* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 5.4 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/5.4@49391
git-svn-id: http://core.svn.wordpress.org/branches/5.4@49150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reduces the chance of displaying incorrect results due to running the check too early in first time setup scenarios.
Props Clorith, garrett-eclipse, roytanck, joostdevalk.
Reviewed by whyisjake, SergeyBiryukov.
Merges [47456] to the 5.4 branch.
Fixes#49577.
Built from https://develop.svn.wordpress.org/branches/5.4@47466
git-svn-id: http://core.svn.wordpress.org/branches/5.4@47253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change fixes an issue where the error codes associated with failed REST API tests are not being printed to the screen. In addition, the square brackets have been replaced with parentheses for consistency, and the error code (which is much less useful to end-users than the error message itself) has been moved to the end of the line.
This also clarifies the associated translator comments.
Props afercia, desrosj.
Fixes#49426.
Built from https://develop.svn.wordpress.org/trunk@47306
git-svn-id: http://core.svn.wordpress.org/trunk@47106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per Web Content Accessibility Guidelines 2.0, big chunks of italic text should be avoided.
Same applies to UI controls, since they're meant to be comfortably readable by the largest possible audience, e.g.: label elements.
Removes italic font style from:
- the Quick Edit / Bulk Edit forms
- the Recovery Mode plugin error details
- the Image Editor inline help
Props birgire, audrasjb, SergeyBiryukov, melchoyce, estelaris, sabernhardt, xkon, nrqsnchz, afercia.
See #47327.
Built from https://develop.svn.wordpress.org/trunk@47304
git-svn-id: http://core.svn.wordpress.org/trunk@47104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When an attempt is made to update an active plugin automatically, there is the potential currently for two negative scenarios:
- The plugin can be deactivated if the Plugins admin screen is loaded when the plugin update is incomplete, causing a PHP error.
- The WSOD protection could be triggered, sending a false alarm email to the site administrator.
By enabling maintenance mode before an active plugin update is attempted, these scenarios can be avoided.
This change implements the same approach as the `Theme_Upgrader` class of using the `upgrader_pre_install` and `upgrader_post_install` hooks to toggle maintenance mode.
Props desrosj, SergeyBiryukov.
Fixes#49400.
Built from https://develop.svn.wordpress.org/trunk@47275
git-svn-id: http://core.svn.wordpress.org/trunk@47075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `erase_others_personal_data`
* `export_others_personal_data`
* `manage_privacy_options`
Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately.
Additionally, `manage_privacy_options` is added to the Editor role.
Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins.
Fixes#44176.
Built from https://develop.svn.wordpress.org/trunk@47269
git-svn-id: http://core.svn.wordpress.org/trunk@47069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a progress indicator for "Download Personal Data" and "Erase Personal Data" row actions, which can take a while with a lot of data.
Props garrett-eclipse, allendav, dominic_ks, xkon, karmatosed, birgire.
Fixes#44264.
Built from https://develop.svn.wordpress.org/trunk@47246
git-svn-id: http://core.svn.wordpress.org/trunk@47046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Link Manager is disabled for new installations since WordPress 3.5, so core should not encourage importing links.
See #meta4706 for the corresponding WordPress.org API change.
Props Ipstenu, hareesh-pillai, DrewAPicture, nacin, karmatosed, dd32, garrett-eclipse.
Fixes#22994. See #21307.
Built from https://develop.svn.wordpress.org/trunk@47227
git-svn-id: http://core.svn.wordpress.org/trunk@47027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Repeated containers used for custom fields have duplicate ID attributes. Duplicate IDs are incorrect HTML, and will also cause unexpected results when trying to manipulate using JS. Duplicate IDs are changed to matching classes; CSS & JS updated to match.
Props jankimoradiya, audrasjb, donmhico, afercia.
Fixes#46964.
Built from https://develop.svn.wordpress.org/trunk@47222
git-svn-id: http://core.svn.wordpress.org/trunk@47022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These are language constructs, not function calls, so the parentheses are unnecessary.
This updates the PHPCS configuration file the enforce the sniff until it is moved from the `WordPress-Extra` ruleset to the `WordPress-Core` ruleset upstream.
Follow-up to [47198].
Props desrosj, jrf, GaryJ.
Fixes#49376.
Built from https://develop.svn.wordpress.org/trunk@47207
git-svn-id: http://core.svn.wordpress.org/trunk@47007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
