After [34659], it became possible to cause an incorrect redirect, by changing the slug of a post, then creating a new post with the old slug. The correct behaviour is to prevent redirecting to the old post.
Props dd32, pento.
Merge of [36128] to the 4.4 branch.
Fixes#35031.
Built from https://develop.svn.wordpress.org/branches/4.4@36129
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35333] implemented `public=false` for taxonomies. The implementation prevented
non-public taxonomies from having their archives accessed via query_var during
a normal request. But it didn't prevent non-public taxonomies from registering
their query vars in the `$wp_taxonomies` global. The latter implementation
details causes problems specifically when a taxonomy is registered with
`query_var=true`; for public taxonomies, `register_taxonomy()` translates this
into a query_var equivalent to the taxonomy name, but in the case of non-public
taxonomies, the query_var was set to the boolean itself. The boolean then
causes problems when using non-strict comparison to filter taxonomy objects by
query_var, as when using `get_taxonomies()`.
This changeset addresses the issue by forcing the query_var property of
non-public taxonomies to `false`.
Merges [36108] to the 4.4 branch.
Fixes#35089.
Built from https://develop.svn.wordpress.org/branches/4.4@36109
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34370] made the order that tabs are returned respect the order they are added, however it broke the respect of priority. By using a ksort instead of a sort, we can restore that default behavior. This adjusts the unit tests so that both order added and priority are tested.
Merges [36089] to the 4.4 branch.
Props meitar, swissspidy, jorbin
Fixes#35215. See #33941.
Built from https://develop.svn.wordpress.org/branches/4.4@36104
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34217] removed the `ORDER BY` clause from `update_object_term_cache()`, for
improved performance. But this proved to cause problems in cases where users
were expecting the results of `get_the_terms()` to be ordered by 'name'. Let's
revert the change for the time being, and look into more disciplined ordering
in a future release.
Merges [36056] to the 4.4 branch.
Props afercia.
See #28922. Fixes#35180.
Built from https://develop.svn.wordpress.org/branches/4.4@36057
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since 4.4, when fetching the first page of comments and the 'newest' comments
are set to display first, `comments_template()` must perform arithmetic to
determine which comments to show. See #8071. This arithmetic requires the
total comment count for the current post, which is calculated with a separate
`WP_Comment_Query`. This secondary comment query did not properly account for
non-approved comment statuses; all unapproved comments should be part of the
comment count for admins, and individual users should have their own
unapproved comments included in the count. As a result, `comments_template()`
was, in some cases, being fooled into thinking that a post had fewer comments
available for pagination than it actually had, which resulted in empty pages
of comments.
We correct this problem by mirroring 'status' and 'include_unapproved' params
of the main comment query within the secondary query used to calculate pagination.
Merges [36040] to the 4.4 branch.
Fixes#35068.
Built from https://develop.svn.wordpress.org/branches/4.4@36041
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.
Merge of [36036] to the 4.4 branch.
Fixes#35008.
Built from https://develop.svn.wordpress.org/branches/4.4@36037
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34696] introduced a regression whereby comma-separated values for 'exclude'
and 'exclude_tree' would be handled improperly when merging the two parameters,
resulting in category IDs being incorrectly dropped from the combined array.
Merges [36005] to the 4.4 branch.
Props gblsm, hnle.
Fixes#35156.
Built from https://develop.svn.wordpress.org/branches/4.4@36006
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The introduction of 'meta_query' to `get_terms()` in 4.4 made it possible for
`get_terms()` to erroneously return duplicate results. To address the issue,
we add the `DISTINCT` keyword to the SQL query when a 'meta_query' parameter
has been provided.
Merges [36003] to the 4.4 branch.
Props @jadpm.
Fixes#35137.
Built from https://develop.svn.wordpress.org/branches/4.4@36004
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WP 4.4 changed the way comment pagination is calculated. See #8071. In the
context of `get_comment_link()`, these changes introduced a regression that
causes `cpage` (or its pretty-permalink correlate `comment-page-x`) to appear
in comment links when comment pagination is disabled. The current changeset
fixes the regression.
Merges [35933] to the 4.4 branch.
Fixes#34946.
Built from https://develop.svn.wordpress.org/branches/4.4@35934
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`array_merge()` is much slower than building the combined array using a
`foreach` loop. The performance difference was causing a speed regression with
the `get_children()` functionality introduced in 4.4.
Merges [35931] to the 4.4 branch.
Props rogerhub.
Fixes#35025.
Built from https://develop.svn.wordpress.org/branches/4.4@35932
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most browsers no longer trust 1024bit certificates, or certificates signed by them, instead verifying them by a trusted intermediate or a cross-sign from another trusted certificate.
Unfortunately, as it turns out, OpenSSL prior to 1.0.1g cannot correctly handle certificates chains such as this, even if one of the intermediates is trusted.
The solution is that we need to continue to trust the 1024bit legacy root certificates forthe foreseeable future
This adds the following certificates back into our trust store:
{{{
GTE CyberTrust Global Root
Thawte Server CA
Thawte Premium Server CA
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
ValiCert Class 1 VA
ValiCert Class 2 VA
RSA Root Certificate 1
Entrust.net Secure Server CA
Equifax Secure Global eBusiness CA
Equifax Secure eBusiness CA 1
America Online Root Certification Authority 1
America Online Root Certification Authority 2
NetLock Business (Class B) Root
NetLock Express (Class C) Root
Verisign Class 3 Public Primary Certification Authority
}}}
Props rmccue.
Merges [35919] to the 4.4 branch.
Fixes#34935.
Built from https://develop.svn.wordpress.org/branches/4.4@35921
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_get_object_terms()` can return a `WP_Error` object. As such, the
`get_the_terms()` cache wrapper should handle them properly. To wit:
* Don't try to map an error object to `get_term()`. Introduced in [35032].
* Don't cache an error object as taxonomy relationships. Introduced in at least [16487], maybe earlier.
Ports [35850] to the 4.4 branch.
Props stephenharris.
Fixes#34723.
Built from https://develop.svn.wordpress.org/branches/4.4@35851
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes.
To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the
meta from the attachment ID in the class.
Merge of [35820] to the 4.4 branch.
Props azaozz, kovshenin, joemcgill, mikeschroder.
See #34898.
Built from https://develop.svn.wordpress.org/branches/4.4@35821
git-svn-id: http://core.svn.wordpress.org/branches/4.4@35785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.
Second Permanent Committer sign off was by WonderBoyMusic
See #15520Fixes#34791
Props afercia, azaozz
Built from https://develop.svn.wordpress.org/trunk@35771
git-svn-id: http://core.svn.wordpress.org/trunk@35735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
Built from https://develop.svn.wordpress.org/trunk@35761
git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes#33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742
git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do.
Props nacin, jeremyfelt, dd32.
See #34306.
Built from https://develop.svn.wordpress.org/trunk@35738
git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.
Fixes#11095.
Built from https://develop.svn.wordpress.org/trunk@35737
git-svn-id: http://core.svn.wordpress.org/trunk@35701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.
You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?
Props danielbachhuber.
Fixes#34377.
Built from https://develop.svn.wordpress.org/trunk@35735
git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.
Includes unit tests with assertions to check the reported issues and validate the fixes.
Fixes defect introduced in [35007].
See #32103.
Fixes#34738.
Built from https://develop.svn.wordpress.org/trunk@35724
git-svn-id: http://core.svn.wordpress.org/trunk@35688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `&` would be converted everywhere, which caused problems when it was converted within a `<script>`, for example.
`convert_chars()` is now removed from the `the_content` filter, as it was doing the same job as `wptexturize()`.
KSES correctly handles converting `&` within HTML attributes, so there's no need for `wptexturize()` and `convert_chars()` to do the same job.
Fixes#34698.
Built from https://develop.svn.wordpress.org/trunk@35709
git-svn-id: http://core.svn.wordpress.org/trunk@35673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.
Props pento, peterwilsoncc.
See #34698.
Built from https://develop.svn.wordpress.org/trunk@35708
git-svn-id: http://core.svn.wordpress.org/trunk@35672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reverts [35700] which didn't account for author archives without posts.
Determination of the correct title is now based on the same order of
conditionals that template loader uses to select the right template.
H/t ocean90.
Fixes#34516.
Built from https://develop.svn.wordpress.org/trunk@35706
git-svn-id: http://core.svn.wordpress.org/trunk@35670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of `register_column_headers()` and `print_column_headers()` creates a `_WP_List_Table_Compat` without any columns. When the List Table object doesn't have any columns, there's naturally no primary column.
Props danielbachhuber.
Fixes#34148.
Built from https://develop.svn.wordpress.org/trunk@35698
git-svn-id: http://core.svn.wordpress.org/trunk@35662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34356] removed the table row specificity on rules for `.site-deleted`, `.site-spammed`, `.site-archived`, and `.site-matured` so that the styles would be properly applied to other elements. Now, the zebra striping rules override these styles on even rows.
We can account for `tr` specific and more generic applications of these classes.
Fixes#33595.
Built from https://develop.svn.wordpress.org/trunk@35692
git-svn-id: http://core.svn.wordpress.org/trunk@35656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change hooks these new output functions to existing hooks in the embed template, allowing for more straightforward display control of these elements.
Leaves the embed header and footer intact pending further modularization in a future release.
Props juliobox, swissspidy, DrewAPicture.
See #34561.
Built from https://develop.svn.wordpress.org/trunk@35689
git-svn-id: http://core.svn.wordpress.org/trunk@35653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Keeping myhacks support is a small price to pay for not breaking people's sites. Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.
https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.
Fixes#33741.
Built from https://develop.svn.wordpress.org/trunk@35688
git-svn-id: http://core.svn.wordpress.org/trunk@35652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[35333] enforces protection for taxonomies by preventing non-public taxonomies
from registering query_vars in `register_taxonomy()`. This broke the use of
taxonomy query_vars on edit.php, breaking backward compatibility and
creating inconsistency with the treatment introduced in [34247], which allowed
`taxonomy=foo` filtering on the Dashboard, even when `foo` is non-public. In
this changeset, we make the same Dashboard exception for the query_var.
Fixes#21949.
Built from https://develop.svn.wordpress.org/trunk@35680
git-svn-id: http://core.svn.wordpress.org/trunk@35644 1a063a9b-81f0-0310-95a4-ce76da25c4cd