- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 5.7 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/5.7@57398
git-svn-id: http://core.svn.wordpress.org/branches/5.7@56904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.7 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/5.7@56886
git-svn-id: http://core.svn.wordpress.org/branches/5.7@56397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.7 branch.
See #56532.
Built from https://develop.svn.wordpress.org/branches/5.7@54433
git-svn-id: http://core.svn.wordpress.org/branches/5.7@53992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that contrast between text color and background meets the WCAG 2.0 AA recommended value. The following locations were changed:
- Network List Tables: Use lighter background colors for site status indicator.
- Nav Menus: Use a lighter background color for invalid menu items.
- Pointers: Use a darker background for pointer header.
- Themes: Use darker background on filter button hover.
- Customizer: Use darker background for selected widget.
Follow-up to [50025], [50571].
Props kebbet, melchoyce, peterwilsoncc.
Merges [50687] to the 5.7 branch.
Fixes#52760.
Built from https://develop.svn.wordpress.org/branches/5.7@50688
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.
Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Merges [50659] to the 5.7 branch.
Fixes#52783.
Built from https://develop.svn.wordpress.org/branches/5.7@50660
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change switches out sprintf for printf on the "Copy suggested policy text from..." button screen reader text. Also, wrap the actual button text in a <span aria-hidden="true"> to prevent both the button text and the screen reader text from being spoken.
Props mukesh27, SergeyBiryukov, sabernhardt, desrosj.
Merges [50585] to the 5.7 branch.
Fixes#52891.
Built from https://develop.svn.wordpress.org/branches/5.7@50609
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On narrow screens allow the text to wrap in the copy buttons on the privacy policy guide screen to avoid horizontal overflow of the parent container.
Props audrasjb, davidbaumwald, jaymanpandya, paaljoachim, palmiak, sabernhardt, SergeyBiryukov, sumitsingh.
Merges [50568] to the 5.7 branch.
Fixes#52751.
Built from https://develop.svn.wordpress.org/branches/5.7@50574
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the callback is called before the images are loaded, the comparison doesn't work. `wp.domReady` uses `DOMContentLoaded`, which does not guarantee that the images are loaded. This switches to use the `load` event, which waits for all resources to load.
Props vladytimy, joyously, sergeybiryukov.
Merges [50535] to the 5.7 branch.
Fixes#52758.
Built from https://develop.svn.wordpress.org/branches/5.7@50536
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a more obviously interactive comparison for viewing the color scheme differences. Improvements on RTL and IE11. Update strings to be more clear and consistent. Switch to the CDN for loading images.
Props sarahricker, desrosj, melchoyce, SergeyBiryukov, tikifez, clorith, marybaum, audrasjb, francina, hellofromTonya.
Reviewed by SergeyBiryukov.
Merges [50478] to the 5.7 branch.
Fixes#52693. See #52347.
Built from https://develop.svn.wordpress.org/branches/5.7@50480
git-svn-id: http://core.svn.wordpress.org/branches/5.7@50091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This includes many minor adjustments to a wide array of core files to replace shorthands with full declarations.
Follow-up to [50001], [50270], [50367].
Props Clorith, hellofromTonya, peterwilsoncc, adamsilverstein, aristath.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50420
git-svn-id: http://core.svn.wordpress.org/trunk@50031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.
A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.
Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes#52547.
Built from https://develop.svn.wordpress.org/trunk@50399
git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd