`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/trunk@46895 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `post_date` or `comment_date` was assumed to be GMT, which is only true if the timezone string for the site matches GMT.
Add unit tests.
Props Rarst, smerriman, justdaiv, wonderboymusic, noyle.
Fixes#30429.
git-svn-id: https://develop.svn.wordpress.org/trunk@46864 602fd350-edb4-49c9-b593-d223f7449a82
Previously, tests could create sequential objects with names like `Term 99`, `Term 100`, which by default would be returned in reverse order when sorted by name alphabetically, causing seemingly random test failures that are extremely hard to debug.
See #48145.
git-svn-id: https://develop.svn.wordpress.org/trunk@46830 602fd350-edb4-49c9-b593-d223f7449a82
Synchronize documentation for `add_filter()`, `tests_add_filter()`, `_wp_filter_build_unique_id()`, `_test_filter_build_unique_id()`.
Add a note that `$tag` and `$priority` are no longer used in `_wp_filter_build_unique_id()` since [46220], and the function always returns a string now.
Props donmhico, remcotolsma, SergeyBiryukov.
Fixes#47407. See #48303.
git-svn-id: https://develop.svn.wordpress.org/trunk@46801 602fd350-edb4-49c9-b593-d223f7449a82
Overriding default PHP timezone with `date_default_timezone_set()`, while not recommended, should not inadvertently result in changing existing permalinks.
Add a unit test.
Props Rarst, steevithak, archon810, maciejmackowiak, Ov3rfly, Cybr, hometowntrailers, scvleon, miette49.
Fixes#48623.
git-svn-id: https://develop.svn.wordpress.org/trunk@46795 602fd350-edb4-49c9-b593-d223f7449a82
With the changes in [45908], `mysql2date()` works correctly for all local time inputs, but should not be used for UTC time inputs.
Add a unit test.
Props Rarst, lisota.
Fixes#48675.
git-svn-id: https://develop.svn.wordpress.org/trunk@46756 602fd350-edb4-49c9-b593-d223f7449a82
This is only a wrapper for the `add_node()` method, but it's in widespread use both in core until [46642] and in thousands of plugins and themes. Deprecating it would have made sense when #19647 was originally opened but that's no longer the case.
Props whyisjake
Fixes#19647
git-svn-id: https://develop.svn.wordpress.org/trunk@46678 602fd350-edb4-49c9-b593-d223f7449a82
Make sure it actually tests the change in behavior, previously it passed both before and after the patch.
Add `wp_unslash()` to the last remaining instance of `$_POST['user_login']` that didn't have it.
See #38744.
git-svn-id: https://develop.svn.wordpress.org/trunk@46650 602fd350-edb4-49c9-b593-d223f7449a82
Move the test to a more appropriate place for consistency with `wp_sanitize_redirect()` and `wp_validate_redirect()` tests.
See #44317.
git-svn-id: https://develop.svn.wordpress.org/trunk@46649 602fd350-edb4-49c9-b593-d223f7449a82
The REST API supports filtering by terms across multiple taxonomies using an AND relation. This adds support for an OR relation by adding "tax_relation=OR" as a query parameter.
Props earnjam.
Fixes#44326.
git-svn-id: https://develop.svn.wordpress.org/trunk@46646 602fd350-edb4-49c9-b593-d223f7449a82
The tests for good redirects send headers that we can't handle in the test suite, so let's just remove them.
Unprops Jorbin.
Fixes#44317.
git-svn-id: https://develop.svn.wordpress.org/trunk@46645 602fd350-edb4-49c9-b593-d223f7449a82
This patch replaces all references to the add_menu() method with the add_node() one. (Also some code structure modifications for wp_admin_bar_appearance_menu().)
Fixes: #19647
Props: linuxologos, paulschreiber, morganestes, akibjorklund, nacin, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46642 602fd350-edb4-49c9-b593-d223f7449a82
Redirects should use redirect status codes and if you attempt to call wp_safe_redirect or wp_redirect with a non redirect status it can lead to undesired behavior and head scratching.
Fixes#44317.
Props spenserhale, johnbillion, mjnewman for initial patch.
git-svn-id: https://develop.svn.wordpress.org/trunk@46641 602fd350-edb4-49c9-b593-d223f7449a82
Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.
Fixes#38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46640 602fd350-edb4-49c9-b593-d223f7449a82
* `_deprecated_function()`
* `_deprecated_argument()`
* `_deprecated_constructor()`
* `_deprecated_file()`
The error level passed is `E_USER_DEPRECATED` for the deprecated function group and `E_USER_NOTICE` for `_doing_it_wrong()`.
Props jrf.
Fixes#36561.
git-svn-id: https://develop.svn.wordpress.org/trunk@46625 602fd350-edb4-49c9-b593-d223f7449a82
Unix vs. Windows EOL style mismatches can cause misleading failures in tests using the heredoc syntax (`<<<`) or multiline strings as the expected result.
Fixes#31432. See #42594, #47411.
git-svn-id: https://develop.svn.wordpress.org/trunk@46612 602fd350-edb4-49c9-b593-d223f7449a82
There is no functional difference between `gmt_offset` and `timezone_string` timezone modes for the issue.
See #48384.
git-svn-id: https://develop.svn.wordpress.org/trunk@46583 602fd350-edb4-49c9-b593-d223f7449a82
Add `$source` parameter to `get_post_datetime()` to instantiate from local or UTC time in database.
Props Rarst, david.binda.
Reviewed by azaozz, SergeyBiryukov.
Fixes#48384.
git-svn-id: https://develop.svn.wordpress.org/trunk@46580 602fd350-edb4-49c9-b593-d223f7449a82
This is a follow-up to [46149] to avoid unnecessary breakage in case of using the old notation.
Props david.binda, jrf.
Reviewed by azaozz.
Fixes#48312.
git-svn-id: https://develop.svn.wordpress.org/trunk@46568 602fd350-edb4-49c9-b593-d223f7449a82
Introduce `make_clickable_rel` filter for the `rel` value that is added to URL matches converted to links.
This is a follow-up to [46349], which added the `rel="nofollow ugc"` attribute to existing `<a>` tags in comments via `wp_rel_ugc()`.
UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.
See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.
Props blogginglife, SergeyBiryukov.
Reviewed by desrosj, audrasjb.
Fixes#48022.
git-svn-id: https://develop.svn.wordpress.org/trunk@46564 602fd350-edb4-49c9-b593-d223f7449a82
Introducing complex meta value handling in [45807] unintentionally removed value casting for empty scalar meta values.
Props TimothyBlynJacobs, chrisvanpatten, rmccue, kadamwhite.
Fixes#48363.
git-svn-id: https://develop.svn.wordpress.org/trunk@46563 602fd350-edb4-49c9-b593-d223f7449a82
Previously, searching for symbol references to replace with post or attachment IDs in array values resulted in a PHP warning.
Props timph, JarretC, SergeyBiryukov.
Fixes#45484.
git-svn-id: https://develop.svn.wordpress.org/trunk@46548 602fd350-edb4-49c9-b593-d223f7449a82
We decided to mark Social Links block as an experimental feature in Gutenberg. In effect, we are moving all related code from WordPress 5.3 release.
Props youknowriad.
Fixes#48263.
git-svn-id: https://develop.svn.wordpress.org/trunk@46543 602fd350-edb4-49c9-b593-d223f7449a82
Coding standards, ensure that nonce is valid with identical, rather then equal operator.
Props vortfu, xknown, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46477 602fd350-edb4-49c9-b593-d223f7449a82
Allows fallback previews (PDF by default, in core) to save image meta
after each size is generated to allow for resuming, and make sizes
immediately available.
Props azaozz, antpb, progremzion, mikeschroder.
See #48111.
git-svn-id: https://develop.svn.wordpress.org/trunk@46459 602fd350-edb4-49c9-b593-d223f7449a82
Slashing non-string data caused PUT requests containing unmodified meta arrays of integers to fail the check against the existing stored meta value, causing a 500 when posting an unmodified response body back to the server.
Props TimothyBlynJacobs, augustuswm.
Fixes#48264.
git-svn-id: https://develop.svn.wordpress.org/trunk@46454 602fd350-edb4-49c9-b593-d223f7449a82
Ensures that the ::get_rest_controller() method will always return an instanceof the expected controller class, or null.
Removes unused private static property $post_type_controllers.
Props dlh, TimothyBlynJacobs.
Fixes#45677.
git-svn-id: https://develop.svn.wordpress.org/trunk@46435 602fd350-edb4-49c9-b593-d223f7449a82
Removes a special-case prohibition against embedding 'self' which prevented ?_embed from being used with the /wp/v2/search endpoint.
Props TimothyBlynJacobs, chrisvanpatten, kadamwhite.
Fixes#47684.
git-svn-id: https://develop.svn.wordpress.org/trunk@46434 602fd350-edb4-49c9-b593-d223f7449a82
The `_publish_post_hook()` function checks for `WP_IMPORTING` before setting meta fields fir enclosures and pings, which means this test is doomed to fail.
The test can be re-implemented if the `WP_IMPORTING` constant gets moved to a function similar to how `wp_installing()` works for the `WP_INSTALLING` constant.
See #48014
git-svn-id: https://develop.svn.wordpress.org/trunk@46428 602fd350-edb4-49c9-b593-d223f7449a82
1. `POST /wp/v2/media`.
2. If the upload failed (HTTP 500 error), look for a response header with `X-WP-Upload-Attachment-ID` header that contains the newly created attachment ID.
3. `POST /wp/v2/media/{id}/post-process` with `{ "action": "create-image-subsizes" }`. This request may still fail, but it will save its progress.
4. On continued failure, `DELETE /wp/v2/media/{id}` to give up on the upload and instruct the user to resize their image before uploading.
Props TimothyBlynJacobs.
Fixes#47987.
git-svn-id: https://develop.svn.wordpress.org/trunk@46422 602fd350-edb4-49c9-b593-d223f7449a82
This prevents standalone percent symbols from being stripped out, e.g. in a default value like `100%`.
Props aristath, kuus, moonomo, westonruter, davetgreen, daviedR, katielgc, noisysocks, SergeyBiryukov.
Fixes#34290.
git-svn-id: https://develop.svn.wordpress.org/trunk@46395 602fd350-edb4-49c9-b593-d223f7449a82
Headings are the predominant mechanism for screen reader users to find information in a page. They also help all users to better identify the main sections of user interfaces.
- adds three new headings within the media modal
- improves plural form translation for "item selected" by using `wp.i18n`
- horizontally centers the media modal menu in the responsive view
Props kjellr, karmatosed, melchoyce, afercia.
See #47149.
Fixes#47610.
git-svn-id: https://develop.svn.wordpress.org/trunk@46375 602fd350-edb4-49c9-b593-d223f7449a82
Added missing @ticket for #47863 on `data_shortcode_parse_atts()`
Also cleans up some linter fixes that were missed.
Props garrett-eclipse, whyisjake.
ixes #47863.
git-svn-id: https://develop.svn.wordpress.org/trunk@46370 602fd350-edb4-49c9-b593-d223f7449a82
Ensure consistency between `shortcode_parse_attts()` when being used directly.
Props mauteri, birgire, SergeyBiryukov, kadamwhite, whyisjake.
Fixes#47863.
git-svn-id: https://develop.svn.wordpress.org/trunk@46369 602fd350-edb4-49c9-b593-d223f7449a82
If there is no global comment, or the input comment is null, return early to prevent warnings.
Fixes#41846
Props birgire, earnjam
git-svn-id: https://develop.svn.wordpress.org/trunk@46335 602fd350-edb4-49c9-b593-d223f7449a82
This function must not be modified to return anything due to existing themes which output the return value, for example via `echo get_template_part( ... )`.
See #40969
git-svn-id: https://develop.svn.wordpress.org/trunk@46328 602fd350-edb4-49c9-b593-d223f7449a82
In [46312] and [46313] we attempted to do some phpcs cleanup. This commit cleans up three issues that were introduced in [46309].
Fixes#48142.
Props: whyisjake, garrett-eclipse, desrosj
git-svn-id: https://develop.svn.wordpress.org/trunk@46314 602fd350-edb4-49c9-b593-d223f7449a82
`phpcbf` was able to clean up a few files. Tests were breaking as a result of code formatting.
Fixes#48142
Props whyisjake
git-svn-id: https://develop.svn.wordpress.org/trunk@46312 602fd350-edb4-49c9-b593-d223f7449a82
The current logic in TwentyFifteen (#30366) for making the sidebar sticky while still allowing to scroll through it when the sidebar height is larger than the viewport height is flawed and massively overcomplicated.
This can be mitigated by removing the admin bar specific logic and leaving most of the heavy lifting up to the browser.
Fixes#37536
Props DvanKooten, lukecavanagh, karmatosed, ianbelanger, davidbaumwald
git-svn-id: https://develop.svn.wordpress.org/trunk@46308 602fd350-edb4-49c9-b593-d223f7449a82
Completes work begun in #39953 to expose "date floating" status information to frontend clients via the REST API.
Props TimothyBlynJacobs.
Fixes#48113.
git-svn-id: https://develop.svn.wordpress.org/trunk@46279 602fd350-edb4-49c9-b593-d223f7449a82
After being imported in [46271], Twenty Twenty can now be set as the default theme in WordPress.
See #48110.
Props desrosj, ocean90.
git-svn-id: https://develop.svn.wordpress.org/trunk@46278 602fd350-edb4-49c9-b593-d223f7449a82