Since 4.4, when fetching the first page of comments and the 'newest' comments
are set to display first, `comments_template()` must perform arithmetic to
determine which comments to show. See #8071. This arithmetic requires the
total comment count for the current post, which is calculated with a separate
`WP_Comment_Query`. This secondary comment query did not properly account for
non-approved comment statuses; all unapproved comments should be part of the
comment count for admins, and individual users should have their own
unapproved comments included in the count. As a result, `comments_template()`
was, in some cases, being fooled into thinking that a post had fewer comments
available for pagination than it actually had, which resulted in empty pages
of comments.
We correct this problem by mirroring 'status' and 'include_unapproved' params
of the main comment query within the secondary query used to calculate pagination.
Merges [36040] to the 4.4 branch.
Fixes#35068.
Built from https://develop.svn.wordpress.org/branches/4.4@36041
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.
Merge of [36036] to the 4.4 branch.
Fixes#35008.
Built from https://develop.svn.wordpress.org/branches/4.4@36037
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34696] introduced a regression whereby comma-separated values for 'exclude'
and 'exclude_tree' would be handled improperly when merging the two parameters,
resulting in category IDs being incorrectly dropped from the combined array.
Merges [36005] to the 4.4 branch.
Props gblsm, hnle.
Fixes#35156.
Built from https://develop.svn.wordpress.org/branches/4.4@36006
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The introduction of 'meta_query' to `get_terms()` in 4.4 made it possible for
`get_terms()` to erroneously return duplicate results. To address the issue,
we add the `DISTINCT` keyword to the SQL query when a 'meta_query' parameter
has been provided.
Merges [36003] to the 4.4 branch.
Props @jadpm.
Fixes#35137.
Built from https://develop.svn.wordpress.org/branches/4.4@36004
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WP 4.4 changed the way comment pagination is calculated. See #8071. In the
context of `get_comment_link()`, these changes introduced a regression that
causes `cpage` (or its pretty-permalink correlate `comment-page-x`) to appear
in comment links when comment pagination is disabled. The current changeset
fixes the regression.
Merges [35933] to the 4.4 branch.
Fixes#34946.
Built from https://develop.svn.wordpress.org/branches/4.4@35934
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`array_merge()` is much slower than building the combined array using a
`foreach` loop. The performance difference was causing a speed regression with
the `get_children()` functionality introduced in 4.4.
Merges [35931] to the 4.4 branch.
Props rogerhub.
Fixes#35025.
Built from https://develop.svn.wordpress.org/branches/4.4@35932
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most browsers no longer trust 1024bit certificates, or certificates signed by them, instead verifying them by a trusted intermediate or a cross-sign from another trusted certificate.
Unfortunately, as it turns out, OpenSSL prior to 1.0.1g cannot correctly handle certificates chains such as this, even if one of the intermediates is trusted.
The solution is that we need to continue to trust the 1024bit legacy root certificates forthe foreseeable future
This adds the following certificates back into our trust store:
{{{
GTE CyberTrust Global Root
Thawte Server CA
Thawte Premium Server CA
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
ValiCert Class 1 VA
ValiCert Class 2 VA
RSA Root Certificate 1
Entrust.net Secure Server CA
Equifax Secure Global eBusiness CA
Equifax Secure eBusiness CA 1
America Online Root Certification Authority 1
America Online Root Certification Authority 2
NetLock Business (Class B) Root
NetLock Express (Class C) Root
Verisign Class 3 Public Primary Certification Authority
}}}
Props rmccue.
Merges [35919] to the 4.4 branch.
Fixes#34935.
Built from https://develop.svn.wordpress.org/branches/4.4@35921
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_object_terms()` can return a `WP_Error` object. As such, the
`get_the_terms()` cache wrapper should handle them properly. To wit:
* Don't try to map an error object to `get_term()`. Introduced in [35032].
* Don't cache an error object as taxonomy relationships. Introduced in at least [16487], maybe earlier.
Ports [35850] to the 4.4 branch.
Props stephenharris.
Fixes#34723.
Built from https://develop.svn.wordpress.org/branches/4.4@35851
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes.
To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the
meta from the attachment ID in the class.
Merge of [35820] to the 4.4 branch.
Props azaozz, kovshenin, joemcgill, mikeschroder.
See #34898.
Built from https://develop.svn.wordpress.org/branches/4.4@35821
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.
Second Permanent Committer sign off was by WonderBoyMusic
See #15520Fixes#34791
Props afercia, azaozz
Built from https://develop.svn.wordpress.org/trunk@35771
git-svn-id: http://core.svn.wordpress.org/trunk@35735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
Built from https://develop.svn.wordpress.org/trunk@35761
git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd