Commit Graph

5953 Commits

Author SHA1 Message Date
Aaron Campbell
3ef577baad Add nonce for updating file system credentials.
Merges [40723] to 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40727


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:55:30 +00:00
Pascal Birchler
63d7638596 Fix broken audio/video functions when sanitizing ID3 data
This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40463


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-17 13:17:31 +00:00
John Blackbourn
75dc2799cc Press This: Verify intent before fetching in-page resources using Press This.
Props vortfu

Merges [40195] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40199


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 14:02:34 +00:00
Jeremy Felt
b1c0510af3 Validate video and audio metadata.
Merge of [40148] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@40152


git-svn-id: http://core.svn.wordpress.org/branches/4.4@40091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 08:07:32 +00:00
John Blackbourn
e481987c51 Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field.
Merges [39956] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@39980


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:15:28 +00:00
Dominik Schilling
233a0f8d9b Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Merge of [39968] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@39973


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 14:12:33 +00:00
Aaron Campbell
e7806a428d Add nonce for widget accessibility mode.
Props vortfu.

See #23328.

Merges [39760] to 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@39764


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 01:45:31 +00:00
Joe McGill
2e2570f669 Media: Improved media titles when created from filename.
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.

Merge of [38615] to the 4.4 branch.

Fixes #37989.

Built from https://develop.svn.wordpress.org/branches/4.4@39712


git-svn-id: http://core.svn.wordpress.org/branches/4.4@39652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 22:00:06 +00:00
Jeremy Felt
b8e218019a Media: Sanitize upload filename.
Merge of [38538] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@38541


git-svn-id: http://core.svn.wordpress.org/branches/4.4@38484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-07 13:58:28 +00:00
Pascal Birchler
48dad74eb6 Upgrade/Install: Sanitize file name in File_Upload_Upgrader.
Merge of [38524] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@38527


git-svn-id: http://core.svn.wordpress.org/branches/4.4@38468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:49:40 +00:00
Gary Pendergast
c9fb1436ed Database: dbDelta() will no longer try to downgrade the size of TEXT and BLOB columns.
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.

On the subsequent upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their new size, so let's do that.

This also fixes a typo in the `dbDelta()` tests.

Merge of [37525] to the 4.4 branch.
Partial merge of [36552] to the 4.4 branch.

See #36748.


Built from https://develop.svn.wordpress.org/branches/4.4@37936


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 07:00:50 +00:00
Nikolay Bachiyski
bf3b6b800d Admin: escape URL-encoded permalinks
Merge of [37801] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@37807


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:51:29 +00:00
Rachel Baker
2a00e5a736 Revisions: Change the capability needed to view revision diffs to edit_post.
Merge of [37779] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37796


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:32:27 +00:00
Nikolay Bachiyski
e22ceae1b7 Admin: Escape attachment name in case it contains special characters
Merge of [37774] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@37785


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:24:27 +00:00
Boone Gorges
7f84cb69ea Taxonomy: More specific cap check when processing category data on post save.
Ports [37691] to the 4.4 branch.

Props dlh.
Fixes #36379.
Built from https://develop.svn.wordpress.org/branches/4.4@37767


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-21 14:16:28 +00:00
Aaron Jorbin
940b403576 Remove Debugging code introduced in [37146]
Built from https://develop.svn.wordpress.org/branches/4.4@37147


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 18:56:28 +00:00
Aaron Jorbin
9e1133b642 Add Nonce to updating wporg_favorites user meta field
Merges [37145] to the 4.4 branch

Built from https://develop.svn.wordpress.org/branches/4.4@37146


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 18:41:26 +00:00
Nikolay Bachiyski
fc416c81fe Add nonce to AJAX action for script compression setting
Merges [37143] to the 4.4 branch

Built from https://develop.svn.wordpress.org/branches/4.4@37144


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 18:31:28 +00:00
Dominik Schilling
98b994303e Media: In wp_read_image_metadata() make sure that IPTC keywords are UTF8 encoded.
Prevents missing `_wp_attachment_metadata` when an image contains keywords with latin extended characters.

Merges [36429] to the 4.4 branch.
See #35316.
Built from https://develop.svn.wordpress.org/branches/4.4@36430


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:58:28 +00:00
Dion Hulse
ced6b063a3 List Tables: When a user has hidden all columns, do not override that with the default_hidden_columns filter.
Merges [36154] to the 4.4 branch.
Props Compute, jorbin, voldemortensen.
Fixes #35057.

Built from https://develop.svn.wordpress.org/branches/4.4@36155


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 04:45:22 +00:00
Dion Hulse
ac6b8ae319 Admin: Restore the "Show advanced menu properties" checkboxes IDs.
These checkboxes are used on the Menus screen options and the Customizer Menus options.
Their IDs were removed in [34991] but they're needed to get the checkboxes to be saved
via AJAX. Also, avoids a useless AJAX call.

Merge [36137] to the 4.4 branch.
Props afercia.
Fixes #35112.

Built from https://develop.svn.wordpress.org/branches/4.4@36145


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-02 03:34:21 +00:00
Dion Hulse
b894426307 Help Tab Order should be based on the Priority Argument
[34370] made the order that tabs are returned respect the order they are added, however it broke the respect of priority. By using a ksort instead of a sort, we can restore that default behavior. This adjusts the unit tests so that both order added and priority are tested.

Merges [36089] to the 4.4 branch.
Props meitar, swissspidy, jorbin
Fixes #35215. See #33941.

Built from https://develop.svn.wordpress.org/branches/4.4@36104


git-svn-id: http://core.svn.wordpress.org/branches/4.4@36069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-27 02:14:22 +00:00
Dion Hulse
a44134a96d Filesystem: Revert [33648] and [34733] unfortunately these have caused issues for some servers, while fixing it for others.
See #28013
Fixes #34976 for the 4.4 branch
Fixes #34976 for the 4.4 branch

Built from https://develop.svn.wordpress.org/branches/4.4@35945


git-svn-id: http://core.svn.wordpress.org/branches/4.4@35909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-15 02:37:26 +00:00
Dominik Schilling
41f0bf0bc1 List Tables: Revert [34728] and [35482].
Part of [34728] was already reverted in [35682], but the default values still made it impossible to set a default ordering for custom post types.

Merge of [35818] for the 4.4 branch.

See #25493.
Fixes #34825.
Built from https://develop.svn.wordpress.org/branches/4.4@35819


git-svn-id: http://core.svn.wordpress.org/branches/4.4@35783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 20:08:26 +00:00
Boone Gorges
43d1ab4720 Use 'invalid_username' error code when tripping 'illegal_user_logins'.
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.

Props markjaquith.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35772


git-svn-id: http://core.svn.wordpress.org/trunk@35736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:25:26 +00:00
Helen Hou-Sandí
2f287af8aa Media: Avoid rel="rel=" situations.
props lucymtc, swissspidy.
fixes #34826. see #32074.

Built from https://develop.svn.wordpress.org/trunk@35760


git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Scott Taylor
d569b9609e Media: show Trash filter for Media list table when MEDIA_TRASH is true.
Props chacha102.
Fixes #34795.

Built from https://develop.svn.wordpress.org/trunk@35752


git-svn-id: http://core.svn.wordpress.org/trunk@35716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:48:25 +00:00
Mark Jaquith
1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
John Blackbourn
ec24d6e001 In a similar vein to [34133], escape the email address and IP address of comment authors to increase defence in depth.
Built from https://develop.svn.wordpress.org/trunk@35748


git-svn-id: http://core.svn.wordpress.org/trunk@35712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:43:24 +00:00
Dominik Schilling
9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Helen Hou-Sandí
e24681632e Avoid potential fatal errors after [35718].
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.

In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)

fixes #33413.

Built from https://develop.svn.wordpress.org/trunk@35740


git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:19:26 +00:00
Scott Taylor
79a2915a9b Upgrade: New themes are not automatically installed on upgrade. This can still be explicitly asked for by defining CORE_UPGRADE_SKIP_NEW_BUNDLED as false.
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do. 

Props nacin, jeremyfelt, dd32.
See #34306.

Built from https://develop.svn.wordpress.org/trunk@35738


git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 21:45:25 +00:00
Sergey Biryukov
60c8e272f5 Docs: Improve DocBlock formatting for add_menu_page() and add_submenu_page() wrappers.
See #34360.
Built from https://develop.svn.wordpress.org/trunk@35731


git-svn-id: http://core.svn.wordpress.org/trunk@35695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:56:26 +00:00
Helen Hou-Sandí
2cdeac7cf6 Pass the $post object as context to postmeta_form_keys.
see #33885, #18979.

Built from https://develop.svn.wordpress.org/trunk@35730


git-svn-id: http://core.svn.wordpress.org/trunk@35694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-23 17:15:29 +00:00
Gary Pendergast
d04396d0ad Docs: Replace a reference to WP.org with WordPress.org.
Built from https://develop.svn.wordpress.org/trunk@35729


git-svn-id: http://core.svn.wordpress.org/trunk@35693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 22:38:26 +00:00
Sergey Biryukov
ae04eba0b6 Comments: After [35670], change the CSS class for the pending comments count back to moderated.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35726


git-svn-id: http://core.svn.wordpress.org/trunk@35690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 15:23:26 +00:00
Sergey Biryukov
bc1e479fd0 After [35718], update the location of some files in This filter is documented in docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Helen Hou-Sandí
e549e56f02 Custom fields: Allow for short-circuiting the meta key dropdown.
Adds the `postmeta_form_keys` filter which allows for a potentially expensive query against postmeta to be avoided.

props ericmann, tollmanz, nacin.
see #33885.

Built from https://develop.svn.wordpress.org/trunk@35717


git-svn-id: http://core.svn.wordpress.org/trunk@35681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 06:16:50 +00:00
Boone Gorges
f173cdfb18 On 4.4 upgrade, remove the unused 'add_users' cap from all roles.
Fixes #16719.
Built from https://develop.svn.wordpress.org/trunk@35701


git-svn-id: http://core.svn.wordpress.org/trunk@35665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 03:53:28 +00:00
Scott Taylor
a99f7baa5a List Tables: Fix PHP error notice when $columns is null
Use of `register_column_headers()` and `print_column_headers()` creates a `_WP_List_Table_Compat` without any columns. When the List Table object doesn't have any columns, there's naturally no primary column.

Props danielbachhuber.
Fixes #34148.

Built from https://develop.svn.wordpress.org/trunk@35698


git-svn-id: http://core.svn.wordpress.org/trunk@35662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 23:01:26 +00:00
Aaron Jorbin
e8d8e79371 Revert [34291] bringing back my-hacks
Keeping myhacks support is a small price to pay for not breaking people's sites.  Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.

https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.

Fixes #33741.



Built from https://develop.svn.wordpress.org/trunk@35688


git-svn-id: http://core.svn.wordpress.org/trunk@35652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:49:26 +00:00
Dominik Schilling
c25efe2d52 Revert [35336] and [35337].
See #28344.
Built from https://develop.svn.wordpress.org/trunk@35685


git-svn-id: http://core.svn.wordpress.org/trunk@35649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:30:25 +00:00
Scott Taylor
19834a4c21 List Tables: After [35622] and [34271], improve pagination logic when queries are altered.
Props bradyvercher.
Fixes #29870.

Built from https://develop.svn.wordpress.org/trunk@35683


git-svn-id: http://core.svn.wordpress.org/trunk@35647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:25:26 +00:00
Scott Taylor
af0498989c List Tables: After [34728], don't try to infer orderby from query params.
List tables are really good.

Props cklosows.
Fixes #25493.

Built from https://develop.svn.wordpress.org/trunk@35682


git-svn-id: http://core.svn.wordpress.org/trunk@35646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:19:26 +00:00
Scott Taylor
f2e9e98fa6 Media: in media_send_to_editor(), use wp_json_encode() instead of addslashes().
Props TobiasBg.
Fixes #22135.

Built from https://develop.svn.wordpress.org/trunk@35677


git-svn-id: http://core.svn.wordpress.org/trunk@35641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:40:27 +00:00
Scott Taylor
838592c1ba List Tables: because we can never eradicate the existence of globals, ensure that $comment is hoisted into the global space inside WP_Comments_List_Table::single_row().
Fixes #34654.

Built from https://develop.svn.wordpress.org/trunk@35674


git-svn-id: http://core.svn.wordpress.org/trunk@35638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 19:05:30 +00:00
Sergey Biryukov
bc41f44158 I18N: After [34424], replace the placeholder with comments count after translate_nooped_plural() runs, not before.
Props hnle.
Fixes #34680.
Built from https://develop.svn.wordpress.org/trunk@35670


git-svn-id: http://core.svn.wordpress.org/trunk@35634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 18:04:28 +00:00
Drew Jaynes
283b7d0a66 Plugins: Rename the delete_plugin action hook (introduced in [35094]) to deleted_plugin as it fires ''following'' a plugin deletion attempt.
Further, introduce a new `delete_plugin` action hook, to be fired ''before'' a plugin deletion attempt. Both changes bring parity with other such transactional hooks in core that fire before and after certain actions, including on plugin activation/deactivation and install/uninstall, among others.

Props johnjamesjacoby.
Fixes #26904.

Built from https://develop.svn.wordpress.org/trunk@35669


git-svn-id: http://core.svn.wordpress.org/trunk@35633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 17:58:26 +00:00
Sergey Biryukov
0d4cf36199 I18N: Remove <a> tag from translatable string in wp-admin/includes/class-wp-comments-list-table.php.
Props ramiy.
Fixes #34686.
Built from https://develop.svn.wordpress.org/trunk@35666


git-svn-id: http://core.svn.wordpress.org/trunk@35630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 17:34:27 +00:00