Commit Graph

31310 Commits

Author SHA1 Message Date
Dominik Schilling
e932a2dc5d XMLRPC: Don't allow private posts to be sticky.
See #20662.
Built from https://develop.svn.wordpress.org/trunk@34135


git-svn-id: http://core.svn.wordpress.org/trunk@34103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:38:23 +00:00
Nikolay Bachiyski
3778cae8ec Shortcodes: don't allow unclosed HTML elements in attributes
Built from https://develop.svn.wordpress.org/trunk@34134


git-svn-id: http://core.svn.wordpress.org/trunk@34102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:36:24 +00:00
Nikolay Bachiyski
097c4fd2f4 List tables: escape user e-mails
Better safe than sorry.

Built from https://develop.svn.wordpress.org/trunk@34133


git-svn-id: http://core.svn.wordpress.org/trunk@34101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:33:25 +00:00
Scott Taylor
1a01a9ab55 In the edit-comments.php admin handler, toggle wp_defer_comment_counting() so that only unique post IDs have their comment count updated. Currently, if you delete 50 comments from the same post, the count would get reset 50 times. Not joking.
See #33875.

Built from https://develop.svn.wordpress.org/trunk@34132


git-svn-id: http://core.svn.wordpress.org/trunk@34100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:24:26 +00:00
Scott Taylor
60367d567d The "counts" cache for comments by post id is never invalidated. Neither wp_update_comment_count() nor wp_update_comment_count_now() touch the cache.
Adds unit test.
See #33875.

Built from https://develop.svn.wordpress.org/trunk@34131


git-svn-id: http://core.svn.wordpress.org/trunk@34099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:04:26 +00:00
Scott Taylor
7639a89a1f wp_unspam_comment() can accept a full object instead of comment_ID to reduce cache/db lookups..
See #33638.

Built from https://develop.svn.wordpress.org/trunk@34130


git-svn-id: http://core.svn.wordpress.org/trunk@34098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:47:25 +00:00
Scott Taylor
b1bc8a6522 More comment functions can accept a full object instead of comment_ID to reduce cache/db lookups.
See ##33638.


Built from https://develop.svn.wordpress.org/trunk@34129


git-svn-id: http://core.svn.wordpress.org/trunk@34097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:40:24 +00:00
Scott Taylor
b2a30103ae In WP_List_Table, make a new public method, ->get_primary_column(), and revert [34101] due to BC issues.
Fixes #33854.

Built from https://develop.svn.wordpress.org/trunk@34128


git-svn-id: http://core.svn.wordpress.org/trunk@34096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 20:29:26 +00:00
Scott Taylor
4d33644373 In WP_Media_List_Table, fetch all pending comment counts at once, instead of for each row in the loop.
See #11381.

Built from https://develop.svn.wordpress.org/trunk@34127


git-svn-id: http://core.svn.wordpress.org/trunk@34095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:25:25 +00:00
John Blackbourn
dbe4a770d5 Implement unit tests which use reflection to test functions in pluggable.php. This means any changes to these functions will need explicit changes to their corresponding tests, which helps prevent unintentional breakage.
Fixes #33867

Built from https://develop.svn.wordpress.org/trunk@34126


git-svn-id: http://core.svn.wordpress.org/trunk@34094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 19:15:27 +00:00
Boone Gorges
ef474c6970 Accept 'ID' as a valid $field in get_user_by().
We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.

Props Shelob9.
Fixes #33869.
Built from https://develop.svn.wordpress.org/trunk@34125


git-svn-id: http://core.svn.wordpress.org/trunk@34093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:58:26 +00:00
John Blackbourn
a78e850e9c Add the site icon meta tags to wp-login.php.
See #33597
Props iworks

Built from https://develop.svn.wordpress.org/trunk@34124


git-svn-id: http://core.svn.wordpress.org/trunk@34092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:02:24 +00:00
Scott Taylor
3a0db2a22f Fix the case-sensitivity of some HTTP class usage.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34123


git-svn-id: http://core.svn.wordpress.org/trunk@34091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:37:25 +00:00
John Blackbourn
bc6af23302 Update links to the user profile editing screen in the admin toolbar when the current logged in user has no role on the current site. Covers single site and Multisite and introduces tests.
Fixes #25162

Built from https://develop.svn.wordpress.org/trunk@34122


git-svn-id: http://core.svn.wordpress.org/trunk@34090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 17:10:26 +00:00
Drew Jaynes
edd0f2b32f Docs: Add missing parameter and return descriptions for Walker::get_number_of_root_elements().
Fixes #33662.

Built from https://develop.svn.wordpress.org/trunk@34121


git-svn-id: http://core.svn.wordpress.org/trunk@34089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 15:33:27 +00:00
Sergey Biryukov
d9bc36d068 Escape class attribute in edit_post_link() after [34098].
Props Offereins.
See #30563.
Built from https://develop.svn.wordpress.org/trunk@34117


git-svn-id: http://core.svn.wordpress.org/trunk@34085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 13:01:25 +00:00
Dominik Schilling
4af3a3374e Passwords: Deprecate second parameter of wp_new_user_notification().
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Sergey Biryukov
97c0303f41 Docs: Add a changelog entry for the $class argument added to edit_post_link() in [34098].
Fixes #30563.
Built from https://develop.svn.wordpress.org/trunk@34115


git-svn-id: http://core.svn.wordpress.org/trunk@34083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:20:26 +00:00
Dominik Schilling
d36ffeb160 Passwords: Trigger a wp-check-valid-field event when the password field is filled with a password by generatePassword().
Updates event handler in `wpAjax.invalidateForm()` to support `wp-check-valid-field`.

See #33406.
Built from https://develop.svn.wordpress.org/trunk@34114


git-svn-id: http://core.svn.wordpress.org/trunk@34082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 10:39:27 +00:00
Scott Taylor
5020135a10 Add sanity checks in map_meta_cap(), return 'do_not_allow' when posts don't exist.
Adds unit test.

Props ocean90, nerrad, filosofo.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34113


git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges
49803a45f3 Send multisite site/user signup emails via hooked functions.
Site and user signup notifications are moved to the new actions
`'after_signup_site'` and `'after_signup_user'`. Site and user activation
notifications are moved to the existing actions `'wpmu_activate_blog'` and
`'wpmu_activate_user'`.

Props dshanske, thomaswm, jeremyfelt.
See #33587..
Built from https://develop.svn.wordpress.org/trunk@34112


git-svn-id: http://core.svn.wordpress.org/trunk@34080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:28:24 +00:00
Scott Taylor
ecc4106ed1 Add an argument to parent_dropdown(), $post, to allow it to be called for an arbitrary post.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34111


git-svn-id: http://core.svn.wordpress.org/trunk@34079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:20:25 +00:00
Scott Taylor
172e37b007 Move Walker_Category and Walker_CategoryDropdown into their own files via svn cp. Remove them from category-template.php. Load them in category.php. svn cp category.php over to category-functions.php, which also loads now in category.php.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@34110


git-svn-id: http://core.svn.wordpress.org/trunk@34078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 03:10:24 +00:00
Scott Taylor
4cec121d0b Move Walker_Page and Walker_PageDropdown into their own files via svn cp. Remove them from post-template.php. Load them in post.php.
`post-template.php` loads after `post.php` in `wp-settings.php`. It could probably also be loaded in `post.php`, but avoiding that for the moment.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@34109


git-svn-id: http://core.svn.wordpress.org/trunk@34077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:59:24 +00:00
Scott Taylor
07c6fad006 In wp_link_pages(), ensure that $prev is greater than 0.
Props betzster.
Fixes #25273.

Built from https://develop.svn.wordpress.org/trunk@34108


git-svn-id: http://core.svn.wordpress.org/trunk@34076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:46:24 +00:00
Boone Gorges
b62bcef1b1 Send password-change email notifications via hook.
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107


git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Boone Gorges
c614849786 Send comment notification emails via a hooked function.
Previously, `wp_notify_postauthor()` and `wp_notify_moderator()` were called
directly from `wp_new_comment()`, making it difficult to modify or suppress
default notification emails.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34106


git-svn-id: http://core.svn.wordpress.org/trunk@34074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:17:26 +00:00
Scott Taylor
373d73f781 Turn off autocomplete for the new-post-slug field.
Props johnbillion.
Fixes #32752.

Built from https://develop.svn.wordpress.org/trunk@34105


git-svn-id: http://core.svn.wordpress.org/trunk@34073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:03:25 +00:00
Dion Hulse
476b5c2046 When running on windows systems, normalise the capitalisation of the drive letter for more reliable string comparisons.
Props tyxla
Fixes #33265

Built from https://develop.svn.wordpress.org/trunk@34104


git-svn-id: http://core.svn.wordpress.org/trunk@34072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:59:25 +00:00
Scott Taylor
bae7312f03 Pass $r and $pages to the 'wp_dropdown_pages' and 'wp_list_pages' filters.
Props bigdawggi, SergeyBiryukov.
Fixes #23734.

Built from https://develop.svn.wordpress.org/trunk@34103


git-svn-id: http://core.svn.wordpress.org/trunk@34071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:32:24 +00:00
Scott Taylor
9604c74f62 Objects are passed by-reference since PHP 5. In _get_custom_object_labels(), cast $object->labels back to object before returning. This function is weird.
Adds unit test.

Props Toro_Unit.
Fixes #33023.

Built from https://develop.svn.wordpress.org/trunk@34102


git-svn-id: http://core.svn.wordpress.org/trunk@34070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:23:26 +00:00
Scott Taylor
ae6a3aee7f Make WP_List_Table::get_primary_column_name() public in list table classes that have it.
Fixes #33854.

Built from https://develop.svn.wordpress.org/trunk@34101


git-svn-id: http://core.svn.wordpress.org/trunk@34069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 01:12:25 +00:00
Scott Taylor
5077d917a3 Check if the $post_type passed to get_post_type_object() is a scalar value. Non-scalars were producing PHP warnings.
Adds unit tests.

Props Kloon.
Fixes #30013.

Built from https://develop.svn.wordpress.org/trunk@34100


git-svn-id: http://core.svn.wordpress.org/trunk@34068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 00:03:24 +00:00
Jeremy Felt
fa1e1a8850 Multisite: Implement the get_by_path method in WP_Network.
Move the internals of `get_network_by_path()` to `WP_Network()` and allow network objects to be retrieved by passing a requested domain and path.

Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.

Built from https://develop.svn.wordpress.org/trunk@34099


git-svn-id: http://core.svn.wordpress.org/trunk@34067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:40:24 +00:00
Scott Taylor
c745c2deb3 In edit_post_link(), add an argument for the class attribute that defaults to post-edit-link.
Props voldemortensen.
Fixes #30563.

Built from https://develop.svn.wordpress.org/trunk@34098


git-svn-id: http://core.svn.wordpress.org/trunk@34066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:34:24 +00:00
Jeremy Felt
16b4096779 Multisite: Introduce the WP_Network class.
A `WP_Network` object initially matches a row from `wp_site` and is populated with additional properties used by WordPress core. The first iteration is used to retrieve an existing network based on data passed to the class.

* A network can be retrieved by its ID through `WP_Network::get_instance()`, following in the steps of `WP_Post` and `WP_Comment`.
* A network object can be created or completed by passing initial properties in as a standard object to `new WP_Network()`.

Using these methods, we are now able to populate the global `$current_site` during load via this class.

Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.

Built from https://develop.svn.wordpress.org/trunk@34097


git-svn-id: http://core.svn.wordpress.org/trunk@34065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 23:31:26 +00:00
Andrea Fercia
2a6793c7b2 Bump H3 headings to H2 on the Writing Settings screen for better accessibility.
Props mrahmadawais.
Fixes #33651.
Built from https://develop.svn.wordpress.org/trunk@34096


git-svn-id: http://core.svn.wordpress.org/trunk@34064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 16:48:26 +00:00
Helen Hou-Sandí
7f772bdaff Comments: Fix inline edit/reply on small screens.
props ocean90, SergeyBiryukov.
fixes #33596.

Built from https://develop.svn.wordpress.org/trunk@34094


git-svn-id: http://core.svn.wordpress.org/trunk@34062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 12:47:27 +00:00
Weston Ruter
bd801ae5db Customize: Remove redundant aria-label attributes.
Adds an `$options` array argument to `WP_Screen::render_screen_options()` to allow the `div#screen-options-wrap` element to be omitted when `wrap` value is `false`.

Props afercia, westonruter.
Fixes #33182.

Built from https://develop.svn.wordpress.org/trunk@34093


git-svn-id: http://core.svn.wordpress.org/trunk@34061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-13 06:16:26 +00:00
Jeremy Felt
f7a00464d5 Tests: Update Tests_Feed_RSS::test_items to expect new comment permalink structure.
Introduced in [34075] for posts without comments.

Props netweb.
Fixes #19893.

Built from https://develop.svn.wordpress.org/trunk@34092


git-svn-id: http://core.svn.wordpress.org/trunk@34060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 23:31:25 +00:00
Boone Gorges
1ff03c9d6e Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.

As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.

We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.

Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
Built from https://develop.svn.wordpress.org/trunk@34091


git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Boone Gorges
c0a0d4ba50 Use stricter sanitization for meta query clause keys.
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.
Built from https://develop.svn.wordpress.org/trunk@34090


git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:06:24 +00:00
Boone Gorges
fc884dc7ec Allow setup_postdata() to accept a post ID.
Previously, it accepted only a full post object.

Props sc0ttclark, mordauk, wonderboymusic.
Fixes #30970.
Built from https://develop.svn.wordpress.org/trunk@34089


git-svn-id: http://core.svn.wordpress.org/trunk@34057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:58:23 +00:00
Boone Gorges
e0b1340461 Remove extraneous table join in get_adjacent_post().
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.

Fixes #32833.
Built from https://develop.svn.wordpress.org/trunk@34088


git-svn-id: http://core.svn.wordpress.org/trunk@34056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:34:24 +00:00
Dominik Schilling
4d5cd90b46 Revert [34013] and parts of [33970].
* `_WP_Editors::wp_mce_translation()` can't be changed without changing strings in TinyMCE and plugins.
* `\u2026` is escaped by `json_encode()` to `\\u2026`, makes `\u2026` visible in our UI.

See #32875.
Built from https://develop.svn.wordpress.org/trunk@34087


git-svn-id: http://core.svn.wordpress.org/trunk@34055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 20:03:24 +00:00
Dominik Schilling
720cea8cf9 Themes: Don't use HTML entities for placeholders.
See #32875.
Built from https://develop.svn.wordpress.org/trunk@34086


git-svn-id: http://core.svn.wordpress.org/trunk@34054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 19:48:24 +00:00
Scott Taylor
8977166746 In wp_insert_post(), when setting $post_author, use isset() instead of ! empty() to allow 0 to be passed as the value for $post_author.
Adds unit tests.

Props ericdaams, wonderboymusic.
Fixes #32585.

Built from https://develop.svn.wordpress.org/trunk@34085


git-svn-id: http://core.svn.wordpress.org/trunk@34053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 18:54:25 +00:00
Scott Taylor
8591f94b0a WP_Posts_List_Table: there are a cadre of edit.php URLs that are generated by string-building instead of using our handy functions. Create a helper method, ->get_edit_link() that standardizes the generation and escaping of these URLs.
Props BdN3504 for the initial patch on the ticket.
Fixes #32376.

Built from https://develop.svn.wordpress.org/trunk@34084


git-svn-id: http://core.svn.wordpress.org/trunk@34052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 17:13:25 +00:00
Scott Taylor
a2aca8d063 Use table-layout: auto (instead of fixed) on table.fixed to ensure that things like date/time don't horrendously wrap on small screens. Before/After screenshots attached to the ticket.
Props gaelan.
Fixes #32691.

Built from https://develop.svn.wordpress.org/trunk@34083


git-svn-id: http://core.svn.wordpress.org/trunk@34051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 16:04:25 +00:00
Scott Taylor
5a21742a6f wp_delete_post(): add a filter, 'pre_delete_post', to allow bailout from the function if the filter returns a non-null value.
Props boonebgorges.
Fixes #32933.

Built from https://develop.svn.wordpress.org/trunk@34082


git-svn-id: http://core.svn.wordpress.org/trunk@34050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 15:59:24 +00:00