* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.2 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.2@49394
git-svn-id: http://core.svn.wordpress.org/branches/5.2@49153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes#34521.
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes#31650.
Built from https://develop.svn.wordpress.org/trunk@32974
git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In media-new.php, use post_id from REQUEST if passed and the current user can edit the post.
Fixes adding media with the browser uploader.
Props nacin, ocean90
fixes#22572
git-svn-id: http://core.svn.wordpress.org/trunk@22853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is bolted on to existing code, the vast majority of which is destined to be ripped out in 3.6 once things settle.
see #22083.
git-svn-id: http://core.svn.wordpress.org/trunk@22755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* media-new.php will remain the entry point for uploading isolated files, and for using the browser-based uploader (versus Plupload).
* media-upload.php is the legacy (pre-3.5) media uploader.
see #22083.
git-svn-id: http://core.svn.wordpress.org/trunk@22751 1a063a9b-81f0-0310-95a4-ce76da25c4cd