`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.
Props sarciszewski
See #28633
git-svn-id: https://develop.svn.wordpress.org/trunk@34922 602fd350-edb4-49c9-b593-d223f7449a82
We should not be storing the `WP_User` object in the cache, as it may contain
usermeta and other data that's cache elsewhere.
Props dd32.
See #24635.
git-svn-id: https://develop.svn.wordpress.org/trunk@34919 602fd350-edb4-49c9-b593-d223f7449a82
The `_wp_post_revision_fields()` function now also accepts a `WP_Post` object (in addition to an array of post fields) to facilitate this change.
Fixes#13382
Props adamsilverstein
git-svn-id: https://develop.svn.wordpress.org/trunk@34917 602fd350-edb4-49c9-b593-d223f7449a82
The navigation tabs appear in an `<h3>` heading immediately following the main `<h1>` and need to have a proper hierarchy.
Also, fix the tabs focus style and introduce a new `.nav-tab-small` CSS class.
Fixes#34079.
git-svn-id: https://develop.svn.wordpress.org/trunk@34913 602fd350-edb4-49c9-b593-d223f7449a82
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.
See #28290.
git-svn-id: https://develop.svn.wordpress.org/trunk@34912 602fd350-edb4-49c9-b593-d223f7449a82
* `$post` is now correctly defined as being of the `WP_Post` type
* Adds a hash notation for the `$args` array
* Other minor fixes.
Props drebbitsweb.
Fixes#34171.
git-svn-id: https://develop.svn.wordpress.org/trunk@34911 602fd350-edb4-49c9-b593-d223f7449a82
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes#32522.
git-svn-id: https://develop.svn.wordpress.org/trunk@34903 602fd350-edb4-49c9-b593-d223f7449a82
Originally introduced in [34601], this was necessary to avoid test pollution. Now that things have been separated and written to play nicely, we can remove this.
See #34037.
git-svn-id: https://develop.svn.wordpress.org/trunk@34902 602fd350-edb4-49c9-b593-d223f7449a82
* Move all tests to a new 'multisite/uploadIsUserOverQuota.php'
* Use `get_space_allowed` and `pre_get_space_used` filters to help avoid test pollution.
See #34037.
git-svn-id: https://develop.svn.wordpress.org/trunk@34901 602fd350-edb4-49c9-b593-d223f7449a82
Provides a specific test for a case where a non-numeric strings are assigned to `blog_upload_space` at both the site and network levels.
See #34037.
git-svn-id: https://develop.svn.wordpress.org/trunk@34900 602fd350-edb4-49c9-b593-d223f7449a82
* Move all tests to a new 'multisite/isUploadSpaceAvailable.php'
* Store original `blog_upload_space` values before the class is loaded.
* Restore these values after each test tear down to avoid pollution.
Commit to testing `is_upload_space_available()` itself by always filtering the amount of space used through `pre_get_space_used`. This allows us to sanely test without worrying about the local environment. In the future, we may be able to remove some of these tests as `get_upload_space_available()` tests are built out and reliable.
See #34037.
git-svn-id: https://develop.svn.wordpress.org/trunk@34899 602fd350-edb4-49c9-b593-d223f7449a82
* Move all tests to a new `multisite/getSpaceAllowed.php`
* Store original `blog_upload_space` values before the class is loaded.
* Restore these values after each test tear down to avoid pollution.
* Add a comprehensive set of expectations and results via data provider.
See #34037.
git-svn-id: https://develop.svn.wordpress.org/trunk@34898 602fd350-edb4-49c9-b593-d223f7449a82
Various functions in load.php need to check whether WP is in installation mode.
Let's let them.
Props adamsilverstein.
See #31130.
git-svn-id: https://develop.svn.wordpress.org/trunk@34896 602fd350-edb4-49c9-b593-d223f7449a82
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all
Props afercia.
Fixes#32147.
git-svn-id: https://develop.svn.wordpress.org/trunk@34891 602fd350-edb4-49c9-b593-d223f7449a82
In 4.3 the widget controls were fully initialized up front along with the sidebar controls. The sidebar control depended (unnecessarily) on the widget control to ensure that `wp.customize.Widgets.savedWidgetIds` was defined. So after [34563] there could be a situation where the widgets are added/removed from a sidebar before their controls are initialized (if the sidebar section is never expanded), resulting in an error attempting to get a property off of an undefined value. So this change does the right thing and defines `savedWidgetIds` up front.
Also changes the `savedWidgetIds` variable type from an array to an object, to match how it is used as a dictionary lookup.
See #33901.
git-svn-id: https://develop.svn.wordpress.org/trunk@34883 602fd350-edb4-49c9-b593-d223f7449a82
Defer to default styling provided by the theme (and browser) in `wp-activate.php` and remove the `font-family` and `color` from the provided internal stylesheet.
Previously, [17327] and [18406].
Fixes#34145.
git-svn-id: https://develop.svn.wordpress.org/trunk@34882 602fd350-edb4-49c9-b593-d223f7449a82
Up until now password protected posts would only get a identifying class when
the password was still required. This adds a class for the case when that
requirement has been met.
For the other visibility types we already have `status-publish`
and `status-private`.
Props mdgl, F4rkie, wonderboymusic for initial patches.
Fixes#21899.
git-svn-id: https://develop.svn.wordpress.org/trunk@34881 602fd350-edb4-49c9-b593-d223f7449a82
WordPress.org was taken down due to as Otto42 describes:
The previous version of this function added the query piece for the meta key = blog_id.capabilities, regardless of whether or not a role was requested. This limits the users returned to those with some defined role on this particular multisite instance.
See #22212
git-svn-id: https://develop.svn.wordpress.org/trunk@34880 602fd350-edb4-49c9-b593-d223f7449a82
The ajax delete comment tests are intermittently failing. Many of the assertions make it hard to tell why they are failing. This adds a message to one of those assertions that contains some info on what is being asserted with the goal that it helps developers understand why the failure is failing.
See #33968
git-svn-id: https://develop.svn.wordpress.org/trunk@34879 602fd350-edb4-49c9-b593-d223f7449a82
* 'role' now accepts an array or comma-separated list of role names. When passing multiple values for 'role', `WP_User_Query` will only match users that have all of the specified roles.
* 'role__in' accepts an array of role names, and allow the filtering of matched users to those with at least one of the specified roles.
* 'role__not_in' accepts an array of role names, and allows the filtering of matched users to those who have none of the specified roles.
Props swissspidy, mordauk, barrykooij, sirbrillig.
Fixes#22212.
git-svn-id: https://develop.svn.wordpress.org/trunk@34875 602fd350-edb4-49c9-b593-d223f7449a82