Commit Graph

298 Commits

Author SHA1 Message Date
Andrew Ozz
f4e6b7a29c Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.

Built from https://develop.svn.wordpress.org/trunk@43055


git-svn-id: http://core.svn.wordpress.org/trunk@42884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:59:21 +00:00
Andrew Ozz
c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Andrew Ozz
81668f8312 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.
Built from https://develop.svn.wordpress.org/trunk@42994


git-svn-id: http://core.svn.wordpress.org/trunk@42823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 12:19:21 +00:00
Andrew Ozz
3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
Andrew Ozz
4fed9aa6bd Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Fixes #43440.
Built from https://develop.svn.wordpress.org/trunk@42888


git-svn-id: http://core.svn.wordpress.org/trunk@42718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 17:25:31 +00:00
Andrew Ozz
8ae59374f3 Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz.
See #43436.
Built from https://develop.svn.wordpress.org/trunk@42772


git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00
Andrew Ozz
de8936588c Add pre-save content filter to make target=_blank always secure.
Props notnownikki, iseulde, azaozz
Fixes #43187
Built from https://develop.svn.wordpress.org/trunk@42770


git-svn-id: http://core.svn.wordpress.org/trunk@42600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-02 14:42:31 +00:00
Peter Wilson
a492541c35 Formatting: Do not run formatting and texturization on author bios.
Removes the formatting and texturization added to author bios in #40040 due to back-compatibility concerns.

Reverts [41172], [41173].

Props 0x6f0, rabmalin for review.
Fixes #42578.


Built from https://develop.svn.wordpress.org/trunk@42441


git-svn-id: http://core.svn.wordpress.org/trunk@42271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-13 01:11:49 +00:00
Gary Pendergast
6da54f0d9b Canonical URLs: Redirect to the correct URL when the post date changes.
When a post slug is changed, we store a copy of the old slug, so that we can redirect visitors visiting the old URL to the new URL.

In the same way, this stores a copy of the old date, when the post date changes, so we can redirect visitors to the new URL.

Props nickmomrik.
Fixes #15397 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42401


git-svn-id: http://core.svn.wordpress.org/trunk@42230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-15 08:31:47 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Aaron Jorbin
b8fc8cb59c Dashboard: Remove "Try Gutenberg" callout.
Reverting this for 4.9. It will be added back in a future version of WordPress. This doesn't mean that you shouldn't be trying Gutenberg, just that it isn't ready for a call out to a larger audience. But if you are the type to read commit messages, https://github.com/WordPress/gutenberg could use your pull requests and comments on issues.

Reverts [41931] [41900] [41896] [41895]
See #41316


Built from https://develop.svn.wordpress.org/trunk@41978


git-svn-id: http://core.svn.wordpress.org/trunk@41812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 20:48:47 +00:00
Dion Hulse
26f9c6b909 Transients: Clear expired transients from the database in a daily cron task.
Fixes #41699

Built from https://develop.svn.wordpress.org/trunk@41963


git-svn-id: http://core.svn.wordpress.org/trunk@41797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-21 13:22:49 +00:00
Gary Pendergast
3981736cd6 Dashboard: Introduce a "Try Gutenberg" callout.
To encourage more people to try Gutenberg, this new Dashboard box allows site users to easily install and try out Gutenberg.

Props pento, melchoyce, joen, karmatosed.
Fixes #41316.


Built from https://develop.svn.wordpress.org/trunk@41895


git-svn-id: http://core.svn.wordpress.org/trunk@41729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 10:04:47 +00:00
John Blackbourn
50948669eb Users: Revert [41613], [41614], and [41623] as this feature needs some more work.
See #38741

Built from https://develop.svn.wordpress.org/trunk@41753


git-svn-id: http://core.svn.wordpress.org/trunk@41587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 22:17:46 +00:00
John Blackbourn
807bc5a6c9 Users: Introduce the concept of a large site in order to speed up the Users screen when there are many users.
Calling the `count_users()` function is expensive, regardless of the counting strategy that's used, and it gets
slower the more users there are on a site. In order to speed up the Users screen in the admin area, calling
`count_users()` can be avoided entirely while still displaying the total count for users.

This introduces some new functions:

* `wp_is_large_user_count()`
* `wp_get_active_user_count()`
* `wp_update_active_user_count()`

A corresponding `wp_is_large_user_count` filter is also introduced.

Props tharsheblows, johnbillion

Fixes #38741

Built from https://develop.svn.wordpress.org/trunk@41613


git-svn-id: http://core.svn.wordpress.org/trunk@41448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 13:04:47 +00:00
Weston Ruter
84d2c51153 Widgets: Add shortcode support inside Text widgets.
* Used now in core to facilitate displaying inserted media. See #40854.
* The `[embed]` shortcode is not supported because there is no post context for caching oEmbed responses. This depends on #34115.
* Add `do_shortcode()` to the `widget_text_content` filter in the same way it is added for `the_content` at priority 11, with `shortcode_unautop()` called at priority 10 after `wpautop()`.
* For Text widget in legacy mode, manually apply `do_shortcode()` (and `shortcode_unautop()` if auto-paragraph checked) if the core-added `widget_text_content` filter remains, unless a plugin added `do_shortcode()` to `widget_text` to prevent applying shortcodes twice.
* Ensure that global `$post` is `null` while filters apply in the Text widget so shortcode handlers won't run with unexpected contexts.

Props westonruter, nacin, aaroncampbell.
See #40854, #34115.
Fixes #10457.

Built from https://develop.svn.wordpress.org/trunk@41361


git-svn-id: http://core.svn.wordpress.org/trunk@41194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 06:33:44 +00:00
Felix Arntz
f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
Konstantin Obenland
e183d59acb Map nav menu locations on theme switch
This will send nav menu locations through three levels of mapping:
1. If both themes have only one location, that gets mapped.
2. If both themes have locations with the same slug, they get mapped.
3. Locations that (even partially) match slugs from a similar kind of menu location will get mapped.

Menu locations are mapped for Live Previews in the Customizer and during theme switches.

Props westonruter, obenland, welcher, melchoyce.
Fixes #39692.


Built from https://develop.svn.wordpress.org/trunk@41237


git-svn-id: http://core.svn.wordpress.org/trunk@41077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-09 21:04:47 +00:00
John Blackbourn
41f71598f7 Formatting: Introduce get_the_post_type_description() to allow post type archive descriptions to be formatted the same as author and term archives.
Props henry.wright

Fixes #40040

Built from https://develop.svn.wordpress.org/trunk@41232


git-svn-id: http://core.svn.wordpress.org/trunk@41072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-04 23:01:44 +00:00
John Blackbourn
01e64d9ed0 Formatting: Add formatting and texturization to author descriptions so they match the formatting of term descriptions.
Props henry.wright

Fixes #40040

Built from https://develop.svn.wordpress.org/trunk@41172


git-svn-id: http://core.svn.wordpress.org/trunk@41012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 15:10:42 +00:00
Weston Ruter
1a005d853f Widgets: Replace adding balanceTags on widget_custom_html_content filter in favor of just applying widget_text filters in the Custom HTML widget.
Ensures that users who copy HTML from the Text widget in legacy mode over to the Custom HTML widget will continue to get all of the same filters applied, including tag balancing and shortcodes, if a plugin added support. Plugins still have the `widget_text_content` and `widget_custom_html_content` filters they can use to target the specific widget types.

Amends [40893].
See #40951.
Fixes #40907 for trunk.

Built from https://develop.svn.wordpress.org/trunk@41086


git-svn-id: http://core.svn.wordpress.org/trunk@40926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-18 22:11:44 +00:00
Weston Ruter
a46d94efeb Widgets: Rename "HTML Code" widget to "Custom HTML" widget.
Correspondingly renames files, ID base from `html_code` to `custom_html`, and the filter from `widget_html_code_content` to `widget_custom_html_content`.

See #40907.

Built from https://develop.svn.wordpress.org/trunk@40926


git-svn-id: http://core.svn.wordpress.org/trunk@40776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-24 00:00:45 +00:00
Weston Ruter
38db73cff8 Widgets: Add widget dedicated for HTML Code, taking over this role of the Text widget.
Props westonruter, timmydcrawford.
See #40951, #35243.
Fixes #40907.

Built from https://develop.svn.wordpress.org/trunk@40893


git-svn-id: http://core.svn.wordpress.org/trunk@40743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-09 23:54:42 +00:00
Konstantin Obenland
9bbbc719d4 Dashboard: Properly localize data for events
Moves localization to script-loader and removes dependency for two strings.

Props dd32, iandunn.
See #40702.

Built from https://develop.svn.wordpress.org/trunk@40776


git-svn-id: http://core.svn.wordpress.org/trunk@40634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-18 14:34:43 +00:00
Weston Ruter
d8f94986b2 Customize: Keep alive auto-drafts created for page/post stubs when parent changeset is updated, and delete when changeset is garbage-collected.
Props utkarshpatel, westonruter.
See #31089.
Fixes #39715.

Built from https://develop.svn.wordpress.org/trunk@40676


git-svn-id: http://core.svn.wordpress.org/trunk@40539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 05:37:44 +00:00
Weston Ruter
40ebb188cd Widgets: Extend the Text widget with TinyMCE.
Introduces rich text formatting: bold, italic, lists, links.

Props westonruter, azaozz, timmydcrawford, obenland, melchoyce.
See #35760.
Fixes #35243.

Built from https://develop.svn.wordpress.org/trunk@40631


git-svn-id: http://core.svn.wordpress.org/trunk@40492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 18:55:43 +00:00
Weston Ruter
7349c22b73 Customize: Fix clearing of fresh_site option flag when editing sidebars on widgets admin screen.
Amends [38991].
See #38114, #38533.
Fixes #40722.

Built from https://develop.svn.wordpress.org/trunk@40608


git-svn-id: http://core.svn.wordpress.org/trunk@40478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 21:25:41 +00:00
Sergey Biryukov
2b48ca580e Embeds: Change the embed_autourls option filter from default_option_* to pre_option_* to avoid a DB query.
The option was removed from core in [21998], but still might be used by plugins.

Props dlh.
Fixes #38924.
Built from https://develop.svn.wordpress.org/trunk@40360


git-svn-id: http://core.svn.wordpress.org/trunk@40267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 13:56:43 +00:00
Weston Ruter
15ddaa269e Customize: Bump wp_custom_css_cb from running at wp_head priority 11 to 101 to ensure Custom CSS overrides other CSS.
Aligns `wp_head` action priority with Jetpack's Custom CSS.

Amends [38829].
See #35395, #38672.
Fixes #39270.

Built from https://develop.svn.wordpress.org/trunk@39616


git-svn-id: http://core.svn.wordpress.org/trunk@39556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-16 07:29:42 +00:00
Weston Ruter
e35ac97641 Customize: Remove premature (and verbose) check of fresh_site option due to database not being ready on multisite.
Fixes regression in [38991].
See #38114.

Built from https://develop.svn.wordpress.org/trunk@38994


git-svn-id: http://core.svn.wordpress.org/trunk@38936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 03:43:30 +00:00
Weston Ruter
75535c596b Customize: Introduce starter content and site freshness state.
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.

* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.

Props helen, westonruter, ocean90.
Fixes #38114, #38533.

Built from https://develop.svn.wordpress.org/trunk@38991


git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:57:35 +00:00
Dominik Schilling
7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Rachel Baker
2f263fce99 Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds.
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value.  Example: a request for the comments feed for a site without any comments.

Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API.  The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.

Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes #38027.
Built from https://develop.svn.wordpress.org/trunk@38925


git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 20:48:29 +00:00
Rachel Baker
e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00
Weston Ruter
1ccd9e7a6c Customize: Introduce custom CSS for extending theme styles.
* Custom CSS is associated with a given theme and is displayed in an inline `style` element at the `wp_head` hook after the `wp_print_styles` is called so that it overrides any enqueued stylesheets.
* A `wp_get_custom_css()` function is used for accessing the CSS associated with the current theme (or another theme) and a `wp_get_custom_css` filter for manipulating it.
* CSS is managed in customizer via a new "Additional CSS" section with a single `textarea` control. 
* `WP_Customize_Section::$description_hidden` is introduced for hiding extended descriptions in customizer sections behind a help toggle as done with panels.
* CSS is stored in a `custom_css` post type with the theme (stylesheet) slug as the `post_name`.
* `WP_Customize_Custom_CSS_Setting` is introduced to handle validation of CSS, previewing, and persisting the CSS to the `custom_css` post type.
* The `custom_css` setting is tied to a new `unfiltered_css` capability which maps to `unfiltered_html` by default.
* Escaping the message in the notification template is removed to allow markup (`code` tags) to be rendered.

See https://make.wordpress.org/core/2016/10/11/feature-proposal-better-theme-customizations-via-custom-css-with-live-previews/

Props johnregan3, celloexpressions, folletto, westonruter.
Fixes #35395.

Built from https://develop.svn.wordpress.org/trunk@38829


git-svn-id: http://core.svn.wordpress.org/trunk@38772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 18:15:31 +00:00
Weston Ruter
f1ba1918c9 Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.

See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/

Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.

Built from https://develop.svn.wordpress.org/trunk@38810


git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 20:05:31 +00:00
Boone Gorges
0bdfa2ab1e Comments: Abstract die() calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.

The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.

Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.

Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778


git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 03:43:28 +00:00
Dominik Schilling
c73c23c423 Resource Hints: Increase priority of wp_resource_hints() so hints get printed before scripts and styles.
Also run `wp_resource_hints()` on the login screen and in the customizer. 

Props swissspidy.
Fixes #37317.
Built from https://develop.svn.wordpress.org/trunk@38046


git-svn-id: http://core.svn.wordpress.org/trunk@37987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 12:54:28 +00:00
Peter Wilson
b9b69676d8 Embeds: Include locale stylesheets after default styles.
Fire `locale_stylesheet` action after the `wp_print_styles` action in the embeds header to match the order in `wp_head`.

Props swissspidy.
Fixes #36839.

Built from https://develop.svn.wordpress.org/trunk@38010


git-svn-id: http://core.svn.wordpress.org/trunk@37951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 06:07:33 +00:00
Helen Hou-Sandí
69ccab3405 Introduce an expanded meta registration API.
`register_meta()` has been altered to accept an array of arguments as the third parameter in order to support its usage beyond XML-RPC, notably in the REST API and other projects that may build on top of meta, such as a potential Fields API. Arguments are whitelisted to reserve the right for core to add more later.

New functions added to complement this expansion are:
* `registered_meta_key_exists()`
* `unregister_meta_key()`
* `get_registered_meta_keys()`
* `get_registered_metadata()`
* A "private" function for the aforementioned whitelisting.

There still need to be lots of tests written for previous and new behaviors, and many things are subject to change. Maybe things will explode. #yolo

props jeremyfelt, ericlewis, sc0ttkclark, helen, rmccue, ocean90, voldemortensen.
see #35658.

Built from https://develop.svn.wordpress.org/trunk@37924


git-svn-id: http://core.svn.wordpress.org/trunk@37865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-30 01:02:29 +00:00
Dominik Schilling
6d7a70e2ce Script Loader: Introduce an API to register resource hints.
Resource hints allow browsers to prefetch specific pages or render them in the background to perform DNS lookups or to begin the connection handshake (DNS, TCP, TLS) in the background.

By default, `wp_resource_hints()` prints hints for "s.w.org" (the WordPress.org CDN) and for all scripts and styles which are enqueued from external hosts.
Use the `wp_resource_hints` filter to add custom domains and URLs for `dns-prefetch`, `preconnect`, `prefetch` or `prerender`.

Props voldemortensen, swissspidy.
Fixes #34292.
Built from https://develop.svn.wordpress.org/trunk@37920


git-svn-id: http://core.svn.wordpress.org/trunk@37861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 19:36:28 +00:00
Joe McGill
170d22a22c Post Thumbnails: Add helper functions for attachment captions.
This adds three new functions for getting/displaying attachment captions:

* `wp_get_attachment_caption` - Retrieves a caption for a specific attachment.
* `get_the_post_thumbnail_caption()` - Returns the post thumbnail caption.
* `the_post_thumbnail_caption()` - Displays the post thumbnail caption.

These are helpful for displaying a caption associated with an image directly
in a template, rather than using the caption shortcode.

This also introduces two new filters:

* `wp_get_attachment_caption` - Filters the value of `wp_get_attachment_caption()`.
* `the_post_thumbnail_caption` - Filters the display of the post thumbnail caption.

`the_post_thumbnail_caption()` is automatically filtered by `wptexturize()`,
`convert_smilies()`, and `convert_chars()` in `wp-includes/default-filters.php`.

Props flixos90, joemcgill.
Fixes #12235.
Built from https://develop.svn.wordpress.org/trunk@37915


git-svn-id: http://core.svn.wordpress.org/trunk@37856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 17:28:28 +00:00
Dominik Schilling
0c7a9a4bd6 I18N: Localize the jQuery UI datepicker.
This provides some default data for the jQuery UI datepicker. The localized data is already available via `WP_Locale` and is only passed to the datepicker if the script is enqueued.

Props clubduece, swissspidy, barryceelen, ocean90.
Fixes #29420.
Built from https://develop.svn.wordpress.org/trunk@37908


git-svn-id: http://core.svn.wordpress.org/trunk@37849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 12:58:29 +00:00
Pascal Birchler
629b43769b Embeds: Improve performance when embedding a post from the current site.
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Fixes #36767 for trunk.
Built from https://develop.svn.wordpress.org/trunk@37708


git-svn-id: http://core.svn.wordpress.org/trunk@37674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-15 11:23:28 +00:00
Ryan McCue
dee1d583a7 HTTP API: Add browser compatibility hook for 3xx redirects.
WordPress erroneously follows browser-style behaviour with 3xx redirects, where a POST to 302 becomes a GET. Requests instead follows the specification and keeps the same method. Requests also exposes a hook to allow changing the behaviour.

[37428] used the wrong method of adding this hook, now corrected.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37429


git-svn-id: http://core.svn.wordpress.org/trunk@37395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 05:11:27 +00:00
Ryan McCue
37f6e6813a HTTP API: Replace internals with Requests library.
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00
Gary Pendergast
cb7ea89c8e Smilies: Move convert_smilies to happen later in the the_content filter.
In particular, we want it to occur after shortcode handling. The smiley conversion routine doesn't have any concept of shortcode structure, so may inadvertantly replace a smiley with HTML inside a shortcode attribute, which will cause the shortcode to not be parsed correctly.

Props Unyson for the initial suggested fix.

Fixes #36306. 


Built from https://develop.svn.wordpress.org/trunk@37298


git-svn-id: http://core.svn.wordpress.org/trunk@37264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-22 07:08:27 +00:00
Aaron Jorbin
1972aa2a2a Add grunt prerelease task
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.

See #35557

Built from https://develop.svn.wordpress.org/trunk@36930


git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-10 05:37:27 +00:00