http://core.svn.wordpress.org/trunk@29053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-22 20:47:15 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Scott Taylor
043715e8a4 Add a new AJAX action: parse-media-shortcode. This async call will replace JS rendering of audio/video/playlist shortcodes.
See #28905.

Built from https://develop.svn.wordpress.org/trunk@29178


git-svn-id: http://core.svn.wordpress.org/trunk@28962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-15 22:08:14 +00:00
Scott Taylor
89d9bbd7f6 Make audio and video URLs/embed handlers work in <iframe>-sandbox'd MCE views.
Introduce:
`get_editor_stylesheets()`
`wp_media_mce_styles()`.

See #28905.

Built from https://develop.svn.wordpress.org/trunk@29176


git-svn-id: http://core.svn.wordpress.org/trunk@28960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-15 21:51:15 +00:00
Drew Jaynes
b8d47f48c5 Inline documentation cleanup for 4.0 audit.
* Alignment for the 'term_search_min_chars' hook docs, added in [28892]
* Globals added for `wp_ajax_parse_embed()`, added [28580]

See #28885.

Built from https://develop.svn.wordpress.org/trunk@29151


git-svn-id: http://core.svn.wordpress.org/trunk@28935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 00:06:15 +00:00
Scott Taylor
59ffcf668b Media Grid, for audio files:
* Show `artist` and `album` fields in the Edit Attachment modal
* Sync their values on `change`

See #28839.

Built from https://develop.svn.wordpress.org/trunk@29104


git-svn-id: http://core.svn.wordpress.org/trunk@28890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-11 20:55:15 +00:00
Drew Jaynes
b10e168751 Add @see reference for set_post_thumbnail() in the phpDoc for wp_ajax_set_attachment_thumbnail().
See #27891.

Built from https://develop.svn.wordpress.org/trunk@29037


git-svn-id: http://core.svn.wordpress.org/trunk@28825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 20:36:13 +00:00
Scott Taylor
57dbc55e6e When setting the poster image for a video shortcode, set that image as the featured image for that attachment (if found) in the background. This AJAX functionality could be used for audio as well.
Introduces `attachment_url_to_postid()` to attempt to turn URLs into post IDs.

Fixes #27891.

Built from https://develop.svn.wordpress.org/trunk@29029


git-svn-id: http://core.svn.wordpress.org/trunk@28817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:48:17 +00:00
John Blackbourn
38749f273c Use the admin scheme for theme preview URLs when installing new themes. See #21919.
Built from https://develop.svn.wordpress.org/trunk@28974


git-svn-id: http://core.svn.wordpress.org/trunk@28763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-03 18:48:16 +00:00
Helen Hou-Sandí
5f6b531f70 Improve oEmbed caching. Introduces the concept of a TTL for oEmbed caches and a filter for oembed_ttl.
We will no longer replace previously valid oEmbed responses with an `{{unknown}}` cache value. When this happens due to reaching a rate limit or a service going down, it is data loss, and is not acceptable. This means that oEmbed caches for a post are no longer deleted indiscriminately every time that post is saved.

oEmbed continues to be cached in post meta, with the addition of a separate meta key containing the timestamp of the last retrieval, which is used to avoid re-requesting a recently cached oEmbed response. By default, we consider a valued cached in the past day to be fresh. This can greatly reduce the number of outbound requests, especially in cases where a post containing multiple embeds is saved frequently.

The TTL used to determine whether or not to request a response can be filtered using `oembed_ttl`, thus allowing for the possibility of respecting the optional oEmbed response parameter `cache_age` or altering the period of time a cached value is considered to be fresh.

Now that oEmbeds are previewed in the visual editor as well as the media modal, oEmbed caches are often populated before a post is saved or published. By pre-populating and avoiding having to re-request that response, we also greatly reduce the chances of a stampede happening when a published post is visible before oEmbed caching is complete.

As it previously stood, a stampede was extremely likely to happen, as the AJAX caching was only triggered when `$_GET['message']` was 1. The published message is 6. We now trigger the caching every time `$_GET['message']` is present on the edit screen, as we are able to avoid triggering so many HTTP requests overall.

props markjaquith. fixes #14759. see #17210.

Built from https://develop.svn.wordpress.org/trunk@28972


git-svn-id: http://core.svn.wordpress.org/trunk@28761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-03 16:45:14 +00:00
Andrew Ozz
5168f9c7c6 Secure embeds in the editor (first run):
- When the user pastes an embeddable http URL, try to get the https embed.
- If an embed provider doesn't support ssl embeds, show a placeholder/error message.
- Revise the way we return error messages.
See #28195, #28507.
Built from https://develop.svn.wordpress.org/trunk@28919


git-svn-id: http://core.svn.wordpress.org/trunk@28718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 05:49:16 +00:00
John Blackbourn
306dc7e646 Introduce a filter to control the minimum characters required for an AJAX term search. Fixes #13580. Props iamfriendly, brianlayman
Built from https://develop.svn.wordpress.org/trunk@28892


git-svn-id: http://core.svn.wordpress.org/trunk@28691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 10:05:16 +00:00
Scott Taylor
f09663f784 Remove remaining Heartbeat API experimental notices
Props DH-Shredder.
Fixes #28626.

Built from https://develop.svn.wordpress.org/trunk@28872


git-svn-id: http://core.svn.wordpress.org/trunk@28672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-28 02:06:14 +00:00
Andrew Ozz
84f3e30f7b wpView: improve handling of embed errors/error messages, see #28195
Built from https://develop.svn.wordpress.org/trunk@28754


git-svn-id: http://core.svn.wordpress.org/trunk@28568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-15 22:53:16 +00:00
Sergey Biryukov
db9057f308 Remove redundant get_shortcode_regex() check.
props kovshenin.
see #28195.
Built from https://develop.svn.wordpress.org/trunk@28587


git-svn-id: http://core.svn.wordpress.org/trunk@28412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-27 11:30:16 +00:00
Scott Taylor
3c1723afd7 When adding a URL in the Insert from URL state in the media modal, attempt to show a preview of the content. Drop the unused width and height fields.
This will probably be iterated upon.

Props helen, jtsternberg, wonderboymusic.
See #15490.

Built from https://develop.svn.wordpress.org/trunk@28581


git-svn-id: http://core.svn.wordpress.org/trunk@28406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-26 23:57:14 +00:00
Scott Taylor
89864b4a5a Don't pass embeds through the_content() when trying to render MCE previews, leverage WP_Embed and do_shortcode() instead.
Props kovshenin.
See #28195.


Built from https://develop.svn.wordpress.org/trunk@28580


git-svn-id: http://core.svn.wordpress.org/trunk@28405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-26 23:43:15 +00:00