Commit Graph

34929 Commits

Author SHA1 Message Date
John Blackbourn
8427ebfd06 Upgrade/Install: Skip certificate verification when upgrading a network's sites. This avoids issues with self-signed certificates or otherwise invalid certificates.
Fixes #36975

Built from https://develop.svn.wordpress.org/trunk@37695


git-svn-id: http://core.svn.wordpress.org/trunk@37661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 07:43:28 +00:00
Ryan McCue
b8b7a00889 HTTP API: Update Requests.
This introduces a minimum value of 1 second for timeouts passed to cURL.

Internally, cURL uses alarm() for interrupts, which accepts a second-resolution timeout. Any values lower than 1 second are instantly failed rather than being rounded upwards. While this makes the experience worse for those using asynchronous DNS lookups, there's no way to detect which DNS resolver is being used from PHP.

See #33055, #8923.

Built from https://develop.svn.wordpress.org/trunk@37694


git-svn-id: http://core.svn.wordpress.org/trunk@37660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 05:30:28 +00:00
Rachel Baker
3808a6bebb Administration: Set a defined line-height for number type inputs to fix display issue in Safari.
Fixes #37024.
Props joelwills, kraftbj.
Built from https://develop.svn.wordpress.org/trunk@37693


git-svn-id: http://core.svn.wordpress.org/trunk@37659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 02:07:27 +00:00
Boone Gorges
486961626c Query: Allow plugins to supply post results instead of having WP_Query fetch them from the database.
Returning a non-null value from the new `posts_pre_query` filter will cause
`WP_Query` to skip its database query, so that posts data can be provided from
elsewhere. This is useful in cases where post data may be mirrored in a
separate location, such as an external search application.

Developers should note that the `WP_Query` properties generally used to
calculate pagination - specifically, `found_posts` and `max_num_pages`, which
are determined by default in `set_found_posts()` - must be provided explicitly
when using the `posts_pre_query` filter; since `WP_Query` will not be
contacting the database, it will have no access to `SELECT FOUND_ROWS()`.
The `WP_Query` instance is passed to `posts_pre_query` by reference, so that
these properties can be set manually if needed.

Props jpdavoutian, tlovett1.
Fixes #36687.
Built from https://develop.svn.wordpress.org/trunk@37692


git-svn-id: http://core.svn.wordpress.org/trunk@37658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 02:00:29 +00:00
Boone Gorges
6d05c7521b Taxonomy: More specific cap check when processing category data on post save.
Props dlh.
Fixes #36379.
Built from https://develop.svn.wordpress.org/trunk@37691


git-svn-id: http://core.svn.wordpress.org/trunk@37657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 01:37:29 +00:00
Aaron Jorbin
c918c1ede1 Bootstrap/Load. Adjust filters added in [37626].
These adjustments improve the documentation for the filters and adjust the names make them more consistent with other filters already in core.

See #34936.
Props DrewAPicture, ocean90, jorbin

Built from https://develop.svn.wordpress.org/trunk@37690


git-svn-id: http://core.svn.wordpress.org/trunk@37656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-12 02:43:27 +00:00
Jeremy Felt
2cd62a2c97 Login: Fire wp_no_robots() in wp_die() only if function exists.
This covers cases where `wp_die()` is used before `general-template.php` is loaded.

Fixes #34401.

Built from https://develop.svn.wordpress.org/trunk@37689


git-svn-id: http://core.svn.wordpress.org/trunk@37655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-12 00:34:29 +00:00
Drew Jaynes
50ab6e8df0 Docs: Improve first-order clause documentation for the $meta_query parameter in the constructor for WP_Meta_Query.
First-order meta query clauses are defined as clauses that have either a 'key' or 'value' array key. When using named first-order clauses in meta queries to order results in the parent query, `WP_Meta_Query` can additionally accept first-order clauses at the sub-clause level, which was not previous documented.

Fixes #32659.

Built from https://develop.svn.wordpress.org/trunk@37688


git-svn-id: http://core.svn.wordpress.org/trunk@37654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-12 00:02:30 +00:00
Dominik Schilling
bdd2199647 Upgrade: Trigger the upgrader_process_complete action for translation updates.
This brings `Language_Pack_Upgrader` in line with the core, theme, and plugin upgrader.

Props ronalfy.
Fixes #36872.
Built from https://develop.svn.wordpress.org/trunk@37687


git-svn-id: http://core.svn.wordpress.org/trunk@37653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 17:44:28 +00:00
Drew Jaynes
1e48cc8a05 Docs: Improve the return description for wp_get_post_categories() to include more information about possible return values.
Props jeherve for the initial patch.
Fixes #37002.

Built from https://develop.svn.wordpress.org/trunk@37686


git-svn-id: http://core.svn.wordpress.org/trunk@37652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 17:08:28 +00:00
Dominik Schilling
e50f357944 Canonical: Introduce wp_get_canonical_url().
`wp_get_canonical_url()` encapsulates the URL logic of `rel_canonical()` to provide a consistent way to retrieve the canonical URL for a post.
The new filter `get_canonical_url` allows to customize the canonical URL.

Props joostdevalk, jipmoors, DrewAPicture, ocean90.
Fixes #36168.
Built from https://develop.svn.wordpress.org/trunk@37685


git-svn-id: http://core.svn.wordpress.org/trunk@37651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 13:31:29 +00:00
Andrew Ozz
f78dd6fe2e Editor: prevent jumping when using the backspace button in the Text editor in Firefox and IE.
Fixes #37072.
Built from https://develop.svn.wordpress.org/trunk@37684


git-svn-id: http://core.svn.wordpress.org/trunk@37650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 05:15:27 +00:00
Boone Gorges
defe5e371b Introduce term_taxonomy_id parameter for WP_Term_Query.
Allows the fetching of terms based on `term_taxonomy_id`, or an array of
`term_taxonomy_ids`.

Props spacedmonkey.
Fixes #37074.
Built from https://develop.svn.wordpress.org/trunk@37683


git-svn-id: http://core.svn.wordpress.org/trunk@37649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 03:49:27 +00:00
Boone Gorges
cbf8baa301 Tests: Move WP_Tax_Query tests to a more appropriate file.
The file they were living in is the rightful home of `WP_Term_Query` tests.

See #37074.

Built from https://develop.svn.wordpress.org/trunk@37682


git-svn-id: http://core.svn.wordpress.org/trunk@37648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-11 03:27:27 +00:00
Andrea Fercia
708b9dc229 Plugin Install: fix edge-case where the tab=upload page can be accessed directly.
The `?tab=upload` page still exists for no-js support and for users who may
access it directly (e.g. from bookmarks or history) or plugins doing the same.
In this page, the "Browse plugins" link should always behave like a link.

Fixes #35429.
Built from https://develop.svn.wordpress.org/trunk@37681


git-svn-id: http://core.svn.wordpress.org/trunk@37647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 22:39:28 +00:00
Andrea Fercia
d01b200e6e Accessibility: Help text improvements.
Avoid references to "visual" positions in favour of positions in the document
structure. The help text shouldn't assume users can see.

Also, in the Posts screen don't mention specific types of posts and use a more
generic text instead.

Props odysseygate, pansotdev, zakb8.
Fixes #34761.
Built from https://develop.svn.wordpress.org/trunk@37680


git-svn-id: http://core.svn.wordpress.org/trunk@37646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 21:43:29 +00:00
Andrea Fercia
e2892857c7 Accessibility: Customizer, make the menu items "clear search results" a button.
For Web standards and accessibility, always prefer native controls instead of
`span` or `div` elements.

Fixes #36903.
Built from https://develop.svn.wordpress.org/trunk@37679


git-svn-id: http://core.svn.wordpress.org/trunk@37645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 21:22:28 +00:00
Joe McGill
bd3c735c6e Media: Fix rendering of incorrect toolbar in the Edit view.
This switches event binding in `wp.media.controller.EditImage` to use `on`
instead of `listenTo` to restore rendering of the correct toolbar when the
`toolbar:render:edit-image` event fires. The existing listeners broke
when we upgraded Backbone in [36546].

Props adamsilverstein.
Fixes #36861 for trunk.
Built from https://develop.svn.wordpress.org/trunk@37678


git-svn-id: http://core.svn.wordpress.org/trunk@37644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 21:12:29 +00:00
Drew Jaynes
2600c28169 Boostrap: Move is_ssl() to wp-includes/load.php.
Moving to load.php introduces parity with other commonly evaluated `is_*()` functions such as `is_admin()` or `is_multisite()`.  It also makes `is_ssl()` available much earlier in the loading process, such as for use in drop-ins like advanced-cache.php.

Props johnjamesjacoby.
Fixes #35844.

Built from https://develop.svn.wordpress.org/trunk@37677


git-svn-id: http://core.svn.wordpress.org/trunk@37643 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 18:56:31 +00:00
Joe McGill
820d7174c2 Media: remove _wp_upload_dir_baseurl().
`_wp_upload_dir_baseurl()` is a private function introduced in 4.4
as part of the "responsive images" feature. It was for runtime
caching of the URL to the uploads directory. It is deprecated in
4.5 with the introduction of `wp_get_upload_dir()`.

Outside core, it's only used as part of a back-compat shim in the
original feature plugin for responsive images (ricg-responsive-images),
which includes its own version of the function definition, so it's
safe to remove from core.

Fixes #36375.
Built from https://develop.svn.wordpress.org/trunk@37676


git-svn-id: http://core.svn.wordpress.org/trunk@37642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 16:52:30 +00:00
Dominik Schilling
be38b14e05 I18N: Simplify the WordPress update notice for translators.
* Make codex URL and accessibility text separate strings.
* Add translator comments.

Props ramiy for initial patch.
Fixes #35721.
Built from https://develop.svn.wordpress.org/trunk@37675


git-svn-id: http://core.svn.wordpress.org/trunk@37641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 15:54:30 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Drew Jaynes
6d06e53dba Docs: Improve the DocBlock summary for add_theme_support().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@37673


git-svn-id: http://core.svn.wordpress.org/trunk@37639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 00:07:30 +00:00
Drew Jaynes
6e8102dae6 Docs: Add documentation for the variadic second parameter, $args, accepted by add_theme_support().
h/t kevinwhoffman
Fixes #37067.

Built from https://develop.svn.wordpress.org/trunk@37672


git-svn-id: http://core.svn.wordpress.org/trunk@37638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 00:03:28 +00:00
Drew Jaynes
916a055361 Docs: Improve documentation for the $feature parameter in the DocBlock for add_theme_support().
See #32246. See #37067.

Built from https://develop.svn.wordpress.org/trunk@37671


git-svn-id: http://core.svn.wordpress.org/trunk@37637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 20:34:55 +00:00
Jeremy Felt
c63c4d9345 Multisite: Introduce get_current_network_id()
Similar to `get_current_blog_id`, this can be used to get the ID of the `$current_site` global. If not available, it will fallback to the main network ID. In single site, this will return 1.

Props spacedmonkey, flixos90.
Fixes #33900.

Built from https://develop.svn.wordpress.org/trunk@37670


git-svn-id: http://core.svn.wordpress.org/trunk@37636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 20:34:28 +00:00
Drew Jaynes
84cd369763 Docs: Add extensive documentation to the remove_accents() DocBlock outlining the accented characters core replaces.
Covers:
* Currency signs
* Decompositions for Latin-1 Supplement
* Decompositions for Latin Extended-A
* Decompositions for Latin Extended-B
* Vowels with diacritic (Chinese, Hanyu Pinyin)
* Characters replaced for the `de_DE`, `de_DE_formal`, and `da_DK` locales 

Props john_schlick for the initial work.
Props DrewAPicture, ocean90.

See #34677.

Built from https://develop.svn.wordpress.org/trunk@37669


git-svn-id: http://core.svn.wordpress.org/trunk@37635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 19:14:30 +00:00
Ella Iseulde Van Dorpe
3644501228 TinyMCE: wptextpattern: fix for fast typing
Props jnylen0, iseulde.

Fixes #36585.


Built from https://develop.svn.wordpress.org/trunk@37668


git-svn-id: http://core.svn.wordpress.org/trunk@37634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 19:07:28 +00:00
Jeremy Felt
d9a28a3197 Multisite: Use to_array() method on WP_Site objects in wp_get_sites()
When an object with private properties is cast directly to an array, those properties are no longer available with their original keys.

Props @flixos90.
See #36717.

Built from https://develop.svn.wordpress.org/trunk@37667


git-svn-id: http://core.svn.wordpress.org/trunk@37633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 18:10:29 +00:00
Jeremy Felt
1f90e1d7bb Tests: Split get_blog_details() test into individual tests
* One test per method
* Clarify existing tests.
* Add test for passing a "blog slug" string to `get_blog_details()`.
* Shared fixture of sites.
* Reduce number of sites created to only those necessary.
* Remove unnecessary networks creation.

See #36566.

Built from https://develop.svn.wordpress.org/trunk@37666


git-svn-id: http://core.svn.wordpress.org/trunk@37632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 15:58:30 +00:00
Jeremy Felt
841e7fd1a6 Tests: Move get_blog_details() tests to their own file
See #36566.

Built from https://develop.svn.wordpress.org/trunk@37665


git-svn-id: http://core.svn.wordpress.org/trunk@37631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 05:41:31 +00:00
Rachel Baker
ed964badae Comments: Fix pagination totals in the response of the inline delete actions when filtering the List Table by comment_type.
Within the Ajax action `_wp_ajax_delete_comment_response()` if the comment_type query var is set, fallback to the previous `$total - 1` value instead of getting an incorrect value from `wp_comment_count()`.

Fixes #36991.
Built from https://develop.svn.wordpress.org/trunk@37664


git-svn-id: http://core.svn.wordpress.org/trunk@37630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 02:22:27 +00:00
Rachel Baker
445b9b6d94 Users: Stop WP_List_Table notices from persisting on pagination navigation.
Adds the keyboard navigation query vars to `wp_removable_query_args()` and passes the results of said function to remove_query_var() inside the WP_List_Table pagination method.

Props EFAREM for the initial patch.
Fixes #35620.
Built from https://develop.svn.wordpress.org/trunk@37663


git-svn-id: http://core.svn.wordpress.org/trunk@37629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 01:56:27 +00:00
Jeremy Felt
37a2c565e2 Tests: User a data provider for wp_get_sites() tests.
* Convert existing tests into a data provider and clarify expectations.
* Add shared test fixtures in preparation for future tests.

This passes with the `wp_get_sites()` from 4.5 and the deprecated version in trunk.

See #36566.

Built from https://develop.svn.wordpress.org/trunk@37662


git-svn-id: http://core.svn.wordpress.org/trunk@37628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 00:28:29 +00:00
Andrew Ozz
17eef2deeb Editor quickTags: when the user selects some text by triple-clicking, then wraps it in a tag, and the last selected char is \n, insert the closing tag before the line break.
Props JoshuaGoodwin azaozz.
Fixes #29571.
Built from https://develop.svn.wordpress.org/trunk@37661


git-svn-id: http://core.svn.wordpress.org/trunk@37627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-09 00:25:27 +00:00
Jeremy Felt
14336f242a Tests: Move wp_get_sites() tests to their own file
See #36566.

Built from https://develop.svn.wordpress.org/trunk@37660


git-svn-id: http://core.svn.wordpress.org/trunk@37626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 22:47:28 +00:00
Andrew Ozz
5cdb444009 Editor, editor-expand: adjust the sidebar position when moving a postbox from one column to another.
Fixes #35230.
Built from https://develop.svn.wordpress.org/trunk@37659


git-svn-id: http://core.svn.wordpress.org/trunk@37625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 22:37:29 +00:00
Jeremy Felt
4cce2ca14f Multisite: Fix switch( spacing after [37657]
Fixes #36717.

Built from https://develop.svn.wordpress.org/trunk@37658


git-svn-id: http://core.svn.wordpress.org/trunk@37624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 04:48:27 +00:00
Jeremy Felt
b885fe6761 Multisite: Allow access to network and site properties using current naming conventions
* Add magic `__get()`, `__set()`, and `__isset()` methods to `WP_Site` and `WP_Network.
* Provide `(int) $network->site_id` for `(string) $network->blog_id`
* Provide `(int) $site->id` for `(string) $site->blog_id`
* Provide `(int) $site->network_id` for `(string) $site->site_id`

Props flixos90, jeremyfelt.
Fixes #36717.

Built from https://develop.svn.wordpress.org/trunk@37657


git-svn-id: http://core.svn.wordpress.org/trunk@37623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 04:14:29 +00:00
Boone Gorges
4f264b6d07 Add a note about uniqueness to the doc block for get_term_by().
`get_term_by()` always returns a single term, even when more than one term
matches the query parameters. The new note warns developers to use
`get_terms()` when such ambiguity may result.

Fixes #36878.
Built from https://develop.svn.wordpress.org/trunk@37656


git-svn-id: http://core.svn.wordpress.org/trunk@37622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 04:08:27 +00:00
Boone Gorges
838156a958 Comments: In wp_list_comments(), queries with custom pagination params should obey default comment_status logic.
When custom pagination parameters are passed to `wp_list_comments()`, a
secondary query must be performed to fetch the proper comments. See [36157].
This query should show comments of the same `comment_status` as the default
query initialized in `comments_template()`: show only comments that are
approved, or those that are unapproved but belong to the current user.

Props smerriman.
Fixes #37048.
Built from https://develop.svn.wordpress.org/trunk@37655


git-svn-id: http://core.svn.wordpress.org/trunk@37621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 04:01:27 +00:00
Gary Pendergast
7097e7748e Tests: Disable foreign_key_checks while dropping existing tables.
To ensure a clean run, the test suite drops all tables before installing, by simply looping over the table list and dropping them if they exist. This works well for Core, but may fail when a plugin has created a table with foreign key constraints in a previous test run.

Many plugins choose to base their test suite on the Core setup, so making life easier for them is a plus, even if Core doesn't directly need this change.

Props javorszky.

Fixes #37046.


Built from https://develop.svn.wordpress.org/trunk@37654


git-svn-id: http://core.svn.wordpress.org/trunk@37620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 03:04:27 +00:00
Jeremy Felt
53400a885e Multisite: Deprecate wp_get_sites()
Defer to the new `get_sites()` replacement, offering fresh (...or cached) `WP_Site` objects via the new `WP_Site_Query`.

Props flixos90.
Fixes #36994.

Built from https://develop.svn.wordpress.org/trunk@37653


git-svn-id: http://core.svn.wordpress.org/trunk@37619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 03:03:27 +00:00
Jeremy Felt
75a851a3aa Multisite: Remove the output parameter from get_site()
Full `WP_Site` objects should be expected from `get_site()` rather than arrays.

In the single (soon to be deprecated) use of arrays for this in core, we can cast the result to `(array)` for back-compat.

See #35791.

Built from https://develop.svn.wordpress.org/trunk@37652


git-svn-id: http://core.svn.wordpress.org/trunk@37618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-08 02:48:30 +00:00
Jeremy Felt
d75f77a410 Admin: Allow for the consistent filtering of auth_redirect_scheme
Fixes #37047.

Built from https://develop.svn.wordpress.org/trunk@37651


git-svn-id: http://core.svn.wordpress.org/trunk@37617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-07 20:49:30 +00:00
Aaron Jorbin
b0f64a91b3 Build/Test Tools: Run prerelease as the precommit task for configuration file changes
Whenever package.json or Gruntfile.js is updated, we should assume that it affects everything and run the full monty of tasks.

Fixes #36528.
Props iseulde.


Built from https://develop.svn.wordpress.org/trunk@37650


git-svn-id: http://core.svn.wordpress.org/trunk@37616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-07 03:33:28 +00:00
Boone Gorges
8f87483514 Tests: Compare wp_set_object_terms() results using term_taxonomy_id.
`term_id` and `term_taxonomy_id` become offset when running the entire test
suite.

Introduced in [37647].

See #37009.
Built from https://develop.svn.wordpress.org/trunk@37649


git-svn-id: http://core.svn.wordpress.org/trunk@37615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 23:43:28 +00:00
Dominik Schilling
cb02b1f1e0 Widgets: Revert [37425] and [37427].
The change can cause fatal errors under certain conditions, like when the subclass has a different function signature for `widget()` or doesn't even implement the method.

See #35981.
Built from https://develop.svn.wordpress.org/trunk@37648


git-svn-id: http://core.svn.wordpress.org/trunk@37614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:51:28 +00:00
Boone Gorges
5c3a51e827 Tests: Add tests demonstrating wp_set_object_terms() behavior when matching $terms.
See #37009.
Built from https://develop.svn.wordpress.org/trunk@37647


git-svn-id: http://core.svn.wordpress.org/trunk@37613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:35:27 +00:00
Rachel Baker
99cca27041 REST API: Create the general wp_check_jsonp_callback() function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.
Built from https://develop.svn.wordpress.org/trunk@37646


git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:34:28 +00:00