Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes#28523.
git-svn-id: https://develop.svn.wordpress.org/trunk@37646 602fd350-edb4-49c9-b593-d223f7449a82
[37623] used the wrong parameter name (count=true instead of fields=count).
For greater flexibility and forward compatibility with other potential changes
to the return value of `get_terms()`, we now do a looser check: any non-array
value is excluded from the filter.
Fixes#36992.
git-svn-id: https://develop.svn.wordpress.org/trunk@37634 602fd350-edb4-49c9-b593-d223f7449a82
Different tests are used for subdomain and subdirectory installs as domain and path are searched differently for each. Only trailing wildcard searches are tested because leading wildcards are not yet supported.
See #36675.
git-svn-id: https://develop.svn.wordpress.org/trunk@37633 602fd350-edb4-49c9-b593-d223f7449a82
- We already match URLs on their own line, add another regex to match URLs in their own paragraphs.
- Always exclude the `\s<>"` characters when matching.
- Add more unit tests.
Props iseulde, azaozz.
Fixes#25387.
git-svn-id: https://develop.svn.wordpress.org/trunk@37627 602fd350-edb4-49c9-b593-d223f7449a82
Hierarchical comment queries work by first fetching the IDs of top-level
comments, and then filling the descendant tree one level at a time based on the
top-level results. When top-level comment IDs are found in the cache,
`WP_Comment_Query` does not generate the SQL used to fetch these comments. In
this case, the `fill_descendants()` query does not have enough information
to fill children. As a result, descendant comments were failing to be filled
in cases where the top-level comments were found in the cache.
This was a minor bug previously, because comment caches were not maintained
between pageloads. Since comment caches are now persistent [37613], the problem
becomes evident anywhere that a persistent object cache is in use.
The solution is to cache parent-child relationships, so that when top-level
comments are found in the cache, descendant comments should be found there as
well.
Fixes#36487.
git-svn-id: https://develop.svn.wordpress.org/trunk@37625 602fd350-edb4-49c9-b593-d223f7449a82
Use of the 'get_terms' filter was consolidated in [37572], with the
introduction of `WP_Term_Query`. At that time, the result of 'count=true'
queries began being filtered by 'get_terms'. This breaks existing 'get_terms'
callbacks, which often assume that the returned value will be an array or a
`WP_Error` object.
Props JustinSainton.
Fixes#36992.
git-svn-id: https://develop.svn.wordpress.org/trunk@37623 602fd350-edb4-49c9-b593-d223f7449a82
The logic for determining the appropriate character set and collation to use is becoming more complex, particularly with the recent additions of [37522] and [37523]. As `init_charset()` has side effects, and makes use of constants instead of parameters, it's not possible to unit test this logic.
This commit splits the logic part of `init_charset()` out into a new method, `wpdb::determine_charset()`, along with appropriate unit tests.
See #32105, #37522.
Fixes#36917.
git-svn-id: https://develop.svn.wordpress.org/trunk@37601 602fd350-edb4-49c9-b593-d223f7449a82
Prior to [37572], arguments passed to `get_terms()` were passed immediately
through `wp_parse_args()`, which made it possible to pass arguments as a
querystring (`hide_empty=0`) rather than an array
(`array( 'hide_empty' => false )`). [37572] moved default argument parsing
into `WP_Term_Query`, while assuming that arguments passed to `get_terms()`
would be formatted as an array.
To provide compatibility, we now parse all args passed to `get_terms()` into
an array before processing.
See #35381.
git-svn-id: https://develop.svn.wordpress.org/trunk@37599 602fd350-edb4-49c9-b593-d223f7449a82
`CHAR` is redundant, since the `meta_value` column is `LONGTEXT`. Meanwhile,
use of `CAST()` causes MySQL to ignore any index that the administrator may
have added to the column.
A number of automated tests were doing searches for `CAST` in the SQL strings
generated by `WP_Meta_Query` (for reasons unrelated to the `CAST()` behavior).
These tests have been updated to expect the new query format.
Props ericlewis.
Fixes#36625.
git-svn-id: https://develop.svn.wordpress.org/trunk@37594 602fd350-edb4-49c9-b593-d223f7449a82
Since [37573], object relationship caches (`{$taxonomy}_relationships`)
contain term IDs rather than term objects. See #36814. As such, it's no longer
necessary to clear these caches when a term is updated; none of the data that's
changed on update (name, description, count, etc) is stored in the relationship
cache.
Fixes#36251.
git-svn-id: https://develop.svn.wordpress.org/trunk@37593 602fd350-edb4-49c9-b593-d223f7449a82
The process of lazy-loading can be resource intensive for object that have
terms in large numbers of taxonomies and are running a persistent object cache.
This new parameter allows the feature to be disabled in these cases.
Props DBrumbaugh10Up.
See #36953.
git-svn-id: https://develop.svn.wordpress.org/trunk@37589 602fd350-edb4-49c9-b593-d223f7449a82
In order to allow non-web initializations of WordPress (such as through wp-cli) to modify things like the check for maintenance mode, plugins.php and the associated functions must be available much earlier. The use of these functions earlier than the loading of plugins is not recommended in most use cases.
Fixes#36819. See #34936.
Props jorbin, danielbachhuber for documentation.
git-svn-id: https://develop.svn.wordpress.org/trunk@37588 602fd350-edb4-49c9-b593-d223f7449a82
`dbDelta()` compares the index definitions against the result of `SHOW INDEX FROM $table_name`. This requires a specific format so indices are not unnecessarily re-created. This format wasn't ensured, until now.
* Parse the raw index definition to extract the type, name and columns so a normalized definition can be built (#20263, #34873).
* Standardize on uppercase types (#34871) and on 'KEY'. 'INDEX' is only a synonym for 'KEY'.
* Escape index names with backticks (#20263).
* Normalize columns: Ignore ASC and DESC definitions (#34959), remove whitespaces (#34869) and escape column names with backticks (#20263).
* Add backticks to all index change queries (#20263).
Props ocean90, pento, kurtpayne.
Fixes#20263, #34869, #34871, #34873, #34959.
git-svn-id: https://develop.svn.wordpress.org/trunk@37583 602fd350-edb4-49c9-b593-d223f7449a82
`dbDelta()` already supported spatial fields (by virtue of not checking field types), so it's nice to round that out with spatial key support, too.
Fixes#36948.
git-svn-id: https://develop.svn.wordpress.org/trunk@37574 602fd350-edb4-49c9-b593-d223f7449a82
Previously, objects containing all data about a term were stored in each
object's term cache. Besides being wasteful, this approach caused invalidation
issues, as when a modified term count required a flush for all objects
belonging to the term.
Backward compatibility is maintained for plugins that continue to put object
data directly into the `{$taxonomy}_relationships` cache bucket.
Fixes#36814.
git-svn-id: https://develop.svn.wordpress.org/trunk@37573 602fd350-edb4-49c9-b593-d223f7449a82
[34529] introduced logic intended to prime the termmeta cache for certain
values of the `fields` parameter. There were a few bugs:
* The `all_with_object_id` param was misspelled.
* `term_id` was used instead of `ids`.
* The values being passed to `update_termmeta_cache()` in the case where `fields=ids` was not correct.
All of these would result in a failure to pre-fetch termmeta in some cases.
Props dlh.
Fixes#36932.
git-svn-id: https://develop.svn.wordpress.org/trunk@37567 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds a unit test factory so that bookmark/link fixtures can be
created during tests.
Why are we writing tests for functionality that has been deprecated for years?
Because it's the Right Thing to Do.
See #18356.
git-svn-id: https://develop.svn.wordpress.org/trunk@37563 602fd350-edb4-49c9-b593-d223f7449a82
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.
On the subsequent upgrade, after the `utf8mb4` upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their original size, so let's do that.
Fixes#36748.
git-svn-id: https://develop.svn.wordpress.org/trunk@37525 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::init_charset()` doesn't lend itself to being tested, so the unit test added in [37521] won't work under most circumstances.
See #32405.
git-svn-id: https://develop.svn.wordpress.org/trunk@37522 602fd350-edb4-49c9-b593-d223f7449a82
Some sites prefer to use locale-specific location settings. For example, the Swedish WordPress package use `utf8_swedish_ci`, instead of `utf8_unicode_ci`. When upgrading the connection to `utf8mb4`, we were overriding this to be `utf8mb4_unicode_ci`, instead of maintaining the use of the `_swedish_ci` variant.
The locale-specific collations do have extra collation rules just for that language, so it's useful to maintain compatibility.
Fixes#32405.
git-svn-id: https://develop.svn.wordpress.org/trunk@37521 602fd350-edb4-49c9-b593-d223f7449a82
Without a fixture that does not match the search term, it's possible for the
test to pass even if the search clause isn't built properly.
See #13992, #35381.
git-svn-id: https://develop.svn.wordpress.org/trunk@37519 602fd350-edb4-49c9-b593-d223f7449a82
Provides a consistent way to query `$wpdb->blogs` for `WP_Site` objects based on domain, path, site ID, network ID, and more.
Introduces and uses `update_site_cache()` and `_prime_site_caches()` to maintain a cached list of `WP_Site` objects for use in multiple queries.
Props spacedmonkey, flixos90, DrewAPicture, jeremyfelt, ocean90.
See #35791.
git-svn-id: https://develop.svn.wordpress.org/trunk@37477 602fd350-edb4-49c9-b593-d223f7449a82
When a setting is invalid, not only will it be blocked from being saved but all other settings will be blocked as well. This ensures that Customizer saves aren't partial but are more transactional. User will be displayed the error in a notification so that they can fix and re-attempt saving.
PHP changes:
* Introduces `WP_Customize_Setting::validate()`, `WP_Customize_Setting::$validate_callback`, and the `customize_validate_{$setting_id}` filter.
* Introduces `WP_Customize_Manager::validate_setting_values()` to do validation (and sanitization) for the setting values supplied, returning a list of `WP_Error` instances for invalid settings.
* Attempting to save settings that are invalid will result in the save being blocked entirely, with the errors being sent in the `customize_save_response`. Modifies `WP_Customize_Manager::save()` to check all settings for validity issues prior to calling their `save` methods.
* Introduces `WP_Customize_Setting::json()` for parity with the other Customizer classes. This includes exporting of the `type`.
* Modifies `WP_Customize_Manager::post_value()` to apply `validate` after `sanitize`, and if validation fails, to return the `$default`.
* Introduces `customize_save_validation_before` action which fires right before the validation checks are made prior to saving.
JS changes:
* Introduces `wp.customize.Notification` in JS which to represent `WP_Error` instances returned from the server when setting validation fails.
* Introduces `wp.customize.Setting.prototype.notifications`.
* Introduces `wp.customize.Control.prototype.notifications`, which are synced with a control's settings' notifications.
* Introduces `wp.customize.Control.prototype.renderNotifications()` to re-render a control's notifications in its notification area. This is called automatically when the notifications collection changes.
* Introduces `wp.customize.settingConstructor`, allowing custom setting types to be used in the same way that custom controls, panels, and sections can be made.
* Injects a notification area into existing controls which is populated in response to the control's `notifications` collection changing. A custom control can customize the placement of the notification area by overriding the new `getNotificationsContainerElement` method.
* When a save fails due to setting invalidity, the invalidity errors will be added to the settings to then populate in the controls' notification areas, and the first such invalid control will be focused.
Props westonruter, celloexpressions, mrahmadawais.
See #35210.
See #30937.
Fixes#34893.
git-svn-id: https://develop.svn.wordpress.org/trunk@37476 602fd350-edb4-49c9-b593-d223f7449a82
Introduce `ms_load_current_site_and_network`. This is used by core during the multisite bootstrap process to populate the `$current_site` and `$current_blog` globals based on a requested domain and path.
Return values from this function inform `ms-settings.php` as to whether a page view should continue, `ms_not_installed()` should fire, or a redirect to a new location should occur.
This was previously a procedural block in `ms-settings.php`. Wrapping this code and providing specific return values allows us to write tests that do not rely on the manual and repeated inclusion of `ms-settings.php`.
This should not be used by plugins or themes. Please.
See #34941.
git-svn-id: https://develop.svn.wordpress.org/trunk@37475 602fd350-edb4-49c9-b593-d223f7449a82
Use SVG images in supporting browsers, otherwise fall back to PNG images. Add the filters `emoji_svg_url` and `emoji_svg_ext`.
Introduces unit tests to check the Emoji CDN filters.
Fixes#36525
git-svn-id: https://develop.svn.wordpress.org/trunk@37471 602fd350-edb4-49c9-b593-d223f7449a82
When the options table is set to `utf8` instead of `utf8mb4`, emoji will be stripped from the blog name and description when they're saved. Instead of stripping them, they can be encode as HTML entities.
Fixes#36122.
git-svn-id: https://develop.svn.wordpress.org/trunk@37469 602fd350-edb4-49c9-b593-d223f7449a82
This allows the HTML5 `required` attribute to be added to the `select` element.
Props wzislam, pcarvalho.
Fixes#31909.
git-svn-id: https://develop.svn.wordpress.org/trunk@37465 602fd350-edb4-49c9-b593-d223f7449a82
Rachel Baker
Boone Gorges
Jeremy Felt
Andrew Ozz
Gary Pendergast
Aaron Jorbin
Dominik Schilling (ocean90)
Drew Jaynes
Ella Iseulde Van Dorpe
pento
Weston Ruter
Peter Wilson