This function can be used to easily get the main site ID of a given network via the optional `$network_id` parameter, which defaults to the current network. The existing `is_main_site()` now uses the new function internally and now accepts an optional `$network_id` parameter as well.
The main purpose of the new function at this point is to ensure that the `WP_Network::$blog_id` property is always set. Magic getters in the class have been adjusted to auto-fill the property when it is accessed and empty. Furthermore the function encapsulates logic that was previously part of `ms_load_current_site_and_network()` and has been replaced with a call to the function now.
Props spacedmonkey, jeremyfelt, johnjamesjacoby, flixos90.
Fixes#29684.
git-svn-id: https://develop.svn.wordpress.org/trunk@41380 602fd350-edb4-49c9-b593-d223f7449a82
Generally, duplicate terms returned by a term query are eliminated in PHP,
after the database query takes place. This technique doesn't work properly
when the query parameters specify the `number` of results, since the results
of a `SELECT ... LIMIT x...` query may be deduplicated to a count less than
`x`. In these cases, we force the original query to be `DISTINCT`.
Props elvishp2006.
Fixes#41796.
git-svn-id: https://develop.svn.wordpress.org/trunk@41377 602fd350-edb4-49c9-b593-d223f7449a82
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.
Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes#12423, #39892.
git-svn-id: https://develop.svn.wordpress.org/trunk@41376 602fd350-edb4-49c9-b593-d223f7449a82
The `aria-current` attribute is a simple, effective way to help assistive
technology users orientate themselves within a list of items.
Props GrahamArmfield, palmiak.
Fixes#40833.
git-svn-id: https://develop.svn.wordpress.org/trunk@41371 602fd350-edb4-49c9-b593-d223f7449a82
* Used now in core to facilitate displaying inserted media. See #40854.
* The `[embed]` shortcode is not supported because there is no post context for caching oEmbed responses. This depends on #34115.
* Add `do_shortcode()` to the `widget_text_content` filter in the same way it is added for `the_content` at priority 11, with `shortcode_unautop()` called at priority 10 after `wpautop()`.
* For Text widget in legacy mode, manually apply `do_shortcode()` (and `shortcode_unautop()` if auto-paragraph checked) if the core-added `widget_text_content` filter remains, unless a plugin added `do_shortcode()` to `widget_text` to prevent applying shortcodes twice.
* Ensure that global `$post` is `null` while filters apply in the Text widget so shortcode handlers won't run with unexpected contexts.
Props westonruter, nacin, aaroncampbell.
See #40854, #34115.
Fixes#10457.
git-svn-id: https://develop.svn.wordpress.org/trunk@41361 602fd350-edb4-49c9-b593-d223f7449a82
Previously, it was not possible to hook into the `wp_link_query` filter to add custom entries when the
query returned no posts.
Props mitraval192, msebel.
Fixes#41825.
git-svn-id: https://develop.svn.wordpress.org/trunk@41346 602fd350-edb4-49c9-b593-d223f7449a82
Informs developers that widgets need to be registered before they can be
displayed through `the_widget()`. Previously it would fail with an ambiguous
undefined index notice.
Props SeBsZ, mrasharirfan.
Fixes#41743.
git-svn-id: https://develop.svn.wordpress.org/trunk@41327 602fd350-edb4-49c9-b593-d223f7449a82
This introduces the following meta capabilities:
* `activate_plugin`
* `deactivate_plugin`
* `deactivate_plugins`
The singular `activate_plugin` and `deactivate_plugin` capabilities are used along with the corresponding plugin name when
determining whether or not a user can activate or deactivate an individual plugin.
The plural `deactivate_plugins` capability is used in place of the existing `activate_plugins` capability when determining
whether a user can deactivate plugins.
Each of these new meta capabilities map to the existing `activate_plugins` primitive capability, which means there is no
change in existing behaviour, but plugins can now filter the capabilities required to activate and deactivate individual
plugins.
Fixes#38652
git-svn-id: https://develop.svn.wordpress.org/trunk@41290 602fd350-edb4-49c9-b593-d223f7449a82
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.
This change fixes the usage in user-facing text and in developer documentation.
Fixes#41620
git-svn-id: https://develop.svn.wordpress.org/trunk@41289 602fd350-edb4-49c9-b593-d223f7449a82
Using `paged` with `number` allows developers to request
paginated comment results without having to do a manual offset
calculation.
Props AdamWills.
Fixes#38268.
git-svn-id: https://develop.svn.wordpress.org/trunk@41287 602fd350-edb4-49c9-b593-d223f7449a82
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.
Props johnbillion, flixos90.
Fixes#39677.
git-svn-id: https://develop.svn.wordpress.org/trunk@41268 602fd350-edb4-49c9-b593-d223f7449a82
In addition to the enhancement, tests for the filter usage including the new parameter have been added.
Props NathanAtmoz.
Fixes#39030.
git-svn-id: https://develop.svn.wordpress.org/trunk@41267 602fd350-edb4-49c9-b593-d223f7449a82
For bonus :yolo: :friday:, this repeats [41262] for `multisite.xml`, which duplicates the ignored file list from `phpunit.xml.dist`.
See #41658.
git-svn-id: https://develop.svn.wordpress.org/trunk@41263 602fd350-edb4-49c9-b593-d223f7449a82
There were a handful of files with an underscore in the name, which violated our naming scheme, and caused problems for anyone how enforced the scheme on their own systems.
This commit renames all of the files to the correct camelCase scheme.
Fixes#41658.
git-svn-id: https://develop.svn.wordpress.org/trunk@41261 602fd350-edb4-49c9-b593-d223f7449a82
Also apply `the_editor_content` filters on widget `text` with `format_for_editor()` as is done for the post editor.
Amends [40631].
Props westonruter, azaozz.
See #35243.
Fixes#41596.
git-svn-id: https://develop.svn.wordpress.org/trunk@41260 602fd350-edb4-49c9-b593-d223f7449a82
Also explicitly use HTML5 doctype when parsing Text widget contents in legacy mode detection.
Amends [41050].
See #40951.
Fixes#41622.
git-svn-id: https://develop.svn.wordpress.org/trunk@41251 602fd350-edb4-49c9-b593-d223f7449a82
This is a consistency improvement and also a bug fix for fairly obscure cases involving modified WP load order.
Fixes#41555.
git-svn-id: https://develop.svn.wordpress.org/trunk@41238 602fd350-edb4-49c9-b593-d223f7449a82
This will send nav menu locations through three levels of mapping:
1. If both themes have only one location, that gets mapped.
2. If both themes have locations with the same slug, they get mapped.
3. Locations that (even partially) match slugs from a similar kind of menu location will get mapped.
Menu locations are mapped for Live Previews in the Customizer and during theme switches.
Props westonruter, obenland, welcher, melchoyce.
Fixes#39692.
git-svn-id: https://develop.svn.wordpress.org/trunk@41237 602fd350-edb4-49c9-b593-d223f7449a82
The following tests were never executed as they have `@depends` annotations which means they get skipped because the `test_video_shortcode_body()` test has not run by the time they run. Re-ordering the test methods fixes this.
* `test_wp_video_shortcode_with_empty_params()`
* `test_wp_video_shortcode_with_bad_attr()`
* `test_wp_video_shortcode_attributes()`
* `test_wp_video_shortcode_youtube_remove_feature()`
* `test_wp_video_shortcode_youtube_force_ssl()`
* `test_wp_video_shortcode_vimeo_force_ssl_remove_query_args()`
* `test_wp_video_shortcode_vimeo_adds_loop()`
* `test_wp_video_shortcode_vimeo_force_adds_loop_true()`
See #35367
git-svn-id: https://develop.svn.wordpress.org/trunk@41229 602fd350-edb4-49c9-b593-d223f7449a82
While site administrators cannot generally edit users in multisite, they have always been able to change the roles of users on their site. In the REST API however, this has not been possible so far. This changeset brings parity with how it is handled in the administration panel: A REST request to edit only a user's roles succeeds correctly, while a REST request to edit any further details of a user fails.
Props jnylen0.
Fixes#40263.
git-svn-id: https://develop.svn.wordpress.org/trunk@41226 602fd350-edb4-49c9-b593-d223f7449a82
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.
The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.
Props jmdodd.
Fixes#41101.
git-svn-id: https://develop.svn.wordpress.org/trunk@41225 602fd350-edb4-49c9-b593-d223f7449a82
The list of endpoint parameters should only include explicitly named and requested parameters.
Props flixos90, rmccue, jnylen0.
Fixes#40704.
git-svn-id: https://develop.svn.wordpress.org/trunk@41223 602fd350-edb4-49c9-b593-d223f7449a82
The `settings_previewed` property eliminates the need for the Customizer components from having to look at global `doing_ajax` state. This is in particular needed when saving settings, as some settings will short-circuit the update operation if they detect no changes are introduced. This is also needed for low-level integrations with the Customizer, such as in REST API endpoints under development.
Props stubgo, westonruter, utkarshpatel for testing.
See #38900.
Fixes#39221.
git-svn-id: https://develop.svn.wordpress.org/trunk@41205 602fd350-edb4-49c9-b593-d223f7449a82
`WP_Comment_Query` always queries runs an ID query, and so is unaffected
by the 'fields' parameter. As such, 'fields' can be ignored when building
a cache key for the results of the ID query.
Props spacedmonkey.
Fixes#41348.
git-svn-id: https://develop.svn.wordpress.org/trunk@41190 602fd350-edb4-49c9-b593-d223f7449a82
This makes sure that plugins hooked to `save_post` get the right post format.
Props Chouby, SergeyBiryukov.
Fixes#41396.
git-svn-id: https://develop.svn.wordpress.org/trunk@41187 602fd350-edb4-49c9-b593-d223f7449a82
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.
Props rodrigosprimo, tharsheblows, johnbillion
Fixes#16470
git-svn-id: https://develop.svn.wordpress.org/trunk@41163 602fd350-edb4-49c9-b593-d223f7449a82
[41139] changed how the REST API URL is generated, but included an incorrect version of `wp-api-generated.js`.
This updates the generator to create the correct `wp-api-generated.js`, and updates ``wp-api-generated.js`.
See #40886.
git-svn-id: https://develop.svn.wordpress.org/trunk@41154 602fd350-edb4-49c9-b593-d223f7449a82
When pretty permalinks are disabled, the web server will internally forward requests to `index.php`. Unfortunately, nginx only forwards HTTP/1.0 methods: `PUT`, `PATCH`, and `DELETE` methods will return a 405 error.
To work around this nginx behaviour, including `index.php` in the REST URL skips the internal redirect.
Fixes#40886.
git-svn-id: https://develop.svn.wordpress.org/trunk@41139 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that users who are a member of a site but have no role are correctly listed on the Users screen and can be filtered from the 'None' role filter.
Props tobi823, flixos90, scottlee
Fixes#36196
git-svn-id: https://develop.svn.wordpress.org/trunk@41138 602fd350-edb4-49c9-b593-d223f7449a82
The same styling from the Text widget should apply to the Custom HTML widget since users are expected to copy HTML from the (legacy) Text widget into the latter.
Amends [40893].
See #40907.
Fixes#41392.
git-svn-id: https://develop.svn.wordpress.org/trunk@41115 602fd350-edb4-49c9-b593-d223f7449a82
Link to some documentation that explains the problem and how to resolve it.
Props enrico.sorcinelli.
Fixes#41345.
git-svn-id: https://develop.svn.wordpress.org/trunk@41090 602fd350-edb4-49c9-b593-d223f7449a82
Ensures that users who copy HTML from the Text widget in legacy mode over to the Custom HTML widget will continue to get all of the same filters applied, including tag balancing and shortcodes, if a plugin added support. Plugins still have the `widget_text_content` and `widget_custom_html_content` filters they can use to target the specific widget types.
Amends [40893].
See #40951.
Fixes#40907 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@41086 602fd350-edb4-49c9-b593-d223f7449a82
Since plugin-added shortcode handling is just-in-time deferred to run after `wpautop`, there is no need to retain the presence of shortcodes to trigger legacy mode. Also updates Text widget legacy mode notice informing of Custom HTML widget.
Amends [41050].
Props westonruter, melchoyce.
Fixes#40951 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@41070 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change there were two different cache keys used for the same query. That is because regardless of the `$fields` argument, the query response will be the same. This was already fixed for `WP_Site_Query` in [41059].
Props spacedmonkey.
Fixes#41347.
git-svn-id: https://develop.svn.wordpress.org/trunk@41063 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change there were two different cache keys used for the same query. That is because regardless of the `$fields` argument, the query response will be the same.
Props spacedmonkey.
Fixes#41197.
git-svn-id: https://develop.svn.wordpress.org/trunk@41059 602fd350-edb4-49c9-b593-d223f7449a82
Before this changeset, the language of a new site would always result in the language of the current network, regardless of the `$site_id` parameter passed that actually determines the network for the site. Now the correct `WPLANG` value is used in such cases.
Alongside this change, a few minor documentation changes around the function have been made to account for the current naming conventions of sites and networks.
Props spacedmonkey.
Fixes#40503.
git-svn-id: https://develop.svn.wordpress.org/trunk@41058 602fd350-edb4-49c9-b593-d223f7449a82
The Text widget in legacy mode omits TinyMCE and retains old behavior for matching pre-existing Text widgets. Usage pointers added to default visual mode appear when attempting to paste HTML code into the Visual tab and when clicking on the Text tab, informing users of the new Custom HTML widget.
Props westonruter, melchoyce, gitlost for testing, obenland for testing, dougal for testing, afercia for testing.
See #35243.
Fixes#40951.
git-svn-id: https://develop.svn.wordpress.org/trunk@41050 602fd350-edb4-49c9-b593-d223f7449a82
Also correct phpdoc return tag on `WP_oEmbed_Controller::get_proxy_item()` and remove dead code in oEmbed controller phpunit tests.
Amends [40628].
See #40450.
Fixes#41299.
git-svn-id: https://develop.svn.wordpress.org/trunk@41047 602fd350-edb4-49c9-b593-d223f7449a82
- Older versions of PHP don't know how to `html_entity_decode()` emoji.
- The fall back regex was a little too broad, catching characters that aren't emoji.
See #35293.
git-svn-id: https://develop.svn.wordpress.org/trunk@41045 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `wp_encode_emoji()` and `wp_staticize_emoji()` used inaccurate regular expressions to find emoji, and transform then into HTML entities or `<img>`s, respectively. This would result in emoji not being correctly transformed, or occasionally, non-emoji being incorrectly transformed.
This commit adds a new `grunt` task - `grunt precommit:emoji`. It finds the regex in `twemoji.js`, transforms it into a PHP-friendly version, and adds it to `formatting.php`. This task is also automatically run by `grunt precommit`, when it detects that `twemoji.js` has changed.
The new regex requires features introduced in PCRE 8.32, which was introduced in PHP 5.4.14, though it was also backported to later releases of the PHP 5.3 series. For versions of PHP that don't support this, it will fall back to an updated version of the loose-matching regex.
For short posts, the performance difference between the old and new regex is negligible. As the posts get longer, however, the new method is exponentially faster.
Fixes#35293.
git-svn-id: https://develop.svn.wordpress.org/trunk@41043 602fd350-edb4-49c9-b593-d223f7449a82
[40514] introduced a bug that caused term queries to return some duplicates
when the `$taxonomies` array contained only taxonomies that were originally
registered with an `$args` array. We fix this bug by ensuring that
recursive `get_terms()` queries stop when all queried `$taxonomies` have
already been referenced.
Props bor0, atanasangelovdev.
Fixes#41010.
git-svn-id: https://develop.svn.wordpress.org/trunk@41037 602fd350-edb4-49c9-b593-d223f7449a82
Verify that `human_time_diff` works as expected for minute, hour and day intervals. Test that rounding works as expected when the time difference is near the rounding margin.
Props SGr33n.
Fixes#38773.
git-svn-id: https://develop.svn.wordpress.org/trunk@41018 602fd350-edb4-49c9-b593-d223f7449a82
Check return value of `WP_Customize_Manager::get_changeset_post_data()` and return if error instead of assuming it is an array.
Amends [38810].
See #30937.
Fixes#41252.
git-svn-id: https://develop.svn.wordpress.org/trunk@41012 602fd350-edb4-49c9-b593-d223f7449a82
This was previously searching for the user ID, which isn't really what it was meant to do. As a result, the test can break if that number appears in any other user information.
git-svn-id: https://develop.svn.wordpress.org/trunk@41011 602fd350-edb4-49c9-b593-d223f7449a82
Previously, changing these constants in `wp-tests-config` would cause PHPUnit to regenerate `wp-api-generated.js` with different values.
This commit uses the existing mechanism to also "freeze" all values that would change as a result of changing these constants.
Fixes#41123.
git-svn-id: https://develop.svn.wordpress.org/trunk@41006 602fd350-edb4-49c9-b593-d223f7449a82
Previously, checks like `current_user_can( 'edit_term_meta', $term_id )`
returned the proper value, but generated a PHP notice due to the fact
that `get_term( $term_id )` could, in certain instances, return
`WP_Error` objects.
Props caercam.
Fixes#40891.
git-svn-id: https://develop.svn.wordpress.org/trunk@40999 602fd350-edb4-49c9-b593-d223f7449a82
This filter allows developers to modify the arguments passed to
`wp_get_object_terms()` before the query is run.
Props enrico.sorcinelli.
Fixes#35925.
git-svn-id: https://develop.svn.wordpress.org/trunk@40994 602fd350-edb4-49c9-b593-d223f7449a82
Meta capabilities use the capability `do_not_allow` to indicate a user should be blocked from performing a particular action. This ensures users can not have the capability as it would cause unexpected behaviour.
Props johnbillion.
Fixes#41059.
git-svn-id: https://develop.svn.wordpress.org/trunk@40993 602fd350-edb4-49c9-b593-d223f7449a82
Passing an array of `comment_meta` into `wp_update_comment()` will
now update corresponding metadata. Similar functionality already
exists in `wp_insert_comment()`.
Props dshanske, kraftbj.
Fixes#36784.
git-svn-id: https://develop.svn.wordpress.org/trunk@40981 602fd350-edb4-49c9-b593-d223f7449a82
When a cache entry is found that matches the requested `$term_id`, but
doesn't match an explicitly provided `$taxonomy`, that cache entry
should be ignored.
Props GunGeekATX.
Fixes#40671.
git-svn-id: https://develop.svn.wordpress.org/trunk@40979 602fd350-edb4-49c9-b593-d223f7449a82
This parameter allows querying for posts with a specific value of
`comment_count`. It is also possible to query for posts that match
a `comment_count` comparison by passing an array with 'value' and
'compare' operators (eg `array( 'compare' => '>', 'value' => 5 )`).
Props ramon fincken.
Fixes#28399.
git-svn-id: https://develop.svn.wordpress.org/trunk@40978 602fd350-edb4-49c9-b593-d223f7449a82
This complements `wp_clear_scheduled_hook()`, which only clears events attached with specific arguments.
Props arena, mordauk, jrf.
Fixes#18997.
git-svn-id: https://develop.svn.wordpress.org/trunk@40965 602fd350-edb4-49c9-b593-d223f7449a82
Correspondingly renames files, ID base from `html_code` to `custom_html`, and the filter from `widget_html_code_content` to `widget_custom_html_content`.
See #40907.
git-svn-id: https://develop.svn.wordpress.org/trunk@40926 602fd350-edb4-49c9-b593-d223f7449a82
This changeset also includes the new function `has_term_meta()`, a
counterpart to `has_meta()` (for posts).
Props enrico.sorcinelli.
Fixes#35991.
git-svn-id: https://develop.svn.wordpress.org/trunk@40916 602fd350-edb4-49c9-b593-d223f7449a82
Fixes issue where Video widgets embedding external files fail to get recognized due to the presence of the `loop` param after the video filename, even though it has a recognized extension. Regardless, the `loop` param is only present to fix a Vimeo issue in ME.js 2.x.
Props timmydcrawford.
Amends [40640].
See #39686, #39994.
Fixes#40977.
git-svn-id: https://develop.svn.wordpress.org/trunk@40892 602fd350-edb4-49c9-b593-d223f7449a82
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.
Props jdgrimes
See #39822
git-svn-id: https://develop.svn.wordpress.org/trunk@40872 602fd350-edb4-49c9-b593-d223f7449a82
Updates Twemoji to 2.3.0 to include Emoji 5 support.
The pride flag test is replaced with a test for the English flag, a five character sub-devision locale. The UN flag test is retained as the most recent two character locale.
An Emoji 5 "bearded person" replaces both Emoji 4 tests.
Fixes#40858.
git-svn-id: https://develop.svn.wordpress.org/trunk@40837 602fd350-edb4-49c9-b593-d223f7449a82
Custom Header functionality is largely untested. This adds tests for existing
behavior as well as changes introduced in [39227].
Props bradyvercher.
See #38639.
Fixes#39241.
git-svn-id: https://develop.svn.wordpress.org/trunk@40825 602fd350-edb4-49c9-b593-d223f7449a82
Uses the Site title as fallback value for the Custom Logo alt attribute when the original alt attribute is empty.
Props sami.keijonen, joedolson, sstoqnov, nobremarcos, gma992, LiamMcArthur, jjcomack.
Fixes#38768.
git-svn-id: https://develop.svn.wordpress.org/trunk@40817 602fd350-edb4-49c9-b593-d223f7449a82
- improves accessibility using an aria-label attribute to match the information conveyed visually with the one exposed to assistive technologies
- adds an option in the widget to display the item counts, consistently with what other widgets already do (Archives, Categories)
Props adamsoucie, emirpprime, Samantha Miller., MikeLittle, rianrietveld, sami.keijonen, adamsilverstein, westonruter, afercia.
See #24766.
Fixes#35566.
git-svn-id: https://develop.svn.wordpress.org/trunk@40816 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this commit, `WP_Rest_Request::get_param()` traversed through the parameter order but `WP_Rest_Request::set_param()` did not. For JSON requests (and likely other situations as well), this meant that changing a parameter with `set_param()` would have no effect on `get_param()`.
Props TimothyBlynJacobs.
Fixes#40344.
git-svn-id: https://develop.svn.wordpress.org/trunk@40815 602fd350-edb4-49c9-b593-d223f7449a82
In `wp_prepare_attachment_for_js()`:
- Normalize behavior when author does not exist by returning '(no author)' for `authorName` in these cases.
- Decode HTML entities in `author_name`.
- Add tests for both of the above.
Props arshidkv12, ocean90, sloisel, mikeschroder.
Fixes#39955.
git-svn-id: https://develop.svn.wordpress.org/trunk@40809 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests). This matches the behavior of the `nocache_headers` function used in other parts of WordPress.
Previously, the REST API would send an empty `Last-Modified` header in this situation. Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.
Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes#40444.
git-svn-id: https://develop.svn.wordpress.org/trunk@40805 602fd350-edb4-49c9-b593-d223f7449a82
Brings the minimum characters expected for a valid email address to six, which matches the expectations in `wp_handle_comment_submission()` and REST API email arguments.
Props rmccue, lukecavanagh, rachelbaker, desrosj, sudar.
Fixes#38708.
git-svn-id: https://develop.svn.wordpress.org/trunk@40667 602fd350-edb4-49c9-b593-d223f7449a82
The last time a new widget was introduced, Vuvuzelas were a thing, Angry Birds started taking over phones, and WordPress stopped shipping with Kubrick. Seven years and 17 releases without new widgets have been enough, time to spice up your sidebar!
Props westonruter, melchoyce, obenland, timmydcrawford, adamsilverstein, gonom9, wonderboymusic, Fab1en, DrewAPicture, sirbrillig, joen, matias, samikeijonen, afercia, celloexpressions, designsimply, michelleweber, ranh, kjellr, karmatosed.
Fixes#32417, #39993, #39994, #39995.
git-svn-id: https://develop.svn.wordpress.org/trunk@40640 602fd350-edb4-49c9-b593-d223f7449a82
During a PHPUnit test suite run, a file named `wp-api-generated.js` is created which contains some response objects that serve as fixtures for the `wp-api.js` client unit tests.
Previously, some of these API responses were actually error objects, which isn't what we want for testing. This commit fixes the existing error responses and prevents this situation in the future.
Fixes#40734.
git-svn-id: https://develop.svn.wordpress.org/trunk@40629 602fd350-edb4-49c9-b593-d223f7449a82
Updates Twemoji and adds a second Emoji 4 test to include a shrugging man. Emoji 4 is being implemented gradually, while some browsers now support the female technologist, the indifferent shrugging man is breaking things with his presence.
Props peterwilsoncc, pento for code review.
Fixes#40615.
git-svn-id: https://develop.svn.wordpress.org/trunk@40626 602fd350-edb4-49c9-b593-d223f7449a82
Now that Travis has confirmed that it is sending messages to Slack when a test fails, we no longer need a failing test.
The failing test added in [40613] is reverted, as Travis has failed to fail at notifying us about failing tests.
See #40712.
git-svn-id: https://develop.svn.wordpress.org/trunk@40614 602fd350-edb4-49c9-b593-d223f7449a82
To ensure that Travis is sending messages to Slack, a test needs to fail, so here's a failing test.
This failing test (and no other failing tests) will be reverted once Travis confirms that it isn't failing to message Slack about failing tests.
See #40712.
git-svn-id: https://develop.svn.wordpress.org/trunk@40613 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, after creating a site, the network site count was always refreshed on the current network, regardless of whether the site was created on a different network. With the recent changes, particularly [40591], it is now possible to update the site count for a specific `$network_id`, so this changeset makes use of the new parameter.
Fixes#38699.
git-svn-id: https://develop.svn.wordpress.org/trunk@40612 602fd350-edb4-49c9-b593-d223f7449a82
The unit tests introduced as part of [40486] used the wrong `site_count` network option name instead of `blog_count`. This did not cause actual issues in the tests, but deleting the option was supposed to verify that it is properly recreated afterwards. The usage of the wrong name made these tests less useful, so this changeset fixes it.
Fixes#40725.
git-svn-id: https://develop.svn.wordpress.org/trunk@40611 602fd350-edb4-49c9-b593-d223f7449a82
The unit test introduced in [40370] used the strict `assertSame()` check while comparison a count with the value of an option, which under most conditions is not an integer. While the test passed on some setups, it failed on others. This changeset ensures that `assertEquals()` is used to make the test stable.
Fixes#40724.
git-svn-id: https://develop.svn.wordpress.org/trunk@40610 602fd350-edb4-49c9-b593-d223f7449a82
These (and a few others that can be revisited later if needed) were present in
beta versions of the WP REST API but were removed during the merge to WP 4.7.
Props ChopinBach, jnylen0.
Fixes#38693.
git-svn-id: https://develop.svn.wordpress.org/trunk@40605 602fd350-edb4-49c9-b593-d223f7449a82
For compatibility with filters on hooks on content filters (such as shortcodes), we need to set the global. This mirrors the Posts controller.
Props pdufour, jnylen0.
Fixes#40626.
git-svn-id: https://develop.svn.wordpress.org/trunk@40601 602fd350-edb4-49c9-b593-d223f7449a82
If an email address is missing an `@`, we can't assume enough to check it against a list of domain names.
Additional validation of email should happen in `is_email()` before being passed to `is_email_address_unsafe()`.
Fixes#39915.
git-svn-id: https://develop.svn.wordpress.org/trunk@40595 602fd350-edb4-49c9-b593-d223f7449a82
Previously, an invalid email could result in an undefined index when attempting to determine the email domain.
Props ocean90.
See #39915.
git-svn-id: https://develop.svn.wordpress.org/trunk@40594 602fd350-edb4-49c9-b593-d223f7449a82
Now that `get_blog_count()` and `get_user_count()` both support passing a `$network_id` parameter (see [40370] and [40371]), similar functionality is now available for `wp_is_large_network()`. In addition, the filter `wp_is_large_network` now accepts the network ID as its fourth parameter.
This changeset furthermore introduces unit tests for the `wp_is_large_network()` function and its filter.
Fixes#40489.
git-svn-id: https://develop.svn.wordpress.org/trunk@40590 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, the minimum site name length checked in `wpmu_validate_blog_signup()` was set to a fixed value of 4. The new filter allows tweaking this value, as there may be cases where shorter site names may be required.
Fixes#39676.
git-svn-id: https://develop.svn.wordpress.org/trunk@40589 602fd350-edb4-49c9-b593-d223f7449a82
When headers are stored in WP_REST_Request internally they are canonicalized. This step already happens on setting / getting headers in any way, but was missed when implementing remove_header().
Props TimothyBlynJacobs.
Fixes#40347.
git-svn-id: https://develop.svn.wordpress.org/trunk@40577 602fd350-edb4-49c9-b593-d223f7449a82
This removes the need to manually call `$this->skipWithMultisite()` and `$this->skipWithoutMultisite()` from within the test when the test only runs without Multisite or only runs on Multisite, respectively.
Props jdgrimes for the suggestion.
Fixes#40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40564 602fd350-edb4-49c9-b593-d223f7449a82
This has a slight performance impact on sites with a large number of users when the `time` strategy is used for counting users. Hopefully this impact will be negated by enhancements proposed in #38741.
Props psoluch, dots, boonebgorges, ptbello, tharsheblows
Fixes#29785
git-svn-id: https://develop.svn.wordpress.org/trunk@40560 602fd350-edb4-49c9-b593-d223f7449a82
The test `Tests_Comment_CheckComment::test_should_return_true_when_content_does_not_match_moderation_keys()`
did not, in fact, test for a `true` value, but for a false one.
Switching to `assertTrue()` caused a failure, because the test comment
triggered the 'comment_moderation' test. As in other tests in the file,
the solution is to force 'comment_moderation' to 0 for the purposes of
the test.
Introduced in [32519].
Props stephdau.
Fixes#40584.
git-svn-id: https://develop.svn.wordpress.org/trunk@40557 602fd350-edb4-49c9-b593-d223f7449a82
This brings much needed uniformity to test skipping when a test requires Multisite or when a test should be excluded from running when Multisite is enabled.
Used in conjunction with the `@group ms-required` and `@group ms-excluded` notation, this removes a significant number of skipped tests from the default test suite run.
Fixes#40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40543 602fd350-edb4-49c9-b593-d223f7449a82
This adds a compatibility shim for the new namespaced structure of PHPUnit and the removed `setExpectedException()` method. In addition, this updates the Travis config so PHPUnit 6.1 is used where appropriate.
Props miyauchi, gitlost.
Fixes#39822
git-svn-id: https://develop.svn.wordpress.org/trunk@40536 602fd350-edb4-49c9-b593-d223f7449a82
If any of these constants are set during testing, they should cause the tests to fail, not to be skipped, otherwise we have a situation where failure conditions are never seen.
See #40533
git-svn-id: https://develop.svn.wordpress.org/trunk@40525 602fd350-edb4-49c9-b593-d223f7449a82
Tests in the `ms-excluded` group are now excluded when running tests with multisite enabled, and tests in the `ms-required` group are excluded when running tests without multisite enabled. The end result is a significantly reduced number of skipped tests polluting PHPUnit's output, which means verbose mode can be used to more easily see which tests are skipped or incomplete, and why.
See #40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40520 602fd350-edb4-49c9-b593-d223f7449a82
This sort of behaviour subtly hides the fact that these tests will never fail if the URLs where version number information is fetched from go away for one reason or another.
See #40533
git-svn-id: https://develop.svn.wordpress.org/trunk@40519 602fd350-edb4-49c9-b593-d223f7449a82
This is a remnant of the test suite behaviour before #30284 fixed most of it and makes it far too easy to hide failing tests.
If any tests begin to fail as a result of this change then they should be fixed.
Fixes#40534
git-svn-id: https://develop.svn.wordpress.org/trunk@40518 602fd350-edb4-49c9-b593-d223f7449a82
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.
The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.
Props danielbachhuber.
Fixes#40496.
git-svn-id: https://develop.svn.wordpress.org/trunk@40513 602fd350-edb4-49c9-b593-d223f7449a82
After the `$network_id` parameter has been introduced for `wp_update_network_site_counts()` in [40484] and `wp_update_network_user_counts()` in [40485], the new parameter can now also be used on the wrapping function.
Fixes#40386. See #38699.
git-svn-id: https://develop.svn.wordpress.org/trunk@40486 602fd350-edb4-49c9-b593-d223f7449a82
Using the new parameter, it is now possible to update the user count on a network different from the current one. While the count itself is technically a global user count and not network-wide, it is stored on each individual network, and the new parameter provides more control about where to update the count.
Fixes#40349. See #38699.
git-svn-id: https://develop.svn.wordpress.org/trunk@40485 602fd350-edb4-49c9-b593-d223f7449a82
Using the new parameter, it is now possible to update the site counts on a network different from the current network.
Props PieWP, johnjamesjacoby.
Fixes#37528. See #38699.
git-svn-id: https://develop.svn.wordpress.org/trunk@40484 602fd350-edb4-49c9-b593-d223f7449a82
The behaviour was previously possible with the `blog_details` filter and `get_blog_details()` function. The former is deprecated since [38936].
This change adjusts the magic methods of `WP_Site` to also check if `$key` exists in `WP_Site::get_details()`.
Fixes#40458.
git-svn-id: https://develop.svn.wordpress.org/trunk@40478 602fd350-edb4-49c9-b593-d223f7449a82
This aids in debugging XMLRPC tests which fail, by exposing the `IXR_Error` error message in the assertion failure message.
Fixes#40423
git-svn-id: https://develop.svn.wordpress.org/trunk@40417 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, a mix of `is_super_admin()` calls and `manage_network` capability checks was used to determine whether the current user could upgrade the network. With this changeset a dedicated capability is introduced that allows more granular handling.
Props dhanendran for the original patch.
Fixes#39205. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@40404 602fd350-edb4-49c9-b593-d223f7449a82
This prevents non-image fileypes from returning a mime type of
"application/octet-stream" when `exif_imagetype()` returns `false`.
Props blobfolio.
Fixes#40017.
git-svn-id: https://develop.svn.wordpress.org/trunk@40397 602fd350-edb4-49c9-b593-d223f7449a82
[40295] removed the restriction of a minimum amount of characters for new site names, which could cause unexpected behavior. That changeset is reverted here with the exception of the removal of the `is_super_admin()` check, which can safely be omitted. A new filter for the minimum site name length will be introduced later to be able to modify that behavior.
See #39676, #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@40391 602fd350-edb4-49c9-b593-d223f7449a82
`setup_network` is a new meta capability that brings more granular control over the permissions to setup a multisite environment. In a non-multisite environment it falls back to `manage_options` while in a multisite it falls back to `manage_network_options`. The introduction of this capability furthermore allows replacing an `is_super_admin()` check.
Props ashokkumar24 for the original patch.
Fixes#39206. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@40390 602fd350-edb4-49c9-b593-d223f7449a82
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).
Props wonderboymusic, MatheusGimenez, curdin.
Fixes#40027.
git-svn-id: https://develop.svn.wordpress.org/trunk@40376 602fd350-edb4-49c9-b593-d223f7449a82
The `get_user_count()` function returns the number of active users on a network, which is stored in a `user_count` network option. Since `get_network_option()` supports retrieving options from other networks than the current one, `get_user_count()` can now make use of that feature.
Fixes#37866.
git-svn-id: https://develop.svn.wordpress.org/trunk@40371 602fd350-edb4-49c9-b593-d223f7449a82
The `get_blog_count()` function used to support an `$id` parameter for the network ID prior to WordPress 3.1. This parameter has not been used since the introduction of `get_site_option()` and was later deprecated in [25113]. With `get_network_option()` however it is possible to support the parameter again, now properly renamed as `$network_id`.
A unit test has for the parameter has been added as well. Another unit test in the same class was adjusted to work properly with multiple networks existing.
Fixes#37865.
git-svn-id: https://develop.svn.wordpress.org/trunk@40370 602fd350-edb4-49c9-b593-d223f7449a82
Prior to 4.7, term relationships - as set by `wp_set_object_terms()` or
`wp_remove_object_terms()` - did not affect the term query cache. The
introduction of the 'object_ids' parameter in 4.7 means that the query
cache must be aware of object-term relationships. As such, the
'last_changed' incrementor is now invalidated when term relationships
are modified.
This bug only reared its head when delaying term counting, because term
counting performs its own term query cache invalidation.
Props mboynes.
Fixes#40306.
git-svn-id: https://develop.svn.wordpress.org/trunk@40353 602fd350-edb4-49c9-b593-d223f7449a82
A couple of REST API tests had an assertion `assertNotInstanceOf( 'WP_Error', $response );` which will never be true.
Since these assertions are invalid, and also made redundant by the response status check, we can just remove them.
Props dlh.
Fixes#40270.
git-svn-id: https://develop.svn.wordpress.org/trunk@40350 602fd350-edb4-49c9-b593-d223f7449a82
The `site-lookup` group was introduced in WPMU, but never actually used in WordPress core.
Props johnjamesjacoby.
Fixes#38725.
git-svn-id: https://develop.svn.wordpress.org/trunk@40347 602fd350-edb4-49c9-b593-d223f7449a82
In previous iterations of `WP_Site`, there was concern that not all properties would be available when storing a site's details in cache. When introduced in [37918], an `ms_loaded` check was added to address this concern. Any properties that are still `false` after `ms_loaded` really are `false` and can be cached as such.
Props flixos90.
Fixes#40247.
git-svn-id: https://develop.svn.wordpress.org/trunk@40344 602fd350-edb4-49c9-b593-d223f7449a82
Add `useremail`, `userslugs`, `networks`, `sites`, and `site-details` as global cache groups when added with unit tests. This aligns the list with the core default.
Fixes#40283.
git-svn-id: https://develop.svn.wordpress.org/trunk@40343 602fd350-edb4-49c9-b593-d223f7449a82
The set of assertions in this data provider intend to test a 0 path segment configuration rather than the use of paths.
Fixes#37217.
git-svn-id: https://develop.svn.wordpress.org/trunk@40342 602fd350-edb4-49c9-b593-d223f7449a82
This checks for `is_multisite()` and the minimum PHP version in the same block and removes two `echo` statements previously used to indicate generation had been skipped.
Fixes#40041.
git-svn-id: https://develop.svn.wordpress.org/trunk@40341 602fd350-edb4-49c9-b593-d223f7449a82
In [31349], core `varchar` column key lengths were changed from 255 to 191 to support the 767 byte index size limit on standard utf8mb4 MySQL installs. This changes the DB schema tests to match.
Props caseypatrickdriscoll, clarinetlord.
Fixes#35958.
git-svn-id: https://develop.svn.wordpress.org/trunk@40339 602fd350-edb4-49c9-b593-d223f7449a82
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post object exists before checking the read permission for the parent post.
Props GhostToast.
Fixes#39881.
git-svn-id: https://develop.svn.wordpress.org/trunk@40306 602fd350-edb4-49c9-b593-d223f7449a82
Previously `update_blog_option()` would trigger an invalidation of that site's entire cache although these changes did not affect the content of these caches. Furthermore changes to the special options `blogname`, `siteurl` and `post_count` should not invalidate the entire cache of that site, but only their respective site details cache. The option `home` now has the same behavior as it also belongs to the site details, but did not invalidate the cache at all previously.
Several new unit tests confirm these changes work as expected.
Fixes#40063.
git-svn-id: https://develop.svn.wordpress.org/trunk@40305 602fd350-edb4-49c9-b593-d223f7449a82
This prevents an additional 301 redirect when clicking on the nav menu item, and it also prevents a scenario where the auth cookie may not be passed and cause an authentication error when navigating in the customizer.
Props dlh, swissspidy.
Fixes#40112.
git-svn-id: https://develop.svn.wordpress.org/trunk@40300 602fd350-edb4-49c9-b593-d223f7449a82
This prevents creating page without any content when the options are populated with an empty string.
Props shadyvb.
Fixes#40036.
git-svn-id: https://develop.svn.wordpress.org/trunk@40296 602fd350-edb4-49c9-b593-d223f7449a82
It is sometimes desirable to support shorter site names than 4 characters, therefore that restriction should be removed. It is still possible to manually enforce it by using the `wpmu_validate_blog_signup` filter.
As a result of this change, another `is_super_admin()` call gets removed which affects the ongoing efforts of working on a network-wide role system.
Props milindmore22.
Fixes#39676. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@40295 602fd350-edb4-49c9-b593-d223f7449a82
Prior to [38677], `get_term_by()` would always return false if
an empty string were passed as the queried 'name' or 'slug'. The
refactor to use `get_terms()` broke this behavior; inappropriately
imprecise `empty()` checks caused the 'name' or 'slug' clause to be
discarded altogether when fetching terms, resulting in an incorrect
term being returned from the function.
We fix the regression by special-casing truly empty values passed
to `get_term_by()`, and ensuring that `WP_Term_Query` is properly
able to handle `0` and `'0'` term queries.
Props sstoqnov.
Fixes#21760.
git-svn-id: https://develop.svn.wordpress.org/trunk@40293 602fd350-edb4-49c9-b593-d223f7449a82
[38667] changed the way that the filter parameters are built. That
changeset didn't fully account for the pre-4.7 format of `$taxonomies`.
Props ig_communitysites.
Fixes#40154.
git-svn-id: https://develop.svn.wordpress.org/trunk@40290 602fd350-edb4-49c9-b593-d223f7449a82
The time chosen for `test_empty_post_date_gmt_shimmed_using_post_date` falls within US daylight savings time. This may cause the test to fail depending on whether the current locale has DST.
The fix is to specify a numeric `gmt_offset` rather than a `timezone_string`.
Unprops jnylen0.
Fixes#40136.
git-svn-id: https://develop.svn.wordpress.org/trunk@40284 602fd350-edb4-49c9-b593-d223f7449a82
Historically, it has been possible to call `get_term_by()` within
a 'get_terms' filter callback. Since `get_term_by()` was refactored
to use `get_terms()` internally [38677], callbacks of this nature
have resulted in infinite loops.
As a workaround, we introduce a 'suppress_filter' option to `get_terms()`,
and use it when calling the function from within `get_term_by()`.
Props ocean90.
See #21760.
git-svn-id: https://develop.svn.wordpress.org/trunk@40275 602fd350-edb4-49c9-b593-d223f7449a82
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.
This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.
Fixes#39367
git-svn-id: https://develop.svn.wordpress.org/trunk@40263 602fd350-edb4-49c9-b593-d223f7449a82
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes#39486
git-svn-id: https://develop.svn.wordpress.org/trunk@40241 602fd350-edb4-49c9-b593-d223f7449a82
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes#39486
git-svn-id: https://develop.svn.wordpress.org/trunk@40239 602fd350-edb4-49c9-b593-d223f7449a82
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates. It has not been previously available.
Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).
Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.
Props sagarkbhatt.
Fixes#39854.
git-svn-id: https://develop.svn.wordpress.org/trunk@40238 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds some missing test cases for combinations of `orderby` and other parameters (`post_parent__in` and `post_name__in`).
Followup to [40056] for `orderby` and `post__in`.
The interaction of these parameters is perhaps counterintuitive because `orderby` does not affect the returned results. This is overall probably the best design, and it's now better tested and documented.
Props fibonaccina.
See #39055.
git-svn-id: https://develop.svn.wordpress.org/trunk@40237 602fd350-edb4-49c9-b593-d223f7449a82
Terms with duplicate names are not allowed at the same level of a
taxonomy hierarchy. The name lookup introduced in [34809] did not
properly account for the 'parent' parameter, with the result that
the duplicate-name restriction was tighter than intended (terms
with duplicate names could not be created at different levels of
a single hierarchy).
Props mikejolley.
Fixes#39984.
git-svn-id: https://develop.svn.wordpress.org/trunk@40145 602fd350-edb4-49c9-b593-d223f7449a82
`wp_insert_term()` does not allow for terms with the same name to exist
at the same hierarchy level, unless the second term has a unique slug.
When this logic was refactored in [31792] and [34809], a bug was
introduced whereby it was possible to bypass the no-same-named-sibling
check in cases where the first term had a non-auto-generated slug
(ie, where the name was 'Foo' but the slug something other than 'foo',
such that the second term would get the non-matching slug 'foo').
This changeset fixes this issue by ensuring that the duplicate name
check runs both in cases where there's an actual slug clash *and* in
cases where no explicit `slug` has been provided to `wp_insert_term()`.
The result is a more reliable error condition:
`wp_insert_term( 'Foo' ... )` will always fail if there's a sibling
'Foo', regardless of the sibling's slug.
Props mikejolley.
See #39984.
git-svn-id: https://develop.svn.wordpress.org/trunk@40144 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that generated thumbnails are kept out of the version-
controlled `DIR_TESTDATA` directory.
Props bor0.
Fixes#40008.
git-svn-id: https://develop.svn.wordpress.org/trunk@40142 602fd350-edb4-49c9-b593-d223f7449a82
Following [40130] tests fail on environments that don't support PDF
previews because the expected meta data doesn't get written.
See #39875.
git-svn-id: https://develop.svn.wordpress.org/trunk@40131 602fd350-edb4-49c9-b593-d223f7449a82
Since support for PDF previews were added in [38949], it's possible
that the generated image file could overwrite an existing image file
with the same name. This uses `wp_unique_filename()` to avoid this
issue and adds a '-pdf' identifier on the end of filenames.
Props gitlost, derosj, mikeschroder, joemcgill.
Fixes#39875. See #31050.
git-svn-id: https://develop.svn.wordpress.org/trunk@40130 602fd350-edb4-49c9-b593-d223f7449a82
This prevents the unhelpful white screen of death when a user who can view the post (eg. preview it) leaves a comment while the post is in draft.
Props sagarprajapati, milindmore22, mayurk, swissspidy
Fixes#39650
git-svn-id: https://develop.svn.wordpress.org/trunk@40128 602fd350-edb4-49c9-b593-d223f7449a82
A few of the multisite tests were failing after [40124] because
multisite filters `upload_mimes` with the `check_upload_mimes()`
function to reduce the set of allowed MIME types. This fixes those
errors by skipping the tests for adding additional MIME types and
only tests file types assumed to be allowed.
See #39550.
git-svn-id: https://develop.svn.wordpress.org/trunk@40125 602fd350-edb4-49c9-b593-d223f7449a82
[39831] introduced more strict MIME type checking for uploads, which
resulted in unintetionally blocking several filetypes that were
previously valid. This change uses a more targeted approach to MIME
validation to restore previous behavior for most types.
Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill.
Fixes#39550, #39552.
git-svn-id: https://develop.svn.wordpress.org/trunk@40124 602fd350-edb4-49c9-b593-d223f7449a82
Due to inconsistencies in the way browsers handle Exif orientation data,
if a user manually rotates an image within WordPress, set the Exif orientation to
the default (1) so that the image displays with the same rotation/flip in every browser.
Props sanchothefat, triplejumper12, joemcgill, azaozz, markoheijnen, mikeschroder.
See #14459.
Fixes#37140.
git-svn-id: https://develop.svn.wordpress.org/trunk@40123 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts as if the `sticky` argument was not set. In this situation, the query should return an empty array instead.
A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.
Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.
Props ryelle.
Fixes#39947.
git-svn-id: https://develop.svn.wordpress.org/trunk@40122 602fd350-edb4-49c9-b593-d223f7449a82
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.
After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.
Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes#39232.
git-svn-id: https://develop.svn.wordpress.org/trunk@40120 602fd350-edb4-49c9-b593-d223f7449a82
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.
This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.
Props joehoyle.
Fixes#38883.
git-svn-id: https://develop.svn.wordpress.org/trunk@40108 602fd350-edb4-49c9-b593-d223f7449a82
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.
This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.
Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes#39701.
git-svn-id: https://develop.svn.wordpress.org/trunk@40106 602fd350-edb4-49c9-b593-d223f7449a82
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters. Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes `application/x-www-form-urlencoded` parameters as well.
Props mnelson4.
Fixes#39933.
git-svn-id: https://develop.svn.wordpress.org/trunk@40105 602fd350-edb4-49c9-b593-d223f7449a82
Many plugins and themes use the WP core test suite to run their unit tests, so the API tests shouldn't fail if there are extra endpoints registered in non-core namespaces.
Props rachelbaker.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40104 602fd350-edb4-49c9-b593-d223f7449a82
An additional unit test has been introduced to verify the method works properly when using an external object cache.
Props spacedmonkey, jeremyfelt.
Fixes#37217.
git-svn-id: https://develop.svn.wordpress.org/trunk@40102 602fd350-edb4-49c9-b593-d223f7449a82
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Fixes#39256.
git-svn-id: https://develop.svn.wordpress.org/trunk@40101 602fd350-edb4-49c9-b593-d223f7449a82
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.
Props dhanendran, jnylen0, rachelbaker.
Fixes#39466.
git-svn-id: https://develop.svn.wordpress.org/trunk@40080 602fd350-edb4-49c9-b593-d223f7449a82
There are a couple of changes to the generated API schemas between single-site and multisite mode - for example, the `url` and `email` settings are not present in the settings endpoint (see #39005).
To avoid unexpected changes to the `wp-api-generated.js` fixture file, skip generating the client test fixtures when running the test suite in multisite mode.
See #39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40077 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [40065] - `JSON_*` constants are differently unsupported in PHP 5.2 and 5.3, which caused other, more different failures.
Also bring back `JSON_UNESCAPED_SLASHES` because the generated output looks nicer this way.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40066 602fd350-edb4-49c9-b593-d223f7449a82
Remove `JSON_UNESCAPED_SLASHES` from the `wp_json_encode` call - this constant is not supported in PHP < 5.4, and we don't polyfill it either.
Also make the PHPUnit test suite correctly exit with a non-zero exit code when `wp-tests-config.php` is not present. This was causing `grunt restapi-jsclient` to incorrectly proceed to its second step even when the first step failed with this error.
Props ocean90.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40065 602fd350-edb4-49c9-b593-d223f7449a82
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API. This was already done for posts, but not for revisions. The field is already declared as an integer in both controllers.
Fixes#39871.
git-svn-id: https://develop.svn.wordpress.org/trunk@40063 602fd350-edb4-49c9-b593-d223f7449a82
Add a data normalization pass when generating data fixtures for the REST API endpoints. Ensures that the `wp-api-generated.js` fixture won't change between test runs. Set more default properties and use fixed values for any properties that can't be easily controlled (object IDs and derivatives like link). Generate the fixture file with JSON_PRETTY_PRINT so that future diffs are easier to follow.
Props jnylen0, netweb.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40061 602fd350-edb4-49c9-b593-d223f7449a82
Add QUnit tests: verify that wp-api loads correctly, verify that the expected base models and collections exist and can be instantiated, verify that collections contain the correct models, verify that expected helper functions are in place for each collection.
The QUnit tests rely on two fixture files: `tests/qunit/fixtures/wp-api-generated.js` contains the data response from each core endpoint and is generated by running the PHPUnit `restapi-jsclient` group. `tests/qunit/fixtures/wp-api.js` maps the generated data to endpoint routes, and overrides `Backbone.ajax` to mock the responses for the tests.
Add PHPUnit tests in `tests/phpunit/tests/rest-api/rest-schema-setup.php`. First, verify that the API returns the expected routes via `server->get_routes()`. Then, the `test_build_wp_api_client_fixtures` test goes thru each endpoint and requests it from the API, tests that it returns data, and builds up the data for the mocked QUnit tests, saving the final results to `tests/qunit/fixtures/wp-api-generated.js`.
Add a new grunt task `restapi-jsclient` which runs the phpunit side data generation and the qunit tests together.
Props jnylen0, welcher.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40058 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds test cases for the interaction (or more accurately, lack of
interaction) between `orderby=post__in` and the `order` parameter.
Props fibonaccina.
See #39055.
git-svn-id: https://develop.svn.wordpress.org/trunk@40056 602fd350-edb4-49c9-b593-d223f7449a82
Keep bumping the date for the auto-draft to preserve it from garbage-collection via `wp_delete_auto_drafts()` after 7 days.
See #30937.
Fixes#39713.
git-svn-id: https://develop.svn.wordpress.org/trunk@40041 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds tests for `orderby=relevance` combined with a search term in the REST API.
It also improves tests for the `orderby` parameter in `WP_REST_Posts_Controller` by looking at the generated SQL query instead of creating a bunch of carefully arranged test objects. This should be much more robust, and we can use this approach in other places (such as #39055).
Fixes#39079.
git-svn-id: https://develop.svn.wordpress.org/trunk@40037 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bad conditions in `WP_Customize_Setting::get_root_value()` and `WP_Customize_Setting::set_root_value()`.
Props dlh.
Amends [35007].
See #32103.
Fixes#36952.
git-svn-id: https://develop.svn.wordpress.org/trunk@40036 602fd350-edb4-49c9-b593-d223f7449a82
Partial revert of [38929].
This reverts the source code from the commit for #30210 to prevent valid but empty feeds from returning 404 file not found errors for the home and custom feeds.
The tests in the commit that remain applicable are retained.
Props pavelevap for reporting, stevenkword for initial patch.
See #30210.
Fixes#39157.
git-svn-id: https://develop.svn.wordpress.org/trunk@40030 602fd350-edb4-49c9-b593-d223f7449a82
This changeset reverts [38381], which caused inconsistencies in the way the
REST API fetches posts and other objects.
See #38792, #37738.
git-svn-id: https://develop.svn.wordpress.org/trunk@39992 602fd350-edb4-49c9-b593-d223f7449a82
Previously we were assuming pagination headers would be sent when the request for posts is out of bounds. Instead presume it will return an error.
See #39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39991 602fd350-edb4-49c9-b593-d223f7449a82
Return an error from the REST API if a page number larger than the total pages count is requested.
Props morganestes.
Fixes#39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39967 602fd350-edb4-49c9-b593-d223f7449a82
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
See #38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39954 602fd350-edb4-49c9-b593-d223f7449a82
Previously the menu items would all be displayed solely based on the `manage_network` capability. This change provides parity with the network admin menu.
Unit tests for the network admin menu functionality of `wp_admin_bar_my_sites_menu()` have been added.
Props chandrapatel.
Fixes#39082.
git-svn-id: https://develop.svn.wordpress.org/trunk@39948 602fd350-edb4-49c9-b593-d223f7449a82
Changes `WP_Customize_Nav_Menus::insert_auto_draft_post()` so it can be invoked for a `post_type` that is not registered (yet).
See #38615, #38114.
Fixes#39610.
git-svn-id: https://develop.svn.wordpress.org/trunk@39924 602fd350-edb4-49c9-b593-d223f7449a82
rest_pre_insert_{post_type} allows returning a WP_Error from the filter to shortcircuit actually creating the object, so it makes sense to do so for comments too.
Props dspilka.
Fixes#39578.
git-svn-id: https://develop.svn.wordpress.org/trunk@39922 602fd350-edb4-49c9-b593-d223f7449a82
If index lengths change in table definitions, we don't recreate the index - instead, we throw a database error, as `dbDelta()` tries to create a new index with the same name.
It's better to leave the index as is, MySQL doesn't have an efficient process for resizing indices, and dropping/creating is a slow process which we don't want to trigger automatically.
Fixes#34870.
git-svn-id: https://develop.svn.wordpress.org/trunk@39921 602fd350-edb4-49c9-b593-d223f7449a82
The `$user_total` member of `WP_User_Query`, and corresponding `get_total()` method, have always been documented as returning an `int`. `$user_total`, however, is populated by `$wpdb->get_var()`, which returns
a string (containing an integer value). Casting the return value from `get_var()` as an `int` rectifies this discrepency.
Props runciters.
Fixes#39297.
git-svn-id: https://develop.svn.wordpress.org/trunk@39915 602fd350-edb4-49c9-b593-d223f7449a82
Add test coverage for requests of a single user resource for authors of post types registered as:
- public = true, show_in_rest = true: success without auth.
- public = true, show_in_rest = false: fail without auth.
- public = false, show_in_rest = true: success without auth.
- public = false, show_in_rest = false: fail without auth.
See #38878.
Fixes#39546.
git-svn-id: https://develop.svn.wordpress.org/trunk@39913 602fd350-edb4-49c9-b593-d223f7449a82
This also updates the test filename in
`WP_Test_REST_Attachments_Controller::test_create_item_default_filename_title()`
to accurately match the actual file name.
git-svn-id: https://develop.svn.wordpress.org/trunk@39848 602fd350-edb4-49c9-b593-d223f7449a82
Only show users that have authored a post of a post type that has `show_in_rest` set to true.
Props rachelbaker, jnylen0.
See #38878.
git-svn-id: https://develop.svn.wordpress.org/trunk@39843 602fd350-edb4-49c9-b593-d223f7449a82
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.
Props rachelbaker.
Fixes#39280.
git-svn-id: https://develop.svn.wordpress.org/trunk@39663 602fd350-edb4-49c9-b593-d223f7449a82
`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.
Props bcworkz.
Fixes#39315.
git-svn-id: https://develop.svn.wordpress.org/trunk@39662 602fd350-edb4-49c9-b593-d223f7449a82
Adds tests for responses where `context != 'edit'` the following properties are not included in the response data:
- `email`
- `locale`
- `registered_date`
Props thepelkus, jnylen0.
Fixes#39399.
git-svn-id: https://develop.svn.wordpress.org/trunk@39660 602fd350-edb4-49c9-b593-d223f7449a82
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.
Props timmydcrawford, tyxla.
Fixes#39033.
git-svn-id: https://develop.svn.wordpress.org/trunk@39647 602fd350-edb4-49c9-b593-d223f7449a82
Removes the debugging group notation left in the `WP_Test_REST_Users_Controller` and `WP_Test_REST_Posts_Controller` classes pagination headers method. Introduced in [38832].
Props sanket.parmar.
Fixes#39398.
git-svn-id: https://develop.svn.wordpress.org/trunk@39643 602fd350-edb4-49c9-b593-d223f7449a82
When plugins don't disable the `backupGlobals` PHPUnit option in their own tests, `$wpdb` is backed up and restored between classes of tests. The serialisation process used for this broke the database connection. This previously wasn't a problem, as it was reconnecting before each test.
[38398] introduced some changes that required the connection to be available in `setUpBeforeClass()`, earlier than in was previously reconnecting. This didn't cause warnings in Core, but it did cause warnings for plugins that don't disable the `backupGlobals` option.
The database connection now reconnects in `setUpBeforeClass()`. This change also fixes a few Core tests that weren't calling `parent::setUpBeforeClass()` or `parent::tearDown()` correctly.
Fixes#39327.
git-svn-id: https://develop.svn.wordpress.org/trunk@39626 602fd350-edb4-49c9-b593-d223f7449a82
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
git-svn-id: https://develop.svn.wordpress.org/trunk@39620 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an oversight in [39246], which added a hook for filtering
the array of sizes used for PDF thumbnails, but failed to provide a way
for sizes added through `add_image_size()` to be processed.
Props gitlost.
Fixes#39231. See #38594.
git-svn-id: https://develop.svn.wordpress.org/trunk@39617 602fd350-edb4-49c9-b593-d223f7449a82
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
git-svn-id: https://develop.svn.wordpress.org/trunk@39598 602fd350-edb4-49c9-b593-d223f7449a82
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.
Fixes#38700.
git-svn-id: https://develop.svn.wordpress.org/trunk@39597 602fd350-edb4-49c9-b593-d223f7449a82
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.
Fixes#38977.
git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
It's fairly common for clients to send `Content-Type: application/json` with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.
Props JPry.
Fixes#39150.
git-svn-id: https://develop.svn.wordpress.org/trunk@39594 602fd350-edb4-49c9-b593-d223f7449a82
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.
Fixes#39063. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.
This change compares the old and new values as serialized data to remove the resource ID from the comparison.
Props salcode, bradyvercher, peterwilsoncc.
Fixes#38903.
git-svn-id: https://develop.svn.wordpress.org/trunk@39564 602fd350-edb4-49c9-b593-d223f7449a82
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
This new function is a taxonomy-agnostic version of `get_category_parents()`.
Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes#17069.
git-svn-id: https://develop.svn.wordpress.org/trunk@39549 602fd350-edb4-49c9-b593-d223f7449a82
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.
Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes#39078.
git-svn-id: https://develop.svn.wordpress.org/trunk@39506 602fd350-edb4-49c9-b593-d223f7449a82
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.
Fixes#38326
git-svn-id: https://develop.svn.wordpress.org/trunk@39494 602fd350-edb4-49c9-b593-d223f7449a82
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.
Props joehoyle, jnylen0.
Fixes#39010.
git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.
Props peterwilsoncc.
Fixes#39005.
git-svn-id: https://develop.svn.wordpress.org/trunk@39468 602fd350-edb4-49c9-b593-d223f7449a82
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971.
git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.
Props jnylen0, rachelbaker.
Fixes#38962.
git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.
Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes#38989.
git-svn-id: https://develop.svn.wordpress.org/trunk@39436 602fd350-edb4-49c9-b593-d223f7449a82
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.
This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.
Props jeremyfelt.
Fixes#39000.
git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.
See #38114.
Fixes#38928.
git-svn-id: https://develop.svn.wordpress.org/trunk@39411 602fd350-edb4-49c9-b593-d223f7449a82
* Also moves checks from `customize_save` Ajax handler to the underlying `WP_Customize_Manager::save_changeset_post()` call which plugins may invoke directly.
* Ensures that `customize_save_response` filter is always passed an array, with error code available as `code`.
Props utkarshpatel, westonruter, sayedwp.
See #30937.
Fixes#38943.
git-svn-id: https://develop.svn.wordpress.org/trunk@39409 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a regression in the media library after [38949], which caused
small images (< thumbnail size) to not display within the media library.
Accounts for images that have no intermediate sizes
in `wp_prepare_attachment_for_js()`.
Adds test.
Fixes#38965.
Props joemcgill, clorith, mikeschroder.
git-svn-id: https://develop.svn.wordpress.org/trunk@39396 602fd350-edb4-49c9-b593-d223f7449a82
* Show default labels for nav menu item as placeholders in a control's label field instead of showing blank.
* Store empty string as label instead of copying default labels.
* Prevent labels for post type archive items from being dropped in preview.
* Also ensure that the item type label is displayed on nav menu item controls for settings that are loaded from an existing changeset.
Amends [38618].
See #38015.
Fixes#38955.
git-svn-id: https://develop.svn.wordpress.org/trunk@39393 602fd350-edb4-49c9-b593-d223f7449a82
The API should allow updates that don't actually change anything. This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors. This currently works for posts, terms, and
users, so this commit adds test cases accordingly.
See #38700 for issues preventing this from working for comments.
Fixes#38975.
git-svn-id: https://develop.svn.wordpress.org/trunk@39371 602fd350-edb4-49c9-b593-d223f7449a82
Fixes typo in args passed to `get_term_link()` which caused a fatal error due to this call returning a `WP_Error` which was set to `url`. Also fixes never-satisfiable condition for obtaining post type archive URL. Also ensures that `WP_Error` never leaks through as `url` by setting it to an empty string. Adds missing unit tests.
Amends [38991].
See #38114.
Fixes#38945.
git-svn-id: https://develop.svn.wordpress.org/trunk@39365 602fd350-edb4-49c9-b593-d223f7449a82
* Moves logic from `WP_Customize_Custom_CSS_Setting::update()` into a re-usable `wp_update_custom_css_post()` function, useful for future REST API endpoint, WP-CLI command, or plugin migrations.
* Renames `customize_update_custom_css_post_content_args` filter to `update_custom_css_data` and improves the naming of the parameters. Instead of passing `post_content` and `post_content_filtered` the filtered array now contains `css` and `preprocessed` respectively.
* The second context param for the `update_custom_css_data` filter is now an array of the original args passed to `wp_update_custom_css_post()` and there is now no more `$setting` arg since it isn't necessarily being called in the customizer context.
Props westonruter, georgestephanis.
See #35395.
Fixes#38672.
git-svn-id: https://develop.svn.wordpress.org/trunk@39350 602fd350-edb4-49c9-b593-d223f7449a82
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.
As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.
props westonruter, helen, flixos90.
fixes#38615.
git-svn-id: https://develop.svn.wordpress.org/trunk@39346 602fd350-edb4-49c9-b593-d223f7449a82
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.
Props lucasstark, swissspidy.
Fixes#38877.
git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.
Props jnylen0, rachelbaker.
Fixes#38886.
git-svn-id: https://develop.svn.wordpress.org/trunk@39337 602fd350-edb4-49c9-b593-d223f7449a82
* Strip out `customize_messenger_channel` from preview window URL when not contained in iframe.
* Allow interacting with unpreviewable links and forms when previewing customized state on frontend.
See #30937.
Fixes#38867.
git-svn-id: https://develop.svn.wordpress.org/trunk@39332 602fd350-edb4-49c9-b593-d223f7449a82
Previously, if no translation files exist for a text domain, `_load_textdomain_just_in_time()` went through the entire process each time it was called. This results in an increased call to `get_locale()` and its `locale` filter.
This change splits the logic into `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()`. The former, which is used by `_load_textdomain_just_in_time()`, caches the result of the latter. It also removes some non-working code from `WP_Locale_Switcher::load_translations()`.
Props jrf, swissspidy, sharkomatic, ocean90.
Fixes#37997.
git-svn-id: https://develop.svn.wordpress.org/trunk@39330 602fd350-edb4-49c9-b593-d223f7449a82
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.
Props tharsheblows, joehoyle.
Fixes#38786.
git-svn-id: https://develop.svn.wordpress.org/trunk@39328 602fd350-edb4-49c9-b593-d223f7449a82
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.
Props helen, rachelbaker, joehoyle.
Fixes#38855.
git-svn-id: https://develop.svn.wordpress.org/trunk@39327 602fd350-edb4-49c9-b593-d223f7449a82
Check setting existence and authorization via `WP_Customize_Manager::validate_setting_values()` even for `null` values to account for custom params being added to settings, preventing failures from being silently ignored.
See #38705, #30937.
Fixes#38865.
git-svn-id: https://develop.svn.wordpress.org/trunk@39320 602fd350-edb4-49c9-b593-d223f7449a82
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.
Props dd32, rachelbaker, joehoyle.
Fixes#38819.
git-svn-id: https://develop.svn.wordpress.org/trunk@39302 602fd350-edb4-49c9-b593-d223f7449a82
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.
Props dd32, schlessera, danielbachhuber.
Fixes#38818.
git-svn-id: https://develop.svn.wordpress.org/trunk@39296 602fd350-edb4-49c9-b593-d223f7449a82
With a few tests for getting / creating comments to reflect core behaviour.
Props timmyc.
git-svn-id: https://develop.svn.wordpress.org/trunk@39295 602fd350-edb4-49c9-b593-d223f7449a82
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.
Props dd32, danielbachhuber.
Fixes#38821.
git-svn-id: https://develop.svn.wordpress.org/trunk@39292 602fd350-edb4-49c9-b593-d223f7449a82
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.
Props dd32, boonebgorges, rachelbaker.
Fixes#38820.
git-svn-id: https://develop.svn.wordpress.org/trunk@39290 602fd350-edb4-49c9-b593-d223f7449a82
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.
Props dd32, jnylen0, rachelbaker.
Fixes#38816.
git-svn-id: https://develop.svn.wordpress.org/trunk@39288 602fd350-edb4-49c9-b593-d223f7449a82
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.
Props dd32, jnylen0, rachelbaker.
Fixes#38817.
git-svn-id: https://develop.svn.wordpress.org/trunk@39287 602fd350-edb4-49c9-b593-d223f7449a82
The `SHOW TABLES LIKE` query can be used to search for tables that match a pattern, `wp\_123\_%`, for example. While this isn't the name of an actual table, the `wp_123_` prefix can be used by database drop-ins to direct the query correctly. This change removes the escaping and `%` modifier, to provide this usable prefix.
Props andy, pento.
Fixes#38751.
git-svn-id: https://develop.svn.wordpress.org/trunk@39275 602fd350-edb4-49c9-b593-d223f7449a82
Descendant queries should not inherit the 'offset' and 'number'
parameters of the parent query, or descendants will be missed.
Previously: [38497].
See #37696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39274 602fd350-edb4-49c9-b593-d223f7449a82
Adds a callback for determining when video headers should be displayed in themes supporting custom headers. By default, video headers are only displayed on the front page of a site.
Theme authors may set a custom callback by passing `'video-active-callback' => 'mytheme_video_active_callback'` as an argument. The default callback is `is_front_page()`.
This introduces the new function `is_header_video_active()` - returns `true` on pages that should display video headers. The return value can be filtered using the new filter of the same name.
Props flixos90, bradyvercher, peterwilsoncc, joemcgill.
Fixes#38738.
git-svn-id: https://develop.svn.wordpress.org/trunk@39240 602fd350-edb4-49c9-b593-d223f7449a82
Prevents post type templates ignoring post types due to invalid characters. Each entry in the `Template Post Type` comment is run through `sanitize_key()` to match the sanitisation used by `register_post_type()`.
Fixes#38766.
git-svn-id: https://develop.svn.wordpress.org/trunk@39236 602fd350-edb4-49c9-b593-d223f7449a82
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.
Fixes#38531.
Props rachelbaker, tharsheblows.
git-svn-id: https://develop.svn.wordpress.org/trunk@39222 602fd350-edb4-49c9-b593-d223f7449a82
* Add `customize_value_custom_css` filter to `WP_Customize_Custom_CSS::value()` method.
* Introduce `customize_update_custom_css_post_content_args` filter in `WP_Customize_Custom_CSS::update()` method.
* Make clear that `wp_get_custom_css()` and `wp_get_custom_css` filter are specifically for obtaining the value to render/display. Eliminate use of `wp_get_custom_css()` when getting the setting value. Use the underlying `post_value` directly when `is_previewed`.
* Move anonymous functions handing JS previewing for `custom_logo`, `custom_css`, and `background` into named functions on the `wp.customize.settingPreviewHandlers` to allow plugins to override/extend preview logic.
* Update `_custom_background_cb` to always print a `style` tag wen in the customizer preview, and update background preview logic to replace existing style element instead of appending a new style to the head so that background changes don't unexpectedly override any Custom CSS in the preview's stylesheet cascade.
Props westonruter, georgestephanis.
See #22058.
Fixes#38672.
git-svn-id: https://develop.svn.wordpress.org/trunk@39209 602fd350-edb4-49c9-b593-d223f7449a82
For all resources in the REST API, sending partial updates is supported. This fixes needing to _always_ specify comment content.
Props jnylen.
Fixes#38720.
git-svn-id: https://develop.svn.wordpress.org/trunk@39196 602fd350-edb4-49c9-b593-d223f7449a82
Though we have the `_links.collection` available, having this value can be useful to know post type / taxonomy urls if you need to build them another way.
Props youknowriad, jnylen0.
Fixes#38607.
git-svn-id: https://develop.svn.wordpress.org/trunk@39191 602fd350-edb4-49c9-b593-d223f7449a82
Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
git-svn-id: https://develop.svn.wordpress.org/trunk@39181 602fd350-edb4-49c9-b593-d223f7449a82
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
git-svn-id: https://develop.svn.wordpress.org/trunk@39179 602fd350-edb4-49c9-b593-d223f7449a82
`add_user_to_blog()` is now called, ensuring the correct hooks are called, along with setting the primary blog and clearing relevant caches.
Props jeremyfelt.
Fixes#38526.
git-svn-id: https://develop.svn.wordpress.org/trunk@39177 602fd350-edb4-49c9-b593-d223f7449a82
[39168] introduced a new theme to the tests, but it wasn't taken into account in Tests_Theme_ThemeDir::test_theme_list.
See #38696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39170 602fd350-edb4-49c9-b593-d223f7449a82
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
git-svn-id: https://develop.svn.wordpress.org/trunk@39169 602fd350-edb4-49c9-b593-d223f7449a82
After [38951] added support for post type templates beyond pages, this fixes an issue where an empty meta box would be shown when using child themes.
Fixes#38696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39168 602fd350-edb4-49c9-b593-d223f7449a82
This filter was originally introduced in https://github.com/WP-API/WP-API/pull/2535 to support Customizer Changesets (née Transactions). This is a super broad filter and doesn't really fit with the design of the API, nor is it (arguably) the right level to do this.
Props rmccue.
Fixes#38701.
git-svn-id: https://develop.svn.wordpress.org/trunk@39161 602fd350-edb4-49c9-b593-d223f7449a82
The regular comments API requires 6 characters rather than 3, so we need to match this.
Props mangeshp, dd32.
Fixes#38506.
git-svn-id: https://develop.svn.wordpress.org/trunk@39158 602fd350-edb4-49c9-b593-d223f7449a82
Introduced in [39155], but not necessary for the slashing tests. These fail on 5.3, which encodes the emoji as HTML entities.
Props dd32.
See #38609.
git-svn-id: https://develop.svn.wordpress.org/trunk@39156 602fd350-edb4-49c9-b593-d223f7449a82
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.
Props jnylen0.
Fixes#38609.
git-svn-id: https://develop.svn.wordpress.org/trunk@39155 602fd350-edb4-49c9-b593-d223f7449a82
Just like excerpt and content for regular posts, these have transformations applied that can make the content significantly different from the raw value.
Props jnylen0.
Fixes#38679.
git-svn-id: https://develop.svn.wordpress.org/trunk@39154 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_Customize_Custom_CSS_Setting::value()` method now returns the `default` if `wp_get_custom_css()` returns empty.
Props westonruter, afercia, helen.
See #35395.
Fixes#38685.
git-svn-id: https://develop.svn.wordpress.org/trunk@39151 602fd350-edb4-49c9-b593-d223f7449a82
This is a great goal for core, and is close, but it is not in shape to be shipped for 4.7 and there is not enough time left in the development cycle to alter and polish sufficiently. There are bugs, but more than that, there are more fundamental questions around the use of existing UI, general UX, and how findable themes are (not) on the .org side.
see #37661.
git-svn-id: https://develop.svn.wordpress.org/trunk@39140 602fd350-edb4-49c9-b593-d223f7449a82
When there are many post types registered, prevent Ajax requests from piling up and slamming WordPress with concurrent requests.
Props curdin, westonruter.
Fixes#36697.
git-svn-id: https://develop.svn.wordpress.org/trunk@39137 602fd350-edb4-49c9-b593-d223f7449a82
Leverages `get_user_locale()` in `load_*_textdomain()` and `_load_textdomain_just_in_time()` to always load translations in the user's language when in the admin.
This re-introduces [39069], but now with additional tests and a `function_exists( 'wp_get_current_user' )` check in `get_user_locale()` in case it gets used early.
Props swissspidy, ocean90.
Fixes#38485.
git-svn-id: https://develop.svn.wordpress.org/trunk@39127 602fd350-edb4-49c9-b593-d223f7449a82
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
git-svn-id: https://develop.svn.wordpress.org/trunk@39126 602fd350-edb4-49c9-b593-d223f7449a82
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.
Props rmccue.
Fixes#38547.
git-svn-id: https://develop.svn.wordpress.org/trunk@39109 602fd350-edb4-49c9-b593-d223f7449a82
Multiple post statuses can be specified by the usual CSV or array-propper format.
Props jnylen0, kadamwhite, websupporter.
Fixes#38420.
git-svn-id: https://develop.svn.wordpress.org/trunk@39104 602fd350-edb4-49c9-b593-d223f7449a82
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
git-svn-id: https://develop.svn.wordpress.org/trunk@39101 602fd350-edb4-49c9-b593-d223f7449a82
Add the taxonomies for a post type to the `/wp/v2/types` endpoint, so clients know which taxonomies are available for which post types.
Props danielbachhuber.
Fixes#38438, #38631.
git-svn-id: https://develop.svn.wordpress.org/trunk@39097 602fd350-edb4-49c9-b593-d223f7449a82
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.
Props pento.
Fixes#38521 (hopefully).
git-svn-id: https://develop.svn.wordpress.org/trunk@39092 602fd350-edb4-49c9-b593-d223f7449a82
The now deprecated `WP_Roles::reinit()` method was trying to call `__deprecated_function()`, instead of `_deprecated_function()`.
See 23016.
git-svn-id: https://develop.svn.wordpress.org/trunk@39088 602fd350-edb4-49c9-b593-d223f7449a82
`array_merge()` incorrectly reindexes numeric parameters, causing things like `{"123": true}` to be "dropped".
Props sswells, joehoyle.
Fixes#38306.
git-svn-id: https://develop.svn.wordpress.org/trunk@39087 602fd350-edb4-49c9-b593-d223f7449a82
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.
props Kau-Boy, stephenharris.
fixes#35598.
git-svn-id: https://develop.svn.wordpress.org/trunk@39086 602fd350-edb4-49c9-b593-d223f7449a82
This is a re-commit of [38980], which was reverted in [38990].
Props youknowriad, jnylen0, pento.
Fixes#38521.
git-svn-id: https://develop.svn.wordpress.org/trunk@39085 602fd350-edb4-49c9-b593-d223f7449a82
While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema.
Props danielbachhuber.
Fixes#38610.
git-svn-id: https://develop.svn.wordpress.org/trunk@39084 602fd350-edb4-49c9-b593-d223f7449a82
Historically, it's been difficult to extend user roles, but reasonable to work around by waiting until after `init` has fired, to add custom roles and capabilities. With the addition of Locale Switching, Core now potentially loads roles before `init` has fired, leaving a window where custom roles and capabilities are not handled.
The new filter allows plugins to add their own custom roles whenever they're initialised (on page load, or when switching sites, for example), so that they can always be obeyed.
`WP_Roles` has also been tidied up a little bit, to remove duplicate code.
Props johnjamesjacoby, pento.
Fixes#23016.
git-svn-id: https://develop.svn.wordpress.org/trunk@39082 602fd350-edb4-49c9-b593-d223f7449a82
`test_default_theme_in_default_theme_list()` was always being skipped after #31550, this causes it to once again check that the unit tests are up to date and include the latest default theme.
`test_default_themes_have_textdomain()` didn't play happy when a default theme wasn't installed on a site.
See #31550, #29925, #38551.
git-svn-id: https://develop.svn.wordpress.org/trunk@39065 602fd350-edb4-49c9-b593-d223f7449a82
This partially reverts [35738], which has shown to provide a bad user experience for users seeking to experiment with TwentySeventeen.
This will result in TwentySixteen being installed in addition to TwentySeventeen.
See #38551.
git-svn-id: https://develop.svn.wordpress.org/trunk@39064 602fd350-edb4-49c9-b593-d223f7449a82
Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.
Props ajoah, johnbillion, peterwilsoncc
Fixes#38293
git-svn-id: https://develop.svn.wordpress.org/trunk@39062 602fd350-edb4-49c9-b593-d223f7449a82
In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.
See #38586.
git-svn-id: https://develop.svn.wordpress.org/trunk@39061 602fd350-edb4-49c9-b593-d223f7449a82
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.
Props flixos90.
Fixes#38393.
git-svn-id: https://develop.svn.wordpress.org/trunk@39058 602fd350-edb4-49c9-b593-d223f7449a82
After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests.
Props jnylen0.
Fixes#38557.
git-svn-id: https://develop.svn.wordpress.org/trunk@39056 602fd350-edb4-49c9-b593-d223f7449a82
[39048] added CSV support to array types, this change explicitly parses term lists as IDs, and adds tests.
Props timmydcrawford, pento.
Fixes#38553.
git-svn-id: https://develop.svn.wordpress.org/trunk@39055 602fd350-edb4-49c9-b593-d223f7449a82
The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.
Props jnylen0.
Fixes#38582.
git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
This prevents `wp_die()` being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.
Props markoheijnen, websupporter.
Fixes#14452, #38466.
See #36901
git-svn-id: https://develop.svn.wordpress.org/trunk@39045 602fd350-edb4-49c9-b593-d223f7449a82
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
git-svn-id: https://develop.svn.wordpress.org/trunk@39038 602fd350-edb4-49c9-b593-d223f7449a82
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
git-svn-id: https://develop.svn.wordpress.org/trunk@39005 602fd350-edb4-49c9-b593-d223f7449a82
A `null` value is returned in the response for any option that has a non-scalar value.
To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.
Props joehoyle, rachelbaker.
Fixes#38527.
git-svn-id: https://develop.svn.wordpress.org/trunk@38982 602fd350-edb4-49c9-b593-d223f7449a82
If WPDB needs to bail early, it loads the translations, which need to load the locale. Without WPDB, we can't get any database options, so can only rely on what's been loaded so far.
Fixes#29783.
git-svn-id: https://develop.svn.wordpress.org/trunk@38976 602fd350-edb4-49c9-b593-d223f7449a82
As sparrows' tears shed steadily
Make widest rivers filled,
`setUp()` routines run prodig'ly
Add minutes to a build.
So cull ye fixtures profligate!
Direct thine frugal gaze!
Our savings here - a half-minute -
When multiplied: Amaze!
See #30017.
git-svn-id: https://develop.svn.wordpress.org/trunk@38975 602fd350-edb4-49c9-b593-d223f7449a82
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.
Fixes#38504.
git-svn-id: https://develop.svn.wordpress.org/trunk@38974 602fd350-edb4-49c9-b593-d223f7449a82
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.
Props websupporter, rachelbaker.
Fixes#38378.
git-svn-id: https://develop.svn.wordpress.org/trunk@38968 602fd350-edb4-49c9-b593-d223f7449a82
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.
This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.
`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).
Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes#26511.
git-svn-id: https://develop.svn.wordpress.org/trunk@38961 602fd350-edb4-49c9-b593-d223f7449a82
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages.
While this feature is very helpful, it has always been limited to the 'page' post type and not was not available to other post types.
By opening up the page template functionality to all post types, we continue to improve the template hierarchy's flexibility.
In addition to the `Template Name` file header, the post types supported by a template can be specified using `Template Post Type: post, foo, bar`.
When at least one template exists for a post type, the 'Post Attributes' meta box will be displayed in the back end, without the need to add post type support for `'page-attributes'`. 'Post Attributes' can be customized per post type using the `'attributes'` label when registering a post type.
Props johnbillion, Mte90, dipesh.kakadiya, swissspidy.
Fixes#18375.
git-svn-id: https://develop.svn.wordpress.org/trunk@38951 602fd350-edb4-49c9-b593-d223f7449a82
When support for PDFs is available, on upload,
render 'Thumbnail', 'Medium', 'Large', and 'Full' sizes of
the first page, and save them in attachment meta.
Use these renders within Add Media, Media Gallery and List views,
Attachment Details, Post/Attachment Edit screens, and Attachment pages.
Support available by default via Imagick -> ImageMagick -> Ghostscript,
but can be provided by any `WP_Image_Editor` that supports PDFs.
Props adamsilverstein, azaozz, celloexpressions, desrosj, dglingren, ericlewis, ipstenu, joemcgill, joyously, markoheijnen, melchoyce, mikeschroder, tomauger.
Fixes#31050.
git-svn-id: https://develop.svn.wordpress.org/trunk@38949 602fd350-edb4-49c9-b593-d223f7449a82
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.
Props jorbin, pento.
Fixes#38446.
git-svn-id: https://develop.svn.wordpress.org/trunk@38947 602fd350-edb4-49c9-b593-d223f7449a82
Like its predecessor (`sanitize_text_field()`), `sanitize_textarea_field()` is a helper function to sanitise user input. As the name suggests, this function is for sanitising input from `textarea` fields - it strips tags and invalid UTF-8 characters, like `sanitize_text_field()`, but retains newlines and extra inline whitespace.
Props ottok, nbachiyski, chriscct7, pento.
Fixes#32257.
git-svn-id: https://develop.svn.wordpress.org/trunk@38944 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a bug where the boolean parameter `hide_empty` was not being properly sanitized in the Terms controller.
Props websupporter.
Fixes#38465.
git-svn-id: https://develop.svn.wordpress.org/trunk@38942 602fd350-edb4-49c9-b593-d223f7449a82
When a site is using a static front page, and that page is in a menu, it isn't given the CSS class `menu-item-home`, contrary to the developer documentation.
An incorrect solution was originally added in [35272], and is now gone. Let us never speak of it again.
Props mdgl, adamsilverstein, welcher, pento.
Fixes#35272.
git-svn-id: https://develop.svn.wordpress.org/trunk@38940 602fd350-edb4-49c9-b593-d223f7449a82
Remaining tests either rely on the `blog-details` cache key or test `get_blog_details()` itself.
Props flixos90.
Fixes#38497.
git-svn-id: https://develop.svn.wordpress.org/trunk@38935 602fd350-edb4-49c9-b593-d223f7449a82
In addition to `wp_list_filter()` for filtering a list of objects, and `wp_list_pluck()` for plucking a certain field out of each object in a list, this new function can be used for sorting a list of objects by specific fields. These functions are now all contained within the new `WP_List_Util()` class and `wp_list_sort()` is used in various parts of core for sorting lists.
This was previously committed in [38859] but got reverted in [38862] and [38863]. To fix the previous issues, `wp_list_sort()` supports now an additional argument to preserve array keys via `uasort()`.
Props flixos90, DrewAPicture, jorbin.
Fixes#37128.
git-svn-id: https://develop.svn.wordpress.org/trunk@38928 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value. Example: a request for the comments feed for a site without any comments.
Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API. The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.
Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes#38027.
git-svn-id: https://develop.svn.wordpress.org/trunk@38925 602fd350-edb4-49c9-b593-d223f7449a82
Previously, if an invalid post status was assigned to a media object, the object would be returned with an unchanged status. After [38911], an error response is returned.
The assertion in test_get_items_invalid_status_param_is_discarded() needs to be updated to account for the expected error response. The test name has been changed to `test_get_items_invalid_status_param_is_error_response()`.
Fixes#38417.
git-svn-id: https://develop.svn.wordpress.org/trunk@38917 602fd350-edb4-49c9-b593-d223f7449a82
Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function.
Fixes#38417.
git-svn-id: https://develop.svn.wordpress.org/trunk@38911 602fd350-edb4-49c9-b593-d223f7449a82
Add a `default` argument to `register_setting` that will be used an the default option value viet `get_option()` in the event of no other option being specified. This means (if chosen) developers can define their default once via `register_option` and not have to duplicate the value every time they make a call to `get_option()`.
Props rmccue, jorbin, jtsternberg.
Fixes#38176.
git-svn-id: https://develop.svn.wordpress.org/trunk@38910 602fd350-edb4-49c9-b593-d223f7449a82
`WP_DEFAULT_THEME` was being defined in the wrong location.
Also, if WordPress has the original "default" theme installed, ensure that our test theme overrides it.
Props swissspidy for daring to dive into Themes of WordPress Past.
See #31550, #38457.
git-svn-id: https://develop.svn.wordpress.org/trunk@38908 602fd350-edb4-49c9-b593-d223f7449a82
This functionality was originally added in [38858], using `symlink()` to put a link to the theme in WordPress' `themes` directory. Unfortunately, not all installs have write access to the `themes` directory, causing unit tests to fail.
The new method is to add the test theme directory to `$wp_theme_directories`, and fix the handful of tests that don't expect `$wp_theme_directories` to have multiple entries.
The test install/bootstrap routines now also check that `WP_DEFAULT_THEME` is defined, in case the tests are being run on a system that hasn't upgraded its' `wp-tests-config.php`.
See #31550.
Fixes#38457.
git-svn-id: https://develop.svn.wordpress.org/trunk@38907 602fd350-edb4-49c9-b593-d223f7449a82
This ability was previously added to nav menus via the available page items panel. The "Add New Page" button only appears when the `allow_addition` control param is supplied as `true`. Code is adapted from the Customize Posts feature plugin.
Props celloexpressions, westonruter.
See #38013, #34923.
Fixes#38164.
git-svn-id: https://develop.svn.wordpress.org/trunk@38906 602fd350-edb4-49c9-b593-d223f7449a82
An empty string causes some browsers to use the current URL as the `href`. When using `history.replaceState()` Chrome will re-fetch the favicon with each call, meaning that `customize.php` gets hit with wasted requests which tax the server.
Fixes#38377.
git-svn-id: https://develop.svn.wordpress.org/trunk@38901 602fd350-edb4-49c9-b593-d223f7449a82
With the new `strip_shortcodes_tagnames` filter you can specify which shortcodes are stripped by `strip_shortcodes()`. The default is all registered shortcodes.
Props DylanAuty, orvils, swissspidy.
Fixes#37767.
git-svn-id: https://develop.svn.wordpress.org/trunk@38877 602fd350-edb4-49c9-b593-d223f7449a82
As of WordPress 4.3 the `wp_new_comment()` function has been updated to allow the comment_agent value to be set when a comment is created. The comments API endpoint now allows the comment author's user agent to be set when creating a comment.
Also, the `readonly` property on the `author_user_agent` parameter in the schema was removed.
Props rabmalin for the initial patch.
Fixes#38425.
git-svn-id: https://develop.svn.wordpress.org/trunk@38864 602fd350-edb4-49c9-b593-d223f7449a82
All users can edit their own profile, as this ability is not linked to an explicit capability. Technically, it should map to the `exist` capability, which will be addressed at a later date.
See #31518
git-svn-id: https://develop.svn.wordpress.org/trunk@38860 602fd350-edb4-49c9-b593-d223f7449a82
In addition to `wp_list_filter()` for filtering a list of objects, and `wp_list_pluck()` for plucking a certain field out of each object in a list, this new function can be used for sorting a list of objects by specific fields. These functions are now all contained within the new `WP_List_Util()` class and `wp_list_sort()` is used in various parts of core for sorting lists.
Props flixos90, DrewAPicture, jorbin.
Fixes#37128.
git-svn-id: https://develop.svn.wordpress.org/trunk@38859 602fd350-edb4-49c9-b593-d223f7449a82
New default themes require workarounds being added to several unit tests, as they often alter default WordPress behaviour. To avoid ongoing maintenance issues, this change switches to a minimal theme when running tests.
This change also removes the old workarounds for default themes.
Fixes#31550.
git-svn-id: https://develop.svn.wordpress.org/trunk@38858 602fd350-edb4-49c9-b593-d223f7449a82
This removes the use of several `global $wpdb` instances, as well as bringing the ping functions into line with other post-related functions, which will accept a post ID or `WP_Post` object.
Props dshanke.
Fixes#38202.
git-svn-id: https://develop.svn.wordpress.org/trunk@38852 602fd350-edb4-49c9-b593-d223f7449a82
This was previously fixed in [38837], but it wasn't really the correct answer, to fix it in the theme. So, [38837] is reverted in this commit, and the Twenty Seventeen actions causing problems are unhooked before tests are run.
See #38372.
git-svn-id: https://develop.svn.wordpress.org/trunk@38850 602fd350-edb4-49c9-b593-d223f7449a82
[38792] allowed `WP_Query`'s hyphen-as-exclusion-prefix feature to be
disabled via filter. A more general solution is to allow the prefix to
be filtered; returning an empty value from a filter callback works to
disable the feature.
Props dlh.
Fixes#38099.
git-svn-id: https://develop.svn.wordpress.org/trunk@38844 602fd350-edb4-49c9-b593-d223f7449a82
There are some tests who's outcome can be affected by the default theme, so we need to ensure the Twenty Seventeen functionality is unhooked while the tests are running.
See #38372.
git-svn-id: https://develop.svn.wordpress.org/trunk@38842 602fd350-edb4-49c9-b593-d223f7449a82
This reverts [38454] along with its follow-up commits, [38512], [38514], and [38692]. These tests are currently not pass
ing, and maybe they never will. The tests are in a group which does not run by default without a flag, making them quest
ionably useful.
We can re-visit this at a later date.
See #32360
git-svn-id: https://develop.svn.wordpress.org/trunk@38840 602fd350-edb4-49c9-b593-d223f7449a82
There are some tests who's outcome can be affected by the default theme, so we need to ensure the Twenty Seventeen functionality is unhooked while the tests are running.
See #38372.
git-svn-id: https://develop.svn.wordpress.org/trunk@38838 602fd350-edb4-49c9-b593-d223f7449a82
- Fix leak in setup_notify_comment() test help by removing the comment_flood_filter.
- Correct uses of $term_taxonomy_id -> $term_id in Category and Tags routing.
- Temporarily remove the metadata tests for canola.jpg as that file does not have an exifdata. Will need to update the test.
Props jorbin, rmccue, nacin
See #38373.
git-svn-id: https://develop.svn.wordpress.org/trunk@38834 602fd350-edb4-49c9-b593-d223f7449a82
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes#38373.
git-svn-id: https://develop.svn.wordpress.org/trunk@38832 602fd350-edb4-49c9-b593-d223f7449a82
Use an inactive core theme for previewing theme switch instead of assuming `twentysixteen` is installed and active and `twentyfifteen` is not.
See #30937.
git-svn-id: https://develop.svn.wordpress.org/trunk@38830 602fd350-edb4-49c9-b593-d223f7449a82
* Custom CSS is associated with a given theme and is displayed in an inline `style` element at the `wp_head` hook after the `wp_print_styles` is called so that it overrides any enqueued stylesheets.
* A `wp_get_custom_css()` function is used for accessing the CSS associated with the current theme (or another theme) and a `wp_get_custom_css` filter for manipulating it.
* CSS is managed in customizer via a new "Additional CSS" section with a single `textarea` control.
* `WP_Customize_Section::$description_hidden` is introduced for hiding extended descriptions in customizer sections behind a help toggle as done with panels.
* CSS is stored in a `custom_css` post type with the theme (stylesheet) slug as the `post_name`.
* `WP_Customize_Custom_CSS_Setting` is introduced to handle validation of CSS, previewing, and persisting the CSS to the `custom_css` post type.
* The `custom_css` setting is tied to a new `unfiltered_css` capability which maps to `unfiltered_html` by default.
* Escaping the message in the notification template is removed to allow markup (`code` tags) to be rendered.
See https://make.wordpress.org/core/2016/10/11/feature-proposal-better-theme-customizations-via-custom-css-with-live-previews/
Props johnregan3, celloexpressions, folletto, westonruter.
Fixes#35395.
git-svn-id: https://develop.svn.wordpress.org/trunk@38829 602fd350-edb4-49c9-b593-d223f7449a82
[37920] introduced resource hints that allow browsers to prefetch specific pages or render them in the background. With this change, the `as`, `crossorigin`, `pr`, and `type` attributes can be passed in addition to the URLs/hosts.
Props peterwilsoncc, swissspidy.
Fixes#38121.
git-svn-id: https://develop.svn.wordpress.org/trunk@38826 602fd350-edb4-49c9-b593-d223f7449a82
This removes the fallbacks in `wp_get_attachment_image()` and in
`wp.media.string.props` which attempt to generate an `alt` value
from the image caption or title if an `alt` attribute isn't explicitly
set.
This allows for image HTML to be generated that contains an empty `alt`
value, i.e., `alt=""` which is much preferable for screen readers than
reading redundant content in the case of a caption, or when reading the
image title, which is often generated from the filename and not helpful
as `alt` text.
Props odie2, joedolson, rianrietveld, afercia, iamjolly, joemcgill.
Fixes#34635.
git-svn-id: https://develop.svn.wordpress.org/trunk@38812 602fd350-edb4-49c9-b593-d223f7449a82
Since there's no difference between using `date()` and `gmdate()` in WordPress, we can simply use the former in `date_i18n()` to reduce its complexity.
Adds tests.
Props jdgrimes for initial patch.
Fixes#37910.
git-svn-id: https://develop.svn.wordpress.org/trunk@38804 602fd350-edb4-49c9-b593-d223f7449a82
WordPress 4.4 introduced "hyphen exclusion" for search terms, so that
"foo -bar" would return posts containing "foo" AND not containing "bar".
The new filter 'wp_query_use_hyphen_for_exclusion' allows developers
to disable this feature when it's known that their content will contain
semantically important leading hyphens.
Props chriseverson, choongsavvii.
Fixes#38099.
git-svn-id: https://develop.svn.wordpress.org/trunk@38792 602fd350-edb4-49c9-b593-d223f7449a82
Support the index-style permalinks (http://example.com/index.php/postName) when registering the REST API rewrite rules and within the `get_rest_url()` function. This allows sites that do not have mod_rewrite support to have almost pretty urls and have access to their REST API endpoints.
Props kraftbj.
Fixes#38182.
git-svn-id: https://develop.svn.wordpress.org/trunk@38790 602fd350-edb4-49c9-b593-d223f7449a82
Adjusts `get_custom_logo()`, `get_site_icon_url()`, and `has_custom_logo()` so that when called in a switched state, the original switched stack is not adjusted.
Props achbed, flixos90.
Fixes#38253.
git-svn-id: https://develop.svn.wordpress.org/trunk@38786 602fd350-edb4-49c9-b593-d223f7449a82
This function was originally introduced to fix an XSS attack in Netscape 4, which never affected any other browsers, or later versions of Netscape.
I'm willing to go out on a limb, and say that we've officially dropped security support for Netscape 4.
Props dmsnell, desrosj.
Fixes#33848.
git-svn-id: https://develop.svn.wordpress.org/trunk@38785 602fd350-edb4-49c9-b593-d223f7449a82
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes#36901.
git-svn-id: https://develop.svn.wordpress.org/trunk@38778 602fd350-edb4-49c9-b593-d223f7449a82
Since [37573], `get_object_term_cache()` has expected term IDs to be
stored in the taxonomy relationship cache. The function would then
reach directly into the 'terms' cache to fetch the data corresponding
to a given term, before returning a `WP_Term` object. This caused
problems when, for one reason or another, term data was cached
inconsistently:
* If the 'terms' cache is empty for a given term ID, despite the earlier call to `_prime_term_caches()`, `get_term()` would return an error object.
* If the array of cached term IDs contains an invalid ID, `get_term()` would return an error object.
We avoid these errors by no longer touching the 'terms' cache directly,
but running term IDs through `get_term()` and allowing that function to
reference the cache (and database, as needed). If `get_term()` returns
an error object for any of the cached term IDs, `get_object_term_cache()`
will return that error object alone. This change ensures that upstream
functions, like `get_the_terms()`, return `WP_Error` objects in a
predictable fashion.
Props dd32, michalzuber.
Fixes#37291.
git-svn-id: https://develop.svn.wordpress.org/trunk@38776 602fd350-edb4-49c9-b593-d223f7449a82
Hiding the `$wpdb` global behind a property decreases the readability of the code, as well as causing irrelevant output when dumping an object.
Reverts [38275], [38278], [38279], [38280], [38387].
See #37699.
git-svn-id: https://develop.svn.wordpress.org/trunk@38768 602fd350-edb4-49c9-b593-d223f7449a82
Although unlikely, clashes in randomly generated strings could cause unexpected failures. In addition, most randomness is entirely unnecessary, is bad practice, and increases test time (however small it may be).
See #37371
git-svn-id: https://develop.svn.wordpress.org/trunk@38762 602fd350-edb4-49c9-b593-d223f7449a82
The position of this template within the hierarchy is of so little use that zero themes in the WordPress.org theme directory make use of it. It's second only to `index.php` in the hierarchy, meaning that any archive template such as `category.php` or `archive.php` will be chosen before it.
Fixes#38162
Props ryankienstra for initial patch
git-svn-id: https://develop.svn.wordpress.org/trunk@38755 602fd350-edb4-49c9-b593-d223f7449a82
This changes the global `$wp_taxonomies` to an array of `WP_Taxonomy ` objects. `WP_Taxonomy ` includes methods to handle rewrite rules and hooks.
Each taxonomy argument becomes a property of `WP_Taxonomy`. Introducing such a class makes further improvements in the future much more feasible.
Props boonebgorges for review.
Fixes#36224. See #36217.
git-svn-id: https://develop.svn.wordpress.org/trunk@38747 602fd350-edb4-49c9-b593-d223f7449a82
Trashed posts cannot be accessed by site visitors and thus should not be visible on the front end. By marking menu items of trashed posts as invalid, they are excluded from the output.
Props solarissmoke, swissspidy.
Fixes#19038.
git-svn-id: https://develop.svn.wordpress.org/trunk@38744 602fd350-edb4-49c9-b593-d223f7449a82
Use the value of the `comment_order` setting to determine the date_query key to pass to `WP_Comment_Query`.
Fixes a bug where sites that had comments ordered "newest" first would have the incorrect page number returned.
Props tyxla, boonebgorges.
Fixes#31101.
git-svn-id: https://develop.svn.wordpress.org/trunk@38740 602fd350-edb4-49c9-b593-d223f7449a82
When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`. This allows authenticated users that have changed their email address to bypass having their comment held for moderation.
Props voldemortensen, rachelbaker.
Fixes#28603.
git-svn-id: https://develop.svn.wordpress.org/trunk@38738 602fd350-edb4-49c9-b593-d223f7449a82
Following [38625], any media searches that already included JOINs,
e.g., `tax_queries`, would get trampled when we joined the post meta
table to search for filenames. This preserves existing JOINs and
also only applies the `_filter_query_attachment_filenames()` filter
when a search query is being performed.
Props flixos90, joemcgill.
Fixes#22744.
git-svn-id: https://develop.svn.wordpress.org/trunk@38733 602fd350-edb4-49c9-b593-d223f7449a82
[38694] revealed some URL formats were been parsed incorrectly, including those used by Google Fonts. This change simplifies the function to use placeholder values which cause PHP's parsing to behave consistently.
Props jrf, peterwilsoncc.
Fixes#36356.
git-svn-id: https://develop.svn.wordpress.org/trunk@38726 602fd350-edb4-49c9-b593-d223f7449a82
New parameters are: `login`, `login__in`, `login__not_in`, `nicename`,
`nicename__in`, `nicename__not_in`.
`login__in` and `nicename__in` are also now valid values for the
'orderby' parameter.
Props ryanplas.
Fixes#36624.
git-svn-id: https://develop.svn.wordpress.org/trunk@38715 602fd350-edb4-49c9-b593-d223f7449a82
The addition of the `pre_do_shortcode_tag` in [38506] allows plugins to short-circuit the shortcode execution process, which is particularly helpful for caching expensive shortcodes.
The `do_shortcode_tag` is the corresponding part of that system - when a shortcode hasn't been executed previously, there needs to be a clean method of populating the cache.
Props flixos90.
Fixes#32790.
git-svn-id: https://develop.svn.wordpress.org/trunk@38713 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a bug where the UI wasn't updated after deleting/updating a theme.
Also introduces unit tests for theme management ajax handlers. For now they're
focused on `wp_ajax_update_theme()` but they can include tests for other
handlers as well.
Props chrisjean for initial patch.
Fixes#37924.
git-svn-id: https://develop.svn.wordpress.org/trunk@38710 602fd350-edb4-49c9-b593-d223f7449a82
After [38634], this adjusts the behaviour to remove redundancy by not displaying the link if the latest posts are shown on the front page. In that scenario, the 'Visit Site' link already points to the latest posts.
Fixes#34113.
git-svn-id: https://develop.svn.wordpress.org/trunk@38708 602fd350-edb4-49c9-b593-d223f7449a82
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.
The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.
Props ocean90, ipm-frommen, swissspidy.
Fixes#29783.
git-svn-id: https://develop.svn.wordpress.org/trunk@38705 602fd350-edb4-49c9-b593-d223f7449a82
Blindly casting IDs to absolute integers in `get_metadata_by_mid()`, `update_metadata_by_mid()` and `delete_metadata_by_mid()` can cause unexpected behaviour when a floating or negative number is passed.
Fixes#37746.
git-svn-id: https://develop.svn.wordpress.org/trunk@38699 602fd350-edb4-49c9-b593-d223f7449a82
This introduces the singular `edit_term`, `delete_term`, and `assign_term` meta capabilities for terms, and switches the base capability name for tags from `manage_categories` to `manage_post_tags` and the corresponding `edit_post_tags`, `delete_post_tags`, and `assign_post_tags`.
All of these capabilities ultimately map to `manage_categories` so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The `map_meta_cap` filter and the `capabilities` argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.
Fixes#35614
Props johnjamesjacoby for feedback
git-svn-id: https://develop.svn.wordpress.org/trunk@38698 602fd350-edb4-49c9-b593-d223f7449a82
