Due to some changes on the WP.com side to compress the requested images on the fly, the exact image size in the response could be different between platforms.
This commit aims to make the affected tests more reliable.
Follow-up to [139/tests], [31258], [34568], [47142], [57903], [57904], [57924].
Merges [57931] to the 5.0 branch.
Props peterwilsoncc, jorbin.
See #60865.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@58001 602fd350-edb4-49c9-b593-d223f7449a82
Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 5.0 branch.
Fixes#57306.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@54985 602fd350-edb4-49c9-b593-d223f7449a82
* REST API: Allow authors to read their own password protected posts.
* About page update.
Merges [50717] to the 5.0 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@50731 602fd350-edb4-49c9-b593-d223f7449a82
This updates the 5.0 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
In addition to backporting the package updates that happened after branching 5.0, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [44233,44728,45321,45765,45826,46403-46404,46408,46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,49940,49983,49989,50017,50126,50176,50185,50192] to the 5.0 branch.
See #52341.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@50201 602fd350-edb4-49c9-b593-d223f7449a82
Move `skipTestOnTimeout()` to `WP_UnitTestCase_Base` to avoid duplication.
Merges [46682] and [46996] to the 5.0 branch.
See #51669.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@50095 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the Docker-based local WordPress development environment to the 5.0 branch and converts the Travis test jobs to utilize this environment for easier and more consistent testing.
Until existing blockers with the PHP 5.2 Docker container can be solved, the PHP 5.2 test job will remain using the Travis `precise` image.
Merges [45745,45762,45783-45784,45800,45819,45885,46320,46999,47225,47912,48121,49335,49358,49360,49362] to the 5.0 branch.
See #48301, #47767.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@49529 602fd350-edb4-49c9-b593-d223f7449a82
Fix off-by-one error in pixel color checks for rotate and flip image tests. Change to using PNG with single pixel to ensure that errors are caught in the future, rather than lost in JPEG noise.
Props Fuegas, mikeschroder.
Merges [45067] to the 5.0 branch.
See #46073, #48301.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@49518 602fd350-edb4-49c9-b593-d223f7449a82
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.0 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@49396 602fd350-edb4-49c9-b593-d223f7449a82
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.0 branch.
Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@47647 602fd350-edb4-49c9-b593-d223f7449a82
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown, SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize : on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@46915 602fd350-edb4-49c9-b593-d223f7449a82
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Merges [44438], [44439], [44441], and [44442] to the 4.9 branch.
Props Kloon, birgire, tellyworth, joemcgill.
See #45615.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@44443 602fd350-edb4-49c9-b593-d223f7449a82
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
Merges [43658] and [44406] to the 5.0 branch.
See #44883.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@44407 602fd350-edb4-49c9-b593-d223f7449a82
The inline JavaScript added by `WP_Scripts::print_translations()` should check whether `locale_data.$text_domain` exists and fall back to `locale_data.messages` otherwise.
Merge of [44403] to the 5.0 branch.
Props swissspidy.
Fixes#45441.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@44404 602fd350-edb4-49c9-b593-d223f7449a82
Fixes the `load_script_textdomain` function not resolving the md5 hash based on the relative path for WordPress installations in a subdirectory. Also adds a filter to allow sites using CDNs or other alternative asset locations to filter the relative path resolution.
Props akirk, fierevere, swissspidy, mypacecreator, babaevan, tmatsuur, ocean90.
Fixes#45528.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@44209 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::get_col()` iterates over `$wpdb->last_result`, which can be a non-countable value, should the preceeding query have failed.
Props spacedmonkey, desrosj.
See #45299.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43934 602fd350-edb4-49c9-b593-d223f7449a82
Removes filters adding `rel="noopener"` to links targeting `_blank`.
Previous implementation could introduce blank `rel` attributes and could corrupt JSON data when saving via the customizer.
See #43187.
Reverts [43732] and [43733] from the 5.0 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43930 602fd350-edb4-49c9-b593-d223f7449a82
* Skips validation where there is no attribute definition, but keeps the attribute value. Previously, the attribute would be omitted from the attributes passed to `render_callback`. Notably, this resolves an issue where `render_callback` cannot receive a block's `align` and `customClassName` attribute values, since these are defined as a client-side filter.
* Validates `null` as a proper value in its own right. Previously, a client implementation of a block could track `{"attribute":null}` as an explicitly empty value, and the server would wrongly initiate defaulting behavior. The new behavior will now only populate a default value if the attribute is not defined at all, including when unset in its being invalid per the attribute schema.
Props aduth, noisysocks, youknowriad.
See #45145 for the patch, #45098 for the original ticket.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43918 602fd350-edb4-49c9-b593-d223f7449a82
Demarcations for reusable blocks are always expected to be accessible by clients.
Props noisysocks, youknowriad.
See #45145 for the patch, #45098 for the original ticket.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43917 602fd350-edb4-49c9-b593-d223f7449a82
In [43736], we prevented rendering fields when not present in `?_fields=`. However, because `get_fields_for_response()` is dependent on `get_item_schema()`, any custom fields registered with a null schema would be incorrectly excluded from the response. Because the REST API permits a null schema for `register_rest_field()`, those fields should be included in the available fields for a response.
Fixes#45220.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43908 602fd350-edb4-49c9-b593-d223f7449a82
When switching themes, `wp_map_nav_menu_locations()` is used to ensure nav menus are placed in the relevant menu location. Occasionally, menus are registered to locations with numeric slugs, rather than strings. `wp_map_nav_menu_locations()` assumed it would be the latter, and ran `stripos()` on those numeric slugs. This behaviour is deprecated in PHP 7.3.
As this is the last known PHP 7.3 incompatibility, this commit also removes PHP 7.3 from Travis' `allowed_failures` list.
Props desrosj, jorbin.
See #45018.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43899 602fd350-edb4-49c9-b593-d223f7449a82
Fixes an undefined index PHP warning in the load_script_textdomain function and a non-interrupting JS error when registering a domain which has no translations.
Props omarreiss, ocean90, georgestephanis.
Fixes#45256.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43898 602fd350-edb4-49c9-b593-d223f7449a82
When 'parent' is set as the path argument name, it gets passed down through to the `create_item()` method and can erroneously reset the 'parent' value on the post itself. Instead, we rename the argument to 'id' and replicate the revision controller's `get_items_permissions_check()` to instead reference 'id'.
Also ensures revision query params (of which there are many) aren't exposed as the query params for autosaves (of which there are two).
Props TimothyBlynJacobs.
See #43316.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43897 602fd350-edb4-49c9-b593-d223f7449a82
Changes of note:
- Includes the new Annotations API package.
- `wp-polyfill-ecmascript.js` is renamed to `wp-polyfill.js`.
- `strip_dynamic_blocks()` has been removed in favour of `excerpt_remove_blocks()`.
- The PHP block parser is now syncing from the `block-serialization-default-parser` package.
- `do_blocks()` uses the new parser.
- The `do_block` filter has been removed from `do_blocks()`, in favour of a `render_block` filter in `render_block()`.
See #45145, #45190, #45264, #45282.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43884 602fd350-edb4-49c9-b593-d223f7449a82
As `do_blocks()` is run before `wpautop()` in `the_content` filter, we can remove in a Just In Time fashion, before that filter is run.
After `wpautop()`s original priority has passed, we can re-add it in a Just Too Late fashion, to ensure it's available if `the_content` filter is run multiple times on a page load.
Props pento, nerrad.
Fixes#45290.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43879 602fd350-edb4-49c9-b593-d223f7449a82
Calls `wp_set_script_translations` for all packages scripts that have translations. Also correctly sets the domain on the translations.
Props omarreiss, pento, ocean90.
Fixes#45161.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43878 602fd350-edb4-49c9-b593-d223f7449a82
Improves upon [43825] by adding unit tests to cover additional use-cases and changes loading translations to only occur when outputting the script to allow setting translations on dependencies.
Props atimmer, omarreiss, nerrad, swissspidy, ocean90.
Fixes#45103.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43859 602fd350-edb4-49c9-b593-d223f7449a82
Also introduces a `block_editor_preload_paths` filter for plugins and themes to preload additional data.
Props imath, mattheu.
Fixes#45194.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43833 602fd350-edb4-49c9-b593-d223f7449a82
Adds the `wp_set_script_translations` function which registers translations for a JavaScript file. This function takes a handle, domain and optionally a path and ensures JavaScript translation files are loaded if they exist.
Props atimmer, omarreiss, nerrad, swissspidy, ocean90.
Fixes#45103.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43825 602fd350-edb4-49c9-b593-d223f7449a82
In PHP 7.3, the compact() function has been changed to issue an E_NOTICE level error if a passed string refers to an unset variable. In previous versions of PHP, this notice was silently skipped. The full RFC can be viewed here: https://wiki.php.net/rfc/compact
This fixes all unit tested code that uses compact.
Props desrosj.
Fixes#44416.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43819 602fd350-edb4-49c9-b593-d223f7449a82
To avoid this being a vector for bypassing the filetypes that are allowed to be uploaded, this attribute is only allowed to be added without a value.
Props kalpshit, arshidkv12, welcher, peterwilsoncc, marina_wp, pento.
See #44724.
git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43813 602fd350-edb4-49c9-b593-d223f7449a82
