This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.
Props dd32, johnbillion.
Fixes#34336
git-svn-id: https://develop.svn.wordpress.org/trunk@35366 602fd350-edb4-49c9-b593-d223f7449a82
* Change the 3rd arg from `args` to `width`
* Change `wp_image_sizes_args` filter to `wp_get_attachment_image_sizes`
Updates unit tests.
Props joemcgill.
Fixes#34379.
git-svn-id: https://develop.svn.wordpress.org/trunk@35355 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35351 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35342 602fd350-edb4-49c9-b593-d223f7449a82
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes#761.
git-svn-id: https://develop.svn.wordpress.org/trunk@35339 602fd350-edb4-49c9-b593-d223f7449a82
[34247] made the 'public' paramater of `register_taxonomy()` work by blocking
requests for non-public taxonomy archives during `parse_request()`. Blocking
taxonomy archive requests this late means that it's impossible to register an
independent query var that matches the slug of a non-public taxonomy. By
moving the block to `register_taxonomy()` - not allowing these taxonomies to
register their query vars in the first place - we free up the slug for other
use. In addition, we free up a bit of processing (no need to look for the query
var in `parse_request()` and better parallel the way non-public post types
work. See `register_post_type()`.
Non-public taxonomy archives that are requested using `?taxonomy=tax_name` are
still blocked during `parse_request`. It's only custom query vars -
`?tax_name=term` - that are affected by this change.
Props mboynes.
Fixes#21949.
git-svn-id: https://develop.svn.wordpress.org/trunk@35333 602fd350-edb4-49c9-b593-d223f7449a82
[34561] instituted the policy of forcing pagination for comments. This strategy
was intended to avert problems when 'page_comments' is set to 0 - as it is by
default - and the number of comments on a given post rises into the hundreds or
thousands. By forcing pagination in all cases, we ensured that WordPress would
not time out by processing unwieldy numbers of comments on a given pageload.
The strategy proves problematic, however, because comment permalinks are
generated using the page of the comment. Forcing pagination for posts that
were not previously paginated would change the URL of all comments that do not
appear on the default comment page.
This changeset reintroduces the 'page_comments' setting and its corresponding
checkbox on Settings > Discussion. A number of tests, which were written after
[34561], are modified to work now that 'page_comments' will, once again, be
disabled by default.
See #8071.
git-svn-id: https://develop.svn.wordpress.org/trunk@35331 602fd350-edb4-49c9-b593-d223f7449a82
Also move style rule from `customize-nav-menus.css` to `customize-controls.css` so that widgets button is properly styled when `nav_menus` component is excluded from loading. See [35304]. See #33327.
Props westonruter, DrewAPicture.
Fixes#33552.
git-svn-id: https://develop.svn.wordpress.org/trunk@35307 602fd350-edb4-49c9-b593-d223f7449a82
The `autoload` argument value is passed along to `update_option()` which has accepted an `$autoload` parameter since [31628].
Props westonruter, dlh.
See #26394.
Fixes#33499.
git-svn-id: https://develop.svn.wordpress.org/trunk@35305 602fd350-edb4-49c9-b593-d223f7449a82
The same indicator on the nav menus admin page is now present for nav menu items in the Customizer. When a menu item is present for a post type that is no longer registered, the menu item will appear with the indicator.
Props kucrut, westonruter.
Fixes#33665.
git-svn-id: https://develop.svn.wordpress.org/trunk@35302 602fd350-edb4-49c9-b593-d223f7449a82
Cuts down on unnecessary queries, especially in environments that rely on
post meta a lot. Reverts [32997].
Props ap.koponen, swissspidy.
Fixes#34368.
git-svn-id: https://develop.svn.wordpress.org/trunk@35299 602fd350-edb4-49c9-b593-d223f7449a82
Introduces more flexibility in filtering all parts of the document title,the
separator, and a way to short-circuit title generation. Plugins can now also
check for theme support and reliably filter the entire output. See #18548.
Deprecates `wp_title()`.
Fixes#31078.
git-svn-id: https://develop.svn.wordpress.org/trunk@35294 602fd350-edb4-49c9-b593-d223f7449a82
Widgets panel will not wait to display until the preview loads.
Also fixes problems with `margin-top` in panels where other panels' `active` states change, as well as ensuring sections of deactivated panel collapse before panel is hidden to prevent the pane from becoming empty of controls.
Fixes#33052.
Fixes#33567.
git-svn-id: https://develop.svn.wordpress.org/trunk@35231 602fd350-edb4-49c9-b593-d223f7449a82
Dion Hulse
Scott Taylor
John Blackbourn
Drew Jaynes
Konstantin Obenland
Boone Gorges
Weston Ruter
Andrew Ozz
Sergey Biryukov