If the token is set (`$keep` is a string), this means the user is viewing their own profile-editing screen and destroying their own sessions (except the current one). If it isn't set (`$keep` is null), the user is editing another user's profile and destroying all of their sessions with no exceptions.
See #30264, #30469
Built from https://develop.svn.wordpress.org/trunk@30595
git-svn-id: http://core.svn.wordpress.org/trunk@30585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Variables in DocBlocks should be backtick-escaped
* Parameter and return types should be as specific as possible
* `@param` types and variables should align with each other, but not intentionally with the `@return` description
See #30230.
Built from https://develop.svn.wordpress.org/trunk@30284
git-svn-id: http://core.svn.wordpress.org/trunk@30284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use a `MutationObserver` to listen to the `body` class of the parent editor frame.
* In `wpview_media_sandbox_styles()`, only return the MEjs stylesheets.
* In `wp_ajax_parse_media_shortcode()` and `wp_ajax_parse_embed()`, return an object instead of an HTML blob to allow passing `body` and `head` separately
Props avryl, azaozz.
Fixes#29048.
Built from https://develop.svn.wordpress.org/trunk@29615
git-svn-id: http://core.svn.wordpress.org/trunk@29389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a setting to `_wpMediaViewsL10n.settings`: `mediaTrash`
* In the attachment edit modal, properly toggle between Trash/Untrash
* In `media.view.Attachment`, add a method for `untrashAttachment`
* When creating the grid toolbar, switch the setting order of subviews so that `media.view.DeleteSelectedButton` can listen to the instance of `media.view.AttachmentFilters.All` to update the text in its UI.
* Add a new filter to `media.view.AttachmentFilters.All`, `trash`, when `settings.mediaTrash` is true
* Allow the cached queries in `Query.get()` to be flushed when race conditions exist and collections need to be refreshed. This is currently only being used when `MEDIA_TRASH` is set, to refresh the filtered/mirrored collections related to `all`, `trash`, and any already queried filter.
* Cleanup the bootstrapping of `media.view.MediaFrame.Manage`
* Allow `wp_ajax_query_attachments()` to return items from the trash when `MEDIA_TRASH` is `true`
* Allow `wp_ajax_save_attachment()` to set `post_status` when `MEDIA_TRASH` is `true`. It allows `wp_delete_post()` to be called, which will trash the attachment instead of deleting when the flag is set.
Props koop for the knowledge sharing and thought partnership.
See #29145.
Built from https://develop.svn.wordpress.org/trunk@29490
git-svn-id: http://core.svn.wordpress.org/trunk@29268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We will no longer replace previously valid oEmbed responses with an `{{unknown}}` cache value. When this happens due to reaching a rate limit or a service going down, it is data loss, and is not acceptable. This means that oEmbed caches for a post are no longer deleted indiscriminately every time that post is saved.
oEmbed continues to be cached in post meta, with the addition of a separate meta key containing the timestamp of the last retrieval, which is used to avoid re-requesting a recently cached oEmbed response. By default, we consider a valued cached in the past day to be fresh. This can greatly reduce the number of outbound requests, especially in cases where a post containing multiple embeds is saved frequently.
The TTL used to determine whether or not to request a response can be filtered using `oembed_ttl`, thus allowing for the possibility of respecting the optional oEmbed response parameter `cache_age` or altering the period of time a cached value is considered to be fresh.
Now that oEmbeds are previewed in the visual editor as well as the media modal, oEmbed caches are often populated before a post is saved or published. By pre-populating and avoiding having to re-request that response, we also greatly reduce the chances of a stampede happening when a published post is visible before oEmbed caching is complete.
As it previously stood, a stampede was extremely likely to happen, as the AJAX caching was only triggered when `$_GET['message']` was 1. The published message is 6. We now trigger the caching every time `$_GET['message']` is present on the edit screen, as we are able to avoid triggering so many HTTP requests overall.
props markjaquith. fixes#14759. see #17210.
Built from https://develop.svn.wordpress.org/trunk@28972
git-svn-id: http://core.svn.wordpress.org/trunk@28761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* In `wp_ajax_add_tag()`, `$post_type` is set and never used.
* In `wp_ajax_hidden_columns()`, `$hidden` is set twice, but only checks for the existence of `$_POST['hidden']` the first time. The two lines can be combined and work together.
* In `wp_ajax_inline_save()`, `$mode` is set and never used.
* In `wp_ajax_find_posts()`, `$searchand = $search = '';` is leftover cruft, neither variable is used. `$wpdb` does not need to be imported, it is never used.
* In `wp_ajax_wp_fullscreen_save_post()`, `$post_type` is set and never used.
* In `wp_ajax_save_attachment_order()`, `$post` is set and never used.
* In `wp_ajax_send_attachment_to_editor()`, `$title` is set and never used.
See #27882.
Built from https://develop.svn.wordpress.org/trunk@28292
git-svn-id: http://core.svn.wordpress.org/trunk@28120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Removes wp-tinymce-schema.js and mark-loaded.js, no longer needed.
- Removes the inlinepopups and most of the wpdialogs plugins; wpdialog.js is moved to wp-includes/js.
- Adds charmap, compat3x, image, link and textcolor plugins, previously contained in /themes/advanced.
- Updates the wordpress, wpeditimage, wpfullscreen, wpgallery and wplink plugins.
- Updates DFW, wp-admin/js/wp-fullscreen.js.
See #24067.
Built from https://develop.svn.wordpress.org/trunk@26876
git-svn-id: http://core.svn.wordpress.org/trunk@26759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Update about page, there's now 8.
* Display them four wide, not three, and ensure adequate spacing.
* Use a dedicated nonce.
* Push Light to the front in addition to Default.
* Use user-profile.js on about.php. A few extra things are initialized but they are harmless.
see #26468, #26387.
Built from https://develop.svn.wordpress.org/trunk@26776
git-svn-id: http://core.svn.wordpress.org/trunk@26663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use wp_add_dashboard_widget() rather than add_meta_box().
* Use original functions like wp_dashboard_primary(), wp_dashboard_right_now(), wp_dashboard_quick_press() (where possible).
* Only include plugins section of the news widget when appropriate, which necessitates the set_current_screen() via the ajax action.
* Remove some debug cruft that was preventing caching and invalidation.
* Simplify lots of things where possible.
see #25824.
Built from https://develop.svn.wordpress.org/trunk@26220
git-svn-id: http://core.svn.wordpress.org/trunk@26128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Color scheme selection on your own profile page gives you a preview and autosaves the selection.
Also introduces the usage of a preprocessor for core files, namely Sass. For 3.8, we will not expand its implementation past the color schemes. This does require Ruby as well as Sass 3.3.0+ due to the usage of the sourcemap option.
Note that only the default color scheme is available when running out of src. Use build to test the rest as well as the color picker.
props ryelle, melchoyce, tillkruess, drw158, littlethingsstudio, helen. see #25858, #22862.
Built from https://develop.svn.wordpress.org/trunk@26137
git-svn-id: http://core.svn.wordpress.org/trunk@26048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.
All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.
Fixes#25282.
Built from https://develop.svn.wordpress.org/trunk@25438
git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`
See #25282.
Built from https://develop.svn.wordpress.org/trunk@25433
git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminates the bloated Revisions meta box in favor of 'Revisions: #' in the publish box.
* Adds ability to compare autosave to current post, when revisions are disabled.
* Makes autosaves stand out visually, including "Restore This Autosave".
Also:
* Adds missing capability check for restoring a revision.
* When no revision matches the post's current modified time, avoid marking an autosave as 'current'.
* Fixes wp_get_post_autosave() to return an autosave even when revisions are disabled.
* Add 'check_enabled' arg to wp_get_post_revisions(); false avoids the wp_revisions_enabled() check.
* Adds a responsive slider that is narrower for fewer versions. props markjaquith.
see #24804.
git-svn-id: http://core.svn.wordpress.org/trunk@24790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Loading indicator when the user is waiting for a trip to the server.
* Bug fixes for diff priming.
* Fix the date display.
* Forget about local comparator, instead order by `modified` on the server.
* Initialize the frame model before the view (this was the source of a LOT of heartache).
git-svn-id: http://core.svn.wordpress.org/trunk@24667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
- After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
- Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
- Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.
See #23295, see #23216.
git-svn-id: http://core.svn.wordpress.org/trunk@24528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Much simpler PHP API
* Cleaner and more Backbone-y JS API
* Consequently, does batch queries; this now scales up to hundreds of revisions
Currently missing, but much easier considering the cleaned up base:
* Compare two mode
* RTL
props koopersmith, nacin, adamsilverstein, ocean90. see #24425
git-svn-id: http://core.svn.wordpress.org/trunk@24520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Move nonces refreshing from autosave to lock checking.
- Do autosave only when there is something to save.
See #23295
git-svn-id: http://core.svn.wordpress.org/trunk@24209 1a063a9b-81f0-0310-95a4-ce76da25c4cd