Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47634], [47635], [47637], and [47638] to the 4.3 branch.
Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@47656 602fd350-edb4-49c9-b593-d223f7449a82
These tests no longer test anything that WordPress core has control over. YouTube now serves everything
over HTTPS by default, so the tests for #23149 will always pass, and the tests for #32714 aren't testing
anything that core has control over.
Tests for the responses from oEmbed providers has been attempted and reverted in #32360.
Props johnbillion.
Merges [41712] to the 4.3 branch.
See #42076, #32714, #23149.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@47484 602fd350-edb4-49c9-b593-d223f7449a82
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 4.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@46911 602fd350-edb4-49c9-b593-d223f7449a82
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.3 branch.
See #41925.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@42062 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.3 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41502 602fd350-edb4-49c9-b593-d223f7449a82
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.3 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@41476 602fd350-edb4-49c9-b593-d223f7449a82
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes#39486
Merges [40241] to the 4.3 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40244 602fd350-edb4-49c9-b593-d223f7449a82
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.
Merge of [38615] to the 4.3 branch.
Fixes#37989.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@39713 602fd350-edb4-49c9-b593-d223f7449a82
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.
On the subsequent upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their new size, so let's do that.
The `FULLTEXT` indexes are removed from the tests, as `dbDelta()`'s `FULLTEXT` support was added in WordPress 4.4.
This also fixes a typo in the `dbDelta()` tests.
Merge of [37525] to the 4.3 branch.
Partial merge of [36552] to the 4.3 branch.
See #36748.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@37938 602fd350-edb4-49c9-b593-d223f7449a82
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Merge of [34116] to the 4.3 branch.
Props kraftbj, adamsilverstein, welcher, ocean90.
See #33654.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@34118 602fd350-edb4-49c9-b593-d223f7449a82
As of [32484], `wp_dropdown_categories()` uses the `$value_field` value to
decide whether a given `<option>` should be 'selected'. However, `$value_field`
can refer to a value that is a string, such as a category's slug. This causes
problems when doing a loose comparison (`==`) with the value of the 'selected'
parameter, which defaults to `0`, because when doing a loose comparison
between an integer and a string, PHP will cast the string to an integer. This
creates false matches, resulting in `<option>` elements getting a 'selected'
attribute incorrectly.
We address the issue by casting the comparison values to strings, and then
using the strict comparison operator `===`.
Merges [33681] to the 4.3 branch.
Fixes#33452 for 4.3.1.
git-svn-id: https://develop.svn.wordpress.org/branches/4.3@33949 602fd350-edb4-49c9-b593-d223f7449a82
If the post cache is not cleared at this point, the cache can become stale
for operations performed before the cache is cleared later in the function.
Specifically, the generation of a `guid` for new posts can use stale data,
resulting in non-unique values. [33262] introduced a call to `get_post()`
that introduced just such an invalidation problem.
Fixes#5305.
git-svn-id: https://develop.svn.wordpress.org/trunk@33630 602fd350-edb4-49c9-b593-d223f7449a82
After [33615], `wp_update_term()` no longer checks `$wp_db_version` before
attempting a split. This is because pre-4.1 versions of WordPress must be
allowed to update to 4.3+.
See #30261.
git-svn-id: https://develop.svn.wordpress.org/trunk@33616 602fd350-edb4-49c9-b593-d223f7449a82
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.
props pento, dd32.
fixes#33154.
git-svn-id: https://develop.svn.wordpress.org/trunk@33614 602fd350-edb4-49c9-b593-d223f7449a82
`assertNotFalse()` is not included in PHPUnit 3.6.12, use `assertInternalType( 'int' )` instead.
fixes#32814.
git-svn-id: https://develop.svn.wordpress.org/trunk@33526 602fd350-edb4-49c9-b593-d223f7449a82
Available items now fade from view while you're searching, and there is an explicit way to clear search results. No results gives a better message, though still brief this time around.
props valendesigns, designsimply, DH-Shredder, helen.
fixes#32710.
git-svn-id: https://develop.svn.wordpress.org/trunk@33511 602fd350-edb4-49c9-b593-d223f7449a82
* Ensure that a Custom Menu widget selecting a newly-inserted menu gets updated to use the new menu ID upon Save & Publish.
* Dynamically update the visibility of the Custom Menu widget's "no menus" message when the number of menus changes between 0 and 1+.
* Send all dirty Customized settings in `update-widget` Ajax request and `preview()` them so that the widget update/form callbacks have access to any data dependencies in the current Customizer session (such as newly created unsaved menus).
* Update link in Custom Menu widget to point to Menus panel as opposed to Menus admin page, when in the Customizer.
* Fix an issue with extra space at top immediately after creating new menu.
* Fix doubled `update-widget` Ajax requests when changing select dropdown; prevent initial from being aborted.
* Add missing `wp_get_nav_menus()` hooks to preview Customizer updates/inserts for `nav_menu` settings; includes tests.
* Update `wp_get_nav_menu_object()` to allow a menu object to be passed in (and thus passed through).
Props westonruter, adamsilverstein.
Fixes#32814.
git-svn-id: https://develop.svn.wordpress.org/trunk@33488 602fd350-edb4-49c9-b593-d223f7449a82
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()`
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`
Adds unit tests.
Props miqrogroove, kitchin, azaozz.
Fixes#33106.
git-svn-id: https://develop.svn.wordpress.org/trunk@33469 602fd350-edb4-49c9-b593-d223f7449a82
Allows for new available menu item types/objects to be registered in addition to filtering the available items that are returned for each menu item type/object.
Props valendesigns, imath, westonruter.
See #32832.
Fixes#32708.
git-svn-id: https://develop.svn.wordpress.org/trunk@33366 602fd350-edb4-49c9-b593-d223f7449a82
Removes object_type restriction to allow for future extensibility. Refactors some methods to improve testability. Includes new tests for Ajax requests.
Fixes#32687.
Props valendesigns, welcher, westonruter.
git-svn-id: https://develop.svn.wordpress.org/trunk@33322 602fd350-edb4-49c9-b593-d223f7449a82
Don't nest `esc_attr()` and `htmlspecialchars()` when escaping the post title on the edit post screen.
Unrevert parts of [32851] and [32850].
Adds/alters unit tests.
Props miqrogroove.
Fixes#17780.
git-svn-id: https://develop.svn.wordpress.org/trunk@33271 602fd350-edb4-49c9-b593-d223f7449a82
This prevents existing posts with numeric slugs from having their permalinks
changed on update.
Fixes#5305.
git-svn-id: https://develop.svn.wordpress.org/trunk@33262 602fd350-edb4-49c9-b593-d223f7449a82
