Commit Graph

37349 Commits

Author SHA1 Message Date
Andrew Ozz
6971f7565e Plupload: minify and load plupload.js and moxie.js separately to make them easier to debug.
Props gmariani405, azaozz.
Fixes #41755.

git-svn-id: https://develop.svn.wordpress.org/trunk@41570 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 20:09:49 +00:00
Sergey Biryukov
b4e9d5a125 Media: Improve the preview of transparent images in Attachment Details modal by using CSS3 to show a checkered background.
Props powerzilly, stevepuddick.
Fixes #41948.

git-svn-id: https://develop.svn.wordpress.org/trunk@41569 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 19:56:14 +00:00
Sergey Biryukov
40d47b90cb Admin CSS: Autoprefixer for [41329].
See #39662.

git-svn-id: https://develop.svn.wordpress.org/trunk@41568 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 19:50:57 +00:00
Sergey Biryukov
c33e16661d Docs: Correct filename references in duplicate hook comments for post_password_required filter.
Props coffee2code.
Fixes #41959.

git-svn-id: https://develop.svn.wordpress.org/trunk@41567 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 18:33:11 +00:00
Sergey Biryukov
3dff531717 Help/About: Tweak Help tabs on Users screen for consistency with Posts screen.
Props bnap00, Arena94.
Fixes #40553.

git-svn-id: https://develop.svn.wordpress.org/trunk@41566 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 18:30:10 +00:00
Sergey Biryukov
fa9892a8a3 Embeds: Introduce embed_thumbnail_id filter for thumbnail image ID in the embed template.
Props ketuchetan, Dency, jontyravi, Ov3rfly.
Fixes #39759.

git-svn-id: https://develop.svn.wordpress.org/trunk@41565 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 17:34:24 +00:00
Sergey Biryukov
af90dd0682 Docs: Correct description for insert_user_meta filter.
Props milana_cap, desrosj.
Fixes #41951.

git-svn-id: https://develop.svn.wordpress.org/trunk@41564 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 13:13:41 +00:00
Sergey Biryukov
0c66c82b7c Taxonomy: Convert tag cloud in Tags meta box to a list (<ul>) for better semantics and accessibility.
An unordered list allows screen reader users to know in advance how many tags are within the list.

Props audrasjb, afercia.
Fixes #40187.

git-svn-id: https://develop.svn.wordpress.org/trunk@41563 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 11:27:44 +00:00
Sergey Biryukov
8906b0cdf9 Docs: Change $args to $r in the DocBlock for http_api_debug filter to match the variable name.
Props bor0, ronakganatra.
Fixes #41379.

git-svn-id: https://develop.svn.wordpress.org/trunk@41562 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 09:32:30 +00:00
Weston Ruter
8412ff1f44 Plugin Editor: Use include_once instead of include in plugin_sandbox_scrape() to fix unit tests broken with [41560].
See #39766.


git-svn-id: https://develop.svn.wordpress.org/trunk@41561 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 02:00:33 +00:00
Weston Ruter
f07591d1fd Plugin Editor: Improve reliability of detecting PHP fatal errors when editing an active plugin.
* Invalidate PHP opcache after file is updated to ensure `include` will ''include'' the written changes.
* Define `WP_ADMIN` when activating plugin in sandbox so plugin code targeting admin will be loaded.
* Do actions that get triggered when loading the admin to ensure plugin code runs that could cause errors on plugin editor screen (and lock out access).
* Fix ability to re-activate a plugin after editing a PHP file other than the main plugin file, and ensure PHP fatal error will be displayed in such cases.
* Consolidate duplicated code into `plugin_sandbox_scrape()` and re-use in `activate_plugin()`.
* Show an error notice instead of a success notice when a file is updated but a plugin was deactivated due to a fatal error.
* Update style of warning when editing an active plugin to be styled as an actual warning notice.

See #12423, #21622.
Fixes #39766.


git-svn-id: https://develop.svn.wordpress.org/trunk@41560 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-22 01:35:09 +00:00
Adam Silverstein
e92db998d2 Revisions: correct a timezone display issue.
When preparing the data for the revisions screen, add ' +0000' to the gmt date string before passing it thru `strtotime`.

Props biranit, nacin, buley.
Fixes #25365.


git-svn-id: https://develop.svn.wordpress.org/trunk@41559 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 23:32:25 +00:00
Weston Ruter
a91d3980df Customize: Introduce extensible code editor Customizer control for CodeMirror.
* Adds `WP_Customize_Code_Editor_Control` and `wp.customize.CodeEditorControl()`.
* Control respects user preference for syntax highlighting, showing a textarea when user opts out.
* Code editor control takes the ad hoc code for Additional CSS and makes it reusable and extensible, for Additional CSS in core and plugins to use (such as Jetpack).
* Replace `settings` arg in `wp_enqueue_code_editor()` with separate args for `codemirror`, `csslint`, `jshint`, and `htmlhint`.
* Prefix `codemirror` script and style handles with `wp-` to prevent collisions, as also the object is exported as `wp.CodeMirror` in JS.
* Reduce indent size in Customizer code editor instances and Custom HTML widget to use tab size of 2 instead of 4 to save on space.

See #12423, #38707, #35395.
Fixes #41897.


git-svn-id: https://develop.svn.wordpress.org/trunk@41558 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 23:03:06 +00:00
Adam Silverstein
7a5d0cc29b Customizer: retain aspect ration when cropping media w/ shift+click/drag.
Enforce a 1:1 ratio when holding the shift key and dragging in the image cropping tool in the customizer context.

Props melchoyce, mikeschroder.
Fixes #40211.


git-svn-id: https://develop.svn.wordpress.org/trunk@41557 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 22:44:38 +00:00
Adam Silverstein
52bdeee37d Login: Password reset - add hide icon & confirm weak password checkbox.
Extends the password features added in 4.3 to the password reset flow.

Props johnbillion, manolis09, umesh.nevase, Nikschavan.



git-svn-id: https://develop.svn.wordpress.org/trunk@41556 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 21:28:07 +00:00
Konstantin Obenland
9b7c97af26 Widgets: Improved sidebar mapping on theme switch
Builds on efforts brought forward in #17979.

This will send sidebars through three levels of mapping:

1. If both themes have only one sidebar, that gets mapped.
2. If both themes have sidebars with the same slug, they get mapped.
3. Sidebars that (even partially) match slugs from a similar kind of sidebar will get mapped.

Finally, if the theme has previously been active and we have a record of its 
sidebar configuration then, any unmapped sidebar will be restored to its 
previous state.

Props westonruter, obenland, alexvorn2, timmydcrawford.
See #39693.



git-svn-id: https://develop.svn.wordpress.org/trunk@41555 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 18:45:03 +00:00
Andrew Ozz
8436a4f117 Remove SWFUpload,
- Refactor swfupload.js to output a simple upload form, and handlers.js.
- Delete the SWFUpload plugins directory and swfupload.swf.
- Remove flash cookies "hack" from async-upload.php.

See #41752.

git-svn-id: https://develop.svn.wordpress.org/trunk@41554 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 16:34:31 +00:00
Adam Silverstein
80c424900e REST API JS Client: Improve nonce handling, refresh stale nonce on sync.
Keep the nonce used for cookie based authentication fresh by pulling in and using any new nonce supplied in the response headers.

* Enable passing nonce to init so each api/endpoint can use a unique nonce.
* Store nonce for endpoint on endpointModel.
* New model helper `nonce()` retrieves a model's routeModel nonce.
* When a response header contains a nonce that doesn't match the stored nonce, replace it.

Fixes #40422.


git-svn-id: https://develop.svn.wordpress.org/trunk@41553 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 12:57:16 +00:00
John Blackbourn
40088ea12a Multisite: Correct the docs for maybe_add_existing_user_to_blog().
See #41017


git-svn-id: https://develop.svn.wordpress.org/trunk@41552 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 12:27:30 +00:00
Sergey Biryukov
9ad6dab3db Docs: Use correct order of arguments in the DocBlock for WP_Hook::has_filter().
Props munyagu.
Fixes #41941.

git-svn-id: https://develop.svn.wordpress.org/trunk@41551 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 09:59:12 +00:00
Weston Ruter
d3c8a675ae Customize: Let media control button labels better automatically reflect the specified MIME type.
Props Christian1012, celloexpressions, westonruter.
Fixes #38796.


git-svn-id: https://develop.svn.wordpress.org/trunk@41550 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-20 21:23:51 +00:00
Weston Ruter
ebb578b2d9 Widgets: Omit attributes from an Image widget's link when they are empty.
Props subrataemfluence, Nenad Obradovic, westonruter.
See #39993.
Fixes #41919.


git-svn-id: https://develop.svn.wordpress.org/trunk@41549 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-20 19:44:13 +00:00
Sergey Biryukov
6d341ef5e5 Twenty Seventeen: Document the type of $item argument in twentyseventeen_dropdown_icon_to_menu_link() more accurately.
Props ndoublehwp.
Fixes #41923.

git-svn-id: https://develop.svn.wordpress.org/trunk@41548 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-20 18:14:13 +00:00
Weston Ruter
b7c70cad14 Widgets: Add Customizer preview support to the Category widget when navigating to a category via dropdown.
Switch to using a `form` that is submitted as opposed to making a direct JavaScript call to change the `window.location`. This ensures the Customizer is able to inject the customized state into the request.

Fixes #41671.


git-svn-id: https://develop.svn.wordpress.org/trunk@41547 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-20 03:15:19 +00:00
Dominik Schilling (ocean90)
187f352e9d Taxonomy/Users: Use correct escaping function for URLs.
git-svn-id: https://develop.svn.wordpress.org/trunk@41522 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 21:13:32 +00:00
Aaron D. Campbell
e95dc5a26f Database: Hardening to bring wpdb::prepare() inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.



git-svn-id: https://develop.svn.wordpress.org/trunk@41496 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 17:55:33 +00:00
Aaron D. Campbell
88464ecd41 Database: Don’t trigger _doing_it_wrong() for null values in wpdb::prepare().
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.



git-svn-id: https://develop.svn.wordpress.org/trunk@41483 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 16:05:26 +00:00
aaroncampbell
eb012314d0 Database: Hardening for wpdb::prepare()
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.



git-svn-id: https://develop.svn.wordpress.org/trunk@41470 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:47:46 +00:00
John Blackbourn
64e8c4952a Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
git-svn-id: https://develop.svn.wordpress.org/trunk@41457 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:35:09 +00:00
aaroncampbell
8e9dbf3c35 oEmbed: Add extra hardening around allowed HTML for improved sandboxing.
git-svn-id: https://develop.svn.wordpress.org/trunk@41448 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 13:41:52 +00:00
John Blackbourn
fa4713e898 General: Add missing URL-encoding and add extra hardening to plugin and template names when they're displayed in the admin area.
Props kawauso, Mte90 for initial patches

Fixes #13377


git-svn-id: https://develop.svn.wordpress.org/trunk@41399 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 10:10:35 +00:00
Dominik Schilling (ocean90)
7be5b80976 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
git-svn-id: https://develop.svn.wordpress.org/trunk@41398 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 09:12:27 +00:00
Dominik Schilling (ocean90)
ec269e4283 Customize: Ensure valid themes in the preview.
git-svn-id: https://develop.svn.wordpress.org/trunk@41397 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 08:38:43 +00:00
Dominik Schilling (ocean90)
49540b271c TinyMCE: Improve the previews for shortcodes.
git-svn-id: https://develop.svn.wordpress.org/trunk@41395 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 08:18:15 +00:00
Dominik Schilling (ocean90)
1f0d51dbd2 Editor: Prevent adding javascript: and data: URLs through the inline link dialog.
git-svn-id: https://develop.svn.wordpress.org/trunk@41393 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 08:00:40 +00:00
Weston Ruter
ce69e660bd Customize: Add notifications API to sections and panels.
* Adds a `notifications` property to instances of `wp.customize.Panel` and `wp.customize.Section`.
* Adds a `setupNotifications()` method to `Panel`, `Section`, and `Control`.
* Adds a `getNotificationsContainerElement()` method to the `Panel` and `Section` classes, like `Control` has.
* Replace hard-coded notification in header media section with a notification.
* Limit rendering notifications to panels and sections that are expanded, and to controls that have an expanded section.

See #34893, #35210, #38778.
Fixes #38794.


git-svn-id: https://develop.svn.wordpress.org/trunk@41390 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 05:39:37 +00:00
Weston Ruter
eab65862b0 Customize: Show notification error with "Your homepage displays" control when homepage and posts page are set to be the same (but not empty).
* Show global error notiafication when saving is blocked due to client-side setting invalidity.
* Refactor `wp.customize.Notifications#render()` to ensure a notification re-renders if its `message` or data changes but its `code` does not.

Props MatheusGimenez, sixhours, westonruter, karmatosed, aocean90, zoonini, michelleweber, melchoyce.
See #35210.
Fixes #21492.


git-svn-id: https://develop.svn.wordpress.org/trunk@41389 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 00:45:23 +00:00
Weston Ruter
df1bf4a883 Customize: Add wp_is_uuid() validation function with optional second $version=4 parameter to enforce v4 random UUIDs.
Props jonathanbardo.
Fixes #39778.


git-svn-id: https://develop.svn.wordpress.org/trunk@41388 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-18 23:03:06 +00:00
Weston Ruter
6c8b9adeee Customize: Use input event instead of keyup or propertychange events when listening for changes in wp.customize.Element instances.
Ensures that a control's `Element` is updated in response to pasting into the field. Also fixes issue where inputs using "new" HTML5 types (like `url` and `number`) were not updating in the preview during keystrokes. The use of `input` was previously blocked due to needing to support IE9, but this is no longer a concern since IE<11 is no longer supported.

See #38845, #28477.
Fixes #35832.


git-svn-id: https://develop.svn.wordpress.org/trunk@41387 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-18 19:10:38 +00:00
Peter Wilson
2ff66f7c50 Emoji: Invert value returned by UN test for accuracy.
The JavaScript testing for UN flag support was passing when it failed, and failing when it passes.

This inverts the result to take more traditional approach of returning the correct result.

Unprops Pento.
Fixes #41852.



git-svn-id: https://develop.svn.wordpress.org/trunk@41386 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-17 22:51:42 +00:00
Weston Ruter
2d1ac710e2 Code Editor: Remove scrollIntoView of editor's cursor line upon focus to prevent jumping issues for editor scroll position.
See #41850, #41879.


git-svn-id: https://develop.svn.wordpress.org/trunk@41385 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-17 03:57:09 +00:00
Weston Ruter
dced797c3f Code Editor: Scroll the cursor line into view instead of the entire editor when focused.
See #41850.
Fixes #41879.


git-svn-id: https://develop.svn.wordpress.org/trunk@41384 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-17 03:34:47 +00:00
Sergey Biryukov
ab24be4c87 Media: Rename "Insert Media" window title to "Add Media" for consistency with the "Add Media" button.
Props danieltj.
Fixes #41704.

git-svn-id: https://develop.svn.wordpress.org/trunk@41383 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-16 11:02:17 +00:00
Sergey Biryukov
30e9d7382d Twenty Fifteen: Add missing comma in ie.css.
Props lalitpendhare.
Fixes #41890.

git-svn-id: https://develop.svn.wordpress.org/trunk@41382 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-16 05:11:03 +00:00
Adam Silverstein
203cb6f4a2 JSDocs: add the jsdoc folder to .gitignore and svn:ignore.
Props netweb.
Fixes #41682.


git-svn-id: https://develop.svn.wordpress.org/trunk@41381 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-15 20:13:04 +00:00
Felix Arntz
e23004c344 Multisite: Introduce get_main_site_id().
This function can be used to easily get the main site ID of a given network via the optional `$network_id` parameter, which defaults to the current network. The existing `is_main_site()` now uses the new function internally and now accepts an optional `$network_id` parameter as well.

The main purpose of the new function at this point is to ensure that the `WP_Network::$blog_id` property is always set. Magic getters in the class have been adjusted to auto-fill the property when it is accessed and empty. Furthermore the function encapsulates logic that was previously part of `ms_load_current_site_and_network()` and has been replaced with a call to the function now.

Props spacedmonkey, jeremyfelt, johnjamesjacoby, flixos90.
Fixes #29684.


git-svn-id: https://develop.svn.wordpress.org/trunk@41380 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-15 11:14:49 +00:00
Adam Silverstein
95a2632121 wp.sanitize - fix namespace for calls to stripTags.
Fixes an `undefined` JavaScript error in PressThis since [41061].

Props afercia.
Fixes #41883.


git-svn-id: https://develop.svn.wordpress.org/trunk@41379 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-14 19:28:57 +00:00
Sergey Biryukov
9bdad8906a Taxonomy: Allow for adding custom list table views to taxonomy screens.
Props eventualo, mariovalney, riddhiehta02, llemurya.
Fixes #30829.

git-svn-id: https://develop.svn.wordpress.org/trunk@41378 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-13 15:19:02 +00:00
Boone Gorges
fb227caed1 Taxonomy: Force a DISTINCT term query when result count matters.
Generally, duplicate terms returned by a term query are eliminated in PHP,
after the database query takes place. This technique doesn't work properly
when the query parameters specify the `number` of results, since the results
of a `SELECT ... LIMIT x...` query may be deduplicated to a count less than
`x`. In these cases, we force the original query to be `DISTINCT`.

Props elvishp2006.
Fixes #41796.

git-svn-id: https://develop.svn.wordpress.org/trunk@41377 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-13 14:47:07 +00:00
Weston Ruter
dbace684e2 Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.

Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes #12423, #39892.


git-svn-id: https://develop.svn.wordpress.org/trunk@41376 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-13 06:07:48 +00:00