* Apply `title_save_pre`, `excerpt_save_pre`, and `content_save_pre` filters on a nav menu item's `title`, `attr_title`, and `description` properties respectively. This ensures that arbitrary markup can be supplied if the user has `unfiltered_html` cap, and for these fields to have markup stripped if not.
* Ensure a nav menu item's `post_status` is sanitized as `publish` or `draft` using the same conditions as `wp_update_nav_menu_item()`.
* Align `WP_Customize_Nav_Menu_Item_Setting::sanitize()` behavior for sanitizing `position` to be the same as `wp_update_nav_menu_item()`.
* Also apply `nav_menu_attr_title` and `nav_menu_description` filters in `WP_Customize_Nav_Menu_Item_Setting::value_as_wp_post_nav_menu_item()` to ensure that previewing markup entered into menu item description will preview the same way as when the nav menu item is saved.
* Add unit tests.
Fixes#32812.
git-svn-id: https://develop.svn.wordpress.org/trunk@35580 602fd350-edb4-49c9-b593-d223f7449a82
This moves the last of the iframe message code from PHP to JavaScript, so it can be included in any site, without needing to rely on any of WordPress' internal behaviour.
Props swissspidy.
Fixes#34451.
git-svn-id: https://develop.svn.wordpress.org/trunk@35577 602fd350-edb4-49c9-b593-d223f7449a82
When the site icon for another site is requested, retrieving its ID via `get_blog_option()` is not enough. `switch_to_blog()` is used to set proper context when required.
Adds multsite tests for `has_site_icon()`.
Props imath.
Fixes#34312.
git-svn-id: https://develop.svn.wordpress.org/trunk@35572 602fd350-edb4-49c9-b593-d223f7449a82
The issue, however, does not manifest in the UI because the UI is now built via JS and the `wp.customize.utils.prioritySort()` algorithm did not have the same typo.
Props bordoni, westonruter.
Fixes#34594.
git-svn-id: https://develop.svn.wordpress.org/trunk@35553 602fd350-edb4-49c9-b593-d223f7449a82
When `WP_Term` was introduced in [34997], the `$taxonomy` parameter for
`get_term()` was made optional. This meant that, when the optional param was
omitted, `get_term()` had no way of determining which term was intended when
the term_id was shared between multiple taxonomies. As a (somewhat sneaky) way
of fixing things, `get_term()` split any shared terms it found. But this could
cause problems with developer expectations: it's not clear why requesting a
term should result in a database update, much less a potential change in the
ID of a term.
In place of this technique, this changeset introduces a number of changes that
make the handling of shared terms a bit less insane:
* When a taxonomy is provided to `get_term()`, and a cached term is found matching the term_id, make sure the taxonomy also matches before returning it.
* When a taxonomy is not provided, ensure that the term is not shared before adding it to the cache.
* When a term is shared between taxonomies and no taxonomy is provided, return a `WP_Error` rather than splitting the term.
* When a term is shared between taxonomies, only one of which is valid, return the term from that taxonomy.
Props boonebgorges, dlh.
Fixes#34533.
git-svn-id: https://develop.svn.wordpress.org/trunk@35537 602fd350-edb4-49c9-b593-d223f7449a82
`add_term_meta()` and `update_term_meta()` identify terms by `$term_id`. In
cases where a term is shared between taxonomies, `$term_id` is insufficient to
distinguish where the metadata belongs.
When attempting to add/update termmeta on a shared term, a `WP_Error` object
is returned. This gives developers enough information to decide whether they'd
like to force the term to be split and retry the save, or show an error in the
UI, or whatever.
Props boonebgorges, mboynes, DH-Shredder, jorbin, aaroncampbell.
Fixes#34544.
git-svn-id: https://develop.svn.wordpress.org/trunk@35515 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a bug where widgets loaded in a preview or the Customizer are
rendered inside of a `wp_suspend_cache_addition()` block and thus could not
find comment objects in the cache.
Props rommelxcastro, stevehenty.
Fixes#34138.
git-svn-id: https://develop.svn.wordpress.org/trunk@35512 602fd350-edb4-49c9-b593-d223f7449a82
- Fix `_wp_upload_dir_baseurl()` to cache by blog_id.
- Replace `path_join()` with `trailingslashit()`, it's much faster.
- Rename $image_url to $image_src for consistency (used at about 50 other places).
- Couple of tests fixes.
See #34430.
git-svn-id: https://develop.svn.wordpress.org/trunk@35498 602fd350-edb4-49c9-b593-d223f7449a82
When referring URL is not available, default returning user to frontend URL instead of admin URL. Themes page is updated to include the `return` path in Customizer links.
Props McGuive7, westonruter.
Fixes#32637.
git-svn-id: https://develop.svn.wordpress.org/trunk@35483 602fd350-edb4-49c9-b593-d223f7449a82
- Merge `wp_image_srcset_attr()` into `wp_calculate_image_srcset()`.
- Remove the `wp_image_srcset` filter.
- Fix the tests for the above changes.
See #34430.
git-svn-id: https://develop.svn.wordpress.org/trunk@35464 602fd350-edb4-49c9-b593-d223f7449a82
Sometimes, embedded sites might suffer from less than 100% uptime. Instead of leaving the embedding site with a big blank space where the embed should be, let's fall back to a link to the embedded post, so there's at least some context for the post.
Fixes#34462.
git-svn-id: https://develop.svn.wordpress.org/trunk@35437 602fd350-edb4-49c9-b593-d223f7449a82
Well, while it's here, we probably should make use of it. The oEmbed endpoint now uses the REST API infrastructure, instead of providing its own.
Props swissspidy.
Fixes#34207.
git-svn-id: https://develop.svn.wordpress.org/trunk@35436 602fd350-edb4-49c9-b593-d223f7449a82
The default value should be a null offset. A `0` default overrides any value
of `paged` passed to `get_posts()`. See [34697].
Fixes#34060.
git-svn-id: https://develop.svn.wordpress.org/trunk@35417 602fd350-edb4-49c9-b593-d223f7449a82
- Introduce `wp_calculate_image_srcset()` that replaces `wp_get_attachment_image_srcset_array()` and is used as lower level function for retrieving the srcset data as array.
- Use the new function when generating `srcset` and `sizes` on the front-end. This is faster as no (other) image API functions are used.
- Change the `wp_get_attachment_image_srcset()`. Now it is meant for use in templates and is no longer used in core.
- A few logic fixes and improvements.
- Some names changed to be (hopefully) more descriptive.
- Fixed/updated tests.
Props joemcgill, jaspermdegroot, azaozz.
See #34430.
git-svn-id: https://develop.svn.wordpress.org/trunk@35412 602fd350-edb4-49c9-b593-d223f7449a82
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.
Props dd32, johnbillion.
Fixes#34336
git-svn-id: https://develop.svn.wordpress.org/trunk@35366 602fd350-edb4-49c9-b593-d223f7449a82
* Change the 3rd arg from `args` to `width`
* Change `wp_image_sizes_args` filter to `wp_get_attachment_image_sizes`
Updates unit tests.
Props joemcgill.
Fixes#34379.
git-svn-id: https://develop.svn.wordpress.org/trunk@35355 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35351 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35342 602fd350-edb4-49c9-b593-d223f7449a82
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes#761.
git-svn-id: https://develop.svn.wordpress.org/trunk@35339 602fd350-edb4-49c9-b593-d223f7449a82
[34247] made the 'public' paramater of `register_taxonomy()` work by blocking
requests for non-public taxonomy archives during `parse_request()`. Blocking
taxonomy archive requests this late means that it's impossible to register an
independent query var that matches the slug of a non-public taxonomy. By
moving the block to `register_taxonomy()` - not allowing these taxonomies to
register their query vars in the first place - we free up the slug for other
use. In addition, we free up a bit of processing (no need to look for the query
var in `parse_request()` and better parallel the way non-public post types
work. See `register_post_type()`.
Non-public taxonomy archives that are requested using `?taxonomy=tax_name` are
still blocked during `parse_request`. It's only custom query vars -
`?tax_name=term` - that are affected by this change.
Props mboynes.
Fixes#21949.
git-svn-id: https://develop.svn.wordpress.org/trunk@35333 602fd350-edb4-49c9-b593-d223f7449a82
[34561] instituted the policy of forcing pagination for comments. This strategy
was intended to avert problems when 'page_comments' is set to 0 - as it is by
default - and the number of comments on a given post rises into the hundreds or
thousands. By forcing pagination in all cases, we ensured that WordPress would
not time out by processing unwieldy numbers of comments on a given pageload.
The strategy proves problematic, however, because comment permalinks are
generated using the page of the comment. Forcing pagination for posts that
were not previously paginated would change the URL of all comments that do not
appear on the default comment page.
This changeset reintroduces the 'page_comments' setting and its corresponding
checkbox on Settings > Discussion. A number of tests, which were written after
[34561], are modified to work now that 'page_comments' will, once again, be
disabled by default.
See #8071.
git-svn-id: https://develop.svn.wordpress.org/trunk@35331 602fd350-edb4-49c9-b593-d223f7449a82
Also move style rule from `customize-nav-menus.css` to `customize-controls.css` so that widgets button is properly styled when `nav_menus` component is excluded from loading. See [35304]. See #33327.
Props westonruter, DrewAPicture.
Fixes#33552.
git-svn-id: https://develop.svn.wordpress.org/trunk@35307 602fd350-edb4-49c9-b593-d223f7449a82
The `autoload` argument value is passed along to `update_option()` which has accepted an `$autoload` parameter since [31628].
Props westonruter, dlh.
See #26394.
Fixes#33499.
git-svn-id: https://develop.svn.wordpress.org/trunk@35305 602fd350-edb4-49c9-b593-d223f7449a82
The same indicator on the nav menus admin page is now present for nav menu items in the Customizer. When a menu item is present for a post type that is no longer registered, the menu item will appear with the indicator.
Props kucrut, westonruter.
Fixes#33665.
git-svn-id: https://develop.svn.wordpress.org/trunk@35302 602fd350-edb4-49c9-b593-d223f7449a82
Cuts down on unnecessary queries, especially in environments that rely on
post meta a lot. Reverts [32997].
Props ap.koponen, swissspidy.
Fixes#34368.
git-svn-id: https://develop.svn.wordpress.org/trunk@35299 602fd350-edb4-49c9-b593-d223f7449a82
Introduces more flexibility in filtering all parts of the document title,the
separator, and a way to short-circuit title generation. Plugins can now also
check for theme support and reliably filter the entire output. See #18548.
Deprecates `wp_title()`.
Fixes#31078.
git-svn-id: https://develop.svn.wordpress.org/trunk@35294 602fd350-edb4-49c9-b593-d223f7449a82
[34997] caused `get_term()` to return an error object in the case when
`$taxonomy` did not match the taxonomy of the located term. This was an
inadvertant change from the previous behavior, when `get_term()` would return
null in these cases.
Props dlh.
See #14162. Fixes#34332.
git-svn-id: https://develop.svn.wordpress.org/trunk@35227 602fd350-edb4-49c9-b593-d223f7449a82
Using more than one instance of `WP_UnitTest_Factory` causes all kinds of craziness, due to out-of-sync internal generator sequences. Since we want to use `setUpBeforeClass`, we were creating ad hoc instances. To avoid that, we were injecting one `static` instance via Dependency Injection in `wpSetUpBeforeClass`. All tests should really use the `static` instance, so we will remove the instance prop `$factory`.
Replace `$this->factory` with `self::$factory` over 2000 times.
Rewrite all of the tests that were hard-coding dynamic values.
#YOLOFriday
git-svn-id: https://develop.svn.wordpress.org/trunk@35225 602fd350-edb4-49c9-b593-d223f7449a82
They were added 3 years ago in [846/tests] because tests weren't excluded from the normal runs.
Reverts [35209] because it doesn't work with Xdebug.
`Tests_Ajax_Response::test_response_charset_in_header` is the only test which needs to run in a separate process, see [975/tests].
See #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@35211 602fd350-edb4-49c9-b593-d223f7449a82
Most of the Ajax tests are running in a separate PHP process, and thus PHPUnit attempts to preserve the global state from the parent process by serializing all globals. But this doesn't work for external object caches so we have to disable this "feature".
See #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@35209 602fd350-edb4-49c9-b593-d223f7449a82
This makes it way easier to add fixtures, and tear them down, without needing to instantiate `WP_UnitTest_Factory` in every class - removes the need to call `commit_transaction()` in each individual class.
See #30017, #33968.
git-svn-id: https://develop.svn.wordpress.org/trunk@35186 602fd350-edb4-49c9-b593-d223f7449a82