Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.
Props ajoah, johnbillion, peterwilsoncc
Fixes#38293
Built from https://develop.svn.wordpress.org/trunk@39062
git-svn-id: http://core.svn.wordpress.org/trunk@39004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [38625], any media searches that already included JOINs,
e.g., `tax_queries`, would get trampled when we joined the post meta
table to search for filenames. This preserves existing JOINs and
also only applies the `_filter_query_attachment_filenames()` filter
when a search query is being performed.
Props flixos90, joemcgill.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38733
git-svn-id: http://core.svn.wordpress.org/trunk@38676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This applies a new private function, `_filter_query_attachment_filenames()`,
to the `post_clauses` filter hook during `wp_ajax_query_attachments()` and
`wp_edit_attachments_query_vars()` to include `_wp_attached_file` post meta
in search queries performed from the media library or in a `WP_Media_List_Table`.
Props wonderboymusic, DrewAPicture, joemcgill, swissspidy.
Fixes#22744.
Built from https://develop.svn.wordpress.org/trunk@38625
git-svn-id: http://core.svn.wordpress.org/trunk@38568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, changing the post thumbnail of a published post in the edit screen
would immediately apply the change, rather than waiting for the post to be
saved before applying the update. This could lead to someone unintentionally
editing the post thumbnail on a published post, and made it impossible to
preview changes to post thumbnails on published posts before saving the change.
This introduces a new Ajax handler, `wp_ajax_get_post_thumbnail_html()` to
retrieve the HTML for the post thumbnail meta box without updating the post
meta value for `_thumbnail_id`. It also allows post thumbnail changes to be
previewed by passing the `_thumbnail_id` as a query variable to the preview
screen and adding a new filter, `_wp_preview_post_thumbnail_filter()`, which
gets applied to `get_post_metadata` during the post preview process.
Props flixos90.
Fixes#12922.
Built from https://develop.svn.wordpress.org/trunk@38118
git-svn-id: http://core.svn.wordpress.org/trunk@38059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.
See #35557
Built from https://develop.svn.wordpress.org/trunk@36930
git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Move the array processing to a new function, `_wp_post_revision_data()`.
* Make both functions accept a post array or a `WP_Post` object.
* Always apply the `_wp_post_revision_fields` filter and pass the post data to it.
Fixes#13382.
Built from https://develop.svn.wordpress.org/trunk@36659
git-svn-id: http://core.svn.wordpress.org/trunk@36626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The title attribute is now replaced with plain text in a `howto` paragraph, as done for example in the Tags postbox.
Adds an `aria-describedby` attribute on the thumbnail link to target the description.
Also, fixes the focus style on the featured image thumbnail.
Fixes#35076.
Built from https://develop.svn.wordpress.org/trunk@36000
git-svn-id: http://core.svn.wordpress.org/trunk@35965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add 2 methods to `WP_List_Table`, `->get_orderby()` and `->get_order()`. Override the methods in `WP_Posts_List_Table`.
`WP_Posts_List_Table` calls `wp_edit_posts_query()` in `->prepare_items()` which is a wrapper for `wp()`. As such, we can obtain `orderby` and `order` via `get_query_var()`, instead of the URL.
Fixes#25493.
Built from https://develop.svn.wordpress.org/trunk@34728
git-svn-id: http://core.svn.wordpress.org/trunk@34692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, unattached attachments would have unsightly `/?attachment_id=1` URLs. As we've moved away from attachments being specifically attached to posts, instead being Media items, this has made the unattached URLs a more common occurrence.
We can breath easy once more, knowing that the world is a little bit safer from the horror of unnecessarily ugly URLs.
Props SergeyBiryukov, wonderboymusic, pento.
Fixes#1914.
Built from https://develop.svn.wordpress.org/trunk@34690
git-svn-id: http://core.svn.wordpress.org/trunk@34654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there were two persistent "View Post" links on an edit screen: next to the permalink and in the toolbar. This would then become three links after a post was published or updated, as a link is also included in the admin notice. This is a lot of redundancy and visual noise for a flow that is not your primary action upon starting to edit a post. The "View Post" link next to the sample permalink was particularly bad because it is styled like a button, but unlike a button, does not keep you on the current screen.
Because the permalink is now linked, there is no highlighted slug that you can click to edit, but rather just the "Edit" button.
props scribu, lessbloat, sabreuse, SergeyBiryukov, DrewAPicture, helen.
see #18306.
Built from https://develop.svn.wordpress.org/trunk@34670
git-svn-id: http://core.svn.wordpress.org/trunk@34634 1a063a9b-81f0-0310-95a4-ce76da25c4cd