`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.
Props bcworkz.
Fixes#39315.
git-svn-id: https://develop.svn.wordpress.org/trunk@39662 602fd350-edb4-49c9-b593-d223f7449a82
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.
See #25239 for correcting the email address.
Fixes#39360.
git-svn-id: https://develop.svn.wordpress.org/trunk@39655 602fd350-edb4-49c9-b593-d223f7449a82
Replaces the "doesn't" contraction with "does not" to be consistent with similar strings in `WP_Error` messages when a specified term or parent term is missing in `WP_REST_Terms_Controller`.
Props ramiy, ocean90.
Fixes#39176.
git-svn-id: https://develop.svn.wordpress.org/trunk@39648 602fd350-edb4-49c9-b593-d223f7449a82
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.
Props timmydcrawford, tyxla.
Fixes#39033.
git-svn-id: https://develop.svn.wordpress.org/trunk@39647 602fd350-edb4-49c9-b593-d223f7449a82
Introduced in [38674], the `wp_update_comment_data` filter took place after the `$data` was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅
This moves the `wp_update_comment_data` filter to take place before the `$data` is sliced and prepared for the database update statement.
Props dshanske for initial patch.
Fixes#39380.
git-svn-id: https://develop.svn.wordpress.org/trunk@39640 602fd350-edb4-49c9-b593-d223f7449a82
Previously, it was possible to modify the `query_vars` array, but
the changes would be ignored after `pre_term_query` had finished
running.
Props jfarthing84.
Fixes#39354.
git-svn-id: https://develop.svn.wordpress.org/trunk@39625 602fd350-edb4-49c9-b593-d223f7449a82
Also fix logic for `focus-control-for-setting` handler to focus on the first control (lowest `priority` value) associated with a given setting instead of the last control encountered when iterating over all controls, as this ensures the first control in a `nav_menu` section is focused rather than the last one.
Props westonruter, sirbrillig.
See #27403.
Fixes#39101.
git-svn-id: https://develop.svn.wordpress.org/trunk@39622 602fd350-edb4-49c9-b593-d223f7449a82
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter. This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.
Props shazahm1hotmailcom, JPry, jnylen0.
Fixes#39300.
git-svn-id: https://develop.svn.wordpress.org/trunk@39621 602fd350-edb4-49c9-b593-d223f7449a82
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
git-svn-id: https://develop.svn.wordpress.org/trunk@39620 602fd350-edb4-49c9-b593-d223f7449a82
This fixes cases where the URL to a PDF preview may be incorrectly calculated when no thumbnails were generated for the PDF (and avoids a PHP Notice at the same time).
Fixes#39250.
git-svn-id: https://develop.svn.wordpress.org/trunk@39612 602fd350-edb4-49c9-b593-d223f7449a82
Correct setup for the `model` attribute of `wp.api.collections` objects. Set the collection model as a function that returns a new model of the underlying type, instead of setting it as the model prototype. Fixes an issue where models for fetched collections weren't set up properly and didn't have the expected mixin methods such as `getCategories` available.
Props jesseenterprises.
Fixes#39070.
git-svn-id: https://develop.svn.wordpress.org/trunk@39603 602fd350-edb4-49c9-b593-d223f7449a82
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
git-svn-id: https://develop.svn.wordpress.org/trunk@39598 602fd350-edb4-49c9-b593-d223f7449a82
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.
Fixes#38700.
git-svn-id: https://develop.svn.wordpress.org/trunk@39597 602fd350-edb4-49c9-b593-d223f7449a82
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.
Fixes#38977.
git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
It's fairly common for clients to send `Content-Type: application/json` with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.
Props JPry.
Fixes#39150.
git-svn-id: https://develop.svn.wordpress.org/trunk@39594 602fd350-edb4-49c9-b593-d223f7449a82
`get_category_link()` is a wrapper for `get_term_link()`. Using the
unwrapped function makes more sense semantically (it's taxonomy-
agnostic) and it's also more parsimonious (the `WP_Error` check in
`get_category_link()` is redundant with similar checks just before
in `get_term_link()`).
Props keesiemeijer.
Fixes#17069.
git-svn-id: https://develop.svn.wordpress.org/trunk@39593 602fd350-edb4-49c9-b593-d223f7449a82
We need to check that the final line is actually an artifact of explode(), not just an empty input string.
See #37082.
git-svn-id: https://develop.svn.wordpress.org/trunk@39592 602fd350-edb4-49c9-b593-d223f7449a82
create_function() is equivalent to eval(), and most of our uses can be refactored. This is simpler, more secure, and slightly more performant.
Props sgolemon.
Fixes#37082.
git-svn-id: https://develop.svn.wordpress.org/trunk@39591 602fd350-edb4-49c9-b593-d223f7449a82
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.
Fixes#39063. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
Prior to 3.1 if a object cache dropin wanted to add actions, they needed to use `$wp_filter` directly.
Props jorbin.
Fixes#39132.
git-svn-id: https://develop.svn.wordpress.org/trunk@39565 602fd350-edb4-49c9-b593-d223f7449a82
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.
This change compares the old and new values as serialized data to remove the resource ID from the comparison.
Props salcode, bradyvercher, peterwilsoncc.
Fixes#38903.
git-svn-id: https://develop.svn.wordpress.org/trunk@39564 602fd350-edb4-49c9-b593-d223f7449a82
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
This new function is a taxonomy-agnostic version of `get_category_parents()`.
Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes#17069.
git-svn-id: https://develop.svn.wordpress.org/trunk@39549 602fd350-edb4-49c9-b593-d223f7449a82
Fixes issue where calls without the `url` parameter erroneously end up rewriting the location path to `/undefined`.
Props Christian1012, westonruter.
Fixes#39175.
git-svn-id: https://develop.svn.wordpress.org/trunk@39547 602fd350-edb4-49c9-b593-d223f7449a82
They were commented out in `admin-bar.css` since 3 years, see [26770].
Props kafleg, ketuchetan.
Fixes#39137.
git-svn-id: https://develop.svn.wordpress.org/trunk@39533 602fd350-edb4-49c9-b593-d223f7449a82
When the direct SQL query was removed in [38446], part of the SQL
concatenation was not removed. This changeset fixes that.
Props david.binda.
Fixes#39142.
git-svn-id: https://develop.svn.wordpress.org/trunk@39532 602fd350-edb4-49c9-b593-d223f7449a82
