create_function() is equivalent to eval(), and most of our uses can be refactored. This is simpler, more secure, and slightly more performant.
Props sgolemon.
Fixes#37082.
git-svn-id: https://develop.svn.wordpress.org/trunk@39591 602fd350-edb4-49c9-b593-d223f7449a82
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.
Fixes#39063. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
Prior to 3.1 if a object cache dropin wanted to add actions, they needed to use `$wp_filter` directly.
Props jorbin.
Fixes#39132.
git-svn-id: https://develop.svn.wordpress.org/trunk@39565 602fd350-edb4-49c9-b593-d223f7449a82
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.
This change compares the old and new values as serialized data to remove the resource ID from the comparison.
Props salcode, bradyvercher, peterwilsoncc.
Fixes#38903.
git-svn-id: https://develop.svn.wordpress.org/trunk@39564 602fd350-edb4-49c9-b593-d223f7449a82
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
This new function is a taxonomy-agnostic version of `get_category_parents()`.
Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes#17069.
git-svn-id: https://develop.svn.wordpress.org/trunk@39549 602fd350-edb4-49c9-b593-d223f7449a82
Fixes issue where calls without the `url` parameter erroneously end up rewriting the location path to `/undefined`.
Props Christian1012, westonruter.
Fixes#39175.
git-svn-id: https://develop.svn.wordpress.org/trunk@39547 602fd350-edb4-49c9-b593-d223f7449a82
They were commented out in `admin-bar.css` since 3 years, see [26770].
Props kafleg, ketuchetan.
Fixes#39137.
git-svn-id: https://develop.svn.wordpress.org/trunk@39533 602fd350-edb4-49c9-b593-d223f7449a82
When the direct SQL query was removed in [38446], part of the SQL
concatenation was not removed. This changeset fixes that.
Props david.binda.
Fixes#39142.
git-svn-id: https://develop.svn.wordpress.org/trunk@39532 602fd350-edb4-49c9-b593-d223f7449a82
When sections of the media modal are hidden out of view, their controls may be
still focusable and actionable. This completely hides these sections to avoid
unnecessary tab stops and potential confusion for assistive technology users.
Props SergeyBiryukov, afercia.
Fixes#30599.
git-svn-id: https://develop.svn.wordpress.org/trunk@39529 602fd350-edb4-49c9-b593-d223f7449a82
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.
Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes#39078.
git-svn-id: https://develop.svn.wordpress.org/trunk@39506 602fd350-edb4-49c9-b593-d223f7449a82
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.
Fixes#38326
git-svn-id: https://develop.svn.wordpress.org/trunk@39494 602fd350-edb4-49c9-b593-d223f7449a82
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.
Props joehoyle, jnylen0.
Fixes#39010.
git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.
Props peterwilsoncc.
Fixes#39005.
git-svn-id: https://develop.svn.wordpress.org/trunk@39468 602fd350-edb4-49c9-b593-d223f7449a82
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.
Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes#39012.
git-svn-id: https://develop.svn.wordpress.org/trunk@39464 602fd350-edb4-49c9-b593-d223f7449a82
These functions now accept the `show_in_rest`, `rest_base`, and `rest_controller_class` args.
Props ketuchetan, rahulsprajapati.
Fixes#39023.
git-svn-id: https://develop.svn.wordpress.org/trunk@39462 602fd350-edb4-49c9-b593-d223f7449a82
After re-adding `locale.php` in [39455], remove the content of the file so that it can't cause errors in the event of something loading it early in the WordPress load process.
See #39027.
git-svn-id: https://develop.svn.wordpress.org/trunk@39456 602fd350-edb4-49c9-b593-d223f7449a82
`locale.php` is occasionally included directly by custom external code, so should continue to be available. This behaviour is deprecated.
Partial revert of [38364].
See #37827, #39027.
git-svn-id: https://develop.svn.wordpress.org/trunk@39455 602fd350-edb4-49c9-b593-d223f7449a82
`session.php` is occasionally included directly by custom external code, so should continue to be available. This behaviour is deprecated.
Partial revert of [38373].
See #36335, #39027.
git-svn-id: https://develop.svn.wordpress.org/trunk@39453 602fd350-edb4-49c9-b593-d223f7449a82
`class-feed.php` is occasionally included directly by custom external code, so should continue to be available. This is deprecated in favour of calling `fetch_feed()`, however..
Partial revert of [38374].
See #36335, #39027.
git-svn-id: https://develop.svn.wordpress.org/trunk@39449 602fd350-edb4-49c9-b593-d223f7449a82
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971.
git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.
Props jnylen0, rachelbaker.
Fixes#38962.
git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
