- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 4.5 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/4.5@57410
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56834], [56835], [56836], and [56838] to the 4.5 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.5@56857
git-svn-id: http://core.svn.wordpress.org/branches/4.5@56368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.5 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.5@49401
git-svn-id: http://core.svn.wordpress.org/branches/4.5@49160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.5 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.5@47973
git-svn-id: http://core.svn.wordpress.org/branches/4.5@47743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.
On the subsequent upgrade, after the `utf8mb4` upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their original size, so let's do that.
Merge of [37525] to the 4.5 branch.
Props pento.
See #36748.
Built from https://develop.svn.wordpress.org/branches/4.5@37606
git-svn-id: http://core.svn.wordpress.org/branches/4.5@37574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin details modal can be invoked from several screens. There's now a new
`.open-plugin-details-modal` CSS class to be used in combination with the
`.thickbox` CSS class that adds everything needed for accessibility.
- Adds an ARIA role `dialog` and an `aria-label` attribute to the modal
- Adds a `title` attribute to the iframe inside the modal
- Constrains tabbing within the modal
- Restores focus back in a proper place when closing the modal
Also, improves a bit the native Thickbox implementation: it should probably be
replaced with some more modern tool but at least keyboard focus should be moved
inside the modal.
Fixes#33305.
Built from https://develop.svn.wordpress.org/trunk@36964
git-svn-id: http://core.svn.wordpress.org/trunk@36932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.
See #35557
Built from https://develop.svn.wordpress.org/trunk@36930
git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminates need to click more than one checkbox to have preferences saved.
* Adds debouncing to saving user-selected menu item properties.
* Also removes discrepancies between available nav menu item properties on admin page vs Customizer.
Fixes#35273.
Props afercia, westonruter.
Built from https://develop.svn.wordpress.org/trunk@36908
git-svn-id: http://core.svn.wordpress.org/trunk@36876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The media library can contain files which aren't attached yet. When attaching a file you currently get "Media attachment reattached.", or the opposite "Media attachment detached.". That's redundant and can be inaccurate. It's also not easy to translate in some languages.
This change generalizes the strings to refer to a "media file" instead.
Props SergeyBiryukov, ocean90, netweb.
Fixes#36089.
Built from https://develop.svn.wordpress.org/trunk@36887
git-svn-id: http://core.svn.wordpress.org/trunk@36854 1a063a9b-81f0-0310-95a4-ce76da25c4cd