Commit Graph

2335 Commits

Author SHA1 Message Date
James Nylen
03c947c7fd REST API: Allow sending an empty or no-op comment update.
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.

Fixes #38700.


git-svn-id: https://develop.svn.wordpress.org/trunk@39597 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-13 13:52:49 +00:00
Gary Pendergast
25330a0220 Libraries: Update zxcvbn from version 1.0 to 4.4.1
This includes masses of bug fixes, as well as tweaks to how passwords are scored.

QUnit tests have been updated to reflect tha scoring changes.

Full changelog: https://github.com/dropbox/zxcvbn/compare/v1.0...v4.4.1

Fixes #31647.



git-svn-id: https://develop.svn.wordpress.org/trunk@39596 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-13 11:22:28 +00:00
James Nylen
9bf4440213 REST API: Do not include the password argument when getting media items
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Fixes #38977.


git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-13 03:51:01 +00:00
James Nylen
68b6a6197b REST API: Do not error on empty JSON body
It's fairly common for clients to send `Content-Type: application/json` with an
empty body.  While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry.
Fixes #39150.


git-svn-id: https://develop.svn.wordpress.org/trunk@39594 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-13 03:33:14 +00:00
Felix Arntz
b171b64d3c Tests: Use wp_delete_user() during teardown to delete a single site's user.
Fixes failing tests for `get_dashboard_url()`.

Fixes #39065.


git-svn-id: https://develop.svn.wordpress.org/trunk@39590 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 23:17:35 +00:00
Felix Arntz
b4317ea053 Multisite: Replace is_super_admin() with manage_network in get_dashboard_url().
Unit tests for `get_dashboard_url()` have been added.

Props iaaxpage.
Fixes #39065. See #37616.


git-svn-id: https://develop.svn.wordpress.org/trunk@39589 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 22:40:03 +00:00
Felix Arntz
539b85406d Multisite: Handle capability check for removing oneself via map_meta_cap().
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.


git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 21:41:44 +00:00
Dion Hulse
9e70bab188 Remove the WordPress version number from readme.html.
See #35554 


git-svn-id: https://develop.svn.wordpress.org/trunk@39583 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 08:00:24 +00:00
Dion Hulse
24228daabf PDF Images: Avoid a PHP Warning when attempting to process a file without an extension.
Props chandrapatel for initial patch.
Fixes #39195.


git-svn-id: https://develop.svn.wordpress.org/trunk@39580 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 06:18:30 +00:00
Dion Hulse
caa1f1f88d Taxonomy: Restore the ability to use string-based $args in wp_get_object_terms().
Props tyxla.
Fixes #39215


git-svn-id: https://develop.svn.wordpress.org/trunk@39578 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-12 05:46:37 +00:00
Peter Wilson
7950b0e306 Options: Prevent unnecessary SQL updates by update_option.
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.

This change compares the old and new values as serialized data to remove the resource ID from the comparison.

Props salcode, bradyvercher, peterwilsoncc.
Fixes #38903.


git-svn-id: https://develop.svn.wordpress.org/trunk@39564 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-11 21:42:12 +00:00
Rachel Baker
260a88d009 REST API: Allow schema sanitization_callback to be set to null to bypass fallback sanitization functions.
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.

Props kkoppenhaver, rachelbaker, jnylen0.
Fixes #39042.


git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-11 21:25:40 +00:00
Weston Ruter
1681d96a6d Customize: Deprecate page_home nav menu item starter content in favor of home_link; replace usage in Twenty Seventeen.
Props celloexpressions, westonruter.
Amends [38991].
See #38615, #38114.
Fixes #39104.


git-svn-id: https://develop.svn.wordpress.org/trunk@39561 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-10 23:38:04 +00:00
Weston Ruter
e27098f5bd Customize: Trim whitespace for URLs supplied for external_header_video to prevent esc_url_raw() from making them invalid.
Props tyxla.
See #38172.
Fixes #39125.


git-svn-id: https://develop.svn.wordpress.org/trunk@39560 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-10 06:59:24 +00:00
Weston Ruter
0369dea1e4 Customize: Prevent single quotes (apostrophes) in custom_css values from unexpectedly causing false positives for unbalanced character validation errors.
See #39218, #35395.
Fixes #39198.


git-svn-id: https://develop.svn.wordpress.org/trunk@39559 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-10 06:45:00 +00:00
John Blackbourn
d9ac66c910 Build/Test Tools: Remove some more randomness.
See #37371


git-svn-id: https://develop.svn.wordpress.org/trunk@39556 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-10 00:01:30 +00:00
John Blackbourn
6db50cd8b2 Build/Test Tools: Reuse another fixture in the user capability tests.
See #38716


git-svn-id: https://develop.svn.wordpress.org/trunk@39555 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-09 23:35:55 +00:00
John Blackbourn
d06bd0172e Build/Test Tools: Remove commented out tests that have existed in an unimplemented state since the dawn of the test infrastructure.
See #38716


git-svn-id: https://develop.svn.wordpress.org/trunk@39554 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-09 23:11:28 +00:00
Boone Gorges
77484a0f4a Taxonomy: Introduce get_term_parents_list().
This new function is a taxonomy-agnostic version of `get_category_parents()`.

Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes #17069.

git-svn-id: https://develop.svn.wordpress.org/trunk@39549 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-09 16:09:31 +00:00
Weston Ruter
c4bffeb619 Customize: Defer populating post_name for auto-draft posts in customized state until posts are published.
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.

Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes #39078.


git-svn-id: https://develop.svn.wordpress.org/trunk@39506 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-05 19:32:09 +00:00
John Blackbourn
7c02c24e5f Role/Capability: Don't assign the delete_site capability to anyone on single site installs.
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.

Fixes #38326


git-svn-id: https://develop.svn.wordpress.org/trunk@39494 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-04 22:06:36 +00:00
James Nylen
d2a5f48449 REST API: Treat any falsy value as false in 'rest_allow_anonymous_comments'.
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.

Props joehoyle, jnylen0.

Fixes #39010.


git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-04 19:29:18 +00:00
John Blackbourn
6861a9aac0 Build/Test Tools: Correctly set up the current screen during list table tests so that they don't fail when run individually.
Props desrosj
Fixes #38761


git-svn-id: https://develop.svn.wordpress.org/trunk@39481 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-04 19:03:40 +00:00
Andrew Nacin
b16f57240e Build/Test Tools: Specify exact node version in package.json.
Enforce it in the tests.

see #35105.


git-svn-id: https://develop.svn.wordpress.org/trunk@39478 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-04 17:29:26 +00:00
Weston Ruter
06ee519376 Customize: Ensure a custom_css post insertion gets an initial post revision.
Props georgestephanis, westonruter.
See #30854, #38672, #35395.
Fixes #39032.


git-svn-id: https://develop.svn.wordpress.org/trunk@39477 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-04 17:28:27 +00:00
Andrew Nacin
4b2cbf6ac3 REST API: Register the admin_email setting in single site only.
See [39470]. This time including unit test changes.

fixes #38990.


git-svn-id: https://develop.svn.wordpress.org/trunk@39471 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-03 05:40:04 +00:00
Gary Pendergast
55e972cab3 REST API: Site URL setting should not be present on multisite installations.
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.

Props peterwilsoncc.
Fixes #39005.



git-svn-id: https://develop.svn.wordpress.org/trunk@39468 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-03 05:15:42 +00:00
Rachel Baker
8c26572c8a REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971.


git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:43:03 +00:00
Rachel Baker
0de150991c REST API: Fix handling of some orderby parameters for the Posts controller.
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents. 

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.

Fixes #38971.


git-svn-id: https://develop.svn.wordpress.org/trunk@39440 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:17:36 +00:00
Jeremy Felt
9232ecc9fc REST API: Disable DELETE requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.


git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:10:01 +00:00
Rachel Baker
a55506974e REST API: Return a WP_Error if meta property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989.

git-svn-id: https://develop.svn.wordpress.org/trunk@39436 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 21:55:09 +00:00
Weston Ruter
511ba69e52 Customize: Fix posts limit query arg for WP_Query from incorrect number to posts_per_page.
Props dlh.
Fixes #39022.


git-svn-id: https://develop.svn.wordpress.org/trunk@39434 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 16:17:03 +00:00
Gary Pendergast
5ff3f14d78 Plugins: Add a current_priority() method to WP_Hook.
This allows plugins to determine the currently running priority of a filter.

Fixes #39007.



git-svn-id: https://develop.svn.wordpress.org/trunk@39430 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 07:09:33 +00:00
Gary Pendergast
d5bfeae9d8 REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.



git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 06:53:59 +00:00
Weston Ruter
bdd33e9dff Customize: Reuse existing non-auto-draft posts and existing auto-draft posts in the customized state with matching slugs when applying starter content.
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.

See #38114.
Fixes #38928.


git-svn-id: https://develop.svn.wordpress.org/trunk@39411 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 00:24:19 +00:00
Weston Ruter
3e9a2d5a5a Customize: Reject a changeset update when a non-future date is provided and also ensure that a published changeset always gets set to the current date/time.
* Also moves checks from `customize_save` Ajax handler to the underlying `WP_Customize_Manager::save_changeset_post()` call which plugins may invoke directly.
* Ensures that `customize_save_response` filter is always passed an array, with error code available as `code`.

Props utkarshpatel, westonruter, sayedwp.
See #30937.
Fixes #38943.


git-svn-id: https://develop.svn.wordpress.org/trunk@39409 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 00:01:51 +00:00
Mike Schroder
352e997f92 Media: Fix regression with display of small images in media library.
Fixes a regression in the media library after [38949], which caused
small images (< thumbnail size) to not display within the media library.

Accounts for images that have no intermediate sizes
in `wp_prepare_attachment_for_js()`.

Adds test.

Fixes #38965.
Props joemcgill, clorith, mikeschroder.

git-svn-id: https://develop.svn.wordpress.org/trunk@39396 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-01 00:01:38 +00:00
Weston Ruter
79182c0fe2 Customize: Fix handling of the nav menu item labels (titles) that match defaults (original titles) and fix the display of item type labels.
* Show default labels for nav menu item as placeholders in a control's label field instead of showing blank.
* Store empty string as label instead of copying default labels.
* Prevent labels for post type archive items from being dropped in preview.
* Also ensure that the item type label is displayed on nav menu item controls for settings that are loaded from an existing changeset.

Amends [38618].
See #38015.
Fixes #38955.


git-svn-id: https://develop.svn.wordpress.org/trunk@39393 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 23:35:34 +00:00
Dominik Schilling (ocean90)
13fd32cc20 Options: Pass the $passed_default parameter to the 'default_option_{$option} filter in add_option().
This was missed in [38910].

Props joehoyle, lucasstark.
See #38176.
Fixes #38930.

git-svn-id: https://develop.svn.wordpress.org/trunk@39382 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 21:21:21 +00:00
James Nylen
74efb754fd REST API: Add test for creating a comment with an invalid post ID.
#38816 fixed creating a comment with an invalid post ID (this should not be
allowed), but we need a test for this.

Fixes #38991.


git-svn-id: https://develop.svn.wordpress.org/trunk@39375 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 16:21:38 +00:00
jnylen0
c716e604c5 REST API: Add tests for empty or "no-op" updates.
The API should allow updates that don't actually change anything.  This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors.  This currently works for posts, terms, and
users, so this commit adds test cases accordingly.

See #38700 for issues preventing this from working for comments.

Fixes #38975.


git-svn-id: https://develop.svn.wordpress.org/trunk@39371 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 03:02:01 +00:00
Weston Ruter
9c39b16119 Customize: Fix logic for previewing the URL for nav_menu_item settings for terms and post type archives.
Fixes typo in args passed to `get_term_link()` which caused a fatal error due to this call returning a `WP_Error` which was set to `url`. Also fixes never-satisfiable condition for obtaining post type archive URL. Also ensures that `WP_Error` never leaks through as `url` by setting it to an empty string. Adds missing unit tests.

Amends [38991].
See #38114.
Fixes #38945.


git-svn-id: https://develop.svn.wordpress.org/trunk@39365 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 03:04:35 +00:00
John Blackbourn
8b1afc4743 Build/Test Tools: Add an extra WP_Error assertion when testing a valid user activation key. This provides a better failure message if the assertion does fail.
See #38716


git-svn-id: https://develop.svn.wordpress.org/trunk@39364 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 01:24:58 +00:00
John Blackbourn
25ede80cab Build/Test Tools: When testing the output of wp_list_pages(), use a known and fixed date for each post so the tests don't fail when the date changes between the beginning and end of a test.
Props xrmx
Fixes #38688


git-svn-id: https://develop.svn.wordpress.org/trunk@39363 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 00:07:49 +00:00
Joe Hoyle
a1c2caa4e3 REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.

git-svn-id: https://develop.svn.wordpress.org/trunk@39353 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-24 00:07:50 +00:00
joehoyle
7dc75c29f6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.

git-svn-id: https://develop.svn.wordpress.org/trunk@39352 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 23:12:05 +00:00
Weston Ruter
8bcbe1a35c Customize: Refactor logic for updating custom_css posts by introducing wp_update_custom_css_post() function and renaming update filter.
* Moves logic from `WP_Customize_Custom_CSS_Setting::update()` into a re-usable `wp_update_custom_css_post()` function, useful for future REST API endpoint, WP-CLI command, or plugin migrations.
* Renames `customize_update_custom_css_post_content_args` filter to `update_custom_css_data` and improves the naming of the parameters. Instead of passing `post_content` and `post_content_filtered` the filtered array now contains `css` and `preprocessed` respectively. 
* The second context param for the `update_custom_css_data` filter is now an array of the original args passed to `wp_update_custom_css_post()` and there is now no more `$setting` arg since it isn't necessarily being called in the customizer context.

Props westonruter, georgestephanis.
See #35395.
Fixes #38672.


git-svn-id: https://develop.svn.wordpress.org/trunk@39350 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 17:33:21 +00:00
Joe Hoyle
5d7118d63e REST API: Add support for comments of password-protected posts.
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.

git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 16:14:08 +00:00
Helen Hou-Sandi
f3a59f8632 Theme starter content: Add support for featured images and page templates.
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.

As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.

props westonruter, helen, flixos90.
fixes #38615.


git-svn-id: https://develop.svn.wordpress.org/trunk@39346 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 09:52:27 +00:00
Joe Hoyle
e606bc36c1 REST API: Allow unsetting of page templates in update requests.
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.

Props lucasstark, swissspidy.
Fixes #38877.

git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 02:46:42 +00:00