This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.
Props dd32, johnbillion.
Fixes#34336
git-svn-id: https://develop.svn.wordpress.org/trunk@35366 602fd350-edb4-49c9-b593-d223f7449a82
* Change the 3rd arg from `args` to `width`
* Change `wp_image_sizes_args` filter to `wp_get_attachment_image_sizes`
Updates unit tests.
Props joemcgill.
Fixes#34379.
git-svn-id: https://develop.svn.wordpress.org/trunk@35355 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35351 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35342 602fd350-edb4-49c9-b593-d223f7449a82
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes#761.
git-svn-id: https://develop.svn.wordpress.org/trunk@35339 602fd350-edb4-49c9-b593-d223f7449a82
[34247] made the 'public' paramater of `register_taxonomy()` work by blocking
requests for non-public taxonomy archives during `parse_request()`. Blocking
taxonomy archive requests this late means that it's impossible to register an
independent query var that matches the slug of a non-public taxonomy. By
moving the block to `register_taxonomy()` - not allowing these taxonomies to
register their query vars in the first place - we free up the slug for other
use. In addition, we free up a bit of processing (no need to look for the query
var in `parse_request()` and better parallel the way non-public post types
work. See `register_post_type()`.
Non-public taxonomy archives that are requested using `?taxonomy=tax_name` are
still blocked during `parse_request`. It's only custom query vars -
`?tax_name=term` - that are affected by this change.
Props mboynes.
Fixes#21949.
git-svn-id: https://develop.svn.wordpress.org/trunk@35333 602fd350-edb4-49c9-b593-d223f7449a82
[34561] instituted the policy of forcing pagination for comments. This strategy
was intended to avert problems when 'page_comments' is set to 0 - as it is by
default - and the number of comments on a given post rises into the hundreds or
thousands. By forcing pagination in all cases, we ensured that WordPress would
not time out by processing unwieldy numbers of comments on a given pageload.
The strategy proves problematic, however, because comment permalinks are
generated using the page of the comment. Forcing pagination for posts that
were not previously paginated would change the URL of all comments that do not
appear on the default comment page.
This changeset reintroduces the 'page_comments' setting and its corresponding
checkbox on Settings > Discussion. A number of tests, which were written after
[34561], are modified to work now that 'page_comments' will, once again, be
disabled by default.
See #8071.
git-svn-id: https://develop.svn.wordpress.org/trunk@35331 602fd350-edb4-49c9-b593-d223f7449a82
Also move style rule from `customize-nav-menus.css` to `customize-controls.css` so that widgets button is properly styled when `nav_menus` component is excluded from loading. See [35304]. See #33327.
Props westonruter, DrewAPicture.
Fixes#33552.
git-svn-id: https://develop.svn.wordpress.org/trunk@35307 602fd350-edb4-49c9-b593-d223f7449a82
The `autoload` argument value is passed along to `update_option()` which has accepted an `$autoload` parameter since [31628].
Props westonruter, dlh.
See #26394.
Fixes#33499.
git-svn-id: https://develop.svn.wordpress.org/trunk@35305 602fd350-edb4-49c9-b593-d223f7449a82
The same indicator on the nav menus admin page is now present for nav menu items in the Customizer. When a menu item is present for a post type that is no longer registered, the menu item will appear with the indicator.
Props kucrut, westonruter.
Fixes#33665.
git-svn-id: https://develop.svn.wordpress.org/trunk@35302 602fd350-edb4-49c9-b593-d223f7449a82
Cuts down on unnecessary queries, especially in environments that rely on
post meta a lot. Reverts [32997].
Props ap.koponen, swissspidy.
Fixes#34368.
git-svn-id: https://develop.svn.wordpress.org/trunk@35299 602fd350-edb4-49c9-b593-d223f7449a82
Introduces more flexibility in filtering all parts of the document title,the
separator, and a way to short-circuit title generation. Plugins can now also
check for theme support and reliably filter the entire output. See #18548.
Deprecates `wp_title()`.
Fixes#31078.
git-svn-id: https://develop.svn.wordpress.org/trunk@35294 602fd350-edb4-49c9-b593-d223f7449a82
Widgets panel will not wait to display until the preview loads.
Also fixes problems with `margin-top` in panels where other panels' `active` states change, as well as ensuring sections of deactivated panel collapse before panel is hidden to prevent the pane from becoming empty of controls.
Fixes#33052.
Fixes#33567.
git-svn-id: https://develop.svn.wordpress.org/trunk@35231 602fd350-edb4-49c9-b593-d223f7449a82
[34997] caused `get_term()` to return an error object in the case when
`$taxonomy` did not match the taxonomy of the located term. This was an
inadvertant change from the previous behavior, when `get_term()` would return
null in these cases.
Props dlh.
See #14162. Fixes#34332.
git-svn-id: https://develop.svn.wordpress.org/trunk@35227 602fd350-edb4-49c9-b593-d223f7449a82
Using more than one instance of `WP_UnitTest_Factory` causes all kinds of craziness, due to out-of-sync internal generator sequences. Since we want to use `setUpBeforeClass`, we were creating ad hoc instances. To avoid that, we were injecting one `static` instance via Dependency Injection in `wpSetUpBeforeClass`. All tests should really use the `static` instance, so we will remove the instance prop `$factory`.
Replace `$this->factory` with `self::$factory` over 2000 times.
Rewrite all of the tests that were hard-coding dynamic values.
#YOLOFriday
git-svn-id: https://develop.svn.wordpress.org/trunk@35225 602fd350-edb4-49c9-b593-d223f7449a82
They were added 3 years ago in [846/tests] because tests weren't excluded from the normal runs.
Reverts [35209] because it doesn't work with Xdebug.
`Tests_Ajax_Response::test_response_charset_in_header` is the only test which needs to run in a separate process, see [975/tests].
See #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@35211 602fd350-edb4-49c9-b593-d223f7449a82
Most of the Ajax tests are running in a separate PHP process, and thus PHPUnit attempts to preserve the global state from the parent process by serializing all globals. But this doesn't work for external object caches so we have to disable this "feature".
See #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@35209 602fd350-edb4-49c9-b593-d223f7449a82
This makes it way easier to add fixtures, and tear them down, without needing to instantiate `WP_UnitTest_Factory` in every class - removes the need to call `commit_transaction()` in each individual class.
See #30017, #33968.
git-svn-id: https://develop.svn.wordpress.org/trunk@35186 602fd350-edb4-49c9-b593-d223f7449a82
The `create_many()` number should be padded by just one, to account for the
user created by the test suite. Introduced in [35114].
We also don't have to create so many fixtures to run this test.
See #28631.
git-svn-id: https://develop.svn.wordpress.org/trunk@35123 602fd350-edb4-49c9-b593-d223f7449a82
By default, `WP_Query` will not cache query results when using a persistent
object cache. The lazyload tests, however, depend on the cache being set during
each `WP_Query`, because the object cache is cleared between tests.
See #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@35112 602fd350-edb4-49c9-b593-d223f7449a82