Merge branch 'master' into grunt

.editorconfig

@@ -0,0 +1,11 @@
+# editorconfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

404.php

@@ -2,14 +2,13 @@
 
 <div class="alert alert-block fade in">
   <a class="close" data-dismiss="alert">&times;</a>
-  <p><?php _e('The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.', 'roots'); ?></p>
+  <p><?php _e('Sorry, but the page you were trying to view does not exist.', 'roots'); ?></p>
 </div>
 
-<p><?php _e('Please try the following:', 'roots'); ?></p>
+<p><?php _e('It looks like this was the result of either:', 'roots'); ?></p>
 <ul>
-  <li><?php _e('Check your spelling', 'roots'); ?></li>
+  <li><?php _e('a mistyped address', 'roots'); ?></li>
-  <li><?php printf(__('Return to the <a href="%s">home page</a>', 'roots'), home_url()); ?></li>
+  <li><?php _e('an out-of-date link', 'roots'); ?></li>
-  <li><?php _e('Click the <a href="javascript:history.back()">Back</a> button', 'roots'); ?></li>
 </ul>
 
 <?php get_search_form(); ?>

CHANGELOG.md

@@ -1,4 +1,20 @@
 ### HEAD
+* Update to jQuery 1.9.1
+* Output author title with `get_the_author()`
+* Add EditorConfig
+* Update 404 template based on H5BP
+* Update H5BP's included .htaccess
+* Don't show comments on passworded posts
+* Add `do_action('get_header')` for WooSidebars compatibility
+* Simplify entry meta
+* Allow `get_search_form()` to be called more than once per request
+* Move plugins.js and main.js to footer
+* JavaScript clean up (everything is now enqueued)
+* Remove conditional feed
+* Introduce `add_theme_support('bootstrap-gallery')`
+* Rewrites organization (introduce `lib/rewrites.php`)
+* Fix `add_editor_style` path
+* Updated translations: French, Bulgarian, Turkish, Korean
 * Enable `add_theme_support` for Nice Search
 * Replace ID's with classes
 * Add support for dynamic sidebar templates

base.php

@@ -4,6 +4,7 @@
   <!--[if lt IE 7]><div class="alert">Your browser is <em>ancient!</em> <a href="http://browsehappy.com/">Upgrade to a different browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">install Google Chrome Frame</a> to experience this site.</div><![endif]-->
 
   <?php
+    do_action('get_header');
     // Use Bootstrap's navbar if enabled in config.php
     if (current_theme_supports('bootstrap-top-navbar')) {
       get_template_part('templates/header-top-navbar');

doc/lib.md

@@ -87,7 +87,7 @@ If you're using LESS, make sure you compile the files to the proper locations:
 
 JavaScript is loaded in the following order:
 
-1. `jquery-1.9.0.min.js` via Google CDN with local fallback
+1. `jquery-1.9.1.min.js` via Google CDN with local fallback
 2. `/theme/assets/js/vendor/modernizr-2.6.2.min.js`
 3. `/theme/assets/js/plugins.js` (in footer)
 4. `/theme/assets/js/main.js` (in footer)

doc/usage.md

@@ -28,7 +28,7 @@ A basic Roots theme initially looks like this:
 │       ├── main.js
 │       ├── plugins.js (includes bootstrap.js)
 │       └── vendor
-│           ├── jquery-1.9.0.min.js
+│           ├── jquery-1.9.1.min.js
 │           └── modernizr-2.6.2.min.js
 ├── doc
 ├── lang

lib/cleanup.php

@@ -513,8 +513,10 @@ add_filter('request', 'roots_request_filter');
 /**
  * Tell WordPress to use searchform.php from the templates/ directory
  */
-function roots_get_search_form() {
+function roots_get_search_form($argument) {
-  locate_template('/templates/searchform.php', true, true);
+  if ($argument === '') {
+    locate_template('/templates/searchform.php', true, false);
+  }
 }
 
 add_filter('get_search_form', 'roots_get_search_form');

lib/h5bp-htaccess

@@ -2,25 +2,28 @@
 
 ###
 ### This contains the HTML5 Boilerplate .htaccess that can be found at:
-###  github.com/h5bp/html5-boilerplate/blob/master/.htaccess
+### https://github.com/h5bp/server-configs/blob/master/apache/.htaccess
 ###
 ### Added:
 ###   Block access to access to WordPress files that reveal version information.
 ###
-### Commented out by default:
+### Removed:
-###  Expires headers:      Use WP Super Cache or W3 Total Cache (unless using the H5BP build script)
+###   Expires headers:      Use W3 Total Cache
-###  ETag removal:         Use WP Super Cache or W3 Total Cache (unless using the H5BP build script)
+###   ETag removal:         Use W3 Total Cache
 ###   Start rewrite engine: Handled by WordPress
 ###   Suppress/force www:   Handled by WordPress
-###  Options -MultiViews:  Causes a server 500 error on most shared hosts
 ###   Custom 404 page:      Handled by WordPress
 ###
+### Commmented out by default:
+###   Options -MultiViews:  Causes a server 500 error on most shared hosts
+###
 ### Anytime you update this file the .htaccess file in the root of your
 ### WordPress install is automatically updated with the changes whenever
-### the permalinks are flushed or set
+### the permalinks are flushed or set (see lib/htaccess.php)
 ###
 
 
+
 # ----------------------------------------------------------------------
 # Better website experience for IE users
 # ----------------------------------------------------------------------
@@ -30,9 +33,9 @@
 # Use ChromeFrame if it's installed for a better experience for the poor IE folk
 
 <IfModule mod_headers.c>
-  Header set X-UA-Compatible "IE=Edge,chrome=1"
+  Header set X-UA-Compatible "IE=edge,chrome=1"
   # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
-  <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
+  <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
     Header unset X-UA-Compatible
   </FilesMatch>
 </IfModule>
@@ -64,7 +67,7 @@
 <IfModule mod_setenvif.c>
   <IfModule mod_headers.c>
     # mod_headers, y u no match by Content-Type?!
-    <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
+    <FilesMatch "\.(gif|ico|jpe?g|png|svg|svgz|webp)$">
       SetEnvIf Origin ":" IS_CORS
       Header set Access-Control-Allow-Origin "*" env=IS_CORS
     </FilesMatch>
@@ -81,18 +84,16 @@
 # subdomains like "subdomain.example.com".
 
 <IfModule mod_headers.c>
-  <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
+  <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
     Header set Access-Control-Allow-Origin "*"
   </FilesMatch>
 </IfModule>
 
 
-
 # ----------------------------------------------------------------------
 # Proper MIME type for all files
 # ----------------------------------------------------------------------
 
-
 # JavaScript
 #   Normalize to standard type (it's sniffed in IE anyways)
 #   tools.ietf.org/html/rfc4329#section-7.2
@@ -100,12 +101,12 @@ AddType application/javascript         js jsonp
 AddType application/json               json
 
 # Audio
-AddType audio/ogg                      oga ogg
 AddType audio/mp4                      m4a f4a f4b
+AddType audio/ogg                      oga ogg
 
 # Video
-AddType video/ogg                      ogv
 AddType video/mp4                      mp4 m4v f4v f4p
+AddType video/ogg                      ogv
 AddType video/webm                     webm
 AddType video/x-flv                    flv
 
@@ -116,25 +117,25 @@ AddType     image/svg+xml              svg svgz
 AddEncoding gzip                       svgz
 
 # Webfonts
+AddType application/font-woff          woff
 AddType application/vnd.ms-fontobject  eot
 AddType application/x-font-ttf         ttf ttc
 AddType font/opentype                  otf
-AddType application/x-font-woff        woff
 
 # Assorted types
-AddType image/x-icon                        ico
+AddType application/octet-stream            safariextz
-AddType image/webp                          webp
-AddType text/cache-manifest                 appcache manifest
-AddType text/x-component                    htc
-AddType application/xml                     rss atom xml rdf
 AddType application/x-chrome-extension      crx
 AddType application/x-opera-extension       oex
-AddType application/x-xpinstall             xpi
-AddType application/octet-stream            safariextz
-AddType application/x-web-app-manifest+json webapp
-AddType text/x-vcard                        vcf
 AddType application/x-shockwave-flash       swf
-
+AddType application/x-web-app-manifest+json webapp
+AddType application/x-xpinstall             xpi
+AddType application/xml                     rss atom xml rdf
+AddType image/webp                          webp
+AddType image/x-icon                        ico
+AddType text/cache-manifest                 appcache manifest
+AddType text/vtt                            vtt
+AddType text/x-component                    htc
+AddType text/x-vcard                        vcf
 
 
 # ----------------------------------------------------------------------
@@ -142,20 +143,19 @@ AddType application/x-shockwave-flash       swf
 # ----------------------------------------------------------------------
 
 # e.g. Inside of script.combined.js you could have
-#   <!--#include file="libs/jquery.min.js" -->
+#   <!--#include file="libs/jquery-1.5.0.min.js" -->
 #   <!--#include file="plugins/jquery.idletimer.js" -->
 # and they would be included into this single file.
 
 # This is not in use in the boilerplate as it stands. You may
-# choose to name your files in this way for this advantage or
+# choose to use this technique if you do not have a build process.
-# concatenate and minify them manually.
-# Disabled by default.
 
 #<FilesMatch "\.combined\.js$">
 #  Options +Includes
 #  AddOutputFilterByType INCLUDES application/javascript application/json
 #  SetOutputFilter INCLUDES
 #</FilesMatch>
+
 #<FilesMatch "\.combined\.css$">
 #  Options +Includes
 #  AddOutputFilterByType INCLUDES text/css
@@ -177,139 +177,51 @@ AddType application/x-shockwave-flash       swf
     </IfModule>
   </IfModule>
 
-  # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
+  # Compress all output labeled with one of the following MIME-types
-  <IfModule filter_module>
+  # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
-    FilterDeclare   COMPRESS
+  # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines as
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html
+  # `AddOutputFilterByType` is still in the core directives)
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css
+  <IfModule mod_filter.c>
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain
+    AddOutputFilterByType DEFLATE application/atom+xml \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml
+                                  application/javascript \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component
+                                  application/json \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript
+                                  application/rss+xml \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json
+                                  application/vnd.ms-fontobject \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml
+                                  application/x-font-ttf \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml
+                                  application/xhtml+xml \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml
+                                  application/xml \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml
+                                  font/opentype \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject
+                                  image/svg+xml \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml
+                                  image/x-icon \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/x-icon
+                                  text/css \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf
+                                  text/html \
-    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype
+                                  text/plain \
-    FilterChain     COMPRESS
+                                  text/x-component \
-    FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
+                                  text/xml
-  </IfModule>
-
-  <IfModule !mod_filter.c>
-    # Legacy versions of Apache
-    AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
-    AddOutputFilterByType DEFLATE application/javascript
-    AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
-    AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
-    AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
   </IfModule>
 
 </IfModule>
 
 
-# ----------------------------------------------------------------------
-# Expires headers (for better cache control)
-# ----------------------------------------------------------------------
-
-# These are pretty far-future expires headers.
-# They assume you control versioning with filename-based cache busting
-# Additionally, consider that outdated proxies may miscache
-#   www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
-
-# If you don't use filenames to version, lower the CSS  and JS to something like
-#   "access plus 1 week" or so.
-
-# <IfModule mod_expires.c>
-#   ExpiresActive on
-
-# Perhaps better to whitelist expires rules? Perhaps.
-#   ExpiresDefault                          "access plus 1 month"
-
-# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
-#   ExpiresByType text/cache-manifest       "access plus 0 seconds"
-
-# Your document html
-#   ExpiresByType text/html                 "access plus 0 seconds"
-
-# Data
-#   ExpiresByType text/xml                  "access plus 0 seconds"
-#   ExpiresByType application/xml           "access plus 0 seconds"
-#   ExpiresByType application/json          "access plus 0 seconds"
-
-# Feed
-#   ExpiresByType application/rss+xml       "access plus 1 hour"
-#   ExpiresByType application/atom+xml      "access plus 1 hour"
-
-# Favicon (cannot be renamed)
-#   ExpiresByType image/x-icon              "access plus 1 week"
-
-# Media: images, video, audio
-#   ExpiresByType image/gif                 "access plus 1 month"
-#   ExpiresByType image/png                 "access plus 1 month"
-#   ExpiresByType image/jpg                 "access plus 1 month"
-#   ExpiresByType image/jpeg                "access plus 1 month"
-#   ExpiresByType video/ogg                 "access plus 1 month"
-#   ExpiresByType audio/ogg                 "access plus 1 month"
-#   ExpiresByType video/mp4                 "access plus 1 month"
-#   ExpiresByType video/webm                "access plus 1 month"
-
-# HTC files  (css3pie)
-#   ExpiresByType text/x-component          "access plus 1 month"
-
-# Webfonts
-#   ExpiresByType application/x-font-ttf    "access plus 1 month"
-#   ExpiresByType font/opentype             "access plus 1 month"
-#   ExpiresByType application/x-font-woff   "access plus 1 month"
-#   ExpiresByType image/svg+xml             "access plus 1 month"
-#   ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
-
-# CSS and JavaScript
-#   ExpiresByType text/css                  "access plus 1 year"
-#   ExpiresByType application/javascript    "access plus 1 year"
-
-# </IfModule>
-
 # ----------------------------------------------------------------------
 # Prevent mobile network providers from modifying your site
 # ----------------------------------------------------------------------
 
-# The following header prevents modification of your code over 3G on some European providers
+# The following header prevents modification of your code over 3G on some
-# This is the official 'bypass' suggested by O2 in the UK
+# European providers.
+# This is the official 'bypass' suggested by O2 in the UK.
 
 # <IfModule mod_headers.c>
 # Header set Cache-Control "no-transform"
 # </IfModule>
 
 
-
-# ----------------------------------------------------------------------
-# ETag removal
-# ----------------------------------------------------------------------
-
-# FileETag None is not enough for every server.
-# <IfModule mod_headers.c>
-#   Header unset ETag
-# </IfModule>
-
-# Since we're sending far-future expires, we don't need ETags for
-# static content.
-#   developer.yahoo.com/performance/rules.html#etags
-# FileETag None
-
-
-
 # ----------------------------------------------------------------------
 # Stop screen flicker in IE on CSS rollovers
 # ----------------------------------------------------------------------
 
 # The following directives stop screen flicker in IE on CSS rollovers - in
-# combination with the "ExpiresByType" rules for images (see above). If
+# combination with the "ExpiresByType" rules for images (see above).
-# needed, un-comment the following rules.
 
 # BrowserMatch "MSIE" brokenvary=1
 # BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
@@ -317,105 +229,42 @@ AddType application/x-shockwave-flash       swf
 # SetEnvIf brokenvary 1 force-no-vary
 
 
-
 # ----------------------------------------------------------------------
 # Set Keep-Alive Header
 # ----------------------------------------------------------------------
 
-# Keep-Alive allows the server to send multiple requests through one TCP-connection.
+# Keep-Alive allows the server to send multiple requests through one
-# Be aware of possible disadvantages of this setting. Turn on if you serve a lot of
+# TCP-connection. Be aware of possible disadvantages of this setting. Turn on
-# static content.
+# if you serve a lot of static content.
 
 # <IfModule mod_headers.c>
 #   Header set Connection Keep-Alive
 # </IfModule>
 
 
-
 # ----------------------------------------------------------------------
 # Cookie setting from iframes
 # ----------------------------------------------------------------------
 
 # Allow cookies to be set from iframes (for IE only)
-# If needed, uncomment and specify a path or regex in the Location directive
+# If needed, specify a path or regex in the Location directive.
 
 # <IfModule mod_headers.c>
 #   Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
 # </IfModule>
 
 
-
-# ----------------------------------------------------------------------
-# Start rewrite engine
-# ----------------------------------------------------------------------
-
-# Turning on the rewrite engine is necessary for the following rules and features.
-# FollowSymLinks must be enabled for this to work.
-#
-# Some cloud hosting services require RewriteBase to be set: goo.gl/HOcPN
-# If using the h5bp in a subdirectory, use `RewriteBase /foo` instead where 'foo' is your directory.
-
-# <IfModule mod_rewrite.c>
-#   Options +FollowSymlinks
-#   RewriteEngine On
-# # RewriteBase /
-# </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Suppress or force the "www." at the beginning of URLs
-# ----------------------------------------------------------------------
-
-# The same content should never be available under two different URLs - especially not with and
-# without "www." at the beginning, since this can cause SEO problems (duplicate content).
-# That's why you should choose one of the alternatives and redirect the other one.
-
-# By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
-# no-www.org/faq.php?q=class_b
-
-# If you rather want to use option 2, just comment out all option 1 lines
-# and uncomment option 2.
-# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
-
-# ----------------------------------------------------------------------
-
-# Option 1:
-# Rewrite "www.example.com -> example.com"
-
-# <IfModule mod_rewrite.c>
-#   RewriteCond %{HTTPS} !=on
-#   RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
-#   RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
-# </IfModule>
-
-# ----------------------------------------------------------------------
-
-# Option 2:
-# To rewrite "example.com -> www.example.com" uncomment the following lines.
-# Be aware that the following rule might not be a good idea if you
-# use "real" subdomains for certain parts of your website.
-
-# <IfModule mod_rewrite.c>
-#   RewriteCond %{HTTPS} !=on
-#   RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
-#   RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-# </IfModule>
-
-
-
 # ----------------------------------------------------------------------
 # Built-in filename-based cache busting
 # ----------------------------------------------------------------------
 
 # If you're not using the build script to manage your filename version revving,
 # you might want to consider enabling this, which will route requests for
-# /css/style.20110203.css to /css/style.css
+# `/css/style.20110203.css` to `/css/style.css`.
 
 # To understand why this is important and a better idea than all.css?v1231,
-# read: github.com/h5bp/html5-boilerplate/wiki/cachebusting
+# please refer to the bundled documentation about `.htaccess`.
 
-# Uncomment to enable.
 # <IfModule mod_rewrite.c>
 #   RewriteCond %{REQUEST_FILENAME} !-f
 #   RewriteCond %{REQUEST_FILENAME} !-d
@@ -423,14 +272,12 @@ AddType application/x-shockwave-flash       swf
 # </IfModule>
 
 
-
 # ----------------------------------------------------------------------
 # Prevent SSL cert warnings
 # ----------------------------------------------------------------------
 
 # Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
 # https://www.example.com when your cert only allows https://secure.example.com
-# Uncomment the following lines to use this feature.
 
 # <IfModule mod_rewrite.c>
 #   RewriteCond %{SERVER_PORT} !^443
@@ -438,29 +285,32 @@ AddType application/x-shockwave-flash       swf
 # </IfModule>
 
 
+# ----------------------------------------------------------------------
+# Force client-side SSL redirection
+# ----------------------------------------------------------------------
+
+# If a user types "example.com" in her browser, the above rule will redirect her
+# to the secure version of the site. That still leaves a window of opportunity
+# (the initial HTTP connection) for an attacker to downgrade or redirect the
+# request. The following header ensures that browser will **only** connect to
+# your server via HTTPS, regardless of what users type in the address bar.
+
+# <IfModule mod_headers.c>
+#   Header set Strict-Transport-Security max-age=16070400;
+# </IfModule>
+
 
 # ----------------------------------------------------------------------
 # Prevent 404 errors for non-existing redirected folders
 # ----------------------------------------------------------------------
 
-# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
+# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the
-#   e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
+# same name does not exist.
+# webmasterworld.com/apache/3808792.htm
 
 # Options -MultiViews
 
 
-
-# ----------------------------------------------------------------------
-# Custom 404 page
-# ----------------------------------------------------------------------
-
-# You can add custom pages to handle 500 or 403 pretty easily, if you like.
-# If you are hosting your site in subdirectory, adjust this accordingly
-#    e.g. ErrorDocument 404 /subdir/404.html
-# ErrorDocument 404 /404.html
-
-
-
 # ----------------------------------------------------------------------
 # UTF-8 encoding
 # ----------------------------------------------------------------------
@@ -469,56 +319,43 @@ AddType application/x-shockwave-flash       swf
 AddDefaultCharset utf-8
 
 # Force UTF-8 for a number of file formats
-AddCharset utf-8 .css .js .xml .json .rss .atom
+AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
-
 
 
 # ----------------------------------------------------------------------
 # A little more security
 # ----------------------------------------------------------------------
 
-
+# To avoid displaying the exact version number of Apache being used, add the
-# Do we want to advertise the exact version number of Apache we're running?
+# following to httpd.conf (it will not work in .htaccess):
-# Probably not.
-## This can only be enabled if used in httpd.conf - It will not work in .htaccess
 # ServerTokens Prod
 
-
+# "-Indexes" will have Apache block users from browsing folders without a
-# "-Indexes" will have Apache block users from browsing folders without a default document
+# default document Usually you should leave this activated, because you
-# Usually you should leave this activated, because you shouldn't allow everybody to surf through
+# shouldn't allow everybody to surf through every folder on your server (which
-# every folder on your server (which includes rather private places like CMS system folders).
+# includes rather private places like CMS system folders).
 <IfModule mod_autoindex.c>
   Options -Indexes
 </IfModule>
 
-
+# Block access to "hidden" directories or files whose names begin with a
-# Block access to "hidden" directories or files whose names begin with a period. This
+# period. This includes directories used by version control systems such as
-# includes directories used by version control systems such as Subversion or Git.
+# Subversion or Git.
 <IfModule mod_rewrite.c>
   RewriteCond %{SCRIPT_FILENAME} -d [OR]
   RewriteCond %{SCRIPT_FILENAME} -f
   RewriteRule "(^|/)\." - [F]
 </IfModule>
 
-
+# Block access to backup and source files. These files may be left by some
-# Block access to backup and source files
+# text/html editors and pose a great security danger, when anyone can access
-# This files may be left by some text/html editors and
+# them.
-# pose a great security danger, when someone can access them
+<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
-<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
   Order allow,deny
   Deny from all
   Satisfy All
 </FilesMatch>
 
-
-# Block access to WordPress files that reveal version information.
-<FilesMatch "^(wp-config\.php|readme\.html|license\.txt)">
-  Order allow,deny
-  Deny from all
-  Satisfy All
-</FilesMatch>
-
-
 # If your server is not already configured as such, the following directive
 # should be uncommented in order to set PHP's register_globals option to OFF.
 # This closes a major security hole that is abused by most XSS (cross-site
@@ -578,8 +415,6 @@ AddCharset utf-8 .css .js .xml .json .rss .atom
 # php_value error_append_string " "
 
 # Increase cookie security
-<IfModule php5_module>
+<IfModule mod_php5.c>
   php_value session.cookie_httponly true
 </IfModule>
-
-# END HTML5 Boilerplate

lib/scripts.php

@@ -6,7 +6,7 @@
  * 1. /theme/assets/css/main.min.css
  *
  * Enqueue scripts in the following order:
- * 1. jquery-1.9.0.min.js via Google CDN
+ * 1. jquery-1.9.1.min.js via Google CDN
  * 2. /theme/assets/js/vendor/modernizr-2.6.2.min.js
  * 3. /theme/assets/js/scripts.min.js
  */
@@ -24,7 +24,7 @@ function roots_scripts() {
   // It's kept in the header instead of footer to avoid conflicts with plugins.
   if (!is_admin()) {
     wp_deregister_script('jquery');
-    wp_register_script('jquery', '//ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js', false, null, false);
+    wp_register_script('jquery', '//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js', false, null, false);
   }
 
   if (is_single() && comments_open() && get_option('thread_comments')) {
@@ -45,7 +45,7 @@ function roots_jquery_local_fallback($src, $handle) {
   static $add_jquery_fallback = false;
 
   if ($add_jquery_fallback) {
-    echo '<script>window.jQuery || document.write(\'<script src="' . get_template_directory_uri() . '/assets/js/vendor/jquery-1.9.0.min.js"><\/script>\')</script>' . "\n";
+    echo '<script>window.jQuery || document.write(\'<script src="' . get_template_directory_uri() . '/assets/js/vendor/jquery-1.9.1.min.js"><\/script>\')</script>' . "\n";
     $add_jquery_fallback = false;
   }
 

lib/utils.php

@@ -75,16 +75,14 @@ function roots_title() {
     } elseif (is_year()) {
       printf(__('Yearly Archives: %s', 'roots'), get_the_date('Y'));
     } elseif (is_author()) {
-      global $post;
+      printf(__('Author Archives: %s', 'roots'), get_the_author());
-      $author_id = $post->post_author;
-      printf(__('Author Archives: %s', 'roots'), get_the_author_meta('display_name', $author_id));
     } else {
       single_cat_title();
     }
   } elseif (is_search()) {
     printf(__('Search Results for %s', 'roots'), get_search_query());
   } elseif (is_404()) {
-    _e('File Not Found', 'roots');
+    _e('Not Found', 'roots');
   } else {
     the_title();
   }

templates/comments.php

@@ -1,3 +1,9 @@
+<?php
+  if (post_password_required()) {
+    return;
+  }
+?>
+
 <?php function roots_comment($comment, $args, $depth) {
   $GLOBALS['comment'] = $comment; ?>
   <li <?php comment_class(); ?>>
@@ -25,15 +31,6 @@
     </article>
 <?php } ?>
 
-<?php if (post_password_required()) : ?>
-  <section id="comments">
-    <div class="alert alert-block fade in">
-      <a class="close" data-dismiss="alert">&times;</a>
-      <p><?php _e('This post is password protected. Enter the password to view comments.', 'roots'); ?></p>
-    </div>
-  </section><!-- /#comments -->
-<?php endif; ?>
-
 <?php if (have_comments()) : ?>
   <section id="comments">
     <h3><?php printf(_n('One Response to &ldquo;%2$s&rdquo;', '%1$s Responses to &ldquo;%2$s&rdquo;', get_comments_number(), 'roots'), number_format_i18n(get_comments_number()), get_the_title()); ?></h3>

templates/entry-meta.php

@@ -1,2 +1,2 @@
-<time class="updated" datetime="<?php echo get_the_time('c'); ?>" pubdate><?php echo sprintf(__('Posted on %s at %s.', 'roots'), get_the_date(), get_the_time()); ?></time>
+<time class="updated" datetime="<?php echo get_the_time('c'); ?>" pubdate><?php echo get_the_date(); ?></time>
-<p class="byline author vcard"><?php echo __('Written by', 'roots'); ?> <a href="<?php echo get_author_posts_url(get_the_author_meta('ID')); ?>" rel="author" class="fn"><?php echo get_the_author(); ?></a></p>
+<p class="byline author vcard"><?php echo __('By', 'roots'); ?> <a href="<?php echo get_author_posts_url(get_the_author_meta('ID')); ?>" rel="author" class="fn"><?php echo get_the_author(); ?></a></p>