Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
Built from https://develop.svn.wordpress.org/trunk@39181
git-svn-id: http://core.svn.wordpress.org/trunk@39121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
Built from https://develop.svn.wordpress.org/trunk@39179
git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The CSS property `background-attachment: fixed` is disabled in some mobile browsers for performance reasons. So here, the fix increases the breakpoint where the `background-attachment: fixed` is applied to the front page images. Doing this removes the fixed backgrounds and the issue from all smaller screens, but the downside is that it also removes the fixed backgrounds from smaller laptops. It's also possible future devices could fall into this breakpoint, but this seems to be the most practical solution.
Props laurelfulford.
Fixes#38395.
Built from https://develop.svn.wordpress.org/trunk@39176
git-svn-id: http://core.svn.wordpress.org/trunk@39116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
Built from https://develop.svn.wordpress.org/trunk@39169
git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Removes `aria-hidden` argument. Lets `aria-hidden="true"` be there by default and sets it empty when there is `title` and `desc`.
* Adds unique IDs for title and desc for accessible implementation options.
* Removes absolute path in the Customizer. It didn't work in Internet Explorer, and the original bug is fixed in #30028.
* Add whitespace around `<use>`, from #38387.
Props sami.keijonen, swissspidy, laurelfulford.
Fixes#38659.
See #38387.
Built from https://develop.svn.wordpress.org/trunk@39164
git-svn-id: http://core.svn.wordpress.org/trunk@39104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.
Props rmccue, rachelbacker, danielbachhuber.
Fixes#38629.
Built from https://develop.svn.wordpress.org/trunk@39162
git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The combination of font-size and weight for post navigation made lower case "i"s illegible in some cases. Using `15px` seemed to be the best choice all around. Also adjusts the spacing around the arrows a bit, since they touch the text on small screen sizes.
Props laurelfulford.
Fixes#38670.
Built from https://develop.svn.wordpress.org/trunk@39152
git-svn-id: http://core.svn.wordpress.org/trunk@39092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [39128], this removes the validation logic for Vimeo URLs from
`_validate_external_header_video()` since WP does not support the
display of videos from Vimeo by default.
This also includes a change to using `esc_url_raw()` instead of `esc_url()`
on the URL value to avoid unexpected behavior from the inclusion of HTML
entities.
Props peterwilsoncc, westonruter.
Fixes#38544.
Built from https://develop.svn.wordpress.org/trunk@39148
git-svn-id: http://core.svn.wordpress.org/trunk@39088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TwentySeventeen attempts to highlight media found in post content by using `get_media_embedded_in_content()` to extract videos from the content and display their HTML differently. However, the HTML being generated by the playlist shortcode relies on JavaScript to update the video element with the markup needed to display the playlist properly. The `get_media_embedded_in_content()` function wasn't designed to handle this use case.
The patch looks for the presence of `wp-playlist-script` in the content and shows the standard content rather than trying to pluck the media elements from the content using `get_media_embedded_in_content()`.
Props joemcgill.
Fixes#38390.
Built from https://develop.svn.wordpress.org/trunk@39146
git-svn-id: http://core.svn.wordpress.org/trunk@39086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes regression introduced with the addition of control notifications in [37476]. The container element for notifications is injected after the `.customize-control-title` element if the `.customize-control-notifications-container` element does not already exist in the control's template. Also adds missing margin between current image and uploaded images.
Props bradyvercher.
See #34893.
Fixes#38561.
Built from https://develop.svn.wordpress.org/trunk@39145
git-svn-id: http://core.svn.wordpress.org/trunk@39085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
