Skip to content
Permalink
Browse files

Sync with changes from WordPress 4.9.9

- Merges https://core.trac.wordpress.org/changeset/43600 / WordPress/wordpress-develop@216ff77 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43610 / WordPress/wordpress-develop@89caf3b to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43612 / WordPress/wordpress-develop@1da5a8b to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43613 / WordPress/wordpress-develop@90b39a6 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43615 / WordPress/wordpress-develop@6a09c56 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43618 / WordPress/wordpress-develop@0839d32 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43621 / WordPress/wordpress-develop@e4afee3 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43625 / WordPress/wordpress-develop@9e8090f to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43626 / WordPress/wordpress-develop@4c6175e to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43637 / WordPress/wordpress-develop@e44849e to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43639 / WordPress/wordpress-develop@13bd954 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43646 / WordPress/wordpress-develop@c50b216 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43649 / WordPress/wordpress-develop@830632f to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43656 / WordPress/wordpress-develop@b297a03 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43989 / WordPress/wordpress-develop@ff58a69 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/43997 / WordPress/wordpress-develop@4a807b3 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/44020 / WordPress/wordpress-develop@1775941 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/44024 / WordPress/wordpress-develop@7a7e1ad to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/44051 / WordPress/wordpress-develop@07c82a2 to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/44053 / WordPress/wordpress-develop@fb09f6d to ClassicPress.
- Merges https://core.trac.wordpress.org/changeset/44078 / WordPress/wordpress-develop@e908aa3 to ClassicPress.
- Fixes #282.
- Props @Pross.

Squashed commit of the following:

commit 18cba74
Author: James Nylen <jnylen@gmail.com>
Date:   Sun Dec 16 00:07:43 2018 -0500

    Improve description of new function

    The previous description implies a whitelist, which is not what the
    function code actually does.

commit 9d82cd7
Author: James Nylen <jnylen@gmail.com>
Date:   Sat Dec 15 23:51:31 2018 -0500

    Revert "Customize: Revert [43575] from the 4.9 branch."

    This reverts commit 8abdb45.

    ClassicPress note: The commit that was reverted here is the last commit
    we took from WP in the 4.9 branch, tagged as `LAST_WP_COMMIT`.  We'll
    keep it.

commit de76674
Author: James Nylen <jnylen@gmail.com>
Date:   Sat Dec 15 21:57:34 2018 -0500

    Change `@ since WP-5.0.1` to `WP-4.9.9`

    ClassicPress note: Sloppy patches

commit 8fd09b5
Author: Simon Prosser <pross@pross.org.uk>
Date:   Thu Dec 13 18:19:18 2018 +0000

    Prefix WP versions in comments.

commit 402d0fa
Author: Jeremy Felt <jeremyfelt@git.wordpress.org>
Date:   Thu Dec 13 02:10:55 2018 +0000

    Bump 4.9 branch to version 4.9.9.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44078 602fd350-edb4-49c9-b593-d223f7449a82

commit 5c89b3e
Author: Gary Pendergast <pento@git.wordpress.org>
Date:   Thu Dec 13 01:37:30 2018 +0000

    Editor: Remove unwanted fields before saving posts.

    The `meta_input`, `file`, and `guid` fields are not intended to be updated through user input.

    Merges [44047] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44053 602fd350-edb4-49c9-b593-d223f7449a82

commit 909f775
Author: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date:   Thu Dec 13 01:32:07 2018 +0000

    Multisite: Validate activation links.

    Merges [44048] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44051 602fd350-edb4-49c9-b593-d223f7449a82

commit f395a38
Author: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date:   Thu Dec 13 00:33:05 2018 +0000

    Multisite: Improve messaging for previously activated users.

    Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

    Merges [44021] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44024 602fd350-edb4-49c9-b593-d223f7449a82

commit dc422da
Author: Ian Dunn <iandunn@git.wordpress.org>
Date:   Thu Dec 13 00:13:03 2018 +0000

    KSES: Make the URI attributes DRY.

    This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

    Merges [44014] and [44017] to the `4.9` branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44020 602fd350-edb4-49c9-b593-d223f7449a82

commit a7431b3
Author: Gary Pendergast <pento@git.wordpress.org>
Date:   Wed Dec 12 23:16:14 2018 +0000

    KSES: Conditionally remove the `<form>` element from `$allowedposttags`.

    To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`.

    Merges [43994] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43997 602fd350-edb4-49c9-b593-d223f7449a82

commit 70fe725
Author: Jeremy Felt <jeremyfelt@git.wordpress.org>
Date:   Wed Dec 12 23:02:11 2018 +0000

    Media: Improve verification of MIME file types.

    Merges [43988] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43989 602fd350-edb4-49c9-b593-d223f7449a82

commit 0cccbbd
Author: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date:   Thu Nov 29 21:20:40 2018 +0000

    Media: Revert [43602] from the 4.9 branch.

    Reverts changes to the "Edit more details" link in the attachment details modal.

    This is out of scope for 4.9.9 and will be re-introduced in 5.0.0.

    Fixes #44620.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43948 602fd350-edb4-49c9-b593-d223f7449a82

commit b9af4f8
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 07:15:22 2018 +0000

    REST API: Revert [43648] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #40510.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43715 602fd350-edb4-49c9-b593-d223f7449a82

commit 505bd98
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 04:41:28 2018 +0000

    Taxonomy: Revert [43620] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #44872.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43711 602fd350-edb4-49c9-b593-d223f7449a82

commit 93162a0
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 04:22:05 2018 +0000

    Privacy: Revert [43624] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #44685.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43708 602fd350-edb4-49c9-b593-d223f7449a82

commit 142741d
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 04:17:00 2018 +0000

    Posts, Post Types: Revert [43617] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #34706.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43707 602fd350-edb4-49c9-b593-d223f7449a82

commit 517b28a
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 04:03:23 2018 +0000

    Privacy: Revert [43614] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #43985.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43705 602fd350-edb4-49c9-b593-d223f7449a82

commit cdc8f36
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 03:52:44 2018 +0000

    Customize: Revert [43619] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #44809.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43702 602fd350-edb4-49c9-b593-d223f7449a82

commit b92ba75
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 03:47:44 2018 +0000

    Customize: Revert [43611] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #44770.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43701 602fd350-edb4-49c9-b593-d223f7449a82

commit 8abdb45
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 03:40:50 2018 +0000

    Customize: Revert [43575] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

    See #44763.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43699 602fd350-edb4-49c9-b593-d223f7449a82

commit e910344
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Oct 11 03:29:54 2018 +0000

    Twenty Sixteen: Revert [43607] from the 4.9 branch.

    This change is out of the 4.9.x scope, and will be reintroduced in 5.1.x.

    See #44668.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43698 602fd350-edb4-49c9-b593-d223f7449a82

commit 6d37d84
Author: Boone Gorges <boonebgorges@git.wordpress.org>
Date:   Tue Oct 9 18:17:32 2018 +0000

    Revert [43632] from the 4.9 branch.

    These new hooks are not part of the 4.9.x scope, and will be reintroduced
    as part of 5.0.x.

    See #44733.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43690 602fd350-edb4-49c9-b593-d223f7449a82

commit f73dcf0
Author: Adam Silverstein <adamsilverstein@git.wordpress.org>
Date:   Fri Oct 5 14:50:31 2018 +0000

    Try Gutenberg callout: improve formatting for Internet Explorer 11.

    ClassicPress note: Commit ignored except for minor cleanup.

    Correct an issue where the layout of the "Try Gutenberg" callout added in #41316 falls apart under IE11.

    Props kjellr, ianbelanger, pbiron, Luciano Croce, belcherj, ryansommers.
    Fixes #44742.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43674 602fd350-edb4-49c9-b593-d223f7449a82

commit 362e7eb
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 24 20:04:56 2018 +0000

    General: PHP 7.3 throws an `E_WARNING` when using continue to target a switch.

    Applying continue to a switch is equivalent to using break and quite possibly, a continue targeting a higher level control structure is actually intended.

    To target the higher level control structure, a numeric argument has to be passed to continue. This fixes two cases in WordPress Core where this is currently happening.

    See: php/php-src#3364
    See: https://wiki.php.net/rfc/continue_on_switch_deprecation

    Props jrf.
    Merges [43653] to the 4.9 branch.
    Fixes #44543.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43656 602fd350-edb4-49c9-b593-d223f7449a82

commit d59f3d8
Author: Mike Schroder <mikeschroder@git.wordpress.org>
Date:   Tue Sep 18 22:01:25 2018 +0000

    Media: In WP_Image_Editor::make_image(), close previously opened output buffer if the file could not be created.

    In addition to the merge noted below, includes important brackets added in [42343].

    Props dhanendran, gnif, sergey.
    Merges [42695] and [42702] to the 4.9 branch.
    Fixes #43255.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43649 602fd350-edb4-49c9-b593-d223f7449a82

commit b46776d
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Tue Sep 18 03:54:20 2018 +0000

    REST API: Support pagination, order, search and other common query parameters for revisions.

    The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.

    Props adamsilverstein, birgire, flixos90.
    Merges [43584-43586], [43647] to the 4.9 branch.
    Fixes #40510.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43648 602fd350-edb4-49c9-b593-d223f7449a82

commit 8c3eeee
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Tue Sep 18 03:29:41 2018 +0000

    Tests: Improve coverage for REST API term meta registration.

    Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.

    Props timmydcrawford.
    Merges [43567] to the 4.9 branch.
    See #39122.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43646 602fd350-edb4-49c9-b593-d223f7449a82

commit 3eb2845
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Sep 13 10:21:19 2018 +0000

    Docs: Correct `@SInCE` value for `_wp_privacy_statuses()`.

    Fix typo in `@SInCE` entry for `WP_Privacy_Policy_Content:add()`.

    Props dimadin.
    Merges [43638] to the 4.9 branch.
    Fixes #44915.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43639 602fd350-edb4-49c9-b593-d223f7449a82

commit 54462de
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Sep 13 09:52:47 2018 +0000

    REST API: Pass correct ID to `meta->update_value` to permit setting term meta during term creation.

    Props joehoyle.
    Merges [43636] to the 4.9 branch.
    Fixes #44834.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43637 602fd350-edb4-49c9-b593-d223f7449a82

commit 40e6a29
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Thu Sep 6 07:50:29 2018 +0000

    Taxonomy: Introduce new hooks when registering/unregistering taxonomies for object types.

    Props soulseekah.
    Merges [43558] and [43631] to the 4.9 branch.
    Fixes #44733.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43632 602fd350-edb4-49c9-b593-d223f7449a82

commit 5923e83
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:55:42 2018 +0000

    Tests: Introduce `Tests_HTTP_Functions::skipTestOnTimeout()`, mirroring the same `WP_HTTP_UnitTestCase` method.

    Merges [43512] to the 4.9 branch.
    Fixes #44613.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43626 602fd350-edb4-49c9-b593-d223f7449a82

commit cc9cbe0
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:52:48 2018 +0000

    Tests: Use `WP_HTTP_UnitTestCase::skipTestOnTimeout()` in more HTTP tests.

    Adjust it to handle more types of timeouts, e.g. "Resolving timed out", "Connection timed out".

    Merges [43511] to the 4.9 branch.
    See #44613.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43625 602fd350-edb4-49c9-b593-d223f7449a82

commit 3f13fef
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:46:48 2018 +0000

    Privacy: When clicking a confirmation link for a privacy request, return a `WP_Error` object if the link has expired.

    Returning a string caused a success message to be displayed instead of the correct error message.

    Props desrosj.
    Merges [43623] to the 4.9 branch.
    Fixes #44685.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43624 602fd350-edb4-49c9-b593-d223f7449a82

commit 8e65294
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:25:53 2018 +0000

    Docs: Correct param documentation for `WP_Term_Query`.

    The description of `$meta_type` introduced in [40053] was incorrect.

    Props dlh.
    Merges [43559] to the 4.9 branch.
    Fixes #44608.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43621 602fd350-edb4-49c9-b593-d223f7449a82

commit 94699ba
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:23:26 2018 +0000

    Taxonomy: Make sure `wp_list_categories()` correctly outputs term name of `0`.

    Props joyously, SergeyBiryukov.
    Merges [43605] to the 4.9 branch.
    Fixes #44872.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43620 602fd350-edb4-49c9-b593-d223f7449a82

commit 726f99a
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:20:58 2018 +0000

    Customize: Safeguard a check on the `customize_validate_{$setting_id}` filter value to ensure it is a `WP_Error`.

    While the filter is documented to only support a `WP_Error`, it has been a common practice to return true in a validation function if no errors have occurred. This was already caught when the same filter was executed in `WP_Customize_Setting`, it was however missing in `WP_Customize_Manager::validate_setting_values()`.

    Props flixos90.
    Merges [43578] to the 4.9 branch.
    Fixes #44809.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43619 602fd350-edb4-49c9-b593-d223f7449a82

commit ec100d4
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:16:27 2018 +0000

    Script loader: remove (PHP based) compression from `load-styles.php` and `load-scripts.php`. WIth the amount of scripts and stylesheets grown a lot over the years, it has become pretty slow and consumes a lot of server resources. Also, most servers are set to compress PHP output anyway.

    Props LucasRolff, azaozz.
    Merges [43580] to the 4.9 branch.
    Fixes #44815. See #43308.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43618 602fd350-edb4-49c9-b593-d223f7449a82

commit 21c48c2
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:11:38 2018 +0000

    Posts, Post Types: Introduce `edit_post_{$post->post_type}` hook.

    The hook fires before the general `edit_post` hook and has the same parameters.

    It also complements the `save_post_{$post->post_type}` hook added in [25050].

    Props Mte90, garrett-eclipse.
    Merges [43535] and [43616] to the 4.9 branch.
    Fixes #34706.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43617 602fd350-edb4-49c9-b593-d223f7449a82

commit 7abbd0f
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:03:12 2018 +0000

    Docs: Correct parameter type for `WP_Privacy_Policy_Content::notice()`.

    Props burhandodhy.
    Merges [43609] to the 4.9 branch.
    Fixes #44877.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43615 602fd350-edb4-49c9-b593-d223f7449a82

commit 5518be7
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 21:00:16 2018 +0000

    Privacy: Ensure the user request email is sent in the requested user's locale (or the site's default locale if they are not a registered user) when the administrator creating the request uses a different locale.

    Props desrosj, Chouby, iandunn, lbenicio, birgire, earnjam, swissspidy, garrett-eclipse.
    Merges [43568] to the 4.9 branch.
    Fixes #43985.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43614 602fd350-edb4-49c9-b593-d223f7449a82

commit 7e2c480
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 20:59:10 2018 +0000

    Tests: Add case for `wp_privacy_delete_old_export_files()`.

    Props allendav.
    Merges [43292] to the 4.9 branch.
    See #43546.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43613 602fd350-edb4-49c9-b593-d223f7449a82

commit f9c1452
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 20:58:08 2018 +0000

    Tests: Add case for `wp_privacy_send_personal_data_export_email()`.

    Props birgire.
    Merges [43291] to the 4.9 branch.
    See #43546.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43612 602fd350-edb4-49c9-b593-d223f7449a82

commit 84854dc
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 20:51:01 2018 +0000

    Customize: Pass missing parameter to dynamic `option_{$option}` filter in `WP_Customize_Widgets::capture_filter_pre_get_option()`.

    Props dlh.
    Fixes #44770.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43611 602fd350-edb4-49c9-b593-d223f7449a82

commit 0ecadb7
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Mon Sep 3 20:49:20 2018 +0000

    Docs: Convert `@see` reference in `wp_checkdate()` DocBlock to `@link`.

    Props WiZZarD_.
    Merges [43599] to the 4.9 branch.
    Fixes #44866.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43610 602fd350-edb4-49c9-b593-d223f7449a82

commit c506642
Author: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date:   Mon Sep 3 01:31:22 2018 +0000

    Twenty Sixteen: Add pre-connect resource hint for Google Fonts.

    When using Google Fonts, pre-connect to https://fonts.gstatic.com to improve the performance downloading the webfont files.

    Props westonruter.
    Merges [43606] to the 4.9 branch.
    Fixes #44668.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43607 602fd350-edb4-49c9-b593-d223f7449a82

commit 2cdf092
Author: John Blackbourn <johnbillion@git.wordpress.org>
Date:   Fri Aug 31 10:52:32 2018 +0000

    Media: Ensure the "Edit more details" link in the attachment details modal always points to the correct editing URL.

    Fixes #44620

    Merges [43601] to the 4.9 branch.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43602 602fd350-edb4-49c9-b593-d223f7449a82

commit e24f825
Author: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date:   Fri Aug 31 06:28:27 2018 +0000

    Embeds: Avoid a JS error in `wp.receiveEmbedMessage` if `data` parameter is not set.

    Props dsifford, kadamwhite.
    Merges [43593] and [43597] to the 4.9 branch.
    Fixes #44832.

    git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43600 602fd350-edb4-49c9-b593-d223f7449a82
  • Loading branch information...
nylen committed Dec 16, 2018
1 parent 5dd687f commit 36152b640720037fcb02005fe5886754e7b27c00
Showing with 926 additions and 135 deletions.
  1. +77 −35 src/wp-activate.php
  2. +10 −0 src/wp-admin/about.php
  3. +1 −4 src/wp-admin/css/dashboard.css
  4. +5 −1 src/wp-admin/includes/ajax-actions.php
  5. +3 −1 src/wp-admin/includes/class-wp-screen.php
  6. +1 −1 src/wp-admin/includes/misc.php
  7. +35 −13 src/wp-admin/includes/post.php
  8. +0 −13 src/wp-admin/load-scripts.php
  9. +0 −13 src/wp-admin/load-styles.php
  10. +8 −2 src/wp-admin/post.php
  11. +3 −1 src/wp-includes/class-wp-image-editor.php
  12. +2 −2 src/wp-includes/class-wp-term-query.php
  13. +2 −0 src/wp-includes/class-wp.php
  14. +42 −7 src/wp-includes/functions.php
  15. +18 −0 src/wp-includes/general-template.php
  16. +5 −0 src/wp-includes/js/wp-embed.js
  17. +76 −13 src/wp-includes/kses.php
  18. +10 −5 src/wp-includes/ms-deprecated.php
  19. +1 −1 src/wp-includes/pomo/plural-forms.php
  20. +1 −1 src/wp-includes/post.php
  21. +1 −1 src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
  22. +1 −1 src/wp-includes/version.php
  23. +1 −1 src/wp-login.php
  24. +1 −1 tests/phpunit/includes/utils.php
  25. +22 −2 tests/phpunit/tests/functions.php
  26. +43 −5 tests/phpunit/tests/http/base.php
  27. +51 −6 tests/phpunit/tests/http/functions.php
  28. +146 −0 tests/phpunit/tests/privacy/wpPrivacyDeleteOldExportFiles.php
  29. +173 −0 tests/phpunit/tests/privacy/wpPrivacySendPersonalDataExportEmail.php
  30. +66 −0 tests/phpunit/tests/rest-api/rest-categories-controller.php
  31. +98 −0 tests/phpunit/tests/rest-api/rest-tags-controller.php
  32. +18 −4 tests/qunit/fixtures/wp-api-generated.js
  33. +5 −1 tests/qunit/wp-includes/js/wp-api.js
@@ -18,6 +18,50 @@
die();
}
$valid_error_codes = array( 'already_active', 'blog_taken' );
list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$activate_cookie = 'wp-activate-' . COOKIEHASH;
$key = '';
$result = null;
if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
} elseif ( ! empty( $_GET['key'] ) ) {
$key = $_GET['key'];
} elseif ( ! empty( $_POST['key'] ) ) {
$key = $_POST['key'];
}
if ( $key ) {
$redirect_url = remove_query_arg( 'key' );
if ( $redirect_url !== remove_query_arg( false ) ) {
setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
wp_safe_redirect( $redirect_url );
exit;
} else {
$result = wpmu_activate_signup( $key );
}
}
if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
$key = $_COOKIE[ $activate_cookie ];
$result = wpmu_activate_signup( $key );
setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
}
if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
status_header( 404 );
} elseif ( is_wp_error( $result ) ) {
$error_code = $result->get_error_code();
if ( ! in_array( $error_code, $valid_error_codes ) ) {
status_header( 400 );
}
}
nocache_headers();
if ( is_object( $wp_object_cache ) )
@@ -69,13 +113,14 @@ function wpmu_activate_stylesheet() {
<?php
}
add_action( 'wp_head', 'wpmu_activate_stylesheet' );
add_action( 'wp_head', 'wp_sensitive_page_meta' );
get_header( 'wp-activate' );
?>

<div id="signup-content" class="widecolumn">
<div class="wp-activate-container">
<?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
<?php if ( ! $key ) { ?>

<h2><?php _e('Activation Key Required') ?></h2>
<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
@@ -89,42 +134,39 @@ function wpmu_activate_stylesheet() {
</form>

<?php } else {
$key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
$result = wpmu_activate_signup( $key );
if ( is_wp_error($result) ) {
if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
$signup = $result->get_error_data();
?>
<h2><?php _e('Your account is now active!'); ?></h2>
<?php
echo '<p class="lead-in">';
if ( $signup->domain . $signup->path == '' ) {
printf(
/* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
network_site_url( 'wp-login.php', 'login' ),
$signup->user_login,
$signup->user_email,
wp_lostpassword_url()
);
} else {
printf(
/* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
$signup->user_login,
$signup->user_email,
wp_lostpassword_url()
);
}
echo '</p>';
if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
$signup = $result->get_error_data();
?>
<h2><?php _e( 'Your account is now active!' ); ?></h2>
<?php
echo '<p class="lead-in">';
if ( $signup->domain . $signup->path == '' ) {
printf(
/* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
network_site_url( 'wp-login.php', 'login' ),
$signup->user_login,
$signup->user_email,
wp_lostpassword_url()
);
} else {
?>
<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
<p><?php echo $result->get_error_message(); ?></p>
<?php
printf(
/* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
$signup->user_login,
$signup->user_email,
wp_lostpassword_url()
);
}
echo '</p>';
} elseif ( $result === null || is_wp_error( $result ) ) {
?>
<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
<?php if ( is_wp_error( $result ) ) : ?>
<p><?php echo $result->get_error_message(); ?></p>
<?php endif; ?>
<?php
} else {
$url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
$user = get_userdata( (int) $result['user_id'] );
@@ -55,6 +55,16 @@
?>

<h3><?php _e( 'WordPress Maintenance and Security Releases' ); ?></h3>
<p>
<?php
/* translators: %s: WordPress version number */
printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.9.9' );
?>
<?php
/* translators: %s: Codex URL */
printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.9.9' );
?>
</p>
<p>
<?php
printf(
@@ -203,7 +203,7 @@
}

.welcome-panel .welcome-panel-column ul {
margin: 0.8em 1em 1em 0;
margin: 0.8em 1em 1em 0;
}

.welcome-panel .welcome-panel-column li {
@@ -1324,9 +1324,6 @@ table.cp_petitions span.started {
}
}

@media screen and (max-width: 1024px) {
}

@media screen and (max-width: 870px) {
.welcome-panel .welcome-panel-column,
.welcome-panel .welcome-panel-column:first-child {
@@ -2095,7 +2095,11 @@ function wp_ajax_upload_attachment() {
$post_id = null;
}
$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
$post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
if ( is_wp_error( $post_data ) ) {
wp_die( $post_data->get_error_message() );
}
// If the context is custom header or background, make sure the uploaded file is an image.
if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
@@ -270,7 +270,9 @@ public static function get( $hook_name = '' ) {
switch ( $base ) {
case 'post' :
if ( isset( $_GET['post'] ) )
if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
elseif ( isset( $_GET['post'] ) )
$post_id = (int) $_GET['post'];
elseif ( isset( $_POST['post_ID'] ) )
$post_id = (int) $_POST['post_ID'];
@@ -1581,7 +1581,7 @@ public static function get_suggested_policy_text() {
*
* @since WP-4.9.6
*
* @param $post WP_Post The currently edited post.
* @param WP_Post $post The currently edited post.
*/
public static function notice( $post ) {
if ( ! ( $post instanceof WP_Post ) ) {
@@ -174,6 +174,27 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
return $post_data;
}
/**
* Applies a blacklist to post data fields used in editing functions.
*
* @since WP-4.9.9
*
* @param array $post_data Array of post data. Defaults to the contents of $_POST.
* @return object|bool WP_Error on failure, true on success.
*/
function _wp_get_allowed_postdata( $post_data = null ) {
if ( empty( $post_data ) ) {
$post_data = $_POST;
}
// Pass through errors
if ( is_wp_error( $post_data ) ) {
return $post_data;
}
return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) );
}
/**
* Update an existing post with values provided in $_POST.
*
@@ -242,6 +263,7 @@ function edit_post( $post_data = null ) {
$post_data = _wp_translate_postdata( true, $post_data );
if ( is_wp_error($post_data) )
wp_die( $post_data->get_error_message() );
$translated = _wp_get_allowed_postdata( $post_data );
// Post Formats
if ( isset( $post_data['post_format'] ) )
@@ -321,7 +343,7 @@ function edit_post( $post_data = null ) {
$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
/** This filter is documented in wp-admin/includes/media.php */
$post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
$translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data );
}
// Convert taxonomy input to term IDs, to avoid ambiguity.
@@ -366,26 +388,26 @@ function edit_post( $post_data = null ) {
}
}
$post_data['tax_input'][ $taxonomy ] = $clean_terms;
$translated['tax_input'][ $taxonomy ] = $clean_terms;
}
}
add_meta( $post_ID );
update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
$success = wp_update_post( $post_data );
$success = wp_update_post( $translated );
// If the save failed, see if we can sanity check the main fields and try again
if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
$fields = array( 'post_title', 'post_content', 'post_excerpt' );
foreach ( $fields as $field ) {
if ( isset( $post_data[ $field ] ) ) {
$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
if ( isset( $translated[ $field ] ) ) {
$translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] );
}
}
wp_update_post( $post_data );
wp_update_post( $translated );
}
// Now that we have an ID we can fix any attachment anchor hrefs
@@ -545,27 +567,25 @@ function bulk_edit_posts( $post_data = null ) {
unset( $post_data['tax_input']['category'] );
}
$post_data['post_ID'] = $post_ID;
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
$post_data['guid'] = $post->guid;
foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
if ( ! isset( $post_data[ $field ] ) ) {
$post_data[ $field ] = $post->$field;
}
}
$post_data['ID'] = $post_ID;
$post_data['post_ID'] = $post_ID;
$post_data = _wp_translate_postdata( true, $post_data );
if ( is_wp_error( $post_data ) ) {
$skipped[] = $post_ID;
continue;
}
$post_data = _wp_get_allowed_postdata( $post_data );
if ( isset( $post_data['post_format'] ) ) {
set_post_format( $post_ID, $post_data['post_format'] );
if ( isset( $shared_post_data['post_format'] ) ) {
set_post_format( $post_ID, $shared_post_data['post_format'] );
unset( $post_data['tax_input']['post_format'] );
}
@@ -757,9 +777,10 @@ function wp_write_post() {
$translated = _wp_translate_postdata( false );
if ( is_wp_error($translated) )
return $translated;
$translated = _wp_get_allowed_postdata( $translated );
// Create the post.
$post_ID = wp_insert_post( $_POST );
$post_ID = wp_insert_post( $translated );
if ( is_wp_error( $post_ID ) )
return $post_ID;
@@ -1685,6 +1706,7 @@ function wp_create_post_autosave( $post_data ) {
$post_data = _wp_translate_postdata( true, $post_data );
if ( is_wp_error( $post_data ) )
return $post_data;
$post_data = _wp_get_allowed_postdata( $post_data );
$post_author = get_current_user_id();
@@ -28,8 +28,6 @@
require( ABSPATH . WPINC . '/script-loader.php' );
require( ABSPATH . WPINC . '/version.php' );
$compress = ( isset($_GET['c']) && $_GET['c'] );
$force_gzip = ( $compress && 'gzip' == $_GET['c'] );
$expires_offset = 31536000; // 1 year
$out = '';
@@ -58,16 +56,5 @@
header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
header("Cache-Control: public, max-age=$expires_offset");
if ( $compress && ! ini_get('zlib.output_compression') && 'ob_gzhandler' != ini_get('output_handler') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) {
header('Vary: Accept-Encoding'); // Handle proxies
if ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
header('Content-Encoding: deflate');
$out = gzdeflate( $out, 3 );
} elseif ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
header('Content-Encoding: gzip');
$out = gzencode( $out, 3 );
}
}
echo $out;
exit;
@@ -28,8 +28,6 @@
if ( empty($load) )
exit;
$compress = ( isset($_GET['c']) && $_GET['c'] );
$force_gzip = ( $compress && 'gzip' == $_GET['c'] );
$rtl = ( isset($_GET['dir']) && 'rtl' == $_GET['dir'] );
$expires_offset = 31536000; // 1 year
$out = '';
@@ -80,16 +78,5 @@
header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
header("Cache-Control: public, max-age=$expires_offset");
if ( $compress && ! ini_get('zlib.output_compression') && 'ob_gzhandler' != ini_get('output_handler') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) {
header('Vary: Accept-Encoding'); // Handle proxies
if ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
header('Content-Encoding: deflate');
$out = gzdeflate( $out, 3 );
} elseif ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
header('Content-Encoding: gzip');
$out = gzencode( $out, 3 );
}
}
echo $out;
exit;

0 comments on commit 36152b6

Please sign in to comment.
You can’t perform that action at this time.