`WP_HTTP_Proxy()` is used directly in `WP_Http_Curl()` and `WP_Http_Streams()`. Since `WP_Http::request()` doesn't use them anymore we have to move the proxy handling into `WP_Http::request()` so the proxy data can be passed to `Requests::request()`.
Props rmccue.
See #33055.
Fixes#37107.
Built from https://develop.svn.wordpress.org/trunk@38054
git-svn-id: http://core.svn.wordpress.org/trunk@37995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In some cases, images in the media library may contain spaces in
their filenames. This results in an invalid `srcset` attribute,
causing broken images on the front end. This change fixes the issue
by replacing spaces in URLs with URL encoded '%20' characters before
returning the `srcset` string.
Props underdude, joemcgill.
Fixes#36549.
Built from https://develop.svn.wordpress.org/trunk@38052
git-svn-id: http://core.svn.wordpress.org/trunk@37993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.
Props cfinke.
Fixes#37208.
Built from https://develop.svn.wordpress.org/trunk@38047
git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using `register_meta()` with the function signature from 4.5 and earlier, the `auth_{$type}_meta_{$key}` and `sanitize_{$type}_meta_{$key}` filters are used. Any calls to `register_meta()` expecting this behavior should continue to work. The new filters, which take advantage of object subtypes, should not be added unless the proper `$args` array is passed.
See #35658.
Built from https://develop.svn.wordpress.org/trunk@38041
git-svn-id: http://core.svn.wordpress.org/trunk@37982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If auth and/or sanitize callbacks are specified in the arguments for
`register_meta()`, filters are added to handle these callbacks. These
should be removed when calling `unregister_meta_key()` to avoid
unintentional filtering.
See #35658.
Built from https://develop.svn.wordpress.org/trunk@38040
git-svn-id: http://core.svn.wordpress.org/trunk@37981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.
Related commits: [38011-38013]
Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes#32075.
Built from https://develop.svn.wordpress.org/trunk@38015
git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_convert_hr_to_bytes()` was previously defined in wp-includes/media.php because it's only used by `wp_max_upload_size()` in the same file.
Moving this function to load.php allows us to improve core's memory limit handling.
See #32075.
Built from https://develop.svn.wordpress.org/trunk@38012
git-svn-id: http://core.svn.wordpress.org/trunk@37953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.
Fixes#37223.
Built from https://develop.svn.wordpress.org/trunk@38007
git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When comment IDs are fetched from the cache rather than the database,
the subsequent `SELECT FOUND_ROWS()` query will not return the correct value.
To avoid unnecessary queries, we cache the results of the `found_comments`
query alongside the comment IDs.
Props spacedmonkey.
Fixes#37184.
Built from https://develop.svn.wordpress.org/trunk@38001
git-svn-id: http://core.svn.wordpress.org/trunk@37942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In doing this, non-core object types are no longer forcibly blocked and are instead checked against `wp_object_type_exists()` which has a filterable return value. Still, filter that at your own risk.
props Faison for the initial patch.
see 35658.
Built from https://develop.svn.wordpress.org/trunk@37991
git-svn-id: http://core.svn.wordpress.org/trunk@37932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The array-compatibility object we started returning in r37428 unfortunately isn't enough like an array. In particular, `is_array()` checks fail, despite the object implementing ArrayAccess. Mea culpa.
This moves the WP_HTTP_Response object to a new http_response key in the array, and changes the value back to an actual array.
Fixes#37097.
See #33055.
Built from https://develop.svn.wordpress.org/trunk@37989
git-svn-id: http://core.svn.wordpress.org/trunk@37930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When enabled, the switch would override the theme's pseudo-plural `'% Comments'` string with a correct form of `_n( '%s Comment', '%s Comments', $number )`.
Historically, `comments_popup_link()` and `get_comments_number_text()` did not support plural forms and used a pseudo-plural style instead, so some locales were forced to come up with workarounds to display the number of comments in their language correctly.
This change should make those functions more i18n-friendly.
Fixes#13651.
Built from https://develop.svn.wordpress.org/trunk@37987
git-svn-id: http://core.svn.wordpress.org/trunk@37928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `wp_calculate_image_srcset()` we get an array of image sizes
associated with an attachment and then add the original image's
information to the array before processing the `srcset`. In doing
so, we set the original data to a `$image_sizes['full']` key, which
could stomp on any custom image sizes using `full` as a size name.
This avoid the issues by adding the original data without a named
key, which is never referenced anyway.
Props jaspermdegroot.
Fixes#36345.
Built from https://develop.svn.wordpress.org/trunk@37986
git-svn-id: http://core.svn.wordpress.org/trunk@37927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_plugin_update_rows()` and `wp_theme_update_rows()` are using the site transients `update_plugins` and `update_themes` which are set by `wp_update_plugins()` and `wp_update_themes()`. Both functions are hooked into `load-plugins.php` and `load-themes.php`. Therefore the update rows need to be registered after the transients were populated.
See #13071.
Built from https://develop.svn.wordpress.org/trunk@37978
git-svn-id: http://core.svn.wordpress.org/trunk@37919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin details modal has been greatly improved in [37714]. However, Shiny Updates aren't yet implemented on the Dashboard. Therefore, we need to fall back to The Bleak Screen of Sadness. Otherwise nothing happens when trying to install an update from inside the modal.
Fixes#37131. See #37126.
Built from https://develop.svn.wordpress.org/trunk@37974
git-svn-id: http://core.svn.wordpress.org/trunk@37915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The plugin details modal has been greatly improved in [37714]. However, Shiny Updates aren't yet implemented on the WordPress Updates screen. Therefore, we need to fall back to The Bleak Screen of Sadness. Otherwise nothing happens when trying to install an update from inside the modal.
Props Nikschavan.
Fixes#37126.
Built from https://develop.svn.wordpress.org/trunk@37973
git-svn-id: http://core.svn.wordpress.org/trunk@37914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML for the toggle gets appended to the widget name which is later used for the widget title and the screen reader text of the toggle button. Storing the original widget name in the arguments allows us to use the name without the HTML for the screen reader text and doesn't require further changes by plugin developers.
Props nicholas_io, swissspidy.
Fixes#35021.
Built from https://develop.svn.wordpress.org/trunk@37972
git-svn-id: http://core.svn.wordpress.org/trunk@37913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use the same check for a numeric value used on the crop fields on all the other fields: don't display "NaN", just empty the field.
* Remove the inline script that runs the initialization of the image editor and call it after the editor UI is fully ready.
Props afercia.
Fixes#36316.
Built from https://develop.svn.wordpress.org/trunk@37966
git-svn-id: http://core.svn.wordpress.org/trunk@37907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`register_uninstall_hook()` is designed to be given a function callback (or a static class variable), not an array/object instance. This got blocked in [16339] but the option itself was never cleaned up.
Props polevaultweb.
Fixes#31625.
Built from https://develop.svn.wordpress.org/trunk@37965
git-svn-id: http://core.svn.wordpress.org/trunk@37906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Set the direction of previews to LTR.
* Remove the ID attribute from the favicon preview in the customizer panel. The preview in the media modal uses the same ID which prevented updating the correct favicon preview.
Fixes#37286.
Built from https://develop.svn.wordpress.org/trunk@37964
git-svn-id: http://core.svn.wordpress.org/trunk@37905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`Pragma` is supposed to be a request header, but we've been including it in responses since the beginning of time.
This is a relic dating all the way back to b2, probably originally added because Internet Explorer version 5 and earlier didn't understand the `Cache-Control` header in responses, but they did (incorrectly) obey the `Pragma` header.
Internet Explorer 6 and 7 will obey the `Pragma` response header only if no other cache-related response headers are present (in our case, they are always present), and all other browsers ignore the `Pragma` response header.
Props geekysoft.
Fixes#37250.
Built from https://develop.svn.wordpress.org/trunk@37944
git-svn-id: http://core.svn.wordpress.org/trunk@37885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents JavaScript errors by checking zxcvbn is defined before calling.
Changes `wp.passwordStrength.meter()` to return `-1` if the strength of the password is unknown.
On the user profile screen, `generatePassword()` checks if the user has entered the password before setting the value of the password input box.
Props peterwilsoncc, adamsilverstein.
Fixes#34905.
Built from https://develop.svn.wordpress.org/trunk@37940
git-svn-id: http://core.svn.wordpress.org/trunk@37881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before [37628], there were 3 separate conditions for ordering by domain and/or path in `get_site_by_path()` that each resulted in it's own query. Now that `get_sites()` is used and supports `WP_Site_Query`, this can be simplified.
Props spacedmonkey.
Fixes#37215.
Built from https://develop.svn.wordpress.org/trunk@37930
git-svn-id: http://core.svn.wordpress.org/trunk@37871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`register_meta()` has been altered to accept an array of arguments as the third parameter in order to support its usage beyond XML-RPC, notably in the REST API and other projects that may build on top of meta, such as a potential Fields API. Arguments are whitelisted to reserve the right for core to add more later.
New functions added to complement this expansion are:
* `registered_meta_key_exists()`
* `unregister_meta_key()`
* `get_registered_meta_keys()`
* `get_registered_metadata()`
* A "private" function for the aforementioned whitelisting.
There still need to be lots of tests written for previous and new behaviors, and many things are subject to change. Maybe things will explode. #yolo
props jeremyfelt, ericlewis, sc0ttkclark, helen, rmccue, ocean90, voldemortensen.
see #35658.
Built from https://develop.svn.wordpress.org/trunk@37924
git-svn-id: http://core.svn.wordpress.org/trunk@37865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partial revert of [37657]. Moving existing properties in `WP_Site` from public to private broke backwards compatibility in a pretty severe way. We made an initial attempt to work around this, but due to the variety of possible issues, moving forward does not seem wise.
Fixes#36717.
Built from https://develop.svn.wordpress.org/trunk@37923
git-svn-id: http://core.svn.wordpress.org/trunk@37864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [37888], the comment text was initially updated, however an opportunity to make the text less trivializing of actions that users will take was missed. To quote Helen Hou-Sandi: "It's important not to trivialize actions that are perfectly reasonable for a user to find tricky (where to go to log in is not exactly intuitive, even with the rewrites we have now)."
The text of the comment now reads:
> Hi, this is a comment.
> To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
> Commenter avatars come from <a href="https://gravatar.com">Gravatar</a>.
Some interesting reading on the topic of "Simple" and "Easy" and how they relate to software development can be found at http://andrewspittle.com/2012/01/31/avoiding-easy/ and written by andrewspittle.
Props helen.
Fixes#36702.
Built from https://develop.svn.wordpress.org/trunk@37921
git-svn-id: http://core.svn.wordpress.org/trunk@37862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Resource hints allow browsers to prefetch specific pages or render them in the background to perform DNS lookups or to begin the connection handshake (DNS, TCP, TLS) in the background.
By default, `wp_resource_hints()` prints hints for "s.w.org" (the WordPress.org CDN) and for all scripts and styles which are enqueued from external hosts.
Use the `wp_resource_hints` filter to add custom domains and URLs for `dns-prefetch`, `preconnect`, `prefetch` or `prerender`.
Props voldemortensen, swissspidy.
Fixes#34292.
Built from https://develop.svn.wordpress.org/trunk@37920
git-svn-id: http://core.svn.wordpress.org/trunk@37861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the past, `get_blog_details()` has been used to retrieve the `home`, `siteurl`, `blogname`, and `post_count` options for a site. By lazy loading properties in a `WP_Site` object, we can avoid having to use `get_blog_details()` and instead provide the properties as needed.
This introduces the global `site-details` cache group in which standard objects representing the site are stored. This will one day be a replacement for the `blog-details` cache group that is currently used in `get_blog_details()`.
This relies on the `ms_loaded` action introduced in [37916] as properties are not available via `get_option()` until multisite has been fully loaded.
Props flixos90.
Fixes#36935.
Built from https://develop.svn.wordpress.org/trunk@37918
git-svn-id: http://core.svn.wordpress.org/trunk@37859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds three new functions for getting/displaying attachment captions:
* `wp_get_attachment_caption` - Retrieves a caption for a specific attachment.
* `get_the_post_thumbnail_caption()` - Returns the post thumbnail caption.
* `the_post_thumbnail_caption()` - Displays the post thumbnail caption.
These are helpful for displaying a caption associated with an image directly
in a template, rather than using the caption shortcode.
This also introduces two new filters:
* `wp_get_attachment_caption` - Filters the value of `wp_get_attachment_caption()`.
* `the_post_thumbnail_caption` - Filters the display of the post thumbnail caption.
`the_post_thumbnail_caption()` is automatically filtered by `wptexturize()`,
`convert_smilies()`, and `convert_chars()` in `wp-includes/default-filters.php`.
Props flixos90, joemcgill.
Fixes#12235.
Built from https://develop.svn.wordpress.org/trunk@37915
git-svn-id: http://core.svn.wordpress.org/trunk@37856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides some default data for the jQuery UI datepicker. The localized data is already available via `WP_Locale` and is only passed to the datepicker if the script is enqueued.
Props clubduece, swissspidy, barryceelen, ocean90.
Fixes#29420.
Built from https://develop.svn.wordpress.org/trunk@37908
git-svn-id: http://core.svn.wordpress.org/trunk@37849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The string is used during the network installation process to inform the user about where to store additional configuration data. Since the wp-config.php file can be translated the string should be too.
Props julesaus.
Fixes#36945.
Built from https://develop.svn.wordpress.org/trunk@37902
git-svn-id: http://core.svn.wordpress.org/trunk@37843 1a063a9b-81f0-0310-95a4-ce76da25c4cd