Commit Graph

16674 Commits

Author SHA1 Message Date
Weston Ruter
39a2308a94 Customize: Prevent showing confirmation dialog when leaving Customizer after previewing theme switch without making any changes.
Fixes #42173.

Built from https://develop.svn.wordpress.org/trunk@41845


git-svn-id: http://core.svn.wordpress.org/trunk@41679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 05:17:49 +00:00
Weston Ruter
434e3aba82 Customize: Add changeset locking in Customizer to prevent users from overriding each other's changes.
* Customization locking is checked when changesets are saved and when heartbeat ticks.
* Lock is lifted immediately upon a user closing the Customizer.
* Heartbeat is introduced into Customizer.
* Changes made to user after it was locked by another user are stored as an autosave revision for restoration.
* Lock notification displays link to preview the other user's changes on the frontend.
* A user loading a locked Customizer changeset will be presented with an option to take over.
* Autosave revisions attached to a published changeset are converted into auto-drafts so that they will be presented to users for restoration.
* Focus constraining is improved in overlay notifications.
* Escape key is stopped from propagating in overlay notifications, and it dismisses dismissible overlay notifications.
* Introduces `changesetLocked` state which is used to disable the Save button and suppress the AYS dialog when leaving the Customizer.
* Fixes bug where users could be presented with each other's autosave revisions.

Props sayedwp, westonruter, melchoyce.
See #31436, #31897, #39896.
Fixes #42024.

Built from https://develop.svn.wordpress.org/trunk@41839


git-svn-id: http://core.svn.wordpress.org/trunk@41673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 04:01:46 +00:00
Mel Choyce
a19f05ad63 Customizer: Improve specificity of small-screen styles in Widgets panel.
Props mrasharirfan, celloexpressions.
Fixes #41614.

Built from https://develop.svn.wordpress.org/trunk@41837


git-svn-id: http://core.svn.wordpress.org/trunk@41671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 03:53:47 +00:00
Mel Choyce
7e6748ad61 Settings: Widen image size input fields on Media Settings page.
On narrower devices, input fields are too short to fit the number of default digits they contain. This widens the fields and also breaks each height and width attribute onto a new line for better usability, using some terrible CSS trickery. My apologies.

Props: Toru, Presskopp, desrosj, xkon, ryelle, melchoyce.
Fixes #34539.

Built from https://develop.svn.wordpress.org/trunk@41836


git-svn-id: http://core.svn.wordpress.org/trunk@41670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 03:48:47 +00:00
Mel Choyce
009c3a94bb Gallery Widget: Fix row spacing across major browsers.
Props petertoi .
Fixes #42188.

Built from https://develop.svn.wordpress.org/trunk@41834


git-svn-id: http://core.svn.wordpress.org/trunk@41668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 21:14:51 +00:00
Mel Choyce
71aa62101f Gallery Widget: Remove grey background behind gallery, and align images to the edge of the container.
Props Presskopp, benoitchantre, mrasharirfan.
Fixes #42101.

Built from https://develop.svn.wordpress.org/trunk@41833


git-svn-id: http://core.svn.wordpress.org/trunk@41667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 19:45:49 +00:00
Weston Ruter
2866a3cad2 Customize: Vary description for nav menu locations control based on whether it is shown during menu creation.
Also fix issue with initial visibility of notice when there are no menus.

Amends [41823].
Props bpayton, melchoyce, westonruter.
See #42116.
Fixes #42113.

Built from https://develop.svn.wordpress.org/trunk@41832


git-svn-id: http://core.svn.wordpress.org/trunk@41666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 19:38:50 +00:00
Mel Choyce
39f3764a4b Code Editors: Improve cursor interactions on warning notices.
Fixes an issue where hovering over the warning icon didn't work if there were multiple warnings on the same line of code. Also updates the cursor from "pointer" to "help" when hovering over warnings and errors.

Props joyously, obenland.
Fixes #42129.

Built from https://develop.svn.wordpress.org/trunk@41830


git-svn-id: http://core.svn.wordpress.org/trunk@41664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 18:25:46 +00:00
Gary Pendergast
a72be13ec0 Editor: Add the replace_editor filter.
This filter allows the Core editor to be replaced by an entirely different editor (coughcoughGUTENBERGcough).

Props azaozz, who is supposed to be on sabbatical right now.
Fixes #42119.


Built from https://develop.svn.wordpress.org/trunk@41829


git-svn-id: http://core.svn.wordpress.org/trunk@41663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 12:06:48 +00:00
Weston Ruter
43801ded60 Customize: Make sure saved state is initially false when restoring autosave revision so that Save button will be enabled.
Amends [41597].
Props sayedwp.
See #39896.
Fixes #42143.

Built from https://develop.svn.wordpress.org/trunk@41826


git-svn-id: http://core.svn.wordpress.org/trunk@41660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 05:57:48 +00:00
Weston Ruter
c6f2ff7a8e Customize: Add notice for when there are no nav menus created yet, prompting user to create one.
Props bpayton, melchoyce, westonruter.
Fixes #42116.

Built from https://develop.svn.wordpress.org/trunk@41823


git-svn-id: http://core.svn.wordpress.org/trunk@41657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 05:28:52 +00:00
Dion Hulse
b35cf2f529 Upgrades: Remove the usage of each() from WP_Upgrader for PHP 7.2 compatibility.
Props chrisvendiadvertisingcom, dd32.
Fixes #41524

Built from https://develop.svn.wordpress.org/trunk@41821


git-svn-id: http://core.svn.wordpress.org/trunk@41655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 04:24:50 +00:00
Weston Ruter
3609d0c4c5 Plugin Editor: Revert superseded changes to activate_plugin() and plugin_sandbox_scrape().
Partially revert [41671], [41561], [41560].
See #21622.
Fixes #39766.

Built from https://develop.svn.wordpress.org/trunk@41819


git-svn-id: http://core.svn.wordpress.org/trunk@41653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-11 00:03:48 +00:00
Weston Ruter
5bde734323 Customize: Fix vertical alignment of radio and checkbox inputs after [41740].
Props Shital Patel, subrataemfluence, sayedwp.
Amends [41740].
See #33085.
Fixes #42157.

Built from https://develop.svn.wordpress.org/trunk@41817


git-svn-id: http://core.svn.wordpress.org/trunk@41651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 23:45:51 +00:00
Weston Ruter
6c05b7bef2 Widgets: Clear dirty flag on widgets admin screen when widget is deleted to prevent irrelevant confirmation prompt when leaving.
Props hazimayesh, felipeelia.
Amends [41352], [41813].
See #23120, #42127.
Fixes #41894.

Built from https://develop.svn.wordpress.org/trunk@41814


git-svn-id: http://core.svn.wordpress.org/trunk@41648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 20:39:47 +00:00
Weston Ruter
7cb66a5353 Widgets: Allow deletion even when widget form fails validity checks.
Props felipeelia.
Amends [41352].
See #23120.
Fixes #42127.

Built from https://develop.svn.wordpress.org/trunk@41813


git-svn-id: http://core.svn.wordpress.org/trunk@41647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 18:07:51 +00:00
Mel Choyce
8f4e2bdb6b Customizer: Vertically center section arrows.
Props dualcube_subrata.
Fixes #42123.

Built from https://develop.svn.wordpress.org/trunk@41808


git-svn-id: http://core.svn.wordpress.org/trunk@41642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 16:23:50 +00:00
Weston Ruter
7b0dbf49fc Customize: Improve behavior and extensibility of theme loading and searching.
* Introduce `WP_Customize_Themes_Section::$filter_type`, which has built-in functionality for `local` and `remote` filtering. When this set to `local`, all themes are assumed to be loaded from Ajax when the section is first loaded, and subsequent searching/filtering is applied to the loaded collection of themes within the section. This is how the core "Installed" section behaves - third-party sources with limited numbers of themes may consider leveraging this implementation. When this is set to `remote`, searching and filtering always triggers a new remote query via Ajax. The core "WordPress.org" section uses this approach, as it has over 5000 themes to search.
* Refactor `filterSearch()` to accept a raw term string as input. This enables a feature filter to be used on a section where `filter_type` is `local`.
* Refactor `filter()` on a theme control to check for an array of terms. Also sort the results by the number of matches. Rather than searching for an exact match, this will now search for each word in a search distinctly, allowing things like tags to rank in search results more accurately.
* Split `loadControls()` into two functions for themes section JS: `loadThemes()` to initiate and manage an Ajax request and `loadControls()` to create theme controls based on the results of the Ajax call. If third-party sections need to change the way controls are loaded, such as by using a custom control subclass of `WP_Customize_Theme_Control`, this allows them to use the core logic for managing the Ajax call and only override the actual control-creation process.
* Introduce `customize_load_themes` filter to facilitate loading themes from third-party sources (or modifying the results of the core sections).
* Bring significant improvements to the installed themes search filter.

Props celloexpressions.
Amends [41648].
See #37661.
Fixes #42049.

Built from https://develop.svn.wordpress.org/trunk@41807


git-svn-id: http://core.svn.wordpress.org/trunk@41641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 07:09:52 +00:00
Gary Pendergast
58db3cb54e File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.


Built from https://develop.svn.wordpress.org/trunk@41806


git-svn-id: http://core.svn.wordpress.org/trunk@41640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:34:49 +00:00
Weston Ruter
1a22fb3b60 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.

Built from https://develop.svn.wordpress.org/trunk@41805


git-svn-id: http://core.svn.wordpress.org/trunk@41639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:27:49 +00:00
Weston Ruter
ef1c95ff91 Customize: Constrain focus when overlay notification is displayed.
* Restore previously-focused element when overlay notifications are dismissed.
* Allow notifications to be dismissed via keyboard.

Amends [41667].
See #42110, #35210, #39896.

Built from https://develop.svn.wordpress.org/trunk@41803


git-svn-id: http://core.svn.wordpress.org/trunk@41637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 03:34:53 +00:00
Weston Ruter
f462387431 Customize: Improve keyboard accessibility for publish settings section.
Props sayedwp.
See #39896.
Fixes #42027.

Built from https://develop.svn.wordpress.org/trunk@41802


git-svn-id: http://core.svn.wordpress.org/trunk@41636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 23:01:46 +00:00
Weston Ruter
598e5f400e Customize: Add jsdoc for api.panel, api.section, api.control, and api.notifications collections.
Props shramee, westonruter.
Fixes #39930.

Built from https://develop.svn.wordpress.org/trunk@41799


git-svn-id: http://core.svn.wordpress.org/trunk@41633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 18:56:55 +00:00
Weston Ruter
35b5c9e762 Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in top window.
* Open the door for future browser history feature in #28536, which is currently not feasible when customize-loader is used.
* Remove customizer-loader from being used on admin screens for Dashboard, Themes, non-shiny theme install/update.
* Keep the customize-loader functionality available for plugins, for the time being. It may become deprecated.
* Ensure `return` param in customizer links in Themes screen update to reflect `search` updated by `pushState`.
* Persist `return` when reloading Customizer due to theme switch, autosave restoration, or changeset trashing.
* Use `location.replace()` instead of changing `location.href` when trashing.
* Hide theme browser while Themes screen is loading when there is a `search` to prevent flash of unfiltered themes.
* Use throttling instead of debouncing when searching themes to ensure that screen is updated immediately on page load.
* Fix encoding and decoding of `search` param between URL and search field.
* Add support for dismissing autosaves when closing customize-loader, when it is used by plugins.
* Skip sending changeset UUID to customize-loader for population in browser location if changeset branching is not enabled.

See #28536.
Fixes #40254.

Built from https://develop.svn.wordpress.org/trunk@41797


git-svn-id: http://core.svn.wordpress.org/trunk@41631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 16:04:48 +00:00
John Blackbourn
c9e8431582 Users: Remove some links to the dashboard from My Sites for users who cannot access it.
See #41453

Built from https://develop.svn.wordpress.org/trunk@41796


git-svn-id: http://core.svn.wordpress.org/trunk@41630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 15:22:46 +00:00
John Blackbourn
f14b24792a Press This: Use "installation" when referring to the act of installing Press This.
Props Presskopp
Fixes #41620

Built from https://develop.svn.wordpress.org/trunk@41794


git-svn-id: http://core.svn.wordpress.org/trunk@41628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 14:08:48 +00:00
Weston Ruter
a01ae9a8c3 Customize: Fix confusion related to visibility of Themes panel with drafted/scheduled changesets.
* Prevent autoloading an existing draft/future changeset when theme not active.
* Add missing notifications container to Themes panel.
* Remove deactivation of themes panel when selected status is not publish.
* Show notification in Themes panel when themes cannot be previewed and disable preview buttons.
* Reject installTheme call when theme preview not available.
* Return promise from installTheme and eliminate use of global events in favor of promises.

Props westonruter, melchoyce, zoonini.
See #37661, #39896.
Fixes #42126.


Built from https://develop.svn.wordpress.org/trunk@41788


git-svn-id: http://core.svn.wordpress.org/trunk@41622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-07 06:00:54 +00:00
Sergey Biryukov
6ecdbe6e0e Editor: Fix JSHint errors after [41783].
See #42059.
Built from https://develop.svn.wordpress.org/trunk@41785


git-svn-id: http://core.svn.wordpress.org/trunk@41619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-06 19:12:49 +00:00
Andrew Ozz
765272e3e5 Editor:
- Fix keeping text selection and scroll position when there are embeds from URL.
- Add editor setting to disable keeping selection and scroll position.
- Remove dependency on Underscore.js.
- Fix error in the Text widget editor.

Props biskobe.
Fixes #42059, see #40854.
Built from https://develop.svn.wordpress.org/trunk@41783


git-svn-id: http://core.svn.wordpress.org/trunk@41617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-06 17:44:48 +00:00
Weston Ruter
b6297d1866 Customize: Prevent color default control type from overriding template for ColorControl.
Amends [41771].
See #30738.

Built from https://develop.svn.wordpress.org/trunk@41778


git-svn-id: http://core.svn.wordpress.org/trunk@41612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 14:36:57 +00:00
Weston Ruter
b5f75fc315 File Editors: Fix JSHint error after [41774].
See #31779.

Built from https://develop.svn.wordpress.org/trunk@41775


git-svn-id: http://core.svn.wordpress.org/trunk@41609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 04:43:47 +00:00
Helen Hou-Sandí
b698881469 File Editors: Introduce an interstitial warning upon first visit.
This is an effort to provide a speed bump before heading into something potentially destructive and some education for users on better alternatives, even as we make the file editors safer to use. Each user, including existing users, will be shown a one-time dismissible modal warning on their first visit to each of the theme and plugin file editors.

Copy tweaks to come.

props michelleweber, Ipstenu, melchoyce, adamsilverstein, westonruter, toddnestor, aryamaaru, ZaneMatthew, cliffseal, helen.
fixes #31779.

Built from https://develop.svn.wordpress.org/trunk@41774


git-svn-id: http://core.svn.wordpress.org/trunk@41608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 04:25:48 +00:00
Weston Ruter
9d6134a88c Customize: Add default control template for standard input types.
Re-use default template instead of introducing custom one for the Discard Changes button.

See #30738.

Built from https://develop.svn.wordpress.org/trunk@41771


git-svn-id: http://core.svn.wordpress.org/trunk@41605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 02:56:47 +00:00
Sergey Biryukov
561bde29c7 Administration: Add .protected-post-excerpt class to password-protected post excerpts in the posts list.
Props Soean, mp518, slaFFik, SergeyBiryukov.
Fixes #41426.
Built from https://develop.svn.wordpress.org/trunk@41770


git-svn-id: http://core.svn.wordpress.org/trunk@41604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 02:50:46 +00:00
Weston Ruter
275f4713a5 Customize: Improve the menu creation flow.
Often, folks run into two issues when they create new menus: they click "Add a Menu" thinking it will add a new page to their menu, or they forget to assign their new menu to a location, and then wonder why it doesn't show up on their site.

This commit rearranges the order of items in the menu panel, and updates the flow for creating a menu by breaking it up into steps. Additionally, more help text has been added to guide people through the process of creating a menu.

Also adds default `type` lookups for Panel and Section instances. See #30741.

Props bpayton, obenland, westonruter, celloexpessions, afercia, melchoyce, zoonini, michelleweber.
Fixes #40104.

Built from https://develop.svn.wordpress.org/trunk@41768


git-svn-id: http://core.svn.wordpress.org/trunk@41602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 02:22:49 +00:00
K. Adam White
2914ba6db8 Widgets: Fix jshint error in media widget.
Built from https://develop.svn.wordpress.org/trunk@41764


git-svn-id: http://core.svn.wordpress.org/trunk@41598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:58:48 +00:00
Sergey Biryukov
33beafaf02 Posts, Post Types: Introduce page_attributes_misc_attributes action that fires before the help hint text in the 'Page Attributes' meta box.
Props markcallen, MikeHansenMe.
Fixes #34034.
Built from https://develop.svn.wordpress.org/trunk@41763


git-svn-id: http://core.svn.wordpress.org/trunk@41597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:55:47 +00:00
Konstantin Obenland
5fe4acb1f5 Widgets: Allow oEmbeds in video widget.
Opens up video embeds to all supported video oEmbed providers.

Props westonruter.
See #42039.

Built from https://develop.svn.wordpress.org/trunk@41759


git-svn-id: http://core.svn.wordpress.org/trunk@41593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:22:47 +00:00
Gary Pendergast
37aa531cd4 Plugins: Tweak the plugin icons added in [41695].
- Remove plugins icons from the plugin list table, as there were performance issues loading the icons when the site had lots of plugins.
- Depending on which icons the plugin has uploaded, prefer them in this order: `svg`, `128x128`, `256x256`.
- Improve the style of the fallback icon for plugins that don't have an icon defined.

Props Travel_girl, danieltj, afercia, karmatosed,hugobaeta, empireoflight, brentjett, melchoyce, pento.
Fixes #30186.


Built from https://develop.svn.wordpress.org/trunk@41755


git-svn-id: http://core.svn.wordpress.org/trunk@41589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 23:43:46 +00:00
John Blackbourn
50948669eb Users: Revert [41613], [41614], and [41623] as this feature needs some more work.
See #38741

Built from https://develop.svn.wordpress.org/trunk@41753


git-svn-id: http://core.svn.wordpress.org/trunk@41587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 22:17:46 +00:00
Weston Ruter
f5bc1d1f52 Customize: Allow controls to be created with pre-instantiated Setting object(s), or even with plain Value object(s).
* Allow passing settings in keyed object (e.g. `settings: { default: 'id' }  ), or as an array (e.g. `settings: [ 'id' ]`) with first being default; again, `Setting`/`Value` objects may be supplied instead of IDs.
* Allow a single setting to be supplied with just a single `setting` param, either a string or a `Setting`/`Value` object.
* Update `changeset_status` and `scheduled_changeset_date` to be added dynamically with JS and simply passing of `api.state()` instances as `setting`.
* Introduce a `data-customize-setting-key-link` attribute which, unlike `data-customize-setting-link`, allows passing the setting key (e.g. `default`) as opposed to the setting ID.
* Allow `WP_Customize_Control::get_link()` to return `data-customize-setting-key-link` when setting is not registered.
* Eliminate `default_value` from `WP_Customize_Date_Time_Control` since now comes from supplied `Value`.
* Export status choices as `wp.customize.settings.changeset.statusChoices`.
* Export date and time formats as `wp.customize.settings.dateFormat` and `wp.customize.settings.timeFormat` respectively.

Props westonruter, sayedwp.
See #39896, #30738, #30741, #42083.
Fixes #37964, #36167.

Built from https://develop.svn.wordpress.org/trunk@41750


git-svn-id: http://core.svn.wordpress.org/trunk@41584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 20:02:49 +00:00
Mike Schroder
e8a1a7ab2b Media: Store video creation date in meta.
When able to be parsed, store the created date for a video file from meta,
since this is useful separately from the dates on the file itself.

Introduces `wp_get_media_creation_timestamp()` to read the timestamp from
getID3 and a `wp_read_video_metadata` filter analogous to
`wp_read_image_metadata`.

Fixes #35218.
Props stevegrunwell, joemcgill, desrosj, blobfolio, mikeschroder.
Built from https://develop.svn.wordpress.org/trunk@41746


git-svn-id: http://core.svn.wordpress.org/trunk@41580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 19:32:47 +00:00
Sergey Biryukov
0f0ab0e8ef Media: Improve the preview of transparent images in Edit Image modal by using CSS3 to show a checkered background.
Props powerzilly, stevepuddick.
Fixes #41966. See #41948.
Built from https://develop.svn.wordpress.org/trunk@41742


git-svn-id: http://core.svn.wordpress.org/trunk@41576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:35:46 +00:00
John Blackbourn
fbd44ee554 Security: Add a referrer policy header to the admin and login screens.
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036

Built from https://develop.svn.wordpress.org/trunk@41741


git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
Weston Ruter
c03b283f37 Customize: Improve accessibility of markup for base WP_Customize_Control and WP_Customize_Nav_Menu_Control with proper use of label elements and inclusion of aria-describedby.
See #33085.
Props valendesigns, afercia, westonruter.

Built from https://develop.svn.wordpress.org/trunk@41740


git-svn-id: http://core.svn.wordpress.org/trunk@41574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:12:46 +00:00
Weston Ruter
55ba2f5e53 Customize: Fix theme details modal by updating logic in getPreviousTheme and getNextTheme to not rely on DOM traversal and manually constructing control IDs.
Amends [41726].
See #42083, #37661.

Built from https://develop.svn.wordpress.org/trunk@41739


git-svn-id: http://core.svn.wordpress.org/trunk@41573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 16:49:46 +00:00
Joe McGill
7e29c9646a Customizer: Minimize duplicate header crops in the media library.
This adds `Custom_Image_Header::get_previous_crop()`, which finds any
previously cropped headers created from the same base image and replaces
that attachment rather than creating a new attachment.

After updating a crop, the replaced images is also removed from the list
of previous header images in the Customizer.

See #21819.

Built from https://develop.svn.wordpress.org/trunk@41732


git-svn-id: http://core.svn.wordpress.org/trunk@41566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 14:59:48 +00:00
Weston Ruter
f8c6040ff5 Customize: Improve usability of Customize JS API.
* Eliminate need to pass both ID and instance in calls to `Values#add()` for panels, sections, controls, settings, partials, and notifications.
* Eliminate need to supply `content` param when constructing a `Control`.
* Unwrap the `options.params` object passed in constructors to just pass a flat `options`. (Back-compat is maintained.)
* Add support for `templateId` param for `Control` to override which template is used for the content.
* Remove unused `previewer` being supplied in `Control` instances.
* Rename `classes` to `containerClasses` on `Notification`.
* Automatically supply `instanceNumber` to improve stable sorting.
* Use `api.Notifications` for notifications in settings instead of `api.Value`.

See #30741.
Fixes #42083.

Built from https://develop.svn.wordpress.org/trunk@41726


git-svn-id: http://core.svn.wordpress.org/trunk@41560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 06:48:46 +00:00
Weston Ruter
5f7a5c1246 File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

Built from https://develop.svn.wordpress.org/trunk@41721


git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 00:20:45 +00:00
Felix Arntz
1130241bbd Multisite: Replace calls to refresh_blog_details() with clean_blog_cache().
Fixes #42077. See #40201.

Built from https://develop.svn.wordpress.org/trunk@41717


git-svn-id: http://core.svn.wordpress.org/trunk@41551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 19:05:46 +00:00