- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 4.4 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/4.4@57411
git-svn-id: http://core.svn.wordpress.org/branches/4.4@56917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56834], [56835], [56836], and [56838] to the 4.4 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.4@56855
git-svn-id: http://core.svn.wordpress.org/branches/4.4@56366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Brings the changes from [49380,49382-49388] to the 4.4 branch.
Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.
Built from https://develop.svn.wordpress.org/branches/4.4@49402
git-svn-id: http://core.svn.wordpress.org/branches/4.4@49161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option.
Merges [47947-47951] to the 4.4 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.4@47972
git-svn-id: http://core.svn.wordpress.org/branches/4.4@47742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When upgrading to `utf8mb4`, `TEXT` fields will be upgraded to `MEDIUMTEXT` (and likewise for all other `*TEXT` and `*BLOB` fields). This is to allow for the additional space requirements of `utf8mb4`.
On the subsequent upgrade, `dbDelta()` would try and downgrade the fields to their original size again. At best, this it a waste of time, at worst, this could truncate any data larger than the original size. There's no harm in leaving them at their new size, so let's do that.
This also fixes a typo in the `dbDelta()` tests.
Merge of [37525] to the 4.4 branch.
Partial merge of [36552] to the 4.4 branch.
See #36748.
Built from https://develop.svn.wordpress.org/branches/4.4@37936
git-svn-id: http://core.svn.wordpress.org/branches/4.4@37877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These checkboxes are used on the Menus screen options and the Customizer Menus options.
Their IDs were removed in [34991] but they're needed to get the checkboxes to be saved
via AJAX. Also, avoids a useless AJAX call.
Merge [36137] to the 4.4 branch.
Props afercia.
Fixes#35112.
Built from https://develop.svn.wordpress.org/branches/4.4@36145
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[34370] made the order that tabs are returned respect the order they are added, however it broke the respect of priority. By using a ksort instead of a sort, we can restore that default behavior. This adjusts the unit tests so that both order added and priority are tested.
Merges [36089] to the 4.4 branch.
Props meitar, swissspidy, jorbin
Fixes#35215. See #33941.
Built from https://develop.svn.wordpress.org/branches/4.4@36104
git-svn-id: http://core.svn.wordpress.org/branches/4.4@36069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes#33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742
git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While these classes are intended for admin use, there are developers out there who include `wp-admin/includes/template.php` to access them in other contexts. There is no intention to continue to support this indefinitely, but a breaking change like that would need to happen very early in a cycle and communicated loudly.
In the meantime, if you're reading this commit message and you do the above, please update your code to not do that. Thank you :)
fixes#33413.
Built from https://develop.svn.wordpress.org/trunk@35740
git-svn-id: http://core.svn.wordpress.org/trunk@35704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `populate_options()`, if the theme specified by `WP_DEFAULT_THEME` doesn't exist, fall back to the latest core default theme. If we can't find a core default theme, `WP_DEFAULT_THEME` is the best we can do.
Props nacin, jeremyfelt, dd32.
See #34306.
Built from https://develop.svn.wordpress.org/trunk@35738
git-svn-id: http://core.svn.wordpress.org/trunk@35702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
