diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/js/_enqueues/admin/user-profile.js | 10 | ||||
| -rw-r--r-- | src/wp-admin/includes/class-wp-list-table.php | 4 | ||||
| -rw-r--r-- | src/wp-content/themes/twentynineteen/sass/navigation/_menu-main-navigation.scss | 6 | ||||
| -rw-r--r-- | src/wp-content/themes/twentynineteen/style-rtl.css | 6 | ||||
| -rw-r--r-- | src/wp-content/themes/twentynineteen/style.css | 6 | ||||
| -rw-r--r-- | src/wp-includes/author-template.php | 2 | ||||
| -rw-r--r-- | src/wp-includes/capabilities.php | 59 | ||||
| -rw-r--r-- | src/wp-includes/class-wp-comment-query.php | 4 | ||||
| -rw-r--r-- | src/wp-includes/class-wp-customize-widgets.php | 2 | ||||
| -rw-r--r-- | src/wp-includes/class-wp-image-editor-imagick.php | 2 | ||||
| -rw-r--r-- | src/wp-includes/class-wp-oembed.php | 14 | ||||
| -rw-r--r-- | src/wp-includes/comment-template.php | 5 | ||||
| -rw-r--r-- | src/wp-includes/embed.php | 16 | ||||
| -rw-r--r-- | src/wp-includes/pluggable.php | 14 | ||||
| -rw-r--r-- | src/wp-includes/post.php | 13 | ||||
| -rw-r--r-- | src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php | 12 | ||||
| -rw-r--r-- | src/wp-includes/user.php | 7 |
17 files changed, 116 insertions, 66 deletions
diff --git a/src/js/_enqueues/admin/user-profile.js b/src/js/_enqueues/admin/user-profile.js index ad808d3131..ce680ef4c4 100644 --- a/src/js/_enqueues/admin/user-profile.js +++ b/src/js/_enqueues/admin/user-profile.js @@ -101,6 +101,8 @@ return; } $toggleButton = $pass1Row.find('.wp-hide-pw'); + + // Toggle between showing and hiding the password. $toggleButton.show().on( 'click', function () { if ( 'password' === $pass1.attr( 'type' ) ) { $pass1.attr( 'type', 'text' ); @@ -110,6 +112,14 @@ resetToggle( true ); } }); + + // Ensure the password input type is set to password when the form is submitted. + $pass1Row.closest( 'form' ).on( 'submit', function() { + if ( $pass1.attr( 'type' ) === 'text' ) { + $pass1.attr( 'type', 'password' ); + resetToggle( true ); + } + } ); } /** diff --git a/src/wp-admin/includes/class-wp-list-table.php b/src/wp-admin/includes/class-wp-list-table.php index 5a7fa0db8e..cdf31db597 100644 --- a/src/wp-admin/includes/class-wp-list-table.php +++ b/src/wp-admin/includes/class-wp-list-table.php @@ -72,10 +72,10 @@ class WP_List_Table { protected $modes = array(); /** - * Stores the value returned by ->get_column_info(). + * Stores the value returned by ::get_column_info(). * * @since 4.1.0 - * @var array + * @var array|null */ protected $_column_headers; diff --git a/src/wp-content/themes/twentynineteen/sass/navigation/_menu-main-navigation.scss b/src/wp-content/themes/twentynineteen/sass/navigation/_menu-main-navigation.scss index d1e30256f3..6d6d744ed8 100644 --- a/src/wp-content/themes/twentynineteen/sass/navigation/_menu-main-navigation.scss +++ b/src/wp-content/themes/twentynineteen/sass/navigation/_menu-main-navigation.scss @@ -433,9 +433,13 @@ white-space: inherit; } + &:not(:has(.sub-menu.expanded-true)) { + overflow-y: scroll; + } + &.expanded-true { - display: table; + display: block; margin-top: 0; opacity: 1; padding-left: 0; diff --git a/src/wp-content/themes/twentynineteen/style-rtl.css b/src/wp-content/themes/twentynineteen/style-rtl.css index da1b3636c0..9f1700c012 100644 --- a/src/wp-content/themes/twentynineteen/style-rtl.css +++ b/src/wp-content/themes/twentynineteen/style-rtl.css @@ -3271,8 +3271,12 @@ body.page .main-navigation { white-space: inherit; } +.main-navigation .main-menu .menu-item-has-children.off-canvas .sub-menu:not(:has(.sub-menu.expanded-true)) { + overflow-y: scroll; +} + .main-navigation .main-menu .menu-item-has-children.off-canvas .sub-menu.expanded-true { - display: table; + display: block; margin-top: 0; opacity: 1; padding-right: 0; diff --git a/src/wp-content/themes/twentynineteen/style.css b/src/wp-content/themes/twentynineteen/style.css index 2124cf584f..634a947b3a 100644 --- a/src/wp-content/themes/twentynineteen/style.css +++ b/src/wp-content/themes/twentynineteen/style.css @@ -3271,8 +3271,12 @@ body.page .main-navigation { white-space: inherit; } +.main-navigation .main-menu .menu-item-has-children.off-canvas .sub-menu:not(:has(.sub-menu.expanded-true)) { + overflow-y: scroll; +} + .main-navigation .main-menu .menu-item-has-children.off-canvas .sub-menu.expanded-true { - display: table; + display: block; margin-top: 0; opacity: 1; padding-left: 0; diff --git a/src/wp-includes/author-template.php b/src/wp-includes/author-template.php index 184d7d0f38..a48a6d3e6e 100644 --- a/src/wp-includes/author-template.php +++ b/src/wp-includes/author-template.php @@ -286,7 +286,7 @@ function get_the_author_posts() { if ( ! $post ) { return 0; } - return count_user_posts( $post->post_author, $post->post_type ); + return (int) count_user_posts( $post->post_author, $post->post_type ); } /** diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php index d6c340c95e..48586e093c 100644 --- a/src/wp-includes/capabilities.php +++ b/src/wp-includes/capabilities.php @@ -470,7 +470,7 @@ function map_meta_cap( $cap, $user_id, ...$args ) { if ( $meta_key ) { $allowed = ! is_protected_meta( $meta_key, $object_type ); - if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { + if ( has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { /** * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. @@ -512,36 +512,33 @@ function map_meta_cap( $cap, $user_id, ...$args ) { $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); } - if ( ! empty( $object_subtype ) ) { - - /** - * Filters whether the user is allowed to edit meta for specific object types/subtypes. - * - * Return true to have the mapped meta caps from `edit_{$object_type}` apply. - * - * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. - * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered. - * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). - * - * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`. - * @since 4.7.0 Renamed from `auth_post_{$post_type}_meta_{$meta_key}` to - * `auth_{$object_type}_{$object_subtype}_meta_{$meta_key}`. - * @deprecated 4.9.8 Use {@see 'auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}'} instead. - * - * @param bool $allowed Whether the user can add the object meta. Default false. - * @param string $meta_key The meta key. - * @param int $object_id Object ID. - * @param int $user_id User ID. - * @param string $cap Capability name. - * @param string[] $caps Array of the user's capabilities. - */ - $allowed = apply_filters_deprecated( - "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", - array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), - '4.9.8', - "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" - ); - } + /** + * Filters whether the user is allowed to edit meta for specific object types/subtypes. + * + * Return true to have the mapped meta caps from `edit_{$object_type}` apply. + * + * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. + * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered. + * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). + * + * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`. + * @since 4.7.0 Renamed from `auth_post_{$post_type}_meta_{$meta_key}` to + * `auth_{$object_type}_{$object_subtype}_meta_{$meta_key}`. + * @deprecated 4.9.8 Use {@see 'auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}'} instead. + * + * @param bool $allowed Whether the user can add the object meta. Default false. + * @param string $meta_key The meta key. + * @param int $object_id Object ID. + * @param int $user_id User ID. + * @param string $cap Capability name. + * @param string[] $caps Array of the user's capabilities. + */ + $allowed = apply_filters_deprecated( + "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", + array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), + '4.9.8', + "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" + ); if ( ! $allowed ) { $caps[] = $cap; diff --git a/src/wp-includes/class-wp-comment-query.php b/src/wp-includes/class-wp-comment-query.php index 6a72c0d209..03d3479b6c 100644 --- a/src/wp-includes/class-wp-comment-query.php +++ b/src/wp-includes/class-wp-comment-query.php @@ -579,9 +579,7 @@ class WP_Comment_Query { } } - if ( ! empty( $status_clauses ) ) { - $approved_clauses[] = '( ' . implode( ' OR ', $status_clauses ) . ' )'; - } + $approved_clauses[] = '( ' . implode( ' OR ', $status_clauses ) . ' )'; } // User IDs or emails whose unapproved comments are included, regardless of $status. diff --git a/src/wp-includes/class-wp-customize-widgets.php b/src/wp-includes/class-wp-customize-widgets.php index 2a7915224b..b24a9c8b47 100644 --- a/src/wp-includes/class-wp-customize-widgets.php +++ b/src/wp-includes/class-wp-customize-widgets.php @@ -923,7 +923,7 @@ final class WP_Customize_Widgets { <span class="customize-action"> <?php $panel = $this->manager->get_panel( 'widgets' ); - $panel_title = $panel && isset( $panel->title ) ? $panel->title : __( 'Widgets' ); + $panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' ); /* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */ printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) ); ?> diff --git a/src/wp-includes/class-wp-image-editor-imagick.php b/src/wp-includes/class-wp-image-editor-imagick.php index 2e7c7039d5..f57e6f281f 100644 --- a/src/wp-includes/class-wp-image-editor-imagick.php +++ b/src/wp-includes/class-wp-image-editor-imagick.php @@ -305,7 +305,7 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor { * image operations within the time of the HTTP request. * * @since 6.2.0 - * @since 6.3.0 This method was deprecated. + * @deprecated 6.3.0 No longer used in core. * * @return int|null The new limit on success, null on failure. */ diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 2d59c2217d..43f95ed150 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -739,9 +739,9 @@ class WP_oEmbed { * * @since 2.9.0 * - * @param string $return The returned oEmbed HTML. - * @param object $data A data object result from an oEmbed provider. - * @param string $url The URL of the content to be embedded. + * @param string|false $return The returned oEmbed HTML, or false on failure. + * @param object $data A data object result from an oEmbed provider. + * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } @@ -752,10 +752,10 @@ class WP_oEmbed { * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * - * @param string $html Existing HTML. - * @param object $data Data object from WP_oEmbed::data2html() - * @param string $url The original URL passed to oEmbed. - * @return string Possibly modified $html + * @param string|false $html Existing HTML. + * @param object $data Data object from WP_oEmbed::data2html() + * @param string $url The original URL passed to oEmbed. + * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php index cd41d4b200..f023c03cd0 100644 --- a/src/wp-includes/comment-template.php +++ b/src/wp-includes/comment-template.php @@ -2446,6 +2446,7 @@ function wp_list_comments( $args = array(), $comments = null ) { * @since 4.6.0 Introduced the 'action' argument. * @since 4.9.6 Introduced the 'cookies' default comment field. * @since 5.5.0 Introduced the 'class_container' argument. + * @since 6.8.2 Introduced the 'novalidate' argument. * * @param array $args { * Optional. Default arguments and form fields to override. @@ -2467,6 +2468,7 @@ function wp_list_comments( $args = array(), $comments = null ) { * Default 'Your email address will not be published.'. * @type string $comment_notes_after HTML element for a message displayed after the textarea field. * @type string $action The comment form element action attribute. Default '/wp-comments-post.php'. + * @type bool $novalidate Whether the novalidate attribute is added to the comment form. Default false. * @type string $id_form The comment form element id attribute. Default 'commentform'. * @type string $id_submit The comment submit element id attribute. Default 'submit'. * @type string $class_container The comment form container class attribute. Default 'comment-respond'. @@ -2646,6 +2648,7 @@ function comment_form( $args = array(), $post = null ) { ), 'comment_notes_after' => '', 'action' => site_url( '/wp-comments-post.php' ), + 'novalidate' => false, 'id_form' => 'commentform', 'id_submit' => 'submit', 'class_container' => 'comment-respond', @@ -2729,7 +2732,7 @@ function comment_form( $args = array(), $post = null ) { esc_url( $args['action'] ), esc_attr( $args['id_form'] ), esc_attr( $args['class_form'] ), - ( $html5 ? ' novalidate' : '' ) + ( $args['novalidate'] ? ' novalidate' : '' ) ); /** diff --git a/src/wp-includes/embed.php b/src/wp-includes/embed.php index b5b30acead..a3c23be931 100644 --- a/src/wp-includes/embed.php +++ b/src/wp-includes/embed.php @@ -843,10 +843,10 @@ function _oembed_create_xml( $data, $node = null ) { * * @since 5.2.0 * - * @param string $result The oEmbed HTML result. - * @param object $data A data object result from an oEmbed provider. - * @param string $url The URL of the content to be embedded. - * @return string The filtered oEmbed result. + * @param string|false $result The oEmbed HTML result. + * @param object $data A data object result from an oEmbed provider. + * @param string $url The URL of the content to be embedded. + * @return string|false The filtered oEmbed result. */ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) { if ( false === $result || ! in_array( $data->type, array( 'rich', 'video' ), true ) ) { @@ -910,10 +910,10 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) { * * @since 4.4.0 * - * @param string $result The oEmbed HTML result. - * @param object $data A data object result from an oEmbed provider. - * @param string $url The URL of the content to be embedded. - * @return string The filtered and sanitized oEmbed result. + * @param string|false $result The oEmbed HTML result. + * @param object $data A data object result from an oEmbed provider. + * @param string $url The URL of the content to be embedded. + * @return string|false The filtered and sanitized oEmbed result. */ function wp_filter_oembed_result( $result, $data, $url ) { if ( false === $result || ! in_array( $data->type, array( 'rich', 'video' ), true ) ) { diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index 9fd6d1d00d..1dbac5e1d7 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -2676,9 +2676,11 @@ if ( ! function_exists( 'wp_hash_password' ) ) : * - `PASSWORD_ARGON2ID` * - `PASSWORD_DEFAULT` * + * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. + * * @since 6.8.0 * - * @param string $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant. + * @param string|int $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant. */ $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT ); @@ -2688,12 +2690,14 @@ if ( ! function_exists( 'wp_hash_password' ) ) : * The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'} * filter. You must ensure that the options are appropriate for the algorithm in use. * + * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. + * * @since 6.8.0 * - * @param array $options Array of options to pass to the password hashing functions. - * By default this is an empty array which means the default - * options will be used. - * @param string $algorithm The hashing algorithm in use. + * @param array $options Array of options to pass to the password hashing functions. + * By default this is an empty array which means the default + * options will be used. + * @param string|int $algorithm The hashing algorithm in use. */ $options = apply_filters( 'wp_hash_password_options', array(), $algorithm ); diff --git a/src/wp-includes/post.php b/src/wp-includes/post.php index bd749b2f82..b312ac394b 100644 --- a/src/wp-includes/post.php +++ b/src/wp-includes/post.php @@ -4874,6 +4874,15 @@ function wp_insert_post( $postarr, $wp_error = false, $fire_after_hooks = true ) } } + /** + * Fires immediately before a new post is inserted in the database. + * + * @since 6.9.0 + * + * @param array $data Array of unslashed post data. + */ + do_action( 'pre_post_insert', $data ); + if ( false === $wpdb->insert( $wpdb->posts, $data ) ) { if ( $wp_error ) { if ( 'attachment' === $post_type ) { @@ -6868,7 +6877,9 @@ function wp_get_attachment_metadata( $attachment_id = 0, $unfiltered = false ) { * * @param int $attachment_id Attachment post ID. * @param array $data Attachment meta data. - * @return int|false False if $post is invalid. + * @return int|bool Whether the metadata was successfully updated. + * True on success, the Meta ID if the key didn't exist. + * False if $post is invalid, on failure, or if $data is the same as the existing metadata. */ function wp_update_attachment_metadata( $attachment_id, $data ) { $attachment_id = (int) $attachment_id; diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php index 004f5851a2..66cf8785e4 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php @@ -147,6 +147,18 @@ class WP_REST_Settings_Controller extends WP_REST_Controller { $params = $request->get_params(); + if ( empty( $params ) || ! empty( array_diff_key( $params, $options ) ) ) { + $message = empty( $params ) + ? __( 'Request body cannot be empty.' ) + : __( 'Invalid parameter(s) provided.' ); + + return new WP_Error( + 'rest_invalid_param', + $message, + array( 'status' => 400 ) + ); + } + foreach ( $options as $name => $args ) { if ( ! array_key_exists( $name, $params ) ) { continue; diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index c3df9229bf..4dacf58628 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -637,7 +637,7 @@ function count_user_posts( $userid, $post_type = 'post', $public_only = false ) * @since 4.1.0 Added `$post_type` argument. * @since 4.3.1 Added `$public_only` argument. * - * @param int $count The user's post count. + * @param string $count The user's post count as a numeric string. * @param int $userid User ID. * @param string|array $post_type Single post type or array of post types to count the number of posts for. * @param bool $public_only Whether to limit counted posts to public posts. @@ -2286,7 +2286,10 @@ function wp_insert_user( $userdata ) { */ $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename ); - if ( mb_strlen( $user_nicename ) > 50 ) { + // Check if the sanitized nicename is empty. + if ( empty( $user_nicename ) ) { + return new WP_Error( 'empty_user_nicename', __( 'Cannot create a user with an empty nicename.' ) ); + } elseif ( mb_strlen( $user_nicename ) > 50 ) { return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) ); } |