Commit Graph

37775 Commits

Author SHA1 Message Date
John Blackbourn
e2fdcb93f1 Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
git-svn-id: https://develop.svn.wordpress.org/trunk@42261 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 15:59:41 +00:00
John Blackbourn
0b11b6ea36 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
git-svn-id: https://develop.svn.wordpress.org/trunk@42260 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 15:55:03 +00:00
John Blackbourn
3a4bf61804 Hardening: Add escaping to the language attributes used on html elements.
git-svn-id: https://develop.svn.wordpress.org/trunk@42259 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 15:54:05 +00:00
John Blackbourn
e2291664f1 Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring.
git-svn-id: https://develop.svn.wordpress.org/trunk@42258 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 15:51:19 +00:00
Sergey Biryukov
63f8e4d122 Users: After [42256], remove unnecessary double quotes around first_name and last_name properties.
See #42713.

git-svn-id: https://develop.svn.wordpress.org/trunk@42257 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 15:27:55 +00:00
Dion Hulse
c52f6ba995 Users: Display partial names in the user listing tables.
This allows showing a name when only the first or last name is provided.

Props shital-patel, antipole.
Fixes #42713.


git-svn-id: https://develop.svn.wordpress.org/trunk@42256 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 03:40:31 +00:00
Drew Jaynes
81b4e9a3a4 General: Add complete test coverage for WP_Error.
See #42742.


git-svn-id: https://develop.svn.wordpress.org/trunk@42255 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-29 02:18:25 +00:00
John Blackbourn
af52df0aa1 Media: Further improvements to the handling of language codes that get passed to MediaElement.
This change means that only the leading portion of a locale code gets passed to MediaElement, removing problems that arise from locales such as `de_DE_formal` and `pt_PT_ao90`.

Props erich_k4wp, blobfolio, flixos90, ocean90, joemcgill, SergeyBiryukov.

Fixes #42574


git-svn-id: https://develop.svn.wordpress.org/trunk@42251 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-28 14:51:33 +00:00
Ryan McCue
49852ed54f REST API: Ensure rest_url() consistently has leading slash.
`rest_url()` inconsistent addes slashes to the passed path depending on whether the site has pretty permalinks enabled. Apart from being inconsistent, this also caused the unit tests to fail when pretty permalinks are enabled.

Props frank-klein.
Fixes #42452. See #41451.


git-svn-id: https://develop.svn.wordpress.org/trunk@42250 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-28 07:09:43 +00:00
Gary Pendergast
209ede72de General: Add inline PHPCS options to leave regex indentation.
We have a handful of super long regexen that are written over multiple lines, as a collection of strings concatenated together. Each string is indented appropriately for the regex, but PHPCS doesn't recognised this, so defaults to removing the extra whitespace.

Disabling the `Squiz.Strings.ConcatenationSpacing.PaddingFound` rule for these blocks stops the extra whitespace from being removed.

See #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42249 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-28 04:23:11 +00:00
Dion Hulse
a825a181e1 Theme Editor: Translate the URL to the Child Themes Codex page.
Props odysseygate, johnpgreen.
Fixes #42454.


git-svn-id: https://develop.svn.wordpress.org/trunk@42247 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 03:51:25 +00:00
Dion Hulse
44c75415b3 Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.
See #42609.
Fixes #42705.


git-svn-id: https://develop.svn.wordpress.org/trunk@42246 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 03:43:11 +00:00
Dion Hulse
6e0ba7864f Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Fixes #42609.


git-svn-id: https://develop.svn.wordpress.org/trunk@42244 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 03:27:19 +00:00
dd32
76f77416d6 Theme/Plugin Editor: Remove the caching added in [41806] as it causes more problems than it fixes.
While caching here seemed like a good idea in theory, in practice the cache would be often stale causing development issues.
We exclude common folders (such as `node_modules`) from the scanning to avoid directories which are not useful to the end-user, so as long as those exclusion lists are held up this shouldn't cause too much of a degredation in the future.
We may consider adding caching here again in the future if it's determined that it is really needed.

Props precies, ibenic, mariovalney, schlessera, and all the others who commented on the ticket(s).
This partually reverts [41806].
See #6531.
Fixes #42573.


git-svn-id: https://develop.svn.wordpress.org/trunk@42242 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 02:58:02 +00:00
Gary Pendergast
574821573a General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42228 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-26 23:56:25 +00:00
Dion Hulse
d00e74042b Docs: Update the documentation for get_post_meta() to clarify that $single has no effect when the $meta_key is not provided.
Props chetan200891, titodevera.
Fixes #42687.


git-svn-id: https://develop.svn.wordpress.org/trunk@42227 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-26 03:16:55 +00:00
Dion Hulse
b8c4faff72 WPDB: Fix the parsing of sockets which contain colons within the socket name (used on some cloud providers).
Props natacado.
Fixes #42634 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42226 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-24 05:51:31 +00:00
Dion Hulse
555eab6391 Template: Don't output an empty <ul> in the_meta() when a post only has protected metas.
Props campusboy1987, birgire.
Fixes #42629.


git-svn-id: https://develop.svn.wordpress.org/trunk@42225 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-24 05:20:39 +00:00
Dion Hulse
26fb077862 Filesystem: Use a more unique filename in wp_tempnam() and get_filesystem_method().
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.

Props jrchamp, bikecrazyy.
Fixes #42265.


git-svn-id: https://develop.svn.wordpress.org/trunk@42224 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-24 03:04:35 +00:00
Weston Ruter
53eaf9f078 Themes: Prevent JS error on Themes admin screen when only one theme is installed.
Amends [42029].
Props chetan200891, afercia.
See #42348.
Fixes #42673.


git-svn-id: https://develop.svn.wordpress.org/trunk@42222 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-23 19:28:33 +00:00
John Blackbourn
a687253cce Users: Correct the value of the lang attribute in the admin area.
This corrects the value when the user's language is set to `English (United States)` but the site language is not.

Props ocean90, afercia

Fixes #42242


git-svn-id: https://develop.svn.wordpress.org/trunk@42220 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-23 19:03:44 +00:00
Gary Pendergast
da9953aa47 Setup: Allow for wp-config-sample.php to be formatted according to coding standards.
When the setup process reads `wp-config-sample.php`, it assumes that there are no spaces inside the brackes of the `define()`s. Unfortunately, this doesn't match our coding standards, so will no longer work correctly once we start enforcing them.

This also improves coding standards of the generated `wp-config.php` file.

See #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42218 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-23 05:23:01 +00:00
Gary Pendergast
f797c252d9 General: Reformat inline if () statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42217 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-23 04:08:42 +00:00
John Blackbourn
d88bb052f0 Cron API: Improvements to docblocks for the event scheduling functions.
See #42505


git-svn-id: https://develop.svn.wordpress.org/trunk@42216 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-22 15:15:35 +00:00
Dion Hulse
2c1858a8c3 Upgrade: Fix updating plugins which include a numeric file/folder names.
The fix in [41821] caused numeric folder names to be reindexed to 0..n when in the root directory (for example, `my-plugin/24/`).

Props edo888.
See #41524.
Fixes #42628 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42214 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-21 04:14:33 +00:00
Boone Gorges
4ec5d65dcc Introduce meta_box_sanitize_cb taxonomy argument.
The `meta_box_cb` argument was introduced in [25572] to allow plugin
authors to provide a custom callback for rendering their taxonomy's meta
box on the post edit screen. However, the routine used to handle the saving
of these custom taxonomy meta boxes was not customizable, but was instead
based simply on whether the taxonomy was hierarchicaly. See [13535].

The new `meta_box_sanitize_cb` argument defaults to the "tag" routine for
non-hierarchical taxonomies and the "category" routine for hierarchical ones,
thereby maintaining the current default behavior. Developers can override this
when the data passed from their `meta_box_cb` differs.

Props boonebgorges, ZaneMatthew, stephenharris.
Fixes #36514.

git-svn-id: https://develop.svn.wordpress.org/trunk@42211 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-21 03:14:52 +00:00
Felix Arntz
887214f7ce Multisite: Fix broken update blog_versions query after [41661].
Props Mista-Flo, lenasterg.
Fixes #42641.


git-svn-id: https://develop.svn.wordpress.org/trunk@42210 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 23:45:09 +00:00
Boone Gorges
576f78ac49 Improve data types returned from empty hierarchical term queries.
When querying for 'count', ensure that 0 is returned. Otherwise,
ensure that it's an array.

Props xParham, birgire.
Fixes #42327.

git-svn-id: https://develop.svn.wordpress.org/trunk@42209 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 22:45:29 +00:00
John Blackbourn
ff1d2b5ccb HTTP API: Add a WP_Http class constant for the HTTP status code 301.
Fixes #42490


git-svn-id: https://develop.svn.wordpress.org/trunk@42208 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 20:53:20 +00:00
John Blackbourn
d821f8b28d HTTP API: Add support for a description for HTTP status code 103.
Props Dhruvin

Fixes #42490


git-svn-id: https://develop.svn.wordpress.org/trunk@42207 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 20:34:52 +00:00
John Blackbourn
ab714bd549 General: Pass on the return value from wp_redirect() for wp_safe_redirect().
This brings the behaviour of the two functions in line with each other.

Props Drivingralle

Fixes 42108


git-svn-id: https://develop.svn.wordpress.org/trunk@42206 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 20:23:50 +00:00
Dion Hulse
61904426e2 DB Repair: Only allow non-falsey values of WP_ALLOW_REPAIR to access the DB repair functionality.
This allows defining the constant as `false` to prevent access (rather than requiring the constant to be removed entirely).

Props tiagohillebrandt, munklefish.
See #11717.
Fixes #42622.


git-svn-id: https://develop.svn.wordpress.org/trunk@42205 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-20 06:20:23 +00:00
johnbillion
4af1237176 Docs: Correct the @since property for the page_attributes_misc_attributes action.
Props jeremyescott, jfarthing84

Fixes #42607


git-svn-id: https://develop.svn.wordpress.org/trunk@42203 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-19 11:51:01 +00:00
Felix Arntz
b424eecd0b Multisite: Do not show edit links in network users table for users that cannot be edited.
Props ocean90.
Fixes #42552.


git-svn-id: https://develop.svn.wordpress.org/trunk@42202 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-17 21:34:01 +00:00
Dion Hulse
be70839966 Remove the svn:keywords property from files that don't need it.
See #42594


git-svn-id: https://develop.svn.wordpress.org/trunk@42201 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-17 03:00:43 +00:00
Dion Hulse
21ad5a9e40 Remove the svn:executable property from files that don't need it.
See #42594


git-svn-id: https://develop.svn.wordpress.org/trunk@42200 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-17 02:57:27 +00:00
Sergey Biryukov
603e195f10 Rewrite Rules: Correct the logic in extract_from_markers() after [41928].
Props stodorovic.
Fixes #42579. See #39920.

git-svn-id: https://develop.svn.wordpress.org/trunk@42199 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-16 13:24:57 +00:00
Weston Ruter
aec1fb9aa0 Editor: Re-build tinymce.min.js after [42191].
See #42553.


git-svn-id: https://develop.svn.wordpress.org/trunk@42193 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 23:34:57 +00:00
Weston Ruter
7371834069 Editor: Disable wp_keep_scroll_position in IE11 since buggy; fix matches polyfill conflict with ME.js by doing runtime feature detection in context window.
Props westonruter, SergeyBiryukov, Clorith for testing.
See #41962, #42029.
Fixes #42553 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42191 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 18:58:26 +00:00
Weston Ruter
551163278b File Editor: Eliminate gap inserted between code editor and heading in IE11 when CodeMirror initializes.
Props afercia, melchoyce, Clorith for testing, SergeyBiryukov for testing.
See #12423.
Fixes #42554 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42189 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 18:28:33 +00:00
Weston Ruter
323a8c95f0 Customize: Prevent themes panel from auto-expanding in IE11.
In IE11 the `input` event erroneously gets triggered initially without any user input.

Amends [41648].
See #37661.
Fixes #42556 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42187 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 18:11:17 +00:00
Weston Ruter
672eb9206b Widgets: Set global $post to current queried object instead of nullifying when is_singular() while applying filters (and shortcodes) in Text widget and (via plugin) Custom HTML widget.
Also prevent `[gallery]` shortcode from dumping out every attachment on the site when a containing Text widget is shown on an archive template.

Props westonruter, bobbingwide, joemcgill for testing.
See #10457.
Fixes #42548, #42547 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42185 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 02:26:56 +00:00
Weston Ruter
c9b825d5f5 Editor: Improve scrolling behavior and prevent autosave logic from causing dirty state when just switching between Visual and Text tabs.
Props pento.
See #41962, #42029.
Fixes #42530 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42183 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-15 00:20:21 +00:00
Weston Ruter
4126cbbd9c About Page: Fix issue with overlapping images and text on IE11 and Edge 15.
Props Clorith, ryelle, afercia, la-geek, SergeyBiryukov.
See #42514.
Fixes #42545.


git-svn-id: https://develop.svn.wordpress.org/trunk@42181 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-14 23:01:55 +00:00
Peter Wilson
ca40a244d7 Editor: Cease adding paragraphs when switching editor tabs.
Fixes an error since [41783] in which extra paragraphs could be added to content when switching editor tabs.

Props pento, adamsilverstein, aduth.
Fixes #42531.



git-svn-id: https://develop.svn.wordpress.org/trunk@42177 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-14 05:23:55 +00:00
Gary Pendergast
7dfdbf2754 Editor: When switching Editor tabs, don't scroll unnecessarily.
- When switching to the Text view, wait until after the Visual editor element has been hidden, before focussing the `<textarea>`.
- When switching to the Visual view, only scroll if the cursor is not visible on the current screen.

Fixes #42530.



git-svn-id: https://develop.svn.wordpress.org/trunk@42175 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-14 05:18:10 +00:00
Weston Ruter
cc68415a23 About: Fix jumping behavior for titles and columns when scrolling.
Props ryelle.
See #42087.
Fixes #42514, #42526.


git-svn-id: https://develop.svn.wordpress.org/trunk@42173 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-13 22:28:20 +00:00
Weston Ruter
e260210294 Customize: Allow notifications for linting errors in code editor control (for Additional CSS) to be overridden to allow saving.
Implements the same override that was implemented in [41721] for the theme/plugin editors.

See #41897, #41887.
Fixes #42528.


git-svn-id: https://develop.svn.wordpress.org/trunk@42171 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-13 21:18:49 +00:00
Weston Ruter
33f7cfd2b9 Customize: Prevent PHP notice on theme-switch dashboard welcome link (and link to themes admin screen) when user cannot customize.
Props skostadinov, ocean90.
Amends [41699].
See #42050.
Fixes #42525.


git-svn-id: https://develop.svn.wordpress.org/trunk@42169 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-13 19:24:49 +00:00
Boone Gorges
f7dabb40c1 Correct documentation for status param of WP_Comment_Query.
The `status` parameter accepts an array or string/comma-separated list.

Introduced in [30084].

Props pbiron.
Fixes #41338.

git-svn-id: https://develop.svn.wordpress.org/trunk@42165 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-13 16:25:18 +00:00