Ensure that plugin filters apply as expected for any settings registered statically without passing in an explicit class instance to `WP_Customize_Manager::add_setting()`.
Fixes#34597.
git-svn-id: https://develop.svn.wordpress.org/trunk@35810 602fd350-edb4-49c9-b593-d223f7449a82
When sorting a metabox, a clone of that metabox is created as a drag/drop "helper".
Previously, any checked radio input in the original metabox would become unchecked, when its clone "helper" was inserted into the DOM
(since only one radio within a set of radios of the same name can be checked).
Continued use of the clone helper is important so that the element being dragged isn't subject to the click and other event handlers attached to the real metabox,
so we can't just switch to dragging around the real metabox. See, for example, comment:10:ticket:16972.
Preserve the radios' state via some name attribute trickery.
Fixes#16972
git-svn-id: https://develop.svn.wordpress.org/trunk@35809 602fd350-edb4-49c9-b593-d223f7449a82
Many new users do not know the difference between managing installed plugins and those found in the plugin directory. This helps with discoverability. The link is not provided in multisite installs because we assume that somebody with that kind of power in a network is experienced enough not to need it. This can always be reconsidered later.
props mordauk for the initial patch.
fixes#29865.
git-svn-id: https://develop.svn.wordpress.org/trunk@35808 602fd350-edb4-49c9-b593-d223f7449a82
Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".
Props AramZS.
Fixes#32778.
git-svn-id: https://develop.svn.wordpress.org/trunk@35805 602fd350-edb4-49c9-b593-d223f7449a82
For accessibility, links inside lines or blocks of text should be always underlined.
Props walbo.
Fixes#34606.
git-svn-id: https://develop.svn.wordpress.org/trunk@35801 602fd350-edb4-49c9-b593-d223f7449a82
Previously when updating a post using wp_insert_post(), post_name was
regenerated based on post_title every time if post_name was not passed in
explicitly. This irons out the expectation that properties not passed into the
function should not be modified.
Props jason_the_adams.
Fixes#34865.
git-svn-id: https://develop.svn.wordpress.org/trunk@35800 602fd350-edb4-49c9-b593-d223f7449a82
Sometimes, it's easy to to type the the same word twice, especially if if it's a simple word. We probably shouldn't do do do (do do do doo) it, though.
(I've excluded external libs from this change.)
Fixes#34885.
git-svn-id: https://develop.svn.wordpress.org/trunk@35793 602fd350-edb4-49c9-b593-d223f7449a82
User dropdowns in wp-admin have traditionally shown the users' display names.
However, this causes ambiguity when users share display names. To correct this,
we now show the unique user_login in parentheses after the display name.
The new `display_name_with_login` value for the `show` parameter of
`wp_dropdown_users()` enables this functionality. The default value of `show`
has not been changed, for backward compatibility, but all instances of
`wp_dropdown_users()` in core wp-admin have been switched.
This changeset also reduces some duplicated logic when assembling a user list
when `include_selected` is true.
Props krogsgard, boonebgorges.
Fixes#31251.
git-svn-id: https://develop.svn.wordpress.org/trunk@35790 602fd350-edb4-49c9-b593-d223f7449a82
The whole string is escaped with `esc_html()` anyway, so we don't
need to `wp_kses_post()`. This is a better experience for users who
want to use angle brackets in their site title or description.
Does not allow any HTML, adds unit tests.
props BandonRandon, pauldewouters.
fixes#27942.
git-svn-id: https://develop.svn.wordpress.org/trunk@35788 602fd350-edb4-49c9-b593-d223f7449a82
New `network_site_new_created_user_pending` action fires before a new user will be created via the network site-new.php page.
Props mackensen
Fixes#33631
git-svn-id: https://develop.svn.wordpress.org/trunk@35786 602fd350-edb4-49c9-b593-d223f7449a82
Activation of a subdomain site is done through that new site's address. This address does not exist in the `wp_blogs` table until activation is complete.
In this case we need to make sure `public` is populated to avoid a PHP notice.
Props uglyrobot.
Fixes#24760.
git-svn-id: https://develop.svn.wordpress.org/trunk@35782 602fd350-edb4-49c9-b593-d223f7449a82
"Connected" because of REST API and cross-site embeds.
"Responsive" because of responsive images and under-the-hood tweaks.
See #34663.
git-svn-id: https://develop.svn.wordpress.org/trunk@35780 602fd350-edb4-49c9-b593-d223f7449a82
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.
Props markjaquith.
Fixes#27317.
git-svn-id: https://develop.svn.wordpress.org/trunk@35772 602fd350-edb4-49c9-b593-d223f7449a82
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.
Second Permanent Committer sign off was by WonderBoyMusic
See #15520Fixes#34791
Props afercia, azaozz
git-svn-id: https://develop.svn.wordpress.org/trunk@35771 602fd350-edb4-49c9-b593-d223f7449a82
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
git-svn-id: https://develop.svn.wordpress.org/trunk@35761 602fd350-edb4-49c9-b593-d223f7449a82
Dominik Schilling (ocean90)
Ella Iseulde Van Dorpe
Weston Ruter
Michael Adams (mdawaffe)
Helen Hou-Sandi
Mel Choyce
Nikolay Bachiyski
John Blackbourn
Pascal Birchler
Mike Schroder
Andrea Fercia
Eric Andrew Lewis
Konstantin Kovshenin
Jeremy Felt
Gary Pendergast
Aaron D. Campbell
Michael Arestad
Boone Gorges
Rachel Baker
Drew Jaynes
Konstantin Obenland
Mark Jaquith
Andrew Nacin
Dion Hulse
Scott Taylor
Aaron Jorbin