The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057.
Built from https://develop.svn.wordpress.org/trunk@42228
git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
See #41925.
Built from https://develop.svn.wordpress.org/trunk@42056
git-svn-id: http://core.svn.wordpress.org/trunk@41885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
Built from https://develop.svn.wordpress.org/trunk@39598
git-svn-id: http://core.svn.wordpress.org/trunk@39538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.
Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes#39078.
Built from https://develop.svn.wordpress.org/trunk@39506
git-svn-id: http://core.svn.wordpress.org/trunk@39446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.
See #38114.
Fixes#38928.
Built from https://develop.svn.wordpress.org/trunk@39411
git-svn-id: http://core.svn.wordpress.org/trunk@39351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.
As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.
props westonruter, helen, flixos90.
fixes#38615.
Built from https://develop.svn.wordpress.org/trunk@39346
git-svn-id: http://core.svn.wordpress.org/trunk@39286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages.
While this feature is very helpful, it has always been limited to the 'page' post type and not was not available to other post types.
By opening up the page template functionality to all post types, we continue to improve the template hierarchy's flexibility.
In addition to the `Template Name` file header, the post types supported by a template can be specified using `Template Post Type: post, foo, bar`.
When at least one template exists for a post type, the 'Post Attributes' meta box will be displayed in the back end, without the need to add post type support for `'page-attributes'`. 'Post Attributes' can be customized per post type using the `'attributes'` label when registering a post type.
Props johnbillion, Mte90, dipesh.kakadiya, swissspidy.
Fixes#18375.
Built from https://develop.svn.wordpress.org/trunk@38951
git-svn-id: http://core.svn.wordpress.org/trunk@38894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value. Example: a request for the comments feed for a site without any comments.
Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API. The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.
Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes#38027.
Built from https://develop.svn.wordpress.org/trunk@38925
git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
One thing fairly common to the cache groups is a block of code to look to see when the cache was last changed, and if there isn't one, to set it for the current microtime(). It appears in 8 different places in core. This adds a new helper `wp_cache_get_last_changed` to DRY things up a bit.
Since `wp-includes/cache.php` isn't guaranteed to be loaded, this new function is in `wp-includes/functions.php`
Props spacedmonkey, desrosj.
Fixes#37464.
Built from https://develop.svn.wordpress.org/trunk@38849
git-svn-id: http://core.svn.wordpress.org/trunk@38792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes#38373.
Built from https://develop.svn.wordpress.org/trunk@38832
git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Custom CSS is associated with a given theme and is displayed in an inline `style` element at the `wp_head` hook after the `wp_print_styles` is called so that it overrides any enqueued stylesheets.
* A `wp_get_custom_css()` function is used for accessing the CSS associated with the current theme (or another theme) and a `wp_get_custom_css` filter for manipulating it.
* CSS is managed in customizer via a new "Additional CSS" section with a single `textarea` control.
* `WP_Customize_Section::$description_hidden` is introduced for hiding extended descriptions in customizer sections behind a help toggle as done with panels.
* CSS is stored in a `custom_css` post type with the theme (stylesheet) slug as the `post_name`.
* `WP_Customize_Custom_CSS_Setting` is introduced to handle validation of CSS, previewing, and persisting the CSS to the `custom_css` post type.
* The `custom_css` setting is tied to a new `unfiltered_css` capability which maps to `unfiltered_html` by default.
* Escaping the message in the notification template is removed to allow markup (`code` tags) to be rendered.
See https://make.wordpress.org/core/2016/10/11/feature-proposal-better-theme-customizations-via-custom-css-with-live-previews/
Props johnregan3, celloexpressions, folletto, westonruter.
Fixes#35395.
Built from https://develop.svn.wordpress.org/trunk@38829
git-svn-id: http://core.svn.wordpress.org/trunk@38772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow to add/remove a featured image to `attachment:audio` and `attachment:video` post types, see [27657].
* Change conditionals to check for theme OR post type support.
* Add tests for #12922.
Broken in [37658].
Props flixos90, joemcgill, DrewAPicture, wonderboymusic.
See #12922.
Fixes#37658.
Built from https://develop.svn.wordpress.org/trunk@38263
git-svn-id: http://core.svn.wordpress.org/trunk@38204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, changing the post thumbnail of a published post in the edit screen
would immediately apply the change, rather than waiting for the post to be
saved before applying the update. This could lead to someone unintentionally
editing the post thumbnail on a published post, and made it impossible to
preview changes to post thumbnails on published posts before saving the change.
This introduces a new Ajax handler, `wp_ajax_get_post_thumbnail_html()` to
retrieve the HTML for the post thumbnail meta box without updating the post
meta value for `_thumbnail_id`. It also allows post thumbnail changes to be
previewed by passing the `_thumbnail_id` as a query variable to the preview
screen and adding a new filter, `_wp_preview_post_thumbnail_filter()`, which
gets applied to `get_post_metadata` during the post preview process.
Props flixos90.
Fixes#12922.
Built from https://develop.svn.wordpress.org/trunk@38118
git-svn-id: http://core.svn.wordpress.org/trunk@38059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds three new functions for getting/displaying attachment captions:
* `wp_get_attachment_caption` - Retrieves a caption for a specific attachment.
* `get_the_post_thumbnail_caption()` - Returns the post thumbnail caption.
* `the_post_thumbnail_caption()` - Displays the post thumbnail caption.
These are helpful for displaying a caption associated with an image directly
in a template, rather than using the caption shortcode.
This also introduces two new filters:
* `wp_get_attachment_caption` - Filters the value of `wp_get_attachment_caption()`.
* `the_post_thumbnail_caption` - Filters the display of the post thumbnail caption.
`the_post_thumbnail_caption()` is automatically filtered by `wptexturize()`,
`convert_smilies()`, and `convert_chars()` in `wp-includes/default-filters.php`.
Props flixos90, joemcgill.
Fixes#12235.
Built from https://develop.svn.wordpress.org/trunk@37915
git-svn-id: http://core.svn.wordpress.org/trunk@37856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the global `$wp_post_types` to an array of `WP_Post_Type` objects. `WP_Post_Type` includes methods to handle post type supports, rewrite rules, meta boxes, hooks, and taxonomies.
Each post type argument becomes a property of `WP_Post_Type`.
Props swissspidy, flixos90.
Fixes#36217.
Built from https://develop.svn.wordpress.org/trunk@37890
git-svn-id: http://core.svn.wordpress.org/trunk@37831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Percent signs are reserved characters in URIs. As such, it was impossible for
plugins to route requests to trashed posts, as happens in bbPress. The new
`__trashed` suffix should be sufficiently unique.
Also adds a test that demonstrates that the `__trashed` suffix can be
appended to slugs that contain the suffix somewhere other than the end of
the string.
Props netweb, ericlewis.
Fixes#11863.
Built from https://develop.svn.wordpress.org/trunk@37165
git-svn-id: http://core.svn.wordpress.org/trunk@37132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When determining a unique post slug, trashed posts are taken into account. Previously, new posts would add suffixes to their slugs (e.g. `about-2`) when a post in the trash had the desired slug (e.g. `about`).
To avoid this behavior, when a post is trashed its slug (i.e. `post_name`) is now suffixed with `-%trashed%`. The post's pre-trash slug is stored as post meta, and if the post is restored from trash, its desired slug is reapplied.
For existing trashed posts which don't have the `-%trashed%` suffix, the suffix is added when a post with its desired slug is created.
Props ocean90, boonebgorges, ryan, SergeyBiryukov, coffee2code, helen, williamsba1.
See #11863.
Built from https://develop.svn.wordpress.org/trunk@36607
git-svn-id: http://core.svn.wordpress.org/trunk@36574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes#35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously when updating a post using wp_insert_post(), post_name was
regenerated based on post_title every time if post_name was not passed in
explicitly. This irons out the expectation that properties not passed into the
function should not be modified.
Props jason_the_adams.
Fixes#34865.
Built from https://develop.svn.wordpress.org/trunk@35800
git-svn-id: http://core.svn.wordpress.org/trunk@35764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce `is_post_type_viewable( $post_type_object )`
* Separate the HTML bits from the translatable bits in the `post` messages array in `edit-form-advanced.php`
* Don't show certain UI pieces when a post is not viewable on the front end
When a custom post type item is not viewable on the front end, we don't want to show links to View it (on the front end) all over the admin. We also want to hide the Preview link, et al. We also want our admin messages to not contain said links.
Custom post types with `public_queryable` set to `false` are not viewable on the front end.
`'page'` is viewable on the front end, but `'page'` is a `_builtin` type, and `public_queryable` is set to `false` when it is registered - see `WP::parse_request()` for when `public_queryable` gets used.
This is confusing, but also somewhat straightforward: to determine if a post type is viewable on the front end, we can check one way for `_builtin => true` and another way for `_builtin => false`:
`$post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public )`
If a post type is `publicly_queryable`, it's viewable. If that value is `false`, it is viewable if it's a `_builtin` type that is also `public`.
I am in search of edge cases, so this shall land.
Props wonderboymusic, DrewAPicture.
See #17609.
Built from https://develop.svn.wordpress.org/trunk@33666
git-svn-id: http://core.svn.wordpress.org/trunk@33633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the post cache is not cleared at this point, the cache can become stale
for operations performed before the cache is cleared later in the function.
Specifically, the generation of a `guid` for new posts can use stale data,
resulting in non-unique values. [33262] introduced a call to `get_post()`
that introduced just such an invalidation problem.
Fixes#5305.
Built from https://develop.svn.wordpress.org/trunk@33630
git-svn-id: http://core.svn.wordpress.org/trunk@33597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On certain permalink structures, a numeric post slug will result in a post
permalink that conflicts with a date archive URL. For example, with permastruct
`/%year%/%monthnum%/%postname%/`, a post published in May 2015 with slug
`'15'` will result in a URL (`/2015/05/15/`) that conflicts with the archive
for May 15, 2015.
To avoid this problem, `wp_unique_post_slug()` rejects a requested slug when it
would generate a conflict of this type. Thus, in our example, `'15'` would
become `'15-2'`.
Props valendesigns, boonebgorges, Denis-de-Bernardy, loushou.
See #5305.
Built from https://develop.svn.wordpress.org/trunk@32647
git-svn-id: http://core.svn.wordpress.org/trunk@32617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Clarify `@return` values where necessary.
In `wp_delete_post_revision()`, `wp_delete_post()` doesn't return `WP_Error`, so that check can be removed.
`wp_revisions_to_keep()` always returns an `int`, so `wp_revisions_enabled()` can use strict comparison.
See #32444.
Built from https://develop.svn.wordpress.org/trunk@32621
git-svn-id: http://core.svn.wordpress.org/trunk@32591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new algorithm uses a hash table rather than function recursion, reducing
complexity to O(N). On large numbers of pages, the performance improvement is
several orders of magnitude.
Props santagada, hailin, mihai.
Fixes#10852.
Built from https://develop.svn.wordpress.org/trunk@32355
git-svn-id: http://core.svn.wordpress.org/trunk@32326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Detecting SSL status on the Dashboard introduces problems when writing content
that is saved to the database and then displayed on the front end, where SSL
may be optional (or impossible, due to self-signed certificates). The new
approach parallels the logic in `get_home_url()` for forcing HTTPS.
See [31614] #15928 for background.
Fixes#32112 for trunk.
Built from https://develop.svn.wordpress.org/trunk@32342
git-svn-id: http://core.svn.wordpress.org/trunk@32313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace exisiting smilies with equivalent emoji, or with shiny new smiley images where no emoji existed.
Props batmoo, joen and mkaz for the original plugin upon which this is based.
Props pento, iseulde, kraftbj and peterwilsoncc for making the internet's dreams come true.
See #31242
Built from https://develop.svn.wordpress.org/trunk@31733
git-svn-id: http://core.svn.wordpress.org/trunk@31714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change makes the 'post_type' clause in `wp_list_authors()` redundant, so
we remove it. Third-party plugins using `get_posts_by_author_sql()` may have
similarly redundant clauses, but this won't change the results returned by the
SQL queries.
Also adds unit tests for `get_posts_by_author_sql()`.
Props pbearne.
Fixes#30354.
Built from https://develop.svn.wordpress.org/trunk@31653
git-svn-id: http://core.svn.wordpress.org/trunk@31634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_attachment_url()`, via `wp_upload_dir()`, uses 'siteurl' to generate
attachment URLs. When a site is SSL-optional on the front end - ie, 'siteurl'
is non-HTTPS, but SSL is available - a number of situations can arise where
non-HTTPS attachment URLs cause browser mixed-content warnings:
a) SSL is forced in the admin and `wp_get_attachment_url()` is used to generate the `<img>` tag for an inserted image. In these cases, the post content will contain non-HTTPS. Viewing/editing this post in the Dashboard will result in non-HTTPS images being served in an SSL environment.
b) `wp_get_attachment_url()` is used in a theme to generate an `<img>` `src` attribute on a public page. When viewing that page over SSL, the images will have HTTP URLs.
This changeset switches attachment URLs to HTTPS when it's determined that the
host supports SSL. This happens when 'siteurl' is non-SSL, but the current page
request *is* over SSL, and the host of the current request matches the host of
the URL being generated.
Props joemcgill, boonebgorges.
Fixes#15928.
Built from https://develop.svn.wordpress.org/trunk@31614
git-svn-id: http://core.svn.wordpress.org/trunk@31595 1a063a9b-81f0-0310-95a4-ce76da25c4cd