Commit Graph

284 Commits

Author SHA1 Message Date
whyisjake
abc5355d75 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.6 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.6@49400


git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:00:24 +00:00
Pascal Birchler
687f87a4e6 Adjust post meta checks
Merges [40692] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40694


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:49:34 +00:00
Pascal Birchler
5c4b703f38 Whitelist post arguments in XML-RPC
Merges [40677] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@40679


git-svn-id: http://core.svn.wordpress.org/branches/4.6@40542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:19:35 +00:00
Sergey Biryukov
7d421dbe42 Text Changes: Add a full stop to "Invalid taxonomy" and "Invalid term ID" strings, for consistency with similar post-related messages.
See #18218, #32329.
Built from https://develop.svn.wordpress.org/trunk@38077


git-svn-id: http://core.svn.wordpress.org/trunk@38018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-17 16:15:34 +00:00
Sergey Biryukov
866bd39813 I18N: Combine two duplicate "Invalid post type" strings.
Props @ramiy.
See #18218.
Built from https://develop.svn.wordpress.org/trunk@38076


git-svn-id: http://core.svn.wordpress.org/trunk@38017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-17 16:05:31 +00:00
Drew Jaynes
60de6917fb Docs: Add and clarify changelog entries for elements that can now accept, use, or return WP_Post_Type objects.
Also adds a missing initial `@since` version for `wp_xmlrpc_server::_prepare_post_type()`.

See [37890]. See #36217.

Built from https://develop.svn.wordpress.org/trunk@38051


git-svn-id: http://core.svn.wordpress.org/trunk@37992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 15:24:28 +00:00
Dominik Schilling
97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Dominik Schilling
1630c97795 Text Changes: Unify a few more permission error messages which were missed in [37914].
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37999


git-svn-id: http://core.svn.wordpress.org/trunk@37940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 11:33:33 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Dominik Schilling
60dc856d64 Posts: Introduce WP_Post_Type and use it in register_post_type() and unregister_post_type().
This changes the global `$wp_post_types` to an array of `WP_Post_Type` objects. `WP_Post_Type` includes methods to handle post type supports, rewrite rules, meta boxes, hooks, and taxonomies.
Each post type argument becomes a property of `WP_Post_Type`.

Props swissspidy, flixos90.
Fixes #36217.
Built from https://develop.svn.wordpress.org/trunk@37890


git-svn-id: http://core.svn.wordpress.org/trunk@37831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-28 16:41:35 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Drew Jaynes
fb6d8bae49 Docs: Apply inline @see tags to hooks referenced in DocBlocks for core classes.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37539


git-svn-id: http://core.svn.wordpress.org/trunk@37507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 18:54:27 +00:00
Drew Jaynes
602b51a209 Docs: Standardize filter docs in core classes in wp-includes/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37492


git-svn-id: http://core.svn.wordpress.org/trunk@37460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:15:28 +00:00
Drew Jaynes
f52a8cb1fa Docs: Remove/replace invalid inline @link tags in DocBlocks in wp-includes/*.
Fixes #36910.

Built from https://develop.svn.wordpress.org/trunk@37487


git-svn-id: http://core.svn.wordpress.org/trunk@37455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 17:39:28 +00:00
Drew Jaynes
b1804afeaf Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs.
Also use 'back-compat' in some inline comments where backward compatibility is the subject and shorthand feels more natural.

Note: 'backwards compatibility/compatibile' can also be considered correct, though it's primary seen in regular use in British English.

Props ocean90.
Fixes #36835.

Built from https://develop.svn.wordpress.org/trunk@37431


git-svn-id: http://core.svn.wordpress.org/trunk@37397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 18:41:31 +00:00
Rachel Baker
470110ec3d XMLRPC: Fix bug where draft posts couldn’t be published in the future, and would publish immediately.
Resolves bug introduced in [r34572], in which editing a Post via the XMLRPC API with a draft post_status, where the post_status changes from draft->publish with a future post_date set for the publish action, will have the future post_date disregarded and the Post will be published immediately. The expected behavior is that the post_date is used to schedule the Post to be published in the future.

Fixes #35874.

Props redsweater, rachelbaker, DrewAPicture
Built from https://develop.svn.wordpress.org/trunk@37043


git-svn-id: http://core.svn.wordpress.org/trunk@37010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 15:10:28 +00:00
Drew Jaynes
a41f27a7f9 Docs: Clarify documentation for the xmlrpc_enabled filter to better explain that its scope only extends to methods requiring authentication.
When the `xmlrpc_enabled` filter was initially introduced in [21509], it was effectively intended to replace the `enable_xmlrpc' UI option, which only controlled whether authenticated XML-RPC methods were enabled, such as for publishing actions. This change clarifies the expected behavior and adds information about ways to more granularly control XML-RPC method and request behavior with related hooks.

Part props mensmaximus.
See #21509. Fixes #36055.

Built from https://develop.svn.wordpress.org/trunk@37025


git-svn-id: http://core.svn.wordpress.org/trunk@36992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 03:53:26 +00:00
Sergey Biryukov
7c66e0648a Comments: In wp_xmlrpc_server::pingback_ping():
* Rename `$linea` to `$remote_source` for clarity. 
* Add `remote_source` to comment data, so it's available to `preprocess_comment` and `comment_post` filters.
* Pass the original (unfiltered) response source to the filters too (as `remote_source_original` in comment data).

Props dshanske for the original patch.
Fixes #34141.
Built from https://develop.svn.wordpress.org/trunk@36661


git-svn-id: http://core.svn.wordpress.org/trunk@36628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 00:55:26 +00:00
Andrew Nacin
8090ae273d XML-RPC: Revert [34681] as it broke date handling.
props dossy, hnle, redsweater.
see #35053, #30429 (original ticket).

Built from https://develop.svn.wordpress.org/trunk@36163


git-svn-id: http://core.svn.wordpress.org/trunk@36129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-03 19:49:32 +00:00
Drew Jaynes
25eca6974e Docs: Add a missing summary, @since version, and parameter descriptions to the DocBlock for wp_xmlrpc_server::pingback_error().
Introduced in [23329]. Also corrects return descriptions for two deprecated methods.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35964


git-svn-id: http://core.svn.wordpress.org/trunk@35929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 17:38:27 +00:00
Drew Jaynes
7614bd71d3 Docs: Add a missing summary, @since version, and parameter descriptions to the DocBlock for wp_xmlrpc_server::add_enclosure_if_new().
Introduced in [10383].

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35963


git-svn-id: http://core.svn.wordpress.org/trunk@35928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 17:32:28 +00:00
Drew Jaynes
92dd7b7447 Docs: Add missing notations for the unused $args parameter in the blogger_getTemplate() and blogger_setTemplate() methods in wp_xmlrpc_server.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35962


git-svn-id: http://core.svn.wordpress.org/trunk@35927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 17:26:28 +00:00
Drew Jaynes
fcd35518d9 Docs: Add a missing notation for the $args parameter in the DocBlock for wp_xmlrpc_server::_multisite_getUsersBlogs().
Also adds a missing `@since` version. The method was introduced in [12852].

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35957


git-svn-id: http://core.svn.wordpress.org/trunk@35921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 05:49:26 +00:00
Drew Jaynes
489023e001 Docs: Add a missing summary and @since version to the DocBlock for wp_xmlrpc_server::serve_request().
Introduced in [11789].

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35956


git-svn-id: http://core.svn.wordpress.org/trunk@35920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 05:43:26 +00:00
Scott Taylor
d8eacd51d8 Media: add a new image size, medium_large. Bumps db version to add new options.
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Dion Hulse
a579aad05b XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call.
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.

Props dd32, johnbillion.
Fixes #34336

Built from https://develop.svn.wordpress.org/trunk@35366


git-svn-id: http://core.svn.wordpress.org/trunk@35331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:46:24 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor
8c256a3357 XML-RPC: allow wp_xmlrpc_server::wp_getPosts() to receive s as a filter.
Props chriscct7.
Fixes #25406.

Built from https://develop.svn.wordpress.org/trunk@34860


git-svn-id: http://core.svn.wordpress.org/trunk@34825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 13:41:26 +00:00
Sergey Biryukov
0aacea6535 Merge some strings with the same meaning in wp-includes/class-wp-xmlrpc-server.php.
Props pavelevap.
Fixes #33644.
Built from https://develop.svn.wordpress.org/trunk@34798


git-svn-id: http://core.svn.wordpress.org/trunk@34763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 14:09:43 +00:00
Scott Taylor
111c05ba47 XML-RPC: calculate the proper offset for GMT in wp.newPost, mw.newPost, and mw.editPost when post_date is set, wp.editComment when comment_date is set. post|comment_date is assumed to be GMT. This is only true if the timezone string for the site matches GMT.
Adds unit tests for each.

Props smerriman, justdaiv, wonderboymusic.
Fixes #30429.

Built from https://develop.svn.wordpress.org/trunk@34681


git-svn-id: http://core.svn.wordpress.org/trunk@34645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 04:05:24 +00:00
Scott Taylor
2c30a11518 After [34577], alter wp_xmlrpc_server::mw_newMediaObject() to check upload space in multisite.
See #21292.

Built from https://develop.svn.wordpress.org/trunk@34603


git-svn-id: http://core.svn.wordpress.org/trunk@34567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 19:49:25 +00:00
Scott Taylor
0405a03b5e XML-RPC: in wp_xmlrpc_server::wp_editTerm(), check ! empty when applying parent logic.
Adds unit tests.

Props hrishiv90, markoheijnen, sam2kb.
Fixes #21977.

Built from https://develop.svn.wordpress.org/trunk@34580


git-svn-id: http://core.svn.wordpress.org/trunk@34544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:31:25 +00:00
Scott Taylor
80ac048cbc XML-RPC: upgrade the resposnse ofwp_xmlrpc_server::mw_newMediaObject() based on work down in 3.4 so that it runs the struct through ->_prepare_media_item().
Props markoheijnen.
Fixes #6430.

Built from https://develop.svn.wordpress.org/trunk@34579


git-svn-id: http://core.svn.wordpress.org/trunk@34543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:15:25 +00:00
Scott Taylor
e9aa518f04 XML-RPC: move the malfunctioning 'overwrite' code from wp_xmlrpc_server::mw_newMediaObject(). This was suggested 3 years ago.
Props markoheijnen.
Fixes #17604.

Built from https://develop.svn.wordpress.org/trunk@34578


git-svn-id: http://core.svn.wordpress.org/trunk@34542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:03:24 +00:00
Scott Taylor
ffe7f0ec5a XML-RPC: In wp_xmlrpc_server::wp_getComments(), allow post_type to be passed as part of $struct.
Props nprasath002.
Fixes #20026.

Built from https://develop.svn.wordpress.org/trunk@34575


git-svn-id: http://core.svn.wordpress.org/trunk@34539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:45:25 +00:00
Scott Taylor
c8b308a647 XML-RPC: In wp_xmlrpc_server::wp_getUsersBlogs(), return the isPrimary flag for each blog.
Props SergeyBiryukov, daniloercoli.
Fixes #25958.

Built from https://develop.svn.wordpress.org/trunk@34574


git-svn-id: http://core.svn.wordpress.org/trunk@34538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:35:25 +00:00
Scott Taylor
9b253bbc7b XML-RPC: In wp_xmlrpc_server::blogger_editPost(), make use of the $publish arg (the 6th arg passed to the method) to specify publish or draft. Restores the arg, which I removed in [31092], because it was unused cruft.
Props mdawaffe.
Fixes #10764.

Built from https://develop.svn.wordpress.org/trunk@34573


git-svn-id: http://core.svn.wordpress.org/trunk@34537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:01:26 +00:00
Scott Taylor
dd1098e7c5 XML-RPC: In wp_xmlrpc_server::mw_newPost(), if $dateCreated is not set, don't set post_date and post_date_gmt. It calls wp_insert_post(), which will handle it correctly. The problem was drafts being created and GMT date being set. It shouldn't be.
Adds unit test.

Fixes #16985.

Built from https://develop.svn.wordpress.org/trunk@34572


git-svn-id: http://core.svn.wordpress.org/trunk@34536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 03:38:25 +00:00
Scott Taylor
a0ccd4eae8 XML-RPC: wp.getComments should be allowed to return approved comments to those without the 'moderate_comments' cap.
Adds (rewrites) unit tests from 4 years ago that we never committed because....

Props wonderboymusic, koke, ericmann, nprasath002.
Fixes #17981.

Built from https://develop.svn.wordpress.org/trunk@34570


git-svn-id: http://core.svn.wordpress.org/trunk@34534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 02:49:27 +00:00
Scott Taylor
5ea01de963 XML-RPC: Introduce the concept of unit testing to wp_xmlrpc_server::wp_newComment():
* Don't allow comments to be created for posts that have `comment_status` set to `'closed'`
* Set some magic props on `WP_User` to vars before passing them to `wp_xmlrpc_server::escape()`

Props wonderboymusic, jesin.
Fixes #27471.

Built from https://develop.svn.wordpress.org/trunk@34559


git-svn-id: http://core.svn.wordpress.org/trunk@34523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:20:23 +00:00
Scott Taylor
c871986819 Uploader: Fire 'wp_handle_upload' in wp_upload_bits(). Thusly, the filter in wp_xmlrpc_server::mw_newMediaObject() is redundant.
Props dllh.
Fixes #33539.

Built from https://develop.svn.wordpress.org/trunk@34257


git-svn-id: http://core.svn.wordpress.org/trunk@34221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 04:46:25 +00:00
Dominik Schilling
e932a2dc5d XMLRPC: Don't allow private posts to be sticky.
See #20662.
Built from https://develop.svn.wordpress.org/trunk@34135


git-svn-id: http://core.svn.wordpress.org/trunk@34103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:38:23 +00:00
Scott Taylor
e73ee5ac98 Introduce WP_Comment class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Sergey Biryukov
ce05b02a59 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/users.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33885


git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov
b136b074bf Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/edit.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33671. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33861


git-svn-id: http://core.svn.wordpress.org/trunk@33829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:15:20 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor
3982598305 Doc block for_wp_specialchars: $quote_style can also be string ('single' or 'double')
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33700


git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:36:24 +00:00
Drew Jaynes
02ec47fc92 Docs: Standardize @deprecated tag formatting in the DocBlock for wp_xmlrpc_server::login_pass_ok().
Props Alphawolf.
See #28806.

Built from https://develop.svn.wordpress.org/trunk@33677


git-svn-id: http://core.svn.wordpress.org/trunk@33644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 22:38:25 +00:00
Scott Taylor
45fc6a3def Deprecate post_permalink() (Introduced in 1.0, already had a deprecated argument in 1.3), which just wraps get_permalink() and was only used by XML-RPC in 4 places.
Props solarissmoke.
Fixes #16982.

Built from https://develop.svn.wordpress.org/trunk@33659


git-svn-id: http://core.svn.wordpress.org/trunk@33626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:24:26 +00:00
Scott Taylor
4a1f50f732 After [33325], supply a missing post_type in ->mw_editPost().
Add unit test.

Props ocean90.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33612


git-svn-id: http://core.svn.wordpress.org/trunk@33579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 15:28:27 +00:00