Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 4.9 branch.
Fixes#57306.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@54986 602fd350-edb4-49c9-b593-d223f7449a82
This updates the 4.9 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.
This also replaces the `npm-shrinkwrap.json` with a `package-lock.json` file. Lock files were not supported in earlier versions of NPM, but can now be used.
In addition to backporting the package updates that happened after branching 4.9, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [42460-42461,42463,42887,43320,43323,43977,44219,44233,44728,45321,45765,46404,46408-46409,47404,47867-47869,47872-47873,48705,49636,49933,49937,49939,50017,50126,50176,50185,50192] to the 4.9 branch.
See #52341.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@50202 602fd350-edb4-49c9-b593-d223f7449a82
Move `skipTestOnTimeout()` to `WP_UnitTestCase_Base` to avoid duplication.
Merges [46682] and [46996] to the 4.9 branch.
See #51669.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@50096 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the Docker-based local WordPress development environment to the 4.9 branch and converts the Travis test jobs to utilize this environment for easier and more consistent testing.
Until existing blockers with the PHP 5.2 Docker container can be solved, the PHP 5.2 test job will remain using the Travis `precise` image.
Merges [45745,45762,45783-45784,45800,45819,45885,46320,46999,47225,47912,48121,49335,49358,49360,49362] to the 4.9 branch.
See #48301, #47767.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49530 602fd350-edb4-49c9-b593-d223f7449a82
Fix off-by-one error in pixel color checks for rotate and flip image tests. Change to using PNG with single pixel to ensure that errors are caught in the future, rather than lost in JPEG noise.
Props Fuegas, mikeschroder.
Merges [45067] to the 4.9 branch.
See #46073, #48301.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49519 602fd350-edb4-49c9-b593-d223f7449a82
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.9 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@49397 602fd350-edb4-49c9-b593-d223f7449a82
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.9 branch.
Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@47648 602fd350-edb4-49c9-b593-d223f7449a82
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Brings r46893 to the 4.9 branch.
Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 4.9 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@46918 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 4.9 branch.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43648 602fd350-edb4-49c9-b593-d223f7449a82
Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.
Props timmydcrawford.
Merges [43567] to the 4.9 branch.
See #39122.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43646 602fd350-edb4-49c9-b593-d223f7449a82
Adjust it to handle more types of timeouts, e.g. "Resolving timed out", "Connection timed out".
Merges [43511] to the 4.9 branch.
See #44613.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43625 602fd350-edb4-49c9-b593-d223f7449a82
The commenter cookies checkbox is not legally required, so should be disabled by default.
Merges [43531] to the 4.9 branch.
Fixes#44373.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43532 602fd350-edb4-49c9-b593-d223f7449a82
The `comment_form_default_fields` filter can be used to remove the checkbox.
Props pross, SergeyBiryukov.
Merges [43518] to the 4.9 branch.
Fixes#44126.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43524 602fd350-edb4-49c9-b593-d223f7449a82
Introduce an object_subtype argument to the args array for register_meta() which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce register_post_meta() and register_term_meta() wrapper methods for register_meta to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected register_meta to function, and should be used in place of direct register_meta where possible.
Props flixos90, tharsheblows, spacedmonkey.
Merges [43378] to the 4.9 branch.
Fixes#38323.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43510 602fd350-edb4-49c9-b593-d223f7449a82
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.
Props GM_Alex.
Merges [43049] and [43491] to the 4.9 branch.
Fixes#42691.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43492 602fd350-edb4-49c9-b593-d223f7449a82
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.
Props flixos90, danielbachhuber.
Merges [43462] to the 4.9 branch.
Fixes#43751.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43489 602fd350-edb4-49c9-b593-d223f7449a82
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.
Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes#44396.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43459 602fd350-edb4-49c9-b593-d223f7449a82
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Merges [43087] to the 4.9 branch.
Props danielbachhuber.
See #43874.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43445 602fd350-edb4-49c9-b593-d223f7449a82
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Merges [43440] to the 4.9 branch.
Props danielbachhuber.
Fixes#44096.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43443 602fd350-edb4-49c9-b593-d223f7449a82
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Merge of [43439] and [43441] to the 4.9 branch.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes#44321.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43442 602fd350-edb4-49c9-b593-d223f7449a82
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Merges [43437] to the 4.9 branch.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43438 602fd350-edb4-49c9-b593-d223f7449a82
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.
Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes#41112.
git-svn-id: https://develop.svn.wordpress.org/branches/4.9@43357 602fd350-edb4-49c9-b593-d223f7449a82
