The REST API treats routes without a permission_callback as public. Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catostrophic when it occurs.
For REST API routes that are intended to be public, it is recommended to set the permission callback to the `__return_true` built in function.
Fixes#50075.
Props rmccue, sorenbronsted, whyisjake, SergeyBiryukov, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@48526 602fd350-edb4-49c9-b593-d223f7449a82
The REST API plugin installation tests use the `upgrader_pre_download` filter to avoid downloading the test plugin from WordPress.org. Previously, this would apply to any upgrader, which caused issues if the testing environment required a language update.
Now, the filter only overwrites the file if the `Plugin_Upgrader` is being used which should hopefully prevent the issue.
Props pfefferle, TimothyBlynJacobs.
Fixes#50671.
git-svn-id: https://develop.svn.wordpress.org/trunk@48524 602fd350-edb4-49c9-b593-d223f7449a82
If sitemaps are disabled, previously there would be a rewrite rule for the sitemap endpoint. This endpoint would display the homepage since there was a rewrite rule. Now, Sitemaps are loaded, and the proper HTTP headers are returned.
Fixes#50643.
Props swissspidy, kraftbj, donmhico.
git-svn-id: https://develop.svn.wordpress.org/trunk@48523 602fd350-edb4-49c9-b593-d223f7449a82
This will be the time the was proposed, added to the reminder interval.
Fixes#48333.
Props SergeyBiryukov, desrosj.
git-svn-id: https://develop.svn.wordpress.org/trunk@48522 602fd350-edb4-49c9-b593-d223f7449a82
It doesn't make sense to be able to filter the comments list table when there are are no (trashed/spam) comments available.
Fixes#40188.
Props swissspidy, Jim_Panse, menakas, akbarhusen429, dinhtungdu, birgire, SergeyBiryukov, davidbaumwald, rebasaurus, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48521 602fd350-edb4-49c9-b593-d223f7449a82
This helps administrators keep track of which versions of plugins and themes are running on their site when auto-updates occur.
Props audrasjb, pbiron.
Fixes#50350.
git-svn-id: https://develop.svn.wordpress.org/trunk@48517 602fd350-edb4-49c9-b593-d223f7449a82
This updates three packages:
- `@wordpress/browserslist-config` from `2.5.0` to `2.7.0`
- `autoprefixer` from `9.6.0` to `9.8.5`.
- `chokidar-cli` from `2.0.0` to `2.1.0`
See #49768.
git-svn-id: https://develop.svn.wordpress.org/trunk@48515 602fd350-edb4-49c9-b593-d223f7449a82
The oEmbed service for Hulu no longer works and appears to have been silently disabled.
Props tacitonic, talldanwp, youknowriad, bph.
Fixes#50676.
git-svn-id: https://develop.svn.wordpress.org/trunk@48512 602fd350-edb4-49c9-b593-d223f7449a82
- `post_title`,
- `post_content` (image description),
- `post_excerpt` (image caption as saved in the DB),
- `_wp_attachment_image_alt` meta (alt text for the img tag as saved in the DB).
Props spacedmonkey, joedolson, TimothyBlynJacobs, azaozz.
Fixes#50675.
git-svn-id: https://develop.svn.wordpress.org/trunk@48510 602fd350-edb4-49c9-b593-d223f7449a82
In [48456], database import and export icons were introduced. However, the arrows were pointing in the wrong directions. This reverses the arrows to be pointing correctly based on the action described in the name.
Props johnbillion, joen, desrosj, empireoflight.
Fixes#49913.
git-svn-id: https://develop.svn.wordpress.org/trunk@48506 602fd350-edb4-49c9-b593-d223f7449a82
This brings consistency with the `get_{$meta_type}_metadata` filter and more closely matches the `get_metadata_default()` function signature.
Follow-up to [48502].
Props spacedmonkey.
See #43941.
git-svn-id: https://develop.svn.wordpress.org/trunk@48505 602fd350-edb4-49c9-b593-d223f7449a82
Due to Thickbox shenanigans, the buttons height needed to be shrunk a little to center properly in the iframe.
Fixes#49828.
Props ibachal, Otto42, afercia.
git-svn-id: https://develop.svn.wordpress.org/trunk@48503 602fd350-edb4-49c9-b593-d223f7449a82
The order of parameters in `get_metadata_default()` did not match the signature of `get_metadata()`. This could be confusing for developers who are familiar with the existing metadata API.
Fixes#43941.
Props SergeyBiryukov, spacedmonkey, johnjamesjacoby.
git-svn-id: https://develop.svn.wordpress.org/trunk@48502 602fd350-edb4-49c9-b593-d223f7449a82
Ensure that `get_admin_page_title()` returns a value from pages registered using `add_menu_page()`.
Fixes#46081.
Props grapestain, valentinbora, SergeyBiryukov, audrasjb.
git-svn-id: https://develop.svn.wordpress.org/trunk@48500 602fd350-edb4-49c9-b593-d223f7449a82
When `wp_count_posts()` is cached, it does so with all statuses defaulted to 0. The problem is however, if this is called before all plugins have registered their desired statuses, they won't have that default.
Fixes#49685.
Props obliviousharmony, SergeyBiryukov.
git-svn-id: https://develop.svn.wordpress.org/trunk@48497 602fd350-edb4-49c9-b593-d223f7449a82
Adjusts the gallery shortcode handler to check for the `link` attribute when outputting to a feed.
Fixes#22101.
Props ifrins, mdgl, SergeyBiryukov, chriscct7, stevenkword, iworks, DrewAPicture, birgire, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48496 602fd350-edb4-49c9-b593-d223f7449a82
The `@deprecated` DocBlock tag should start with the version followed by the description of what to use instead.
Fixes#44959.
Props keesiemeijer, sabernhardt.
git-svn-id: https://develop.svn.wordpress.org/trunk@48495 602fd350-edb4-49c9-b593-d223f7449a82
This ensures consistency with `Plugin_Upgrader::install_strings()` and resolves an issue caused by the property not existing in other upgrader implementations.
Props schlessera, azaozz.
See #50670.
git-svn-id: https://develop.svn.wordpress.org/trunk@48493 602fd350-edb4-49c9-b593-d223f7449a82
WordPress Core comes by default with a number of block patterns and a frequent request was to be able to opt-out of the Core block patterns.
You can now opt-out using remove_theme_support( 'core-block-patterns' )
Props desrosj, nosolosw.
Fixes#50669.
git-svn-id: https://develop.svn.wordpress.org/trunk@48492 602fd350-edb4-49c9-b593-d223f7449a82
* Move default term assignment from `wp_set_object_terms()` to `wp_insert_post()`.
* Make sure the passed taxonomy list overwrites the existing list if not empty.
* Remove the default term option on `unregister_taxonomy()`.
* Prevent deletion of the default term in `wp_delete_term()`.
Props enrico.sorcinelli, TimothyBlynJacobs.
See #43517.
git-svn-id: https://develop.svn.wordpress.org/trunk@48480 602fd350-edb4-49c9-b593-d223f7449a82
- changes the politeness level of the two error messages introduced in [47835] to `assertive`
- remove unnecessary `polite` parameters as that's the default value
See #50512, #50052.
git-svn-id: https://develop.svn.wordpress.org/trunk@48479 602fd350-edb4-49c9-b593-d223f7449a82
This change renames `$new_whitelist_options` to `$new_allowed_options`. This makes the variable’s purpose more clear, and promotes using more inclusive language.
For backwards compatibility, the new variable is passed by reference to the old one.
Follow up to [48121].
Props ayeshrajans, desrosj, jorbin, SergeyBiryukov.
See #50413.
Fixes#50434.
git-svn-id: https://develop.svn.wordpress.org/trunk@48477 602fd350-edb4-49c9-b593-d223f7449a82
If there are no pages and no static homepage, there will still be one sitemap including the homepage URL.
This change ensures that this sitemap is correctly listed in the sitemap index.
Props Chouby, pacifika, elrae.
Fixes#50571.
git-svn-id: https://develop.svn.wordpress.org/trunk@48476 602fd350-edb4-49c9-b593-d223f7449a82
