These tests no longer test anything that WordPress core has control over. YouTube now serves everything
over HTTPS by default, so the tests for #23149 will always pass, and the tests for #32714 aren't testing
anything that core has control over.
Tests for the responses from oEmbed providers has been attempted and reverted in #32360.
Props johnbillion.
Merges [41712] to the 4.6 branch.
See #42076, #32714, #23149.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@47481 602fd350-edb4-49c9-b593-d223f7449a82
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 4.6 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@46914 602fd350-edb4-49c9-b593-d223f7449a82
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.6 branch.
See #41925.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42059 602fd350-edb4-49c9-b593-d223f7449a82
PHPUnit 6.4.1 and earlier versions ignored the `'0'` value, causing the issue to go unnoticed.
Merge of [41870] to the 4.6 branch.
Props SergeyBiryukov.
See #42232.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@42053 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.6 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41499 602fd350-edb4-49c9-b593-d223f7449a82
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.6 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@41473 602fd350-edb4-49c9-b593-d223f7449a82
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes#39486
Merges [40241] to the 4.6 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@40249 602fd350-edb4-49c9-b593-d223f7449a82
Preserves spaces and generally creates more accurate, cleaner titles from filenames of uploaded media.
Merge of [38614] to the 4.6 branch.
Props joemcgill.
Fixes#37989.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38615 602fd350-edb4-49c9-b593-d223f7449a82
Sometimes, `DB_CHARSET` will be set to `utf8mb4`, even if the current setup doesn't support `utf8mb4`. After [38442], this can cause significant character set failures, causing the connection to fall back to `latin1`.
Instead of doing this, we now check that the connection supports `utf8mb4` before trying to use it, and fall back to `utf8` when we need to.
Merge of [38580] to the 4.6 branch.
Fixes#37982.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38581 602fd350-edb4-49c9-b593-d223f7449a82
The SQL query was built using the clauses compiled when querying for
top-level comments. But in cases where the top-level comment query
results are already in the cache, the SQL clauses are not built, and
so are unavailable for `fill_descendants()`. Instead, we call
`get_comments()`, using modified versions of the parameters passed
to the main `WP_Comment_Query` class.
Merge of [38446] to the 4.6 branch.
Props boonebgorges, Akeif, Rarst for testing.
Fixes#37696.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38497 602fd350-edb4-49c9-b593-d223f7449a82
After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures `_wp_preview_post_thumbnail_filter()`
is only applied if the `$post_id` of the post meta being filtered is
equal to the post or page being previewed.
Merge of [38433] to the 4.6 branch.
Props swissspidy, joemcgill.
Fixes#37697.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38476 602fd350-edb4-49c9-b593-d223f7449a82
Adjusts tests to match markup change.
Merge of [38443] and [38447] to the 4.6 branch.
Props Chaos Engine, SergeyBiryukov, swissspidy.
Fixes#37800.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38473 602fd350-edb4-49c9-b593-d223f7449a82
This change prevents an error object from being stored in the cache,
and prevents notices from being thrown when plucking term IDs to put
into the relationship cache.
See #32044, #36814.
Merges [38277] to the 4.6 branch.
Props rpayne7264.
Fixes#37721.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38346 602fd350-edb4-49c9-b593-d223f7449a82
[38058] changed `wp_mail()` so that it used PHPMailer's `setFrom()`
method rather than setting the From and FromName headers directly. See
behavior of setting the `Sender` field. This causes `mail` to be
called with the `-f` flag, which causes outgoing email to fail on some
server environments.
Merges [38286] to the 4.6 branch.
Props Clorith, iandunn, DrewAPicture.
Fixes#37736.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38287 602fd350-edb4-49c9-b593-d223f7449a82
* Allow to add/remove a featured image to `attachment:audio` and `attachment:video` post types, see [27657].
* Change conditionals to check for theme OR post type support.
* Add tests for #12922.
Broken in [37658].
Merge of [38263] to the 4.6 branch.
Props flixos90, joemcgill, DrewAPicture, wonderboymusic.
See #12922.
See #37658.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38264 602fd350-edb4-49c9-b593-d223f7449a82
`wp_resource_hints()` parses the URL for the `preconnect` and `dns-prefetch` relation types to ensure correct values for both. While protocol-relative URLs are supported for `dns-prefetch`, the double slash was lost for `preconnect`.
Merge of [38255] to the 4.6 branch.
Props swissspidy, peterwilsoncc.
Props azaozz for review.
See #37652.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38256 602fd350-edb4-49c9-b593-d223f7449a82
Merges [38251] to the 4.6 branch.
First added in [37588] and later modified in [38224], the idea was to ensure that filters/actions added before `advance-cache.php` would not disappear if `advance-cache.php` overloaded the filters/actions with code such as `$wp_filter = array()`. This is an edge case and one that there is no documented case of existing.
This restores the behavior from WordPress 4.5 and before. It is strongly encouraged that developers using `advance-cache.php` to use the Plugins API that is available before the loading of `advance-cache.php` rather than directly interacting with any of the globals.
Props azaozz, jorbin, dd32 for review, pento for review, westi for investigation, ipstenu for research.
See #36819.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38252 602fd350-edb4-49c9-b593-d223f7449a82
The global `$current_blog` is not switched in `switch_to_blog()` and can
not be used to properly retrieve current switched site information.
Merge of [38217] to the 4.6 branch.
Props ocean90 for review.
Fixes#37607.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38231 602fd350-edb4-49c9-b593-d223f7449a82
[37588] added methods to backup the plugin globals, for ensuring that advanced cache drop-ins don't overwrite hooks that've been added earlier in the load process.
The method for restoring the plugin globals wasn't compatible with the implementation of `WP_Hook` in #17817. `WP_Hook` implements `ArrayAccess`, so `_restore_plugin_globals()` was treating it as an array, and inadvertantly overwriting the `WP_Hook` object with a plain array.
To avoid having to re-write this code as part of #17817, we now use `add_filter()` to restore any hooks that were added by cache drop-ins, which `WP_Hook` correctly supports.
Merge of [38223] with the 4.6 branch.
Props pento, jorbin.
Fixes#36819.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38224 602fd350-edb4-49c9-b593-d223f7449a82
Merges [38221] to the 4.6 branch.
Before this change, when a bulk update was canceled due dismissing the FTP credentials modal, part of the actions didn't get canceled. This meant the "There is a new version of…” notices become blank and the updates you had checked became unchecked. Now, the notices remain and you are essentially returned to the screen you had before. Strings are also updated to improve ARIA usage.
Fixes#37563.
Props ocean90, swissspidy, obenland, afercia.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38222 602fd350-edb4-49c9-b593-d223f7449a82
[37262] changed a check in `redirect_canonical()` so that it checked
categories in the object cache rather than querying the database. However,
the check was based on the identity of `WP_Term` objects, which in
certain cases can be augmented by the main WP query routine, causing
failures of the `in_array()` check. This caused unnecessary redirects
for URLs where `is_single()` is true, but the URL is different from the
post permalink, such as the `embed` endpoint.
`has_term()` also checks the cache, but does not sufer from this bug.
Merges [38216] to the 4.6 branch.
Props cmillerdev.
Fixes#36602.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38220 602fd350-edb4-49c9-b593-d223f7449a82
* "-1" is an invalid nonce error, show 'An error has occurred. Please reload the page and try again.'.
* "error" means that the connection to the server was lost, show 'Connection lost or the server is busy. Please try again later.'.
* Escape the message in `wp-updates-admin-notice` because the response may include HTML.
* Remove HTML tags in `wp.updates.isValidResponse()` to make PHP's error messages more readable.
Merge of [38205] to the 4.6 branch.
Props azaozz for review.
See #37583.
git-svn-id: https://develop.svn.wordpress.org/branches/4.6@38206 602fd350-edb4-49c9-b593-d223f7449a82
Requests has its own cookie object in form of `Requests_Cookie`. Therefore we have to convert `WP_Http_Cookie` objects to `Requests_Cookie`.
This introduces `WP_Http_Cookie::get_attributes()` to retrieve cookie attributes of a `WP_Http_Cookie` object and `WP_Http::normalize_cookies()` to convert the cookie objects.
Fixes#37437.
git-svn-id: https://develop.svn.wordpress.org/trunk@38164 602fd350-edb4-49c9-b593-d223f7449a82
* `preconnect` will be potentially pretty heavy on the CDN. With the Unicode 9.0 emoji update, almost all browsers will trigger the `preconnect`.
* `preconnect` only opens one connection, but `s.w.org` is HTTP/1.1, so the browser will use the preconnected connection for the first emoji, then it has to open new connections for subsequent emoji.
Also use the same URL as we use for the `emoji_svg_url` filter. This will print the hint for the correct CDN in case someone uses a custom CDN.
Props peterwilsoncc.
Fixes#37387.
git-svn-id: https://develop.svn.wordpress.org/trunk@38122 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a few accessibility issues, restores the "Search Results" tab and the search type selector, and improves compatibility with older browsers.
Props rahulsprajapati, swissspidy, adamsilverstein, ocean90
See #37233.
git-svn-id: https://develop.svn.wordpress.org/trunk@38119 602fd350-edb4-49c9-b593-d223f7449a82
When `IMAGE_EDIT_OVERWRITE` is set to true, edited image files are
supposed to be deleted when an image is restored to the original.
However, when an image was edited more than once, and then restored,
files created during previous edits were left behind.
Fixes this behavior by updating `wp_save_image()` to clean up
leftover images after each edit when `IMAGE_EDIT_OVERWRITE` is true.
Props bradt, chriscct7, joemcgill.
Fixes#32171.
git-svn-id: https://develop.svn.wordpress.org/trunk@38113 602fd350-edb4-49c9-b593-d223f7449a82
Externally hosted script and style dependencies trigger `dns-prefetch` hinting only when enqueued. This removed a bug in which hinting was added on registration.
Renames the function `wp_resource_hints_scripts_styles` to `wp_dependencies_unique_hosts` as the function provides the hosts, not the hinting.
Props swissspidy.
Fixes#37385.
git-svn-id: https://develop.svn.wordpress.org/trunk@38100 602fd350-edb4-49c9-b593-d223f7449a82
Prior to the introduction of `WP_Term_Query`, the 'orderby' clause
passed to the 'terms_clauses' filter was prefixed by `ORDER BY`. After
`WP_Term_Query`, this was not the case; `ORDER BY` was added after the
filter. As such, plugins filtering 'terms_clauses' and returning an
'orderby' clause beginning with `ORDER BY` resulted in invalid syntax
when `WP_Term_Query` prepended a second `ORDER BY` keyword to
the clause.
This changeset rearranges the way the 'orderby' clause is built so that
it will be passed to 'terms_clauses' in the previous format.
Fixes#37378.
git-svn-id: https://develop.svn.wordpress.org/trunk@38099 602fd350-edb4-49c9-b593-d223f7449a82
