The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.
Props jnylen0.
Fixes#38582.
git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
This prevents `wp_die()` being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.
Props markoheijnen, websupporter.
Fixes#14452, #38466.
See #36901
git-svn-id: https://develop.svn.wordpress.org/trunk@39045 602fd350-edb4-49c9-b593-d223f7449a82
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.
Props jnylen0.
Fixes#37994.
git-svn-id: https://develop.svn.wordpress.org/trunk@39044 602fd350-edb4-49c9-b593-d223f7449a82
Editable resources in the REST API accept the `PATCH` method, but the CORS headers don't mention it.
Props jnylen0.
Fixes#38546.
git-svn-id: https://develop.svn.wordpress.org/trunk@39042 602fd350-edb4-49c9-b593-d223f7449a82
`get_user_option()` checks for both option types, site and network. Since `locale` is only a network option we can directly access the field via `WP_User`s magic getter.
Props johnjamesjacoby.
Fixes#38578.
git-svn-id: https://develop.svn.wordpress.org/trunk@39040 602fd350-edb4-49c9-b593-d223f7449a82
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
git-svn-id: https://develop.svn.wordpress.org/trunk@39038 602fd350-edb4-49c9-b593-d223f7449a82
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.
Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.
Props Ankit K Gupta.
Fixes#38459.
git-svn-id: https://develop.svn.wordpress.org/trunk@39006 602fd350-edb4-49c9-b593-d223f7449a82
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
git-svn-id: https://develop.svn.wordpress.org/trunk@39005 602fd350-edb4-49c9-b593-d223f7449a82
* Also, changes the top menu label so it has better context when read alone by assistive technology.
Props anilbasnet.
Fixes#38542.
git-svn-id: https://develop.svn.wordpress.org/trunk@39001 602fd350-edb4-49c9-b593-d223f7449a82
* Since this is a filter the original value is returned if `is_admin()` is true.
* Removes portion of the doc block since function is not pluggable.
Props mangeshp.
Fixes#38510.
git-svn-id: https://develop.svn.wordpress.org/trunk@39000 602fd350-edb4-49c9-b593-d223f7449a82
Uses `absint()` to escape when getting value. Removes `esc_attr` from each instance of the variable.
Props fencer04.
Fixes#38449.
git-svn-id: https://develop.svn.wordpress.org/trunk@38999 602fd350-edb4-49c9-b593-d223f7449a82
