WP 4.4 changed the way comment pagination is calculated. See #8071. In the
context of `get_comment_link()`, these changes introduced a regression that
causes `cpage` (or its pretty-permalink correlate `comment-page-x`) to appear
in comment links when comment pagination is disabled. The current changeset
fixes the regression.
Merges [35933] to the 4.4 branch.
Fixes#34946.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35934 602fd350-edb4-49c9-b593-d223f7449a82
`array_merge()` is much slower than building the combined array using a
`foreach` loop. The performance difference was causing a speed regression with
the `get_children()` functionality introduced in 4.4.
Merges [35931] to the 4.4 branch.
Props rogerhub.
Fixes#35025.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35932 602fd350-edb4-49c9-b593-d223f7449a82
Most browsers no longer trust 1024bit certificates, or certificates signed by them, instead verifying them by a trusted intermediate or a cross-sign from another trusted certificate.
Unfortunately, as it turns out, OpenSSL prior to 1.0.1g cannot correctly handle certificates chains such as this, even if one of the intermediates is trusted.
The solution is that we need to continue to trust the 1024bit legacy root certificates forthe foreseeable future
This adds the following certificates back into our trust store:
{{{
GTE CyberTrust Global Root
Thawte Server CA
Thawte Premium Server CA
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
ValiCert Class 1 VA
ValiCert Class 2 VA
RSA Root Certificate 1
Entrust.net Secure Server CA
Equifax Secure Global eBusiness CA
Equifax Secure eBusiness CA 1
America Online Root Certification Authority 1
America Online Root Certification Authority 2
NetLock Business (Class B) Root
NetLock Express (Class C) Root
Verisign Class 3 Public Primary Certification Authority
}}}
Props rmccue.
Merges [35919] to the 4.4 branch.
Fixes#34935.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35921 602fd350-edb4-49c9-b593-d223f7449a82
`wp_get_object_terms()` can return a `WP_Error` object. As such, the
`get_the_terms()` cache wrapper should handle them properly. To wit:
* Don't try to map an error object to `get_term()`. Introduced in [35032].
* Don't cache an error object as taxonomy relationships. Introduced in at least [16487], maybe earlier.
Ports [35850] to the 4.4 branch.
Props stephenharris.
Fixes#34723.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35851 602fd350-edb4-49c9-b593-d223f7449a82
We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes.
To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the
meta from the attachment ID in the class.
Merge of [35820] to the 4.4 branch.
Props azaozz, kovshenin, joemcgill, mikeschroder.
See #34898.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35821 602fd350-edb4-49c9-b593-d223f7449a82
Part of [34728] was already reverted in [35682], but the default values still made it impossible to set a default ordering for custom post types.
Merge of [35818] for the 4.4 branch.
See #25493.
Fixes#34825.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35819 602fd350-edb4-49c9-b593-d223f7449a82
"Connected" because of REST API and cross-site embeds.
"Responsive" because of responsive images and under-the-hood tweaks.
See #34663 for the 4.4 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.4@35798 602fd350-edb4-49c9-b593-d223f7449a82
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.
Props markjaquith.
Fixes#27317.
git-svn-id: https://develop.svn.wordpress.org/trunk@35772 602fd350-edb4-49c9-b593-d223f7449a82
In [34504], tabbing through row actions on comments that lacked links was broken. This restores the desired behavior and ensures that the row actions can be seen by no-js users.
Second Permanent Committer sign off was by WonderBoyMusic
See #15520Fixes#34791
Props afercia, azaozz
git-svn-id: https://develop.svn.wordpress.org/trunk@35771 602fd350-edb4-49c9-b593-d223f7449a82
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.
In theory, this could lead to some broken embeds.
Props mdawaffe.
Fixes#34831.
git-svn-id: https://develop.svn.wordpress.org/trunk@35761 602fd350-edb4-49c9-b593-d223f7449a82
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes#33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
git-svn-id: https://develop.svn.wordpress.org/trunk@35742 602fd350-edb4-49c9-b593-d223f7449a82
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
git-svn-id: https://develop.svn.wordpress.org/trunk@35740 602fd350-edb4-49c9-b593-d223f7449a82
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do.
Props nacin, jeremyfelt, dd32.
See #34306.
git-svn-id: https://develop.svn.wordpress.org/trunk@35738 602fd350-edb4-49c9-b593-d223f7449a82
To add a home link to the fallback menu output many themes only check if that
argument is set. Including Twenty Ten and Twenty Eleven. They check with
`isset()` so child themes and other instances using `wp_page_menu()` have a
chance to disable the home link by setting it to `false`.
Fixes#11095.
git-svn-id: https://develop.svn.wordpress.org/trunk@35737 602fd350-edb4-49c9-b593-d223f7449a82
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.
You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?
Props danielbachhuber.
Fixes#34377.
git-svn-id: https://develop.svn.wordpress.org/trunk@35735 602fd350-edb4-49c9-b593-d223f7449a82
* Introduce `customize_post_value_set_{$setting_id}` and `customize_post_value_set` actions which are done when `WP_Customize_Manager::set_post_value()` is called.
* Clear the `preview_applied` flag for aggregated multidimensional settings when a post value is set. This ensures the new value is used instead of a previously-cached previewed value.
* Move `$is_preview` property from subclasses to `WP_Customize_Setting` parent class.
* Deferred preview: Ensure that when `preview()` short-circuits due to not being applicable that it will be called again later when the post value is set.
* Populate post value for updated-widget with the (unsanitized) JS-value in `WP_Customize_Widgets::call_widget_update()` so that value will be properly sanitized when accessed in `WP_Customize_Manager::post_value()`.
Includes unit tests with assertions to check the reported issues and validate the fixes.
Fixes defect introduced in [35007].
See #32103.
Fixes#34738.
git-svn-id: https://develop.svn.wordpress.org/trunk@35724 602fd350-edb4-49c9-b593-d223f7449a82
Correct the docs for `comment_notes_before` and `comment_notes_after` arguments as well as `comment_form_before_fields` and `comment_form_after_fields` actions to better describe the current behaviour.
Fixes#34731.
git-svn-id: https://develop.svn.wordpress.org/trunk@35723 602fd350-edb4-49c9-b593-d223f7449a82
Adds the `postmeta_form_keys` filter which allows for a potentially expensive query against postmeta to be avoided.
props ericmann, tollmanz, nacin.
see #33885.
git-svn-id: https://develop.svn.wordpress.org/trunk@35717 602fd350-edb4-49c9-b593-d223f7449a82
Update `@see` tags for `wp_make_content_images_responsive()` and `wp_image_add_srcset_and_sizes()`.
Props jaspermdegroot.
See #34733.
git-svn-id: https://develop.svn.wordpress.org/trunk@35715 602fd350-edb4-49c9-b593-d223f7449a82
This prevents the admin menu from disappearing if an old `ru_RU.php` file is left over after updating directly from 3.1.x or an older version to the latest release.
See #20974.
git-svn-id: https://develop.svn.wordpress.org/trunk@35710 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `&` would be converted everywhere, which caused problems when it was converted within a `<script>`, for example.
`convert_chars()` is now removed from the `the_content` filter, as it was doing the same job as `wptexturize()`.
KSES correctly handles converting `&` within HTML attributes, so there's no need for `wptexturize()` and `convert_chars()` to do the same job.
Fixes#34698.
git-svn-id: https://develop.svn.wordpress.org/trunk@35709 602fd350-edb4-49c9-b593-d223f7449a82
Older versions of WordPress will convert those `&` characters to `&`, which makes for some non-functional JS. If folks are running an older release, let's not make their lives more difficult than it already is.
Props pento, peterwilsoncc.
See #34698.
git-svn-id: https://develop.svn.wordpress.org/trunk@35708 602fd350-edb4-49c9-b593-d223f7449a82
Reverts [35700] which didn't account for author archives without posts.
Determination of the correct title is now based on the same order of
conditionals that template loader uses to select the right template.
H/t ocean90.
Fixes#34516.
git-svn-id: https://develop.svn.wordpress.org/trunk@35706 602fd350-edb4-49c9-b593-d223f7449a82
Since [25574] `$authordata` gets set up in `WP::register_globals()` - no need
to take a detour over the queried object.
Props greenshady for initial patch.
Fixes#34516.
git-svn-id: https://develop.svn.wordpress.org/trunk@35700 602fd350-edb4-49c9-b593-d223f7449a82
Use of `register_column_headers()` and `print_column_headers()` creates a `_WP_List_Table_Compat` without any columns. When the List Table object doesn't have any columns, there's naturally no primary column.
Props danielbachhuber.
Fixes#34148.
git-svn-id: https://develop.svn.wordpress.org/trunk@35698 602fd350-edb4-49c9-b593-d223f7449a82
[34356] removed the table row specificity on rules for `.site-deleted`, `.site-spammed`, `.site-archived`, and `.site-matured` so that the styles would be properly applied to other elements. Now, the zebra striping rules override these styles on even rows.
We can account for `tr` specific and more generic applications of these classes.
Fixes#33595.
git-svn-id: https://develop.svn.wordpress.org/trunk@35692 602fd350-edb4-49c9-b593-d223f7449a82
Users who cannot `edit_posts` do not see the Comments nav item anyway, so
don't bother running a query that gets a comment count to display in the menu.
Props bordoni, johnbillion.
Fixes#19372.
git-svn-id: https://develop.svn.wordpress.org/trunk@35691 602fd350-edb4-49c9-b593-d223f7449a82
This change hooks these new output functions to existing hooks in the embed template, allowing for more straightforward display control of these elements.
Leaves the embed header and footer intact pending further modularization in a future release.
Props juliobox, swissspidy, DrewAPicture.
See #34561.
git-svn-id: https://develop.svn.wordpress.org/trunk@35689 602fd350-edb4-49c9-b593-d223f7449a82
Keeping myhacks support is a small price to pay for not breaking people's sites. Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.
https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.
Fixes#33741.
git-svn-id: https://develop.svn.wordpress.org/trunk@35688 602fd350-edb4-49c9-b593-d223f7449a82
[35333] enforces protection for taxonomies by preventing non-public taxonomies
from registering query_vars in `register_taxonomy()`. This broke the use of
taxonomy query_vars on edit.php, breaking backward compatibility and
creating inconsistency with the treatment introduced in [34247], which allowed
`taxonomy=foo` filtering on the Dashboard, even when `foo` is non-public. In
this changeset, we make the same Dashboard exception for the query_var.
Fixes#21949.
git-svn-id: https://develop.svn.wordpress.org/trunk@35680 602fd350-edb4-49c9-b593-d223f7449a82
Also updates the subsequent hook docs for the `wp_calculate_image_sizes` filter.
Props joemcgill.
Fixes#34612.
git-svn-id: https://develop.svn.wordpress.org/trunk@35672 602fd350-edb4-49c9-b593-d223f7449a82
Further, introduce a new `delete_plugin` action hook, to be fired ''before'' a plugin deletion attempt. Both changes bring parity with other such transactional hooks in core that fire before and after certain actions, including on plugin activation/deactivation and install/uninstall, among others.
Props johnjamesjacoby.
Fixes#26904.
git-svn-id: https://develop.svn.wordpress.org/trunk@35669 602fd350-edb4-49c9-b593-d223f7449a82
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()
Props danielbachhuber.
Fixes#34647.
git-svn-id: https://develop.svn.wordpress.org/trunk@35659 602fd350-edb4-49c9-b593-d223f7449a82
If `DB_CHARSET` isn't defined (or is empty), `wpdb::$charset` will be empty, too. `wpdb::strip_invalid_text()` assumes that it isn't empty, however, so we need to fall back to the connection character set when we're running our sanity checks.
Fixes#34708.
git-svn-id: https://develop.svn.wordpress.org/trunk@35655 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.
Fixes#34551.
git-svn-id: https://develop.svn.wordpress.org/trunk@35653 602fd350-edb4-49c9-b593-d223f7449a82
Makes the password field on install and for password resets editable again. Both fields were accidentally set to disabled in [35603].
Props adamsilverstein, flixos90.
Fixes#33699.
git-svn-id: https://develop.svn.wordpress.org/trunk@35649 602fd350-edb4-49c9-b593-d223f7449a82
[29843] introduced this documentation, and incorrectly stated that short
column names (eg 'login' instead of 'user_login') could be used.
Props birgire.
Fixes#34701.
git-svn-id: https://develop.svn.wordpress.org/trunk@35645 602fd350-edb4-49c9-b593-d223f7449a82
This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.
Fixes#34562
git-svn-id: https://develop.svn.wordpress.org/trunk@35644 602fd350-edb4-49c9-b593-d223f7449a82
Twemoji will replace the `img` with the emoji character, in the event that the image fails to load. We deliberately avoid trying to change that emoji character when it's changed back. We do need to replace emoji characters that are changed by something other than Twemoji, which this rectifies.
Fixes#34640.
git-svn-id: https://develop.svn.wordpress.org/trunk@35637 602fd350-edb4-49c9-b593-d223f7449a82
This serves as both a reset and some basic styling. The class name also aligns with parallel components in other popular projects.
props paulwilde for the initial patch.
fixes#34242.
git-svn-id: https://develop.svn.wordpress.org/trunk@35636 602fd350-edb4-49c9-b593-d223f7449a82
