Commit Graph

20053 Commits

Author SHA1 Message Date
Nikolay Bachiyski
c512f8cbdd Docs: clarify inline docs for hash_equals
Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".

Props AramZS.
Fixes #32778.

Built from https://develop.svn.wordpress.org/trunk@35805


git-svn-id: http://core.svn.wordpress.org/trunk@35769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:04:51 +00:00
John Blackbourn
d35bc1b936 Use site_url() when generating WP_CONTENT_URL so it correctly adjusts for pages served over HTTPS. This mainly only affects old plugins which still use WP_CONTENT_URL instead of the newer plugins_url() function.
Fixes #13941
Props micropat

Built from https://develop.svn.wordpress.org/trunk@35804


git-svn-id: http://core.svn.wordpress.org/trunk@35768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:04:26 +00:00
Pascal Birchler
4ace55b0dc Docs: Add proper @param and @return tags for capital_P_dangit().
Props timplunkett.
Fixes #34863.
Built from https://develop.svn.wordpress.org/trunk@35803


git-svn-id: http://core.svn.wordpress.org/trunk@35767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:02:27 +00:00
Mike Schroder
8d220df08b Bundled Themes: Bump version numbers in default themes.
Props davidakennedy.
Fixes #34804.


Built from https://develop.svn.wordpress.org/trunk@35802


git-svn-id: http://core.svn.wordpress.org/trunk@35766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:01:27 +00:00
Andrea Fercia
bc7950519b Notices: improve styling consistency of links within notices.
For accessibility, links inside lines or blocks of text should be always underlined.

Props walbo.
Fixes #34606.
Built from https://develop.svn.wordpress.org/trunk@35801


git-svn-id: http://core.svn.wordpress.org/trunk@35765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:00:26 +00:00
Eric Lewis
0e8e5124c1 Posts: Don't modify post_name if it wasn't supplied to wp_insert_post().
Previously when updating a post using wp_insert_post(), post_name was 
regenerated based on post_title every time if post_name was not passed in 
explicitly. This irons out the expectation that properties not passed into the 
function should not be modified.

Props jason_the_adams. 
Fixes #34865.

Built from https://develop.svn.wordpress.org/trunk@35800


git-svn-id: http://core.svn.wordpress.org/trunk@35764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:58:25 +00:00
Pascal Birchler
f522e69a57 Docs: Fix a typo in the stylesheet_directory filter docs.
Props ixkaito.
Fixes #34859.
Built from https://develop.svn.wordpress.org/trunk@35799


git-svn-id: http://core.svn.wordpress.org/trunk@35763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:57:24 +00:00
Konstantin Kovshenin
84affbd3a9 Docs: Make "list table table tag" a bit more readable.
See: #34885, r35796.

Built from https://develop.svn.wordpress.org/trunk@35797


git-svn-id: http://core.svn.wordpress.org/trunk@35761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:54:26 +00:00
Konstantin Kovshenin
919867b090 Docs: Remove some more dittography.
See #34885, r35793.

Built from https://develop.svn.wordpress.org/trunk@35796


git-svn-id: http://core.svn.wordpress.org/trunk@35760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:50:25 +00:00
Pascal Birchler
59351cb62d Toolbar: Allow adding lang and dir attributes to toolbar items.
This is useful from a multilingual and accessibility perspective.

Props Chouby, leemon.
Fixes #33513.
Built from https://develop.svn.wordpress.org/trunk@35795


git-svn-id: http://core.svn.wordpress.org/trunk@35759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:37:25 +00:00
Jeremy Felt
714d5885d9 Te Docs: Fix te the misspelling.
Previously, [35793].

Fixes #34888.

Built from https://develop.svn.wordpress.org/trunk@35794


git-svn-id: http://core.svn.wordpress.org/trunk@35758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:32:25 +00:00
Gary Pendergast
31f51e2cbb The the Docs: Fix the the dittography
Sometimes, it's easy to to type the the same word twice, especially if if it's a simple word. We probably shouldn't do do do (do do do doo) it, though.

(I've excluded external libs from this change.)

Fixes #34885.


Built from https://develop.svn.wordpress.org/trunk@35793


git-svn-id: http://core.svn.wordpress.org/trunk@35757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:23:25 +00:00
Aaron Campbell
894526c78d Consider both home and site domains to be valid in wp_validate_redirect().
Props layotte.
Fixes #34028.

Built from https://develop.svn.wordpress.org/trunk@35792


git-svn-id: http://core.svn.wordpress.org/trunk@35756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:17:24 +00:00
Michael Arestad
5eae357697 Administration: Improve color contrast of 'Add New' buttons.
This also includes improved focus styles for 'Add New'.

fixes #34876, #34864.

Built from https://develop.svn.wordpress.org/trunk@35791


git-svn-id: http://core.svn.wordpress.org/trunk@35755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:07:25 +00:00
Boone Gorges
714be37ea5 Show user_login in Dashboard user dropdowns.
User dropdowns in wp-admin have traditionally shown the users' display names.
However, this causes ambiguity when users share display names. To correct this,
we now show the unique user_login in parentheses after the display name.

The new `display_name_with_login` value for the `show` parameter of
`wp_dropdown_users()` enables this functionality. The default value of `show`
has not been changed, for backward compatibility, but all instances of
`wp_dropdown_users()` in core wp-admin have been switched.

This changeset also reduces some duplicated logic when assembling a user list
when `include_selected` is true.

Props krogsgard, boonebgorges.
Fixes #31251.
Built from https://develop.svn.wordpress.org/trunk@35790


git-svn-id: http://core.svn.wordpress.org/trunk@35754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:57:26 +00:00
Rachel Baker
2cd2cb6e17 Multisite: Clarify purpose of hook from [35786] and match our naming convention.
`network_site_new_created_user_pending` -> `pre_network_site_new_created_user` 

See #33631

Built from https://develop.svn.wordpress.org/trunk@35789


git-svn-id: http://core.svn.wordpress.org/trunk@35753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:32:24 +00:00
Konstantin Kovshenin
e1966f061d Allow usage of angle brackets in a site title or tagline.
The whole string is escaped with `esc_html()` anyway, so we don't
need to `wp_kses_post()`. This is a better experience for users who
want to use angle brackets in their site title or description.
Does not allow any HTML, adds unit tests.

props BandonRandon, pauldewouters.
fixes #27942.

Built from https://develop.svn.wordpress.org/trunk@35788


git-svn-id: http://core.svn.wordpress.org/trunk@35752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:29:25 +00:00
Drew Jaynes
4048bfb25c Docs: Fix mid-file separator syntax in wp-includes/wp-db.php.
Props liamdempsey.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35787


git-svn-id: http://core.svn.wordpress.org/trunk@35751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:26:24 +00:00
Rachel Baker
66ea0d6e1b Multisite: Add hook before a new user is created during the creation of a new site.
New `network_site_new_created_user_pending` action fires before a new user will be created via the network site-new.php page. 

Props mackensen
Fixes #33631

Built from https://develop.svn.wordpress.org/trunk@35786


git-svn-id: http://core.svn.wordpress.org/trunk@35750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:10:26 +00:00
Konstantin Obenland
2b7183c94b Plugins: Allow long plugin names to wrap on small screens.
Props mapk, rickalee.
Fixes #32569.


Built from https://develop.svn.wordpress.org/trunk@35785


git-svn-id: http://core.svn.wordpress.org/trunk@35749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 19:58:24 +00:00
Boone Gorges
f8eec84133 Bump readme.html to 4.5.
Built from https://develop.svn.wordpress.org/trunk@35784


git-svn-id: http://core.svn.wordpress.org/trunk@35748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 18:49:26 +00:00
Weston Ruter
76fe3244eb Customizer: Re-use public api.preview instance in widgets preview instead of unnecessarily capturing in api.Preview constructor wrapper.
The preview instance is no longer private.

Props joshlevinson, westonruter.
Fixes #30890.
See #30726.

Built from https://develop.svn.wordpress.org/trunk@35783


git-svn-id: http://core.svn.wordpress.org/trunk@35747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 18:39:25 +00:00
Jeremy Felt
a9da055b5b MS: Populate public on empty $current_blog during subdomain activation.
Activation of a subdomain site is done through that new site's address. This address does not exist in the `wp_blogs` table until activation is complete.

In this case we need to make sure `public` is populated to avoid a PHP notice.

Props uglyrobot.
Fixes #24760.

Built from https://develop.svn.wordpress.org/trunk@35782


git-svn-id: http://core.svn.wordpress.org/trunk@35746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 18:24:26 +00:00
Weston Ruter
0c311ef2d6 Customizer: Return added instances for panels, sections, controls, and settings when calling WP_Customize_Manager::add_*() methods.
Add missing phpDoc.

Props fusillicode, jubstuff.
Fixes #34596.

Built from https://develop.svn.wordpress.org/trunk@35781


git-svn-id: http://core.svn.wordpress.org/trunk@35745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 18:10:25 +00:00
Mark Jaquith
446de48b4f About Page: Add the WordPress 4.4 tagline.
"Connected" because of REST API and cross-site embeds.
"Responsive" because of responsive images and under-the-hood tweaks.

See #34663.
Built from https://develop.svn.wordpress.org/trunk@35780


git-svn-id: http://core.svn.wordpress.org/trunk@35744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 17:52:25 +00:00
Andrew Nacin
45032198e3 Updates: Avoid stomping global $wp_version in wp_version_check() and related.
fixes #34868.

Built from https://develop.svn.wordpress.org/trunk@35779


git-svn-id: http://core.svn.wordpress.org/trunk@35743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 17:39:27 +00:00
Boone Gorges
82ade1db66 Bump package.json to 4.5.0.
Built from https://develop.svn.wordpress.org/trunk@35778


git-svn-id: http://core.svn.wordpress.org/trunk@35742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 17:36:25 +00:00
Dion Hulse
70e9f5b543 Upgrader: FTP: Cleanup temporary files during FTP download failures.
Props ruud@joyo
Fixes #34772

Built from https://develop.svn.wordpress.org/trunk@35777


git-svn-id: http://core.svn.wordpress.org/trunk@35741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 17:07:25 +00:00
Andrew Nacin
fc81fef986 Trunk is now 4.5-alpha.
Built from https://develop.svn.wordpress.org/trunk@35776


git-svn-id: http://core.svn.wordpress.org/trunk@35740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 16:44:25 +00:00
Andrew Nacin
0cf9d8b922 Add initial_db_version to wp_version_check().
fixes #34854.

Built from https://develop.svn.wordpress.org/trunk@35774


git-svn-id: http://core.svn.wordpress.org/trunk@35738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 15:44:27 +00:00
Scott Taylor
4ae83ec7ec REST API: Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.
Adds unit tests.

Props joehoyle.
Fixes #34832.

Built from https://develop.svn.wordpress.org/trunk@35773


git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:36:25 +00:00
Boone Gorges
43d1ab4720 Use 'invalid_username' error code when tripping 'illegal_user_logins'.
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.

Props markjaquith.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35772


git-svn-id: http://core.svn.wordpress.org/trunk@35736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:25:26 +00:00
Aaron Jorbin
c589ceb880 Make comment screen row actions focusable
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.

Second Permanent Committer sign off was by WonderBoyMusic

See #15520
Fixes #34791
Props afercia, azaozz


Built from https://develop.svn.wordpress.org/trunk@35771


git-svn-id: http://core.svn.wordpress.org/trunk@35735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:13:24 +00:00
Scott Taylor
9ea3f9f676 Canonical: introduce strip_fragment_from_url() and use when comparing URLs in redirect_canonical().
Props tellyworth.
Fixes #19918.

Built from https://develop.svn.wordpress.org/trunk@35770


git-svn-id: http://core.svn.wordpress.org/trunk@35734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:11:26 +00:00
Drew Jaynes
ef1280f770 About page: Make strings translatable.
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35769


git-svn-id: http://core.svn.wordpress.org/trunk@35733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 18:09:25 +00:00
Drew Jaynes
7b20f48413 About page: Final string changes.
Props petya, ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35768


git-svn-id: http://core.svn.wordpress.org/trunk@35732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 17:55:28 +00:00
Dominik Schilling
3be896b142 Unit Tests: Implement addWarning() method in SpeedTrapListener.
The method was introduced in PHPUnit 5.1.0, released today.

Fixes #34846.
Built from https://develop.svn.wordpress.org/trunk@35767


git-svn-id: http://core.svn.wordpress.org/trunk@35731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:41:26 +00:00
Drew Jaynes
65fb187505 About page: Add non-breaking spaces to "Reddit Comments" and "Speaker Deck" oEmbed provider names to prevent line wrapping between the words.
Props ocean90.
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35766


git-svn-id: http://core.svn.wordpress.org/trunk@35730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:27:25 +00:00
Drew Jaynes
3e1f22c196 About page: Fix some minor string errors and simplify URL-building for the plugin install link for capable users.
Props ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35765


git-svn-id: http://core.svn.wordpress.org/trunk@35729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 16:13:28 +00:00
Dominik Schilling
7250749032 Reset Password: Add a missing new operator for WP_Error in get_password_reset_key().
Missed in [34923].

Fixes #34180.

Built from https://develop.svn.wordpress.org/trunk@35764


git-svn-id: http://core.svn.wordpress.org/trunk@35728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 15:31:26 +00:00
Drew Jaynes
de586c98c4 First pass of the 4.4 about page. Adds strings (not yet translatable) and screen shots (not CDN).
Props wonderboymusic, markjaquith, helen, nacin, liljimmi, mordauk, melchoyce, ryelle, ocean90, DrewAPicture
See #34663.

Built from https://develop.svn.wordpress.org/trunk@35763


git-svn-id: http://core.svn.wordpress.org/trunk@35727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 12:24:26 +00:00
Andrew Nacin
9834e9993a Embeds: Enforce, via unit tests, the no-ampersand rule for wp-embed.js.
fixes #34698.

Built from https://develop.svn.wordpress.org/trunk@35762


git-svn-id: http://core.svn.wordpress.org/trunk@35726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 05:46:25 +00:00
Scott Taylor
8cf8e2c66d WP oEmbed: validate the secret send via postMessage in wp.receiveEmbedMessage. Also, compare window instances.
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 20:17:25 +00:00
Helen Hou-Sandí
2f287af8aa Media: Avoid rel="rel=" situations.
props lucymtc, swissspidy.
fixes #34826. see #32074.

Built from https://develop.svn.wordpress.org/trunk@35760


git-svn-id: http://core.svn.wordpress.org/trunk@35724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 17:17:26 +00:00
Gary Pendergast
caf4b8270c Readme: Bump recommended MySQL version to 5.6, as 5.5 is now over 5 years old.
Happy birthday, MySQL 5.5! 

Fixes #34840.


Built from https://develop.svn.wordpress.org/trunk@35759


git-svn-id: http://core.svn.wordpress.org/trunk@35723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:46:26 +00:00
Mark Jaquith
6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Boone Gorges
939291df9f Ensure that order is specified when querying for comment descendants.
Props tellyworth.
Fixes #34838.
Built from https://develop.svn.wordpress.org/trunk@35757


git-svn-id: http://core.svn.wordpress.org/trunk@35721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 15:50:27 +00:00
Scott Taylor
fc349932c0 Install: after [35508], the margin on the header for the Install screen is too big.
Props SergeyBiryukov.
Fixes #34819.

Built from https://develop.svn.wordpress.org/trunk@35756


git-svn-id: http://core.svn.wordpress.org/trunk@35720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 21:02:25 +00:00
Scott Taylor
9b5ffe8062 Responsive Images: Currently images are included in the srcset if the aspect ratio difference is smaller than 0.01. This number is too high, set it to 0.002
Props joemcgill.
Fixes #34810.

Built from https://develop.svn.wordpress.org/trunk@35755


git-svn-id: http://core.svn.wordpress.org/trunk@35719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:58:24 +00:00
Scott Taylor
c0f8bd0de2 Customize Unit Tests: also remove_action( 'after_setup_theme', 'twentysixteen_setup' ). TwentyFifteen is already removed.
See #31550.

Built from https://develop.svn.wordpress.org/trunk@35754


git-svn-id: http://core.svn.wordpress.org/trunk@35718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-01 20:56:24 +00:00