* REST API: Allow authors to read their own password protected posts.
* About page update
Merges [50717] to the 5.1 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@50730 602fd350-edb4-49c9-b593-d223f7449a82
This removes a test assertion defending against version ranges in the node value in package.json files. This is now supported.
Props peterwilsoncc.
Merges [50192] to the 5.1 branch.
See #52341.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@50200 602fd350-edb4-49c9-b593-d223f7449a82
Move `skipTestOnTimeout()` to `WP_UnitTestCase_Base` to avoid duplication.
Merges [46682] and [46996] to the 5.1 branch.
See #51669.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@50094 602fd350-edb4-49c9-b593-d223f7449a82
This commit introduces the Docker-based local WordPress development environment to the 5.2 branch and converts the Travis test jobs to utilize this environment for easier and more consistent testing.
Merges [45745,45762,45783-45784,45800,45819,45885,46320,46999,47225,47912,48121,49335,49358,49360,49362] to the 5.1 branch.
See #48301, #47767.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@49528 602fd350-edb4-49c9-b593-d223f7449a82
Fix off-by-one error in pixel color checks for rotate and flip image tests. Change to using PNG with single pixel to ensure that errors are caught in the future, rather than lost in JPEG noise.
Props Fuegas, mikeschroder.
Merges [45067] to the 5.1 branch.
See #46073, #48301.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@49517 602fd350-edb4-49c9-b593-d223f7449a82
This updates the `dealerdirect/phpcodesniffer-composer-installer` package to allow installing version `0.7.0` which supports Composer 2.0.
It also includes several minor spacing/alignment coding standards fixes that are made as a result of the package update.
Props itowhid06, jrf.
Merges [49306] to the 5.1 branch.
See #51624, #48301.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@49516 602fd350-edb4-49c9-b593-d223f7449a82
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.1 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@49395 602fd350-edb4-49c9-b593-d223f7449a82
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 5.1 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@47963 602fd350-edb4-49c9-b593-d223f7449a82
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.
Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.1 branch.
Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@47646 602fd350-edb4-49c9-b593-d223f7449a82
`assertSame()` doesn't have the `$delta` parameter, only `assertEquals()` does.
Follow-up to [47313].
Merges [47318] to the 5.1 branch.
See #40364.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@47321 602fd350-edb4-49c9-b593-d223f7449a82
Props: danielbachhuber, whyisjake, peterwilson, xknown.
Prevent stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown, SergeyBiryukov, flaviozavan.
Update wp_kses_bad_protocol() to recognize : on uri attributes,
wp_kses_bad_protocol() makes sure to validate that uri attributes don't contain invalid/or not allowed protocols. While this works fine in most cases, there's a risk that by using the colon html5 named entity, one is able to bypass this function.
Brings r46895 to the 5.3 branch.
Props: xknown, nickdaugherty, peterwilsoncc.
Prevent stored XSS in the block editor.
Brings r46896 to the 5.3 branch.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@46907 602fd350-edb4-49c9-b593-d223f7449a82
Restores `public`, `archived`, `mature`, `spam`, `deleted`, `lang_id`, and `WPLANG` to the `$meta` data passed to `wpmu_new_blog`. This hook was deprecated in 5.1.0, but code using it still relies on this data.
Props davidbinda, pbiron.
Merges [44805] and [44806] to the 5.1 branch.
Fixes#46351.
git-svn-id: https://develop.svn.wordpress.org/branches/5.1@44807 602fd350-edb4-49c9-b593-d223f7449a82
Minimize jquery.form.js as part of build process to remove the source map reference.
Modify source map tests to include all JavaScript files rather than testing Backbone and jQuery only.
Props pento.
Fixes#46218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44740 602fd350-edb4-49c9-b593-d223f7449a82
[44618] added strict type checking to `_sanitize_text_fields()`, which has caused some compat issues with plugins.
We can loosen the type checking to only reject objects and arrays, and cast other types to string.
Props Nick_theGeek, pento.
Fixes#41450.
git-svn-id: https://develop.svn.wordpress.org/trunk@44731 602fd350-edb4-49c9-b593-d223f7449a82
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
git-svn-id: https://develop.svn.wordpress.org/trunk@44717 602fd350-edb4-49c9-b593-d223f7449a82
Introduced in [918/tests] and updated in [26871], the class is there to make sure that known bugs are not skipped when `phpunit` is called with a `--group` that corresponds to an `@ticket` annotation (such as `phpunit --group 12345`).
Enforcing recognized arguments or correctly formed arguments is not the concern here, so reusing `PHPUnit_Util_Getopt::parseLongOption()` was superfluous.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44715 602fd350-edb4-49c9-b593-d223f7449a82
The pre-save filters added to links in [43732] could invalidate JSON data when saving Customizer change-sets.
This removes the filters when saving and publishing change-sets.
Props peterwilsoncc, nikeo for testing.
See #45292.
git-svn-id: https://develop.svn.wordpress.org/trunk@44714 602fd350-edb4-49c9-b593-d223f7449a82
To test the `date_i18n()` output correctly, the tests added in [43434] need to set a non-UTC timezone.
Props Rarst.
Fixes#20973.
git-svn-id: https://develop.svn.wordpress.org/trunk@44710 602fd350-edb4-49c9-b593-d223f7449a82
The method is only used for two known options: `group` and `exclude-group`, others should be passed to PHPUnit.
Props johnbillion.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44707 602fd350-edb4-49c9-b593-d223f7449a82
* Create an abstract `WP_UnitTestCase_Base` class to share between PHPUnit 7.x and older versions.
* Add a speed-trap loader to determine which `SpeedTrapListener` class needs to be loaded for the current PHPUnit version.
* Remove unnecessary `PHPUnit\Util\Test` and `PHPUnit_Util_Getopt` inheritances.
* Update Travis CI config to use PHPUnit 7.x for PHP 7.1, 7.2, and nightly PHP versions.
Props jipmoors, netweb, desrosj, ayeshrajans, soulseekah, SergeyBiryukov.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44701 602fd350-edb4-49c9-b593-d223f7449a82
Moves the logic for determining when an event will next run from `wp_next_scheduled()` to `wp_get_scheduled_event()`.
This improves the performance of `wp_get_scheduled_event()` by avoiding duplicate function calls and object cache hits.
Props peterwilsoncc.
Fixes#45976.
git-svn-id: https://develop.svn.wordpress.org/trunk@44693 602fd350-edb4-49c9-b593-d223f7449a82
Bypass adding a `rel` attribute when the `wp_targeted_link_rel` filter returns an empty string or other falsy result.
Props mcmwebsol, spartank, meatman89fs.
Fixes#45352.
git-svn-id: https://develop.svn.wordpress.org/trunk@44691 602fd350-edb4-49c9-b593-d223f7449a82
This was introduced in [44466]. Also, this changeset adds tests for `_wp_die_process_input()` so that this never happens again.
Props dd32.
See #45933.
git-svn-id: https://develop.svn.wordpress.org/trunk@44690 602fd350-edb4-49c9-b593-d223f7449a82
Adds a `maybe_serialize()` comparison for the old and new values in `update_network_option()` to avoid unnecessary database writes when options contain identical objects.
Props bor0.
Fixes#44956.
git-svn-id: https://develop.svn.wordpress.org/trunk@44662 602fd350-edb4-49c9-b593-d223f7449a82
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.
To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.
Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes#43857.
git-svn-id: https://develop.svn.wordpress.org/trunk@44659 602fd350-edb4-49c9-b593-d223f7449a82
A few sniffs have been renamed, this change includes the relevant `phpcs:ignore` comment updates.
Fixes#46002.
git-svn-id: https://develop.svn.wordpress.org/trunk@44645 602fd350-edb4-49c9-b593-d223f7449a82
When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email.
This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email.
Props fuchsws, rachelbaker, desrosj.
Fixes#44672.
git-svn-id: https://develop.svn.wordpress.org/trunk@44641 602fd350-edb4-49c9-b593-d223f7449a82
