This allows themes to directly override the default template. The order in which the template is retrieved is as follows: `embed-$post_type-$post_format.php` -> `embed-$post_type.php` -> `embed.php`.
The `embed_template` filter gets replaced by the dynamic `{$type}_template` filter in `get_query_template()`.
Props ChriCo, swissspidy.
See #34561. Fixes#34278.
Built from https://develop.svn.wordpress.org/trunk@36876
git-svn-id: http://core.svn.wordpress.org/trunk@36843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a follow-up to [36604].
When processing dependencies `$this->group` will be the minimum of the script's registered group and all preceding siblings. This is wrong because only a scripts ancestors in the dependency chain should affect where it is loaded. Effectively `$this->group` introduced a form of global state which potentially corrupted the group of dependencies. Sorting covers up this problem.
The issue in #35873 was that script were not moving their dependencies to a lower group when necessary.
The fix:
* In `WP_Dependencies::all_deps()` pass the new `$group` value to `WP_Dependencies::all_deps()`. Previously the wrong value was passed because the parent script could have moved with `WP_Scripts::set_group()`.
* In `WP_Scripts::all_deps()` pass the `$group` parameter to `WP_Dependencies::all_deps()` so it doesn't always use `false` for `$group`. Same for `WP_Styles::all_deps()`.
Props stephenharris, gitlost.
Fixes#35956.
Built from https://develop.svn.wordpress.org/trunk@36871
git-svn-id: http://core.svn.wordpress.org/trunk@36838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.
When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.
In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.
Fixes#30598.
Built from https://develop.svn.wordpress.org/trunk@36867
git-svn-id: http://core.svn.wordpress.org/trunk@36834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Tested scenarios include: using the default (which is the post type description), Setting a custom description for that individual menu item, and setting a custom description that is blank. Introduced in r35382.
Props Toro_Unit, mayukojpn, extendwings, jorbin.
Fixes#35324. See #16075.
Built from https://develop.svn.wordpress.org/trunk@36859
git-svn-id: http://core.svn.wordpress.org/trunk@36826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[36510] introduced a fix to allow users to save large menus on the Edit Menu screen (70+ menu items). The form data is stored as JSON which is used to inject the `$_POST` variable in the form submission handler. This injection was not setting form items with named array elements properly (e.g. `menu-locations[primary]`), which did not save theme location data in a large form.
Props keraweb.
See #14134.
Built from https://develop.svn.wordpress.org/trunk@36852
git-svn-id: http://core.svn.wordpress.org/trunk@36819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes double `margin-bottom` from all the media controls.
* All media controls now send `{settingId}-attachment-data` messages to the preview when a media setting is updated so that the preview has access to the attachment data.
* Fixes receiving of `attachment-data` message for `custom_logo` which resulted in instant JS-applied preview not working. See #36096.
See #33755.
Fixes#35941.
Built from https://develop.svn.wordpress.org/trunk@36851
git-svn-id: http://core.svn.wordpress.org/trunk@36818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Change the newly added `press_this_save_post_content` filter to `press_this_save_post` and pass the $post_data array to it.
- Remove the newly added `press_this_useful_html_elements`. It only runs in compatibility mode when a URL is typed by the user.
- Remove the `press_this_suggested_content` filter. It is redundant as the suggested HTML for the editor is already filtered by `press_this_suggested_html`.
- Add some more inline docs and rename couple of vars to make the code more readable.
Fixes#34455.
Built from https://develop.svn.wordpress.org/trunk@36848
git-svn-id: http://core.svn.wordpress.org/trunk@36815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.
Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.
Fixes#35975.
Built from https://develop.svn.wordpress.org/trunk@36829
git-svn-id: http://core.svn.wordpress.org/trunk@36796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
