When installing and using database-saved salts, wp_create_nonce() causes database errors as wp_salt() attempts to insert into the not-yet-created options table. Since authentication isn't available during installation, we can safely skip creating a nonce.
Props nullvariable, pento, dd32.
Fixes#39047.
Built from https://develop.svn.wordpress.org/trunk@39684
git-svn-id: http://core.svn.wordpress.org/trunk@39624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
SimplePie can set the Content-Type header automatically with the correct charset for convenience, but we already force the charset to match the site's, making it redundant at best. At worst, SimplePie incorrectly overrides the content-type for non-HTML content (such as API requests).
Props dlh, stevenkword.
Fixes#39066.
Built from https://develop.svn.wordpress.org/trunk@39681
git-svn-id: http://core.svn.wordpress.org/trunk@39621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.
Props rachelbaker.
Fixes#39280.
Built from https://develop.svn.wordpress.org/trunk@39663
git-svn-id: http://core.svn.wordpress.org/trunk@39603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.
Props bcworkz.
Fixes#39315.
Built from https://develop.svn.wordpress.org/trunk@39662
git-svn-id: http://core.svn.wordpress.org/trunk@39602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.
See #25239 for correcting the email address.
Fixes#39360.
Built from https://develop.svn.wordpress.org/trunk@39655
git-svn-id: http://core.svn.wordpress.org/trunk@39595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replaces the "doesn't" contraction with "does not" to be consistent with similar strings in `WP_Error` messages when a specified term or parent term is missing in `WP_REST_Terms_Controller`.
Props ramiy, ocean90.
Fixes#39176.
Built from https://develop.svn.wordpress.org/trunk@39648
git-svn-id: http://core.svn.wordpress.org/trunk@39588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.
Props timmydcrawford, tyxla.
Fixes#39033.
Built from https://develop.svn.wordpress.org/trunk@39647
git-svn-id: http://core.svn.wordpress.org/trunk@39587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [38674], the `wp_update_comment_data` filter took place after the `$data` was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅
This moves the `wp_update_comment_data` filter to take place before the `$data` is sliced and prepared for the database update statement.
Props dshanske for initial patch.
Fixes#39380.
Built from https://develop.svn.wordpress.org/trunk@39640
git-svn-id: http://core.svn.wordpress.org/trunk@39580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `term_exists()` check is not needed because of existing dupe
checks in `wp_insert_term()`. Furthermore, `term_exists()` conflates
term names and sanitized slugs, so incorrectly marks terms like
'C' and 'C+' as duplicates of one another.
Props garyc40, SergeyBiryukov, kovshenin, MikeHansenMe.
Fixes#16567.
Built from https://develop.svn.wordpress.org/trunk@39637
git-svn-id: http://core.svn.wordpress.org/trunk@39577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses a major bug. Incorrectly setting the `$content_width` causes media embeds to end up with the wrong aspect ratio, among other issues. This fix uses `template_redirect`, to ensure conditional theme tags can be used. It also defines a default value at `after_theme_setup` so that plugins have something to work with at `init`.
Props sstoqnov, laurelfulford, obenland.
Fixes#39272.
Built from https://develop.svn.wordpress.org/trunk@39635
git-svn-id: http://core.svn.wordpress.org/trunk@39575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When plugins don't disable the `backupGlobals` PHPUnit option in their own tests, `$wpdb` is backed up and restored between classes of tests. The serialisation process used for this broke the database connection. This previously wasn't a problem, as it was reconnecting before each test.
[38398] introduced some changes that required the connection to be available in `setUpBeforeClass()`, earlier than in was previously reconnecting. This didn't cause warnings in Core, but it did cause warnings for plugins that don't disable the `backupGlobals` option.
The database connection now reconnects in `setUpBeforeClass()`. This change also fixes a few Core tests that weren't calling `parent::setUpBeforeClass()` or `parent::tearDown()` correctly.
Fixes#39327.
Built from https://develop.svn.wordpress.org/trunk@39626
git-svn-id: http://core.svn.wordpress.org/trunk@39566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Also fix logic for `focus-control-for-setting` handler to focus on the first control (lowest `priority` value) associated with a given setting instead of the last control encountered when iterating over all controls, as this ensures the first control in a `nav_menu` section is focused rather than the last one.
Props westonruter, sirbrillig.
See #27403.
Fixes#39101.
Built from https://develop.svn.wordpress.org/trunk@39622
git-svn-id: http://core.svn.wordpress.org/trunk@39562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter. This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.
Props shazahm1hotmailcom, JPry, jnylen0.
Fixes#39300.
Built from https://develop.svn.wordpress.org/trunk@39621
git-svn-id: http://core.svn.wordpress.org/trunk@39561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
Built from https://develop.svn.wordpress.org/trunk@39620
git-svn-id: http://core.svn.wordpress.org/trunk@39560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Correct setup for the `model` attribute of `wp.api.collections` objects. Set the collection model as a function that returns a new model of the underlying type, instead of setting it as the model prototype. Fixes an issue where models for fetched collections weren't set up properly and didn't have the expected mixin methods such as `getCategories` available.
Props jesseenterprises.
Fixes#39070.
Built from https://develop.svn.wordpress.org/trunk@39603
git-svn-id: http://core.svn.wordpress.org/trunk@39543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
Built from https://develop.svn.wordpress.org/trunk@39598
git-svn-id: http://core.svn.wordpress.org/trunk@39538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It's fairly common for clients to send `Content-Type: application/json` with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.
Props JPry.
Fixes#39150.
Built from https://develop.svn.wordpress.org/trunk@39594
git-svn-id: http://core.svn.wordpress.org/trunk@39534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_category_link()` is a wrapper for `get_term_link()`. Using the
unwrapped function makes more sense semantically (it's taxonomy-
agnostic) and it's also more parsimonious (the `WP_Error` check in
`get_category_link()` is redundant with similar checks just before
in `get_term_link()`).
Props keesiemeijer.
Fixes#17069.
Built from https://develop.svn.wordpress.org/trunk@39593
git-svn-id: http://core.svn.wordpress.org/trunk@39533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.
Fixes#39063. See #37616.
Built from https://develop.svn.wordpress.org/trunk@39588
git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.
This change compares the old and new values as serialized data to remove the resource ID from the comparison.
Props salcode, bradyvercher, peterwilsoncc.
Fixes#38903.
Built from https://develop.svn.wordpress.org/trunk@39564
git-svn-id: http://core.svn.wordpress.org/trunk@39504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
Built from https://develop.svn.wordpress.org/trunk@39563
git-svn-id: http://core.svn.wordpress.org/trunk@39503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The super admin on multisite as well as the administrator on non-multisite both have this capability already. For custom post types using different capabilities this change ensures that only users with that capability have permissions.
Fixes#39059. See #37616.
Built from https://develop.svn.wordpress.org/trunk@39539
git-svn-id: http://core.svn.wordpress.org/trunk@39479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When sections of the media modal are hidden out of view, their controls may be
still focusable and actionable. This completely hides these sections to avoid
unnecessary tab stops and potential confusion for assistive technology users.
Props SergeyBiryukov, afercia.
Fixes#30599.
Built from https://develop.svn.wordpress.org/trunk@39529
git-svn-id: http://core.svn.wordpress.org/trunk@39469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds `srcset` and `sizes` to the about page images, including
art direction, via `<picture>` for the lead Twenty Seventeen image.
This also replaces URLs for all images and feature videos to their
CDN locations on s.w.org.
Props helen, pento, joemcgill.
Fixes#38616.
Built from https://develop.svn.wordpress.org/trunk@39514
git-svn-id: http://core.svn.wordpress.org/trunk@39454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.
Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes#39078.
Built from https://develop.svn.wordpress.org/trunk@39506
git-svn-id: http://core.svn.wordpress.org/trunk@39446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bump version numbers and update readme files for themes with changes. Also updates description for Twenty Seventeen and removes version number for HTML5 shiv for easier updates in the future.
Props davidakennedy.
Fixes#38858.
Built from https://develop.svn.wordpress.org/trunk@39496
git-svn-id: http://core.svn.wordpress.org/trunk@39436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the theme's CSS feature query for `object-fit` overrode styles it shouldn't have on interior pages.
This moves the feature query farther down in the stylesheet so it takes precedence in the cascade in supported browsers, and applies the appropriate selector for the interior pages. In browsers that don't support feature queries or `object-fit`, the fallback styles are still applied. The problem was that the rules had the same specificity, so this way, the cascade takes over properly. The transforms and position changes for fallbacks are still needed in browsers that don't support `object-fit` and feature queries.
Props peterwilsoncc, davidakennedy.
Fixes#39073.
Built from https://develop.svn.wordpress.org/trunk@39495
git-svn-id: http://core.svn.wordpress.org/trunk@39435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.
Props joehoyle, jnylen0.
Fixes#39010.
Built from https://develop.svn.wordpress.org/trunk@39487
git-svn-id: http://core.svn.wordpress.org/trunk@39427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The theme uses a hack to help the video header and header image fill the available space. This centers around `max-width: 1000%;`. It causes visual issues (zooming of the header video or image) for all users though.
This fixes that with CSS Features Queries. The hack remains for browsers that don't support Feature Queries and `object-fit`. Browsers that do support both get a better experience with a more reliable styling of the video and image header container.
Props laurelfulford, peterwilsoncc.
Fixes#39035.
Built from https://develop.svn.wordpress.org/trunk@39483
git-svn-id: http://core.svn.wordpress.org/trunk@39423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.
Props peterwilsoncc.
Fixes#39005.
Built from https://develop.svn.wordpress.org/trunk@39468
git-svn-id: http://core.svn.wordpress.org/trunk@39408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971.
Built from https://develop.svn.wordpress.org/trunk@39444
git-svn-id: http://core.svn.wordpress.org/trunk@39384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents.
Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.
Fixes#38971.
Built from https://develop.svn.wordpress.org/trunk@39440
git-svn-id: http://core.svn.wordpress.org/trunk@39380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.
Props jnylen0, rachelbaker.
Fixes#38962.
Built from https://develop.svn.wordpress.org/trunk@39438
git-svn-id: http://core.svn.wordpress.org/trunk@39378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.
This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.
Props jeremyfelt.
Fixes#39000.
Built from https://develop.svn.wordpress.org/trunk@39426
git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This simplifies the line `$( siteNavigation.closest( '.main-navigation' ), this ).toggleClass( 'toggled-on' );` to `$( siteNavContain ).toggleClass( 'toggled-on' );`, since `this` is the clicked button, so the extra context isn't needed.
Props afercia, laurelfulford.
Fixes#38992.
Built from https://develop.svn.wordpress.org/trunk@39419
git-svn-id: http://core.svn.wordpress.org/trunk@39359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that a standard header is shown on the front page whenever
a header video is set without a header image if the video doesn't load,
e.g., on mobile sizes or if the JS doesn't fire.
This adds a new class, `.has-header-video` that is added whenever the
`wp-custom-header-video-loaded` event is fired, which is then used to style
the custom headers along with `.has-header-image` whenever a header image
is available. This also changes the class name on the custom header media
wrapping `div` from `.custom-header-image` to `.custom-header-media`.
Props laurelfulford, joemcgill.
Fixes#38995.
Built from https://develop.svn.wordpress.org/trunk@39413
git-svn-id: http://core.svn.wordpress.org/trunk@39353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.
See #38114.
Fixes#38928.
Built from https://develop.svn.wordpress.org/trunk@39411
git-svn-id: http://core.svn.wordpress.org/trunk@39351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Also moves checks from `customize_save` Ajax handler to the underlying `WP_Customize_Manager::save_changeset_post()` call which plugins may invoke directly.
* Ensures that `customize_save_response` filter is always passed an array, with error code available as `code`.
Props utkarshpatel, westonruter, sayedwp.
See #30937.
Fixes#38943.
Built from https://develop.svn.wordpress.org/trunk@39409
git-svn-id: http://core.svn.wordpress.org/trunk@39349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.
Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.
Fixes#38958.
Built from https://develop.svn.wordpress.org/trunk@39402
git-svn-id: http://core.svn.wordpress.org/trunk@39342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing.
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.
Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes#38984.
Built from https://develop.svn.wordpress.org/trunk@39400
git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a regression in the media library after [38949], which caused
small images (< thumbnail size) to not display within the media library.
Accounts for images that have no intermediate sizes
in `wp_prepare_attachment_for_js()`.
Adds test.
Fixes#38965.
Props joemcgill, clorith, mikeschroder.
Built from https://develop.svn.wordpress.org/trunk@39396
git-svn-id: http://core.svn.wordpress.org/trunk@39336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Show default labels for nav menu item as placeholders in a control's label field instead of showing blank.
* Store empty string as label instead of copying default labels.
* Prevent labels for post type archive items from being dropped in preview.
* Also ensure that the item type label is displayed on nav menu item controls for settings that are loaded from an existing changeset.
Amends [38618].
See #38015.
Fixes#38955.
Built from https://develop.svn.wordpress.org/trunk@39393
git-svn-id: http://core.svn.wordpress.org/trunk@39333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The API should allow updates that don't actually change anything. This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors. This currently works for posts, terms, and
users, so this commit adds test cases accordingly.
See #38700 for issues preventing this from working for comments.
Fixes#38975.
Built from https://develop.svn.wordpress.org/trunk@39371
git-svn-id: http://core.svn.wordpress.org/trunk@39311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes typo in args passed to `get_term_link()` which caused a fatal error due to this call returning a `WP_Error` which was set to `url`. Also fixes never-satisfiable condition for obtaining post type archive URL. Also ensures that `WP_Error` never leaks through as `url` by setting it to an empty string. Adds missing unit tests.
Amends [38991].
See #38114.
Fixes#38945.
Built from https://develop.svn.wordpress.org/trunk@39365
git-svn-id: http://core.svn.wordpress.org/trunk@39305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Moves logic from `WP_Customize_Custom_CSS_Setting::update()` into a re-usable `wp_update_custom_css_post()` function, useful for future REST API endpoint, WP-CLI command, or plugin migrations.
* Renames `customize_update_custom_css_post_content_args` filter to `update_custom_css_data` and improves the naming of the parameters. Instead of passing `post_content` and `post_content_filtered` the filtered array now contains `css` and `preprocessed` respectively.
* The second context param for the `update_custom_css_data` filter is now an array of the original args passed to `wp_update_custom_css_post()` and there is now no more `$setting` arg since it isn't necessarily being called in the customizer context.
Props westonruter, georgestephanis.
See #35395.
Fixes#38672.
Built from https://develop.svn.wordpress.org/trunk@39350
git-svn-id: http://core.svn.wordpress.org/trunk@39290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
Built from https://develop.svn.wordpress.org/trunk@39349
git-svn-id: http://core.svn.wordpress.org/trunk@39289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call.
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs
Props rachelbaker, joehoyle
Fixes#38905.
Built from https://develop.svn.wordpress.org/trunk@39348
git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.
As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.
props westonruter, helen, flixos90.
fixes#38615.
Built from https://develop.svn.wordpress.org/trunk@39346
git-svn-id: http://core.svn.wordpress.org/trunk@39286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This bug occurred in any language where text wraps character-by-character, since those languages don't delimit words with spaces. In Japanese, Chinese and Korean, etc., it was possible for the label to be displayed vertically.
Props tg29359, afercia, odysseygate.
Fixes#38876.
Built from https://develop.svn.wordpress.org/trunk@39341
git-svn-id: http://core.svn.wordpress.org/trunk@39281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes a few adjustments to CSS to bring them inline with WordPress
CSS coding standards including:
* Font weights should be defined using numeric values
* Do not pad parentheses with spaces
This also fixes a couple of typos to inline comments.
Props netweb for initial patch.
Fixes#38901.
Built from https://develop.svn.wordpress.org/trunk@39340
git-svn-id: http://core.svn.wordpress.org/trunk@39280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a custom header image was set but custom CSS was not, `wp_get_custom_css_post()` was generating an UPDATE query on every frontend request.
In theme options the header image meta data is stored as an object. In `update_option()` this hits an edge case as the resource IDs of the old and new values never match.
This changes the logic of `wp_get_custom_css_post()` to ensure `set_theme_mod()` is only called when the custom CSS has changed.
Props bradyvercher, helen.
Fixes#38866.
Built from https://develop.svn.wordpress.org/trunk@39338
git-svn-id: http://core.svn.wordpress.org/trunk@39278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Invalid nav menu items are exported as settings in the customize controls since it `is_admin()`, but any such `nav_menu_item` settings are excluded from the preview since it's the frontend. Selective refresh for nav menus needs to ignore the syncing of any such `nav_menu_item` settings that are `_invalid` since they are never rendered, and when a nav menu only contains invalid items, an infinite fallback refresh can ensue.
Fixes#38890.
Built from https://develop.svn.wordpress.org/trunk@39333
git-svn-id: http://core.svn.wordpress.org/trunk@39273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, if no translation files exist for a text domain, `_load_textdomain_just_in_time()` went through the entire process each time it was called. This results in an increased call to `get_locale()` and its `locale` filter.
This change splits the logic into `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()`. The former, which is used by `_load_textdomain_just_in_time()`, caches the result of the latter. It also removes some non-working code from `WP_Locale_Switcher::load_translations()`.
Props jrf, swissspidy, sharkomatic, ocean90.
Fixes#37997.
Built from https://develop.svn.wordpress.org/trunk@39330
git-svn-id: http://core.svn.wordpress.org/trunk@39270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.
Props helen, rachelbaker, joehoyle.
Fixes#38855.
Built from https://develop.svn.wordpress.org/trunk@39327
git-svn-id: http://core.svn.wordpress.org/trunk@39267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes support for the skin tone modifier on emoji involving two or more people. This functionality is opposed by Apple and Google, so there is unlikely to be an input mechanism for such emoji, they oppose it on the grounds that they "...do not think a mechanism should be supported that only permits depiction of multi-person groups (or elements) in which each person has the same skin tone."
See their official notification for further details: http://www.unicode.org/L2/L2016/16332-remove-multi-emb.pdf
This change does not require a CDN update, as no emoji were altered or added, only removed.
See #38113.
Built from https://develop.svn.wordpress.org/trunk@39319
git-svn-id: http://core.svn.wordpress.org/trunk@39259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [39187], WordPress started loading only the first page of a PDF.
This is appropriate for performance, but made it impossible to
write plugins that read other pages without overriding `load()`.
Introduces `WP_Image_Editor_Imagick->pdf_setup()`, to allow an override
to change WordPress' rendering DPI defaults or which pages are loaded.
Fixes#38832. See #38522, #31050.
Props markoheijnen, joemcgill, mikeschroder.
Built from https://develop.svn.wordpress.org/trunk@39303
git-svn-id: http://core.svn.wordpress.org/trunk@39243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.
Props dd32, rachelbaker, joehoyle.
Fixes#38819.
Built from https://develop.svn.wordpress.org/trunk@39302
git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
iOS disables this feature under the hood, but it also distorts the images – unlike other mobile devices that don't support it. So this adds a check for both `background-attachment: fixed` support or whether it’s an iOS device - passing it adds the class `background-fixed` which is used to add the proper styles.
It also lowers the media query so the parallax-like style is present on a wider range of screens since this bug can be better targeted and avoided. In this way, screens that aren't the offending devices aren't punished merely based on screen size.
Props joemcgill, laurelfulford, helen.
Fixes#38395.
Built from https://develop.svn.wordpress.org/trunk@39297
git-svn-id: http://core.svn.wordpress.org/trunk@39237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.
Props dd32, danielbachhuber.
Fixes#38821.
Built from https://develop.svn.wordpress.org/trunk@39292
git-svn-id: http://core.svn.wordpress.org/trunk@39232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `sizes` attribute was calculated incorrectly, resulting in the browser downloading the wrong resource. This filters the attribute to correct that.
Before the filter, the `img` contained:
`sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px"`
And after:
`sizes="100vw"`
Props joemcgill, transl8or.
Fixes#38847.
Built from https://develop.svn.wordpress.org/trunk@39291
git-svn-id: http://core.svn.wordpress.org/trunk@39231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.
Props dd32, boonebgorges, rachelbaker.
Fixes#38820.
Built from https://develop.svn.wordpress.org/trunk@39290
git-svn-id: http://core.svn.wordpress.org/trunk@39230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Set focus before rendering to prevent reload in Firefox.
* Rerender views if they are unloaded.
* Remove timeout added in [29513].
* Fix argument in wp.mce.views.render.
* Empty views on hide. Missed in #36434.
Props gitlost, azaozz, iseulde.
Fixes#38511.
Built from https://develop.svn.wordpress.org/trunk@39282
git-svn-id: http://core.svn.wordpress.org/trunk@39222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `SHOW TABLES LIKE` query can be used to search for tables that match a pattern, `wp\_123\_%`, for example. While this isn't the name of an actual table, the `wp_123_` prefix can be used by database drop-ins to direct the query correctly. This change removes the escaping and `%` modifier, to provide this usable prefix.
Props andy, pento.
Fixes#38751.
Built from https://develop.svn.wordpress.org/trunk@39275
git-svn-id: http://core.svn.wordpress.org/trunk@39215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [39272], this uses the `header_video_settings` filter to modify
the default video header control markup and adds theme specific styles
for the play/pause button.
Props melchoyce, laurelfulford, joemcgill, davidakennedy, bradyvercher.
Fixes#38697.
Built from https://develop.svn.wordpress.org/trunk@39273
git-svn-id: http://core.svn.wordpress.org/trunk@39213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds play/pause controls to video headers, along with voice
assistance, using `wp.a11y.speak`, to make custom video headers more
accessible. To make styling the play/pause button easier for themes,
CSS has been omitted from the default implementation.
This also includes a refactor of the `wp.customHeader` code to introduce
a `BaseHandler` class, which can be extended by plugins and themes to modify
or enhance the default video handlers.
Props davidakennedy, afercia, bradyvercher, joemcgill, adamsilverstein, rianrietveld.
Fixes#38678.
Built from https://develop.svn.wordpress.org/trunk@39272
git-svn-id: http://core.svn.wordpress.org/trunk@39212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some widgets that require more configuration are not included, such as RSS and Custom Menu. Tag Cloud is also not included because fresh sites do not have any tags to display.
Also adds a search widget to a Twenty Seventeen footer widget area.
see #38615.
Built from https://develop.svn.wordpress.org/trunk@39261
git-svn-id: http://core.svn.wordpress.org/trunk@39201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With [38951] the support for custom page templates has been extended to all post
types. By making the visible meta box titles real labels, accessibility improves
for all users and form fields have meaningful labels.
Fixes#38790.
Built from https://develop.svn.wordpress.org/trunk@39247
git-svn-id: http://core.svn.wordpress.org/trunk@39187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new filter, `fallback_intermediate_image_sizes`, which
can be used to modify the array of image sizes created for previewing
PDFs in the media library and checks for the existence of sizes before
processing any image representations of a PDF.
Fixes#38594.
Built from https://develop.svn.wordpress.org/trunk@39246
git-svn-id: http://core.svn.wordpress.org/trunk@39186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Ensure that starter content can apply from theme B after previewing starter content in theme A.
* Introduce new `starter_content` flag in changeset setting params which is used to capture whether a value is starter content and thus can be overridden.
* Create changeset up-front with `starter_content` flags instead of waiting for `AUTOSAVE_INTERVAL`.
* Eliminate instantiation of settings for widget instances in favor of directly calling `sanitize_widget_js_instance`. This eliminates issues with looking for widgets before they are registered.
* Ensure that non-placeholders (inline arrays instead of string references) can be supplied in starter content.
* Re-use auto-draft posts as starter content across theme switches.
* Introduce `starter_content` param for `WP_Customize_Manager::save_changeset_post()` which is `false` except when starter content is being loaded on a `fresh_site`.
See #38114.
Fixes#38541.
Built from https://develop.svn.wordpress.org/trunk@39241
git-svn-id: http://core.svn.wordpress.org/trunk@39181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a callback for determining when video headers should be displayed in themes supporting custom headers. By default, video headers are only displayed on the front page of a site.
Theme authors may set a custom callback by passing `'video-active-callback' => 'mytheme_video_active_callback'` as an argument. The default callback is `is_front_page()`.
This introduces the new function `is_header_video_active()` - returns `true` on pages that should display video headers. The return value can be filtered using the new filter of the same name.
Props flixos90, bradyvercher, peterwilsoncc, joemcgill.
Fixes#38738.
Built from https://develop.svn.wordpress.org/trunk@39240
git-svn-id: http://core.svn.wordpress.org/trunk@39180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents post type templates ignoring post types due to invalid characters. Each entry in the `Template Post Type` comment is run through `sanitize_key()` to match the sanitisation used by `register_post_type()`.
Fixes#38766.
Built from https://develop.svn.wordpress.org/trunk@39236
git-svn-id: http://core.svn.wordpress.org/trunk@39176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, a language file may not exist in exactly the format or location that `get_available_languages()` expects it to be in - for sites with this level of customisation, they need to be able to add their own language files to the list of those available.
Props yoavf.
Fixes#38788.
Built from https://develop.svn.wordpress.org/trunk@39235
git-svn-id: http://core.svn.wordpress.org/trunk@39175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_available_languages()` is only designed to work with translations for core. Using it for plugins/themes means unnecessary `strpos()` checks and incomplete results for plugins/themes whose names are beginning with `admin-` or `ms-`.
Props swissspidy, ocean90.
Fixes#38590.
Built from https://develop.svn.wordpress.org/trunk@39230
git-svn-id: http://core.svn.wordpress.org/trunk@39170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use `postMessage` transport for header image settings by default when video headers are supported, and thus `the_custom_header_markup()` will necessarily be used (and thus a selective refresh partial will be available).
* Ensure that `the_custom_header_markup()` always outputs a container element in the customizer preview even if the header is empty.
* Ensure that edit shortcut appearing for custom header does not get positioned off-screen.
Props bradyvercher, westonruter.
See #38639.
Fixes#38737.
Built from https://develop.svn.wordpress.org/trunk@39227
git-svn-id: http://core.svn.wordpress.org/trunk@39167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a page is scrolled, the top nav menu become fixed. Depending on the page content this caused issue where focused links or buttons may be hidden behind the nav menu.
Props afercia, davidakennedy, Fencer04
Fixes#38476
Built from https://develop.svn.wordpress.org/trunk@39225
git-svn-id: http://core.svn.wordpress.org/trunk@39165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For developers wanting to add their own registered collection parameters, they can now use the `rest_$type_collection_params` filter. This brings consistency with the already existing `rest_$post_type_collection_params`.
Fixes#38710.
Props jnylen0.
Built from https://develop.svn.wordpress.org/trunk@39223
git-svn-id: http://core.svn.wordpress.org/trunk@39163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.
Fixes#38531.
Props rachelbaker, tharsheblows.
Built from https://develop.svn.wordpress.org/trunk@39222
git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Toggles `has-header-image` body class in Customizer preview whenever images or videos are added or removed.
* Hides the `.custom-header-image`div in CSS when an image or video haven't been set so preview changes are smoother.
* Also fixes the main issues in #38391 – making the preview match.
Props bradyvercher.
Fixes#38627.
See #38391.
Built from https://develop.svn.wordpress.org/trunk@39220
git-svn-id: http://core.svn.wordpress.org/trunk@39160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
IE9 doesn't understands `vh ` (vertical height) when inside of an `iframe`. Normally IE9 will understand `vh` as the vertical height relative to the viewport, but in an `iframe`, IE9 thinks the vertical height is relative to the size of the whole page. So this fixes that when the site is viewed in the Customizer preview – an `iframe`.
Props laurelfulford.
Fixes#38722.
Built from https://develop.svn.wordpress.org/trunk@39215
git-svn-id: http://core.svn.wordpress.org/trunk@39155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds translation context for "Hide Controls" strings so translators can supply shorter strings where space is constrained. Adds styles to fade-out long the "Hide Controls" label where it would run into the device preview buttons.
Props westonruter, ocean90.
Fixes#38762.
Built from https://develop.svn.wordpress.org/trunk@39214
git-svn-id: http://core.svn.wordpress.org/trunk@39154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This helps affirm that your upload is fine, and has not been reduced down to the first page or changed into an image. This applies to the attachment details modal in the media library, where media is also now centered in the preview area.
props folletto, helen.
fixes#38717.
Built from https://develop.svn.wordpress.org/trunk@39213
git-svn-id: http://core.svn.wordpress.org/trunk@39153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the `clear_update_cache` parameter not being respected, update caches were being cleared incorrectly which prevented multiple plugins to be updated at the same time in background updates - failing with a `fs_unavailable` error message.
Fixes#38024
Built from https://develop.svn.wordpress.org/trunk@39211
git-svn-id: http://core.svn.wordpress.org/trunk@39151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add `customize_value_custom_css` filter to `WP_Customize_Custom_CSS::value()` method.
* Introduce `customize_update_custom_css_post_content_args` filter in `WP_Customize_Custom_CSS::update()` method.
* Make clear that `wp_get_custom_css()` and `wp_get_custom_css` filter are specifically for obtaining the value to render/display. Eliminate use of `wp_get_custom_css()` when getting the setting value. Use the underlying `post_value` directly when `is_previewed`.
* Move anonymous functions handing JS previewing for `custom_logo`, `custom_css`, and `background` into named functions on the `wp.customize.settingPreviewHandlers` to allow plugins to override/extend preview logic.
* Update `_custom_background_cb` to always print a `style` tag wen in the customizer preview, and update background preview logic to replace existing style element instead of appending a new style to the head so that background changes don't unexpectedly override any Custom CSS in the preview's stylesheet cascade.
Props westonruter, georgestephanis.
See #22058.
Fixes#38672.
Built from https://develop.svn.wordpress.org/trunk@39209
git-svn-id: http://core.svn.wordpress.org/trunk@39149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Header Visuals" is a bit vague since the title/tagline are arguably
also “header visuals”. "Header Media" is more descriptive and is
consistent with how we refer to images/videos throughout core.
Props bradyvercher.
Fixes#38756.
Built from https://develop.svn.wordpress.org/trunk@39205
git-svn-id: http://core.svn.wordpress.org/trunk@39145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes the `.customize-partial-edit-shortcut-left-margin` class which was not effective on some themes, created a worse experience for other themes, and which did not recalculate when the preview was reflowed or resized. Now some small-width media queries are added to handle common cases while more dramatic issues can be handled by the theme. Also renames `Partial.positionEditShortcut()`to `Partial.addEditShortcutToPlacement()` which is a more accurate description of its function.
Props sirbrillig, sstoqnov.
See #38651, #27403.
Built from https://develop.svn.wordpress.org/trunk@39202
git-svn-id: http://core.svn.wordpress.org/trunk@39142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
Built from https://develop.svn.wordpress.org/trunk@39181
git-svn-id: http://core.svn.wordpress.org/trunk@39121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
Built from https://develop.svn.wordpress.org/trunk@39179
git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd