In `wpdb::placeholder_escape()`, the key for `hash_hmac()` defaults to `AUTH_SALT`, but `hash_hmac()` will return an empty string if the key is empty.
This had the side effect of the string `{}` being incorrectly replaced with a `%` character in queries just about to be run on the database.
Props jsonfry.
Fixes#42431.
git-svn-id: https://develop.svn.wordpress.org/trunk@42120 602fd350-edb4-49c9-b593-d223f7449a82
In `wpdb::placeholder_escape()`, the key for `hash_hmac()` falls back to `rand()` when `AUTH_SALT` is undefined. `hash_hmac()` requires the key to be a string, however, so we need to cast it as such.
Props mkomar.
Fixes#42401.
git-svn-id: https://develop.svn.wordpress.org/trunk@42119 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a bug where files couldn't be accessed in multisite installs.
Props flixos90, westonruter.
Fixes#42420.
git-svn-id: https://develop.svn.wordpress.org/trunk@42115 602fd350-edb4-49c9-b593-d223f7449a82
* Consider both `selectedChangesetStatus` and `changesetStatus` states when deciding to disable.
* Factor out common logic into `canSwitchTheme` function on `ThemesPanel`.
* Keep Live Preview and Install buttons disabled in Themes controls and detail overlays when appropriate.
Props westonruter, dlh.
Amends [41788].
See #42126, #37661, #39896.
Fixes#42406.
git-svn-id: https://develop.svn.wordpress.org/trunk@42113 602fd350-edb4-49c9-b593-d223f7449a82
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.
Amends [41806].
See #6531.
Fixes#42425.
git-svn-id: https://develop.svn.wordpress.org/trunk@42112 602fd350-edb4-49c9-b593-d223f7449a82
Prevent user from having to re-enter the previously-supplied future date if they had switched from schedule to draft but wanted to switch back again. Improves parity with behavior of post edit screen.
Props dlh, westonruter, obenland.
See #39896, #28721.
Fixes#42413.
git-svn-id: https://develop.svn.wordpress.org/trunk@42109 602fd350-edb4-49c9-b593-d223f7449a82
* Also, updates POT files for Twenty Ten and Twenty Eleven.
Props lemacarl, maedahbatool, mrahmadawais, davidakennedy.
Fixes#42090.
git-svn-id: https://develop.svn.wordpress.org/trunk@42105 602fd350-edb4-49c9-b593-d223f7449a82
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
See #41925.
git-svn-id: https://develop.svn.wordpress.org/trunk@42056 602fd350-edb4-49c9-b593-d223f7449a82
Prevent needlessly iterating over `controlConstructor` to find `type` when it is already supplied.
Amends [41750], [41726].
See #42083.
git-svn-id: https://develop.svn.wordpress.org/trunk@42048 602fd350-edb4-49c9-b593-d223f7449a82
Improve the logic determining which endpoints support the trash by enumerating them. Endpoints that don't support the trash require `force=true` when deleting. The previous approach relied on the `force` argument description, which is a translated string and was fragile. In the future, we can expose whether an endpoint supports the trash as part of its schema and automate this logic.
Props Soean.
Fixes#40672.
git-svn-id: https://develop.svn.wordpress.org/trunk@42047 602fd350-edb4-49c9-b593-d223f7449a82
Fixes UI bugs around theme updates in the Customizer. Theme versions now get updated and users are no longer left alone after a successful update.
Props rinkuyadav999, celloexpressions for initial patch.
Fixes#42365.
git-svn-id: https://develop.svn.wordpress.org/trunk@42046 602fd350-edb4-49c9-b593-d223f7449a82
In the original function introduced in [41380], and subsequently [41861], only the network ID was passed to the new `pre_get_main_site_id` filter. In order to make give quick access to other network properties, it was decided to pass the whole object instead. The changeset includes an additional test.
Fixes#29684.
git-svn-id: https://develop.svn.wordpress.org/trunk@42043 602fd350-edb4-49c9-b593-d223f7449a82
* Let min hour be 0 and max be 23 in 24-hour time; let min hour be 1 and max be 12 in 12-hour time.
* Show error notification when an invalid date value is provided, not just when not a future date.
* Fix translation of custom validity message.
* Start checking for validity after all inputs have been initially populated.
* Remove support for being able to enter 24:00.
* Cease forcing date input elements from being casted to integers, to allow for invalid inputs to be detected.
Props westonruter, Presskopp, peterwilsoncc, atachibana for testing.
See #39896, #28721.
Fixes#42373.
git-svn-id: https://develop.svn.wordpress.org/trunk@42042 602fd350-edb4-49c9-b593-d223f7449a82
* Passing `options.params` when constructing `Partial` is now deprecated in favor of just passing `options`.
* Improve usage of jsdoc in JS `Partial` class.
* Also add `defaults` property to `wp.customize.selectiveRefresh.Partial` class for parity with `Control`.
See #42083.
git-svn-id: https://develop.svn.wordpress.org/trunk@42037 602fd350-edb4-49c9-b593-d223f7449a82
Fixes issue where JS-added Publish Settings section failed to get container element ID set properly to hide its section-meta.
Amends [42025].
See #42337, #42083.
git-svn-id: https://develop.svn.wordpress.org/trunk@42035 602fd350-edb4-49c9-b593-d223f7449a82
* Deprecate PHP classes `WP_Customize_New_Menu_Section` and `WP_Customize_New_Menu_Control`.
* Deprecate JS class `wp.customize.Menus.NewMenuControl`.
* Also introduce `wp.customize.Menus.createNavMenu()` for logic to create nav menus separately from the logic for handling UI interactions.
Amends [41768].
See #40104, #42364.
Fixes#42357.
git-svn-id: https://develop.svn.wordpress.org/trunk@42034 602fd350-edb4-49c9-b593-d223f7449a82
* Expand containing panel when expanding themes section.
* Consolidate UI changes related to a section's expanded state change.
* Prevent collapsing current section when expanding.
* Auto-expand first themes section when expanding panel if one is not expanded already.
See #37661, #42354.
Fixes#42360.
git-svn-id: https://develop.svn.wordpress.org/trunk@42033 602fd350-edb4-49c9-b593-d223f7449a82
* Eliminate Media control template from having dependency on `params.settings.default` for element ID, to fix compat with `params.settings` array or single `params.setting`. See #36167.
* Move description out of label and add `aria-describedby` to Media control's Select button. See #30738, #33085.
* Obtain notification container whenever content is (re-)rendered (such as for Media control). See #38794.
* Re-render notifications after control content is re-rendered, if control is in expanded section. See #38794.
Amends [41390].
See #36167, #38794, #33085, #30738.
git-svn-id: https://develop.svn.wordpress.org/trunk@42031 602fd350-edb4-49c9-b593-d223f7449a82
Start debouncing after initial search performed when `search` query param is present to prevent initial "flash of unsearched themes".
Props afercia, westonruter.
Amends [41797].
See #40254.
Fixes#42348.
git-svn-id: https://develop.svn.wordpress.org/trunk@42029 602fd350-edb4-49c9-b593-d223f7449a82
This removes deprecated notices in PHP 7.2 but takes a different approach to the upstream class from Horde, which appears to be buggy.
Props SergeyBiryukov
Fixes#41526
git-svn-id: https://develop.svn.wordpress.org/trunk@42028 602fd350-edb4-49c9-b593-d223f7449a82
The `publish_settings` section is a fundamental dependency for Customizer, so it must be guaranteed to be registered.
Also unconditionally register core types for panels, sections, and controls in case plugin unhooks all `customize_register` actions.
See #39896.
Fixes#42337.
git-svn-id: https://develop.svn.wordpress.org/trunk@42025 602fd350-edb4-49c9-b593-d223f7449a82
Fixes issue specifically with attempting to access an orphaned control's `elements` immediately after it has been added. Normally this would not happen because a control would not be registered without a section, and also a control should only be interacted with once its `embedded` deferred has been resolved.
Also harden logic for gathering list of deferred setting IDs.
See #37964.
Fixes#42330.
git-svn-id: https://develop.svn.wordpress.org/trunk@42024 602fd350-edb4-49c9-b593-d223f7449a82