This introduces the singular `edit_term`, `delete_term`, and `assign_term` meta capabilities for terms, and switches the base capability name for tags from `manage_categories` to `manage_post_tags` and the corresponding `edit_post_tags`, `delete_post_tags`, and `assign_post_tags`.
All of these capabilities ultimately map to `manage_categories` so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The `map_meta_cap` filter and the `capabilities` argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.
Fixes#35614
Props johnjamesjacoby for feedback
Built from https://develop.svn.wordpress.org/trunk@38698
git-svn-id: http://core.svn.wordpress.org/trunk@38641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38294], `pathinfo()` was used with the `PATHINFO_BASENAME` constant to
get the basename of the file to be used as an attachment title, which depends
on PHP locale and can cause issues with UTF-8 characters. This uses
`wp_basename()` instead, which is a more i18n-friendly version of `basename()`.
Props SergeyBiryukov.
Fixes#37608, #37989.
Built from https://develop.svn.wordpress.org/trunk@38673
git-svn-id: http://core.svn.wordpress.org/trunk@38616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
Built from https://develop.svn.wordpress.org/trunk@38672
git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bulk action filtering was introduced in 3.1, but only to remove default bulk actions, not add new ones.
Bulk actions can now be registered for all admin list table dropdowns via the `bulk_actions-{get_current_screen()->id}` filter. Handling custom bulk actions can be performed in the corresponding and newly introduced `handle_bulk_actions-${get_current_screen()->id}` filter.
Props scribu, flixos90, Veraxus.
See #16031.
Built from https://develop.svn.wordpress.org/trunk@38647
git-svn-id: http://core.svn.wordpress.org/trunk@38590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`register_setting` can now be passed an array arguments to specify meta-data about the setting,
much like using the `register_meta` API. Of note, it will now accept a `show_in_rest` arg to
hint the inclusion of the setting in the REST API. `get_registered_settings()` is available
as a utility to get all registered settings.
Props rmccue, aaroncampbell.
Fixes#37885.
Built from https://develop.svn.wordpress.org/trunk@38635
git-svn-id: http://core.svn.wordpress.org/trunk@38578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This applies a new private function, `_filter_query_attachment_filenames()`,
to the `post_clauses` filter hook during `wp_ajax_query_attachments()` and
`wp_edit_attachments_query_vars()` to include `_wp_attached_file` post meta
in search queries performed from the media library or in a `WP_Media_List_Table`.
Props wonderboymusic, DrewAPicture, joemcgill, swissspidy.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38625
git-svn-id: http://core.svn.wordpress.org/trunk@38568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `submitdelete` CSS class is used in various places across the admin for some
"red" action links. It is worth simplifying this rule for further improvements
related to color contrast.
- simplifies a non-standard styling for the "Remove/Cancel" links in the Menus screen
- underlines all the "Move to trash/Delete" red links in all the Publish meta boxes
- fixes CSS classes usage for all the Publish meta boxes primary buttons
- fixes broken layout for the old Link Manager publish meta box
Props karmatosed, hugobaeta, monikarao, afercia.
Fixes#37969, #37018. See #37448, #37138, #27314.
Built from https://develop.svn.wordpress.org/trunk@38616
git-svn-id: http://core.svn.wordpress.org/trunk@38559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Longer passwords and passphrases are much more common than when post passwords were introduced all those eons ago, so let's increase the length of the `post_password` field from 20 to 255 characters.
The password will continue to be stored in plaintext, as the ability for the post author to view the password is a commonly used feature.
Trivia: this was the last 3 digit Trac ticket to be closed.
Props skippy, nazgul, iandunn, adamsilverstein, pento.
Fixes#881.
Built from https://develop.svn.wordpress.org/trunk@38590
git-svn-id: http://core.svn.wordpress.org/trunk@38533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_version_check()`, `wp_update_plugins()` and `wp_update_themes()` are all originally hooked to the `upgrader_process_complete` action with zero arguments passed to them. Zero arguments should be passed when re-adding them after translation updates, otherwise the sky will fall.
Props ionutst, gitlost.
Fixes#37731.
Built from https://develop.svn.wordpress.org/trunk@38415
git-svn-id: http://core.svn.wordpress.org/trunk@38356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38399
git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning: Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.
To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.
Props jbrinley.
Props jorbin for review.
Fixes#37570.
Built from https://develop.svn.wordpress.org/trunk@38235
git-svn-id: http://core.svn.wordpress.org/trunk@38176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before this change, when a bulk update was canceled due dismissing the FTP credentials modal, part of the actions didn't get canceled. This meant the "There is a new version of…” notices become blank and the updates you had checked became unchecked. Now, the notices remain and you are essentially returned to the screen you had before. Strings are also updated to improve ARIA usage.
Fixes#37563.
Props ocean90, swissspidy, obenland, afercia.
Built from https://develop.svn.wordpress.org/trunk@38221
git-svn-id: http://core.svn.wordpress.org/trunk@38162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* "-1" is an invalid nonce error, show 'An error has occurred. Please reload the page and try again.'.
* "error" means that the connection to the server was lost, show 'Connection lost or the server is busy. Please try again later.'.
* Escape the message in `wp-updates-admin-notice` because the response may include HTML.
* Remove HTML tags in `wp.updates.isValidResponse()` to make PHP's error messages more readable.
Props azaozz for review.
Fixes#37583.
Built from https://develop.svn.wordpress.org/trunk@38205
git-svn-id: http://core.svn.wordpress.org/trunk@38146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An upgrader class is used in conjunction with an upgrader skin class. A skin class handles the logging for an upgrade and informs a user about the progress and failures.
The current Ajax install/update handlers are using the `Automatic_Upgrader_Skin` class because during an Ajax request no output is intended. The difference between Ajax updates and automatic updates is that you will see the full log (usually by email) while Ajax updates focus only on success or failure. For that `Automatic_Upgrader_Skin` has one disadvantage: It doesn't provide a way to retrieve failure messages which were passed through `WP_Upgrader_Skin::error()` by the upgrader.
To solve this issue a new skin `WP_Ajax_Upgrader_Skin` has been introduced. The skin extends `Automatic_Upgrader_Skin` and overrides the `error()` and `feedback()` methods to intercept all errors, which can be a `WP_Error` object or a string.
This updates all four Ajax handler for installing/updating themes/plugins to use the new skin. They now also check the skin for any intercepted errors and pass them on to the user.
Props flixos90, obenland, ocean90.
Props DrewAPicture, pento for review.
Fixes#37531.
Built from https://develop.svn.wordpress.org/trunk@38199
git-svn-id: http://core.svn.wordpress.org/trunk@38140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When doing a bulk update, if there are failures the user needs to know about that. This makes it clearer that you can click on the notification to see more details, especially for screen reader users.
Fixes#37510.
Props juhise, Ankit K Gupta, afercia, jorbin, ocean90.
Built from https://develop.svn.wordpress.org/trunk@38185
git-svn-id: http://core.svn.wordpress.org/trunk@38126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [37221] the upload form is added to every plugin install screen via `install_plugins_upload()`. Previously the form was added through the `install_plugins_upload` (alias of `install_plugins_$tab`) action which allowed plugin authors to replace the form. This restores the previous behaviour.
* Add the form only to non-upload plugin install screens.
* Replace `install_plugins_upload()` with the `install_plugins_upload` and `install_plugins_pre_upload` actions.
* Remove `$upload_tab_class` and add a CSS class for the current tab to `.wrap`
* Adjust CSS selectors and toggle the whole container to support upload without an `upload-plugin` class.
Props DavidAnderson, ocean90.
Fixes#37495.
Built from https://develop.svn.wordpress.org/trunk@38172
git-svn-id: http://core.svn.wordpress.org/trunk@38113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.
This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.
See [32322], [31936].
Fixes#33999.
Built from https://develop.svn.wordpress.org/trunk@38151
git-svn-id: http://core.svn.wordpress.org/trunk@38092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Update DocBlock to use third-person singular verb and to include a period at the end.
* Use `submit_button()` for the submit button.
* Escape the ID attribute.
* Apply the same to `WP_List_Table::search_box()`.
See #37230.
Built from https://develop.svn.wordpress.org/trunk@38146
git-svn-id: http://core.svn.wordpress.org/trunk@38087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.
Props DrewAPicture, ocean90.
Fixes#37412.
Built from https://develop.svn.wordpress.org/trunk@38138
git-svn-id: http://core.svn.wordpress.org/trunk@38079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Rename the `$post_type` parameter to `$box` for clarity and consistency with other meta box functions.
* Make the docs more consistent with `post_format_meta_box()` and other meta box functions.
* Correct type and description for the third argument of `nav_menu_items_{$post_type_name}_recent` filter.
See #37211.
Built from https://develop.svn.wordpress.org/trunk@38129
git-svn-id: http://core.svn.wordpress.org/trunk@38070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, changing the post thumbnail of a published post in the edit screen
would immediately apply the change, rather than waiting for the post to be
saved before applying the update. This could lead to someone unintentionally
editing the post thumbnail on a published post, and made it impossible to
preview changes to post thumbnails on published posts before saving the change.
This introduces a new Ajax handler, `wp_ajax_get_post_thumbnail_html()` to
retrieve the HTML for the post thumbnail meta box without updating the post
meta value for `_thumbnail_id`. It also allows post thumbnail changes to be
previewed by passing the `_thumbnail_id` as a query variable to the preview
screen and adding a new filter, `_wp_preview_post_thumbnail_filter()`, which
gets applied to `get_post_metadata` during the post preview process.
Props flixos90.
Fixes#12922.
Built from https://develop.svn.wordpress.org/trunk@38118
git-svn-id: http://core.svn.wordpress.org/trunk@38059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `IMAGE_EDIT_OVERWRITE` is set to true, edited image files are
supposed to be deleted when an image is restored to the original.
However, when an image was edited more than once, and then restored,
files created during previous edits were left behind.
Fixes this behavior by updating `wp_save_image()` to clean up
leftover images after each edit when `IMAGE_EDIT_OVERWRITE` is true.
Props bradt, chriscct7, joemcgill.
Fixes#32171.
Built from https://develop.svn.wordpress.org/trunk@38113
git-svn-id: http://core.svn.wordpress.org/trunk@38054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both list tables provide different actions based on where they are loaded, regular admin or network admin. Since there is only one Ajax handler for both screens we have to set the current screen before using the list tables.
Props swissspidy, ocean90.
Fixes#37373.
Built from https://develop.svn.wordpress.org/trunk@38091
git-svn-id: http://core.svn.wordpress.org/trunk@38032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove title attributes.
* Show "Install Now" and "Details" links if the importer isn't installed yet.
* Show a "Run Importer" link if the importer is installed. It also handles activation if the plugin isn't activated.
* Add `aria-label` attributes to each link.
* Unify the importer descriptions to make them independent from the plugin state. The API was changed in [meta3690].
* Adjust JavaScript callbacks for ajaxified importer installs.
Props afercia, swissspidy, ocean90.
See #24766.
Fixes#35191.
Built from https://develop.svn.wordpress.org/trunk@38075
git-svn-id: http://core.svn.wordpress.org/trunk@38016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.
Related commits: [38011-38013]
Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes#32075.
Built from https://develop.svn.wordpress.org/trunk@38015
git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_plugin_update_rows()` and `wp_theme_update_rows()` are using the site transients `update_plugins` and `update_themes` which are set by `wp_update_plugins()` and `wp_update_themes()`. Both functions are hooked into `load-plugins.php` and `load-themes.php`. Therefore the update rows need to be registered after the transients were populated.
See #13071.
Built from https://develop.svn.wordpress.org/trunk@37978
git-svn-id: http://core.svn.wordpress.org/trunk@37919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML for the toggle gets appended to the widget name which is later used for the widget title and the screen reader text of the toggle button. Storing the original widget name in the arguments allows us to use the name without the HTML for the screen reader text and doesn't require further changes by plugin developers.
Props nicholas_io, swissspidy.
Fixes#35021.
Built from https://develop.svn.wordpress.org/trunk@37972
git-svn-id: http://core.svn.wordpress.org/trunk@37913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use the same check for a numeric value used on the crop fields on all the other fields: don't display "NaN", just empty the field.
* Remove the inline script that runs the initialization of the image editor and call it after the editor UI is fully ready.
Props afercia.
Fixes#36316.
Built from https://develop.svn.wordpress.org/trunk@37966
git-svn-id: http://core.svn.wordpress.org/trunk@37907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`register_uninstall_hook()` is designed to be given a function callback (or a static class variable), not an array/object instance. This got blocked in [16339] but the option itself was never cleaned up.
Props polevaultweb.
Fixes#31625.
Built from https://develop.svn.wordpress.org/trunk@37965
git-svn-id: http://core.svn.wordpress.org/trunk@37906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`Pragma` is supposed to be a request header, but we've been including it in responses since the beginning of time.
This is a relic dating all the way back to b2, probably originally added because Internet Explorer version 5 and earlier didn't understand the `Cache-Control` header in responses, but they did (incorrectly) obey the `Pragma` header.
Internet Explorer 6 and 7 will obey the `Pragma` response header only if no other cache-related response headers are present (in our case, they are always present), and all other browsers ignore the `Pragma` response header.
Props geekysoft.
Fixes#37250.
Built from https://develop.svn.wordpress.org/trunk@37944
git-svn-id: http://core.svn.wordpress.org/trunk@37885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [37888], the comment text was initially updated, however an opportunity to make the text less trivializing of actions that users will take was missed. To quote Helen Hou-Sandi: "It's important not to trivialize actions that are perfectly reasonable for a user to find tricky (where to go to log in is not exactly intuitive, even with the rewrites we have now)."
The text of the comment now reads:
> Hi, this is a comment.
> To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
> Commenter avatars come from <a href="https://gravatar.com">Gravatar</a>.
Some interesting reading on the topic of "Simple" and "Easy" and how they relate to software development can be found at http://andrewspittle.com/2012/01/31/avoiding-easy/ and written by andrewspittle.
Props helen.
Fixes#36702.
Built from https://develop.svn.wordpress.org/trunk@37921
git-svn-id: http://core.svn.wordpress.org/trunk@37862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Resource hints allow browsers to prefetch specific pages or render them in the background to perform DNS lookups or to begin the connection handshake (DNS, TCP, TLS) in the background.
By default, `wp_resource_hints()` prints hints for "s.w.org" (the WordPress.org CDN) and for all scripts and styles which are enqueued from external hosts.
Use the `wp_resource_hints` filter to add custom domains and URLs for `dns-prefetch`, `preconnect`, `prefetch` or `prerender`.
Props voldemortensen, swissspidy.
Fixes#34292.
Built from https://develop.svn.wordpress.org/trunk@37920
git-svn-id: http://core.svn.wordpress.org/trunk@37861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The string is used during the network installation process to inform the user about where to store additional configuration data. Since the wp-config.php file can be translated the string should be too.
Props julesaus.
Fixes#36945.
Built from https://develop.svn.wordpress.org/trunk@37902
git-svn-id: http://core.svn.wordpress.org/trunk@37843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the global `$wp_post_types` to an array of `WP_Post_Type` objects. `WP_Post_Type` includes methods to handle post type supports, rewrite rules, meta boxes, hooks, and taxonomies.
Each post type argument becomes a property of `WP_Post_Type`.
Props swissspidy, flixos90.
Fixes#36217.
Built from https://develop.svn.wordpress.org/trunk@37890
git-svn-id: http://core.svn.wordpress.org/trunk@37831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new comment:
> A WordPress Commenter <!wapuu@wordpress.example>:
>
> Hi, this is a comment.
> To moderate comments, just log in. There you will have the option to edit or delete them.
> Commenter avatars come from <a href="!https://gravatar.com">Gravatar</a>.
Also introduces a network setting to set the email address of the first comment author on a new site.
Props Ipstenu, rachelbaker, jorbin, jeremyfelt.
Fixes#36702, #14268.
Built from https://develop.svn.wordpress.org/trunk@37888
git-svn-id: http://core.svn.wordpress.org/trunk@37829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new action hook, `wp_edit_form_attachment_display` to
`edit_form_image_editor()`, which can be used as a fallback to render
previews of an attachment that isn't an image, audio, or video file
included in the media library.
Props georgestephanis.
Fixes#36502.
Built from https://develop.svn.wordpress.org/trunk@37879
git-svn-id: http://core.svn.wordpress.org/trunk@37820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[36510] allowed larger menus to be created in the Edit Menu screen by JSON-encoding the entire form into a single input field. However, it did not correctly handle nested arrays.
This introduces a new `_wp_expand_nav_menu_post_data()` helper function to handle this POST data which uses `array_replace_recursive()` internally. Since the latter is only available on PHP 5.3+, we add a compatibility function to ensure PHP 5.2 support.
Props ericlewis, neverything, swissspidy.
Fixes#36590 for trunk. See #14134.
Built from https://develop.svn.wordpress.org/trunk@37748
git-svn-id: http://core.svn.wordpress.org/trunk@37713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
