2014-11-21 05:01:22 +01:00
|
|
|
<?php
|
2007-12-25 21:48:01 +01:00
|
|
|
/**
|
|
|
|
* Sets up the default filters and actions for most
|
|
|
|
* of the WordPress hooks.
|
|
|
|
*
|
|
|
|
* If you need to remove a default hook, this file will
|
|
|
|
* give you the priority for which to use to remove the
|
|
|
|
* hook.
|
|
|
|
*
|
|
|
|
* Not all of the default hooks are found in default-filters.php
|
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
*/
|
2005-02-07 08:46:41 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Strip, trim, kses, special chars for string saves.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'sanitize_text_field' );
|
|
|
|
add_filter( $filter, 'wp_filter_kses' );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, '_wp_specialchars', 30 );
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Strip, kses, special chars for string display.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
|
2010-09-02 17:06:07 +02:00
|
|
|
if ( is_admin() ) {
|
|
|
|
// These are expensive. Run only on admin pages for defense in depth.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'sanitize_text_field' );
|
|
|
|
add_filter( $filter, 'wp_kses_data' );
|
2010-09-02 17:06:07 +02:00
|
|
|
}
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, '_wp_specialchars', 30 );
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Kses only for textarea saves.
|
2009-10-29 18:15:58 +01:00
|
|
|
foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
|
2013-03-01 17:28:40 +01:00
|
|
|
add_filter( $filter, 'wp_filter_kses' );
|
2009-09-14 15:57:48 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Kses only for textarea admin displays.
|
2010-09-02 17:06:07 +02:00
|
|
|
if ( is_admin() ) {
|
2011-02-08 21:17:09 +01:00
|
|
|
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
2010-09-02 17:06:07 +02:00
|
|
|
add_filter( $filter, 'wp_kses_data' );
|
|
|
|
}
|
2011-02-08 21:17:09 +01:00
|
|
|
add_filter( 'comment_text', 'wp_kses_post' );
|
2009-10-29 18:15:58 +01:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Email saves.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'trim' );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, 'sanitize_email' );
|
2013-03-01 17:28:40 +01:00
|
|
|
add_filter( $filter, 'wp_filter_kses' );
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Email admin display.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
|
|
|
|
add_filter( $filter, 'sanitize_email' );
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( is_admin() ) {
|
2010-09-02 17:06:07 +02:00
|
|
|
add_filter( $filter, 'wp_kses_data' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2009-09-14 15:57:48 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Save URL.
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( array(
|
|
|
|
'pre_comment_author_url',
|
|
|
|
'pre_user_url',
|
|
|
|
'pre_link_url',
|
|
|
|
'pre_link_image',
|
|
|
|
'pre_link_rss',
|
|
|
|
'pre_post_guid',
|
|
|
|
) as $filter ) {
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, 'wp_strip_all_tags' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'esc_url_raw' );
|
|
|
|
add_filter( $filter, 'wp_filter_kses' );
|
2007-10-03 18:16:55 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Display URL.
|
2011-05-23 01:19:42 +02:00
|
|
|
foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url', 'post_guid' ) as $filter ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( is_admin() ) {
|
2010-09-02 17:06:07 +02:00
|
|
|
add_filter( $filter, 'wp_strip_all_tags' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
add_filter( $filter, 'esc_url' );
|
|
|
|
if ( is_admin() ) {
|
|
|
|
add_filter( $filter, 'wp_kses_data' );
|
|
|
|
}
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
2006-05-27 00:47:13 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Slugs.
|
2013-08-27 13:59:11 +02:00
|
|
|
add_filter( 'pre_term_slug', 'sanitize_title' );
|
Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.
See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.
Built from https://develop.svn.wordpress.org/trunk@38810
git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 22:05:31 +02:00
|
|
|
add_filter( 'wp_insert_post_data', '_wp_customize_changeset_filter_insert_post_data', 10, 2 );
|
2007-08-24 16:44:26 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Keys.
|
2012-03-21 16:04:00 +01:00
|
|
|
foreach ( array( 'pre_post_type', 'pre_post_status', 'pre_post_comment_status', 'pre_post_ping_status' ) as $filter ) {
|
2011-02-06 19:37:20 +01:00
|
|
|
add_filter( $filter, 'sanitize_key' );
|
|
|
|
}
|
2008-02-02 20:22:14 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Mime types.
|
2011-05-23 01:19:42 +02:00
|
|
|
add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
|
|
|
|
add_filter( 'post_mime_type', 'sanitize_mime_type' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Meta.
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
|
|
|
add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );
|
2016-06-30 03:02:29 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Post meta.
|
2018-12-12 04:02:24 +01:00
|
|
|
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
|
|
|
|
add_action( 'updated_post_meta', 'wp_cache_set_posts_last_changed' );
|
|
|
|
add_action( 'deleted_post_meta', 'wp_cache_set_posts_last_changed' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Term meta.
|
2018-12-12 04:02:24 +01:00
|
|
|
add_action( 'added_term_meta', 'wp_cache_set_terms_last_changed' );
|
|
|
|
add_action( 'updated_term_meta', 'wp_cache_set_terms_last_changed' );
|
|
|
|
add_action( 'deleted_term_meta', 'wp_cache_set_terms_last_changed' );
|
|
|
|
add_filter( 'get_term_metadata', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'add_term_metadata', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'update_term_metadata', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'delete_term_metadata', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'get_term_metadata_by_mid', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'update_term_metadata_by_mid', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'delete_term_metadata_by_mid', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
add_filter( 'update_term_metadata_cache', 'wp_check_term_meta_support_prefilter' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Comment meta.
|
2018-12-12 04:02:24 +01:00
|
|
|
add_action( 'added_comment_meta', 'wp_cache_set_comments_last_changed' );
|
|
|
|
add_action( 'updated_comment_meta', 'wp_cache_set_comments_last_changed' );
|
|
|
|
add_action( 'deleted_comment_meta', 'wp_cache_set_comments_last_changed' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Places to balance tags on input.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'content_save_pre', 'excerpt_save_pre', 'comment_save_pre', 'pre_comment_content' ) as $filter ) {
|
2015-06-21 02:59:26 +02:00
|
|
|
add_filter( $filter, 'convert_invalid_entities' );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, 'balanceTags', 50 );
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
|
|
|
|
2018-03-02 15:42:31 +01:00
|
|
|
// Add proper rel values for links with target.
|
2019-01-29 22:29:50 +01:00
|
|
|
add_action( 'init', 'wp_init_targeted_link_rel_filters' );
|
2018-03-02 15:42:31 +01:00
|
|
|
|
2007-08-21 00:50:04 +02:00
|
|
|
// Format strings for display.
|
2009-10-15 19:27:45 +02:00
|
|
|
foreach ( array( 'comment_author', 'term_name', 'link_name', 'link_description', 'link_notes', 'bloginfo', 'wp_title', 'widget_title' ) as $filter ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'wptexturize' );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( $filter, 'convert_chars' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'esc_html' );
|
2007-08-21 00:50:04 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Format WordPress.
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( array( 'the_content', 'the_title', 'wp_title' ) as $filter ) {
|
2010-07-08 21:35:29 +02:00
|
|
|
add_filter( $filter, 'capital_P_dangit', 11 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2010-10-21 00:44:15 +02:00
|
|
|
add_filter( 'comment_text', 'capital_P_dangit', 31 );
|
2010-05-27 18:11:27 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Format titles.
|
2010-05-24 00:56:51 +02:00
|
|
|
foreach ( array( 'single_post_title', 'single_cat_title', 'single_tag_title', 'single_month_title', 'nav_menu_attr_title', 'nav_menu_description' ) as $filter ) {
|
2015-05-28 07:52:25 +02:00
|
|
|
add_filter( $filter, 'wptexturize' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'strip_tags' );
|
2010-02-27 19:57:04 +01:00
|
|
|
}
|
|
|
|
|
2007-09-20 20:23:33 +02:00
|
|
|
// Format text area for display.
|
2018-01-13 02:11:49 +01:00
|
|
|
foreach ( array( 'term_description', 'get_the_post_type_description' ) as $filter ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( $filter, 'wptexturize' );
|
|
|
|
add_filter( $filter, 'convert_chars' );
|
|
|
|
add_filter( $filter, 'wpautop' );
|
|
|
|
add_filter( $filter, 'shortcode_unautop' );
|
2007-09-20 20:23:33 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Format for RSS.
|
2013-08-27 13:59:11 +02:00
|
|
|
add_filter( 'term_name_rss', 'convert_chars' );
|
2007-08-29 23:10:20 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Pre save hierarchy.
|
2010-10-14 17:09:04 +02:00
|
|
|
add_filter( 'wp_insert_post_parent', 'wp_check_post_hierarchy_for_loops', 10, 2 );
|
|
|
|
add_filter( 'wp_update_term_parent', 'wp_check_term_hierarchy_for_loops', 10, 3 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Display filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_title', 'wptexturize' );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( 'the_title', 'convert_chars' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_title', 'trim' );
|
2005-02-07 08:46:41 +01:00
|
|
|
|
2018-12-13 23:22:38 +01:00
|
|
|
add_filter( 'the_content', 'do_blocks', 9 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_content', 'wptexturize' );
|
|
|
|
add_filter( 'the_content', 'convert_smilies', 20 );
|
|
|
|
add_filter( 'the_content', 'wpautop' );
|
|
|
|
add_filter( 'the_content', 'shortcode_unautop' );
|
|
|
|
add_filter( 'the_content', 'prepend_attachment' );
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
add_filter( 'the_content', 'wp_filter_content_tags' );
|
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
|
|
|
add_filter( 'the_content', 'wp_replace_insecure_home_url' );
|
2005-02-07 08:46:41 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_excerpt', 'wptexturize' );
|
|
|
|
add_filter( 'the_excerpt', 'convert_smilies' );
|
|
|
|
add_filter( 'the_excerpt', 'convert_chars' );
|
|
|
|
add_filter( 'the_excerpt', 'wpautop' );
|
|
|
|
add_filter( 'the_excerpt', 'shortcode_unautop' );
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
add_filter( 'the_excerpt', 'wp_filter_content_tags' );
|
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
|
|
|
add_filter( 'the_excerpt', 'wp_replace_insecure_home_url' );
|
2019-03-20 16:49:49 +01:00
|
|
|
add_filter( 'get_the_excerpt', 'wp_trim_excerpt', 10, 2 );
|
2016-06-29 19:28:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_post_thumbnail_caption', 'wptexturize' );
|
2016-06-29 19:28:28 +02:00
|
|
|
add_filter( 'the_post_thumbnail_caption', 'convert_smilies' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_post_thumbnail_caption', 'convert_chars' );
|
2005-02-15 01:21:21 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'comment_text', 'wptexturize' );
|
|
|
|
add_filter( 'comment_text', 'convert_chars' );
|
|
|
|
add_filter( 'comment_text', 'make_clickable', 9 );
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( 'comment_text', 'force_balance_tags', 25 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'comment_text', 'convert_smilies', 20 );
|
|
|
|
add_filter( 'comment_text', 'wpautop', 30 );
|
2007-08-21 00:50:04 +02:00
|
|
|
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( 'comment_excerpt', 'convert_chars' );
|
2007-08-21 00:50:04 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'list_cats', 'wptexturize' );
|
2005-02-07 08:46:41 +01:00
|
|
|
|
2009-10-15 19:27:45 +02:00
|
|
|
add_filter( 'wp_sprintf', 'wp_sprintf_l', 10, 2 );
|
2008-02-22 06:53:47 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'widget_text', 'balanceTags' );
|
2017-05-11 20:55:43 +02:00
|
|
|
add_filter( 'widget_text_content', 'capital_P_dangit', 11 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'widget_text_content', 'wptexturize' );
|
|
|
|
add_filter( 'widget_text_content', 'convert_smilies', 20 );
|
|
|
|
add_filter( 'widget_text_content', 'wpautop' );
|
|
|
|
add_filter( 'widget_text_content', 'shortcode_unautop' );
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
add_filter( 'widget_text_content', 'wp_filter_content_tags' );
|
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
|
|
|
add_filter( 'widget_text_content', 'wp_replace_insecure_home_url' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'widget_text_content', 'do_shortcode', 11 ); // Runs after wpautop(); note that $post global will be null when shortcodes run.
|
2015-10-13 03:40:26 +02:00
|
|
|
|
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
|
|
|
add_filter( 'wp_get_custom_css', 'wp_replace_insecure_home_url' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// RSS filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'the_title_rss', 'strip_tags' );
|
|
|
|
add_filter( 'the_title_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'the_title_rss', 'esc_html' );
|
|
|
|
add_filter( 'the_content_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'the_content_feed', 'wp_staticize_emoji' );
|
|
|
|
add_filter( 'the_content_feed', '_oembed_filter_feed_content' );
|
|
|
|
add_filter( 'the_excerpt_rss', 'convert_chars' );
|
|
|
|
add_filter( 'the_excerpt_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'comment_author_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'comment_text_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'comment_text_rss', 'esc_html' );
|
|
|
|
add_filter( 'comment_text_rss', 'wp_staticize_emoji' );
|
|
|
|
add_filter( 'bloginfo_rss', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'the_author', 'ent2ncr', 8 );
|
|
|
|
add_filter( 'the_guid', 'esc_url' );
|
2005-04-05 19:25:57 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Email filters.
|
2015-04-20 06:15:26 +02:00
|
|
|
add_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
|
2015-03-11 23:49:28 +01:00
|
|
|
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
// Robots filters.
|
|
|
|
add_filter( 'wp_robots', 'wp_robots_noindex' );
|
2021-01-29 21:38:03 +01:00
|
|
|
add_filter( 'wp_robots', 'wp_robots_max_image_preview_large' );
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Mark site as no longer fresh.
|
2016-10-28 05:43:30 +02:00
|
|
|
foreach ( array( 'publish_post', 'publish_page', 'wp_ajax_save-widget', 'wp_ajax_widgets-order', 'customize_save_after' ) as $action ) {
|
2017-05-10 23:25:41 +02:00
|
|
|
add_action( $action, '_delete_option_fresh_site', 0 );
|
Customize: Introduce starter content and site freshness state.
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.
* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.
Props helen, westonruter, ocean90.
Fixes #38114, #38533.
Built from https://develop.svn.wordpress.org/trunk@38991
git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 04:57:35 +02:00
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Misc filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'option_ping_sites', 'privacy_ping_filter' );
|
2020-01-29 01:45:18 +01:00
|
|
|
add_filter( 'option_blog_charset', '_wp_specialchars' ); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'option_blog_charset', '_canonical_charset' );
|
|
|
|
add_filter( 'option_home', '_config_wp_home' );
|
|
|
|
add_filter( 'option_siteurl', '_config_wp_siteurl' );
|
|
|
|
add_filter( 'tiny_mce_before_init', '_mce_set_direction' );
|
|
|
|
add_filter( 'teeny_mce_before_init', '_mce_set_direction' );
|
|
|
|
add_filter( 'pre_kses', 'wp_pre_kses_less_than' );
|
2019-12-12 19:02:03 +01:00
|
|
|
add_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10, 3 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 );
|
|
|
|
add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
|
|
|
|
add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 );
|
2019-09-30 03:30:58 +02:00
|
|
|
add_filter( 'pre_comment_content', 'wp_rel_ugc', 15 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'comment_email', 'antispambot' );
|
|
|
|
add_filter( 'option_tag_base', '_wp_filter_taxonomy_base' );
|
|
|
|
add_filter( 'option_category_base', '_wp_filter_taxonomy_base' );
|
|
|
|
add_filter( 'the_posts', '_close_comments_for_old_posts', 10, 2 );
|
|
|
|
add_filter( 'comments_open', '_close_comments_for_old_post', 10, 2 );
|
|
|
|
add_filter( 'pings_open', '_close_comments_for_old_post', 10, 2 );
|
|
|
|
add_filter( 'editable_slug', 'urldecode' );
|
|
|
|
add_filter( 'editable_slug', 'esc_textarea' );
|
|
|
|
add_filter( 'nav_menu_meta_box_object', '_wp_nav_menu_meta_box_object' );
|
|
|
|
add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri' );
|
|
|
|
add_filter( 'xmlrpc_pingback_error', 'xmlrpc_pingback_error' );
|
|
|
|
add_filter( 'title_save_pre', 'trim' );
|
2006-11-30 09:48:56 +01:00
|
|
|
|
2016-10-25 22:48:29 +02:00
|
|
|
add_action( 'transition_comment_status', '_clear_modified_cache_on_transition_comment_status', 10, 2 );
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 );
|
2013-07-31 08:44:57 +02:00
|
|
|
|
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
|
|
|
// REST API filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'xmlrpc_rsd_apis', 'rest_output_rsd' );
|
|
|
|
add_action( 'wp_head', 'rest_output_link_wp_head', 10, 0 );
|
|
|
|
add_action( 'template_redirect', 'rest_output_link_header', 11, 0 );
|
|
|
|
add_action( 'auth_cookie_malformed', 'rest_cookie_collect_status' );
|
|
|
|
add_action( 'auth_cookie_expired', 'rest_cookie_collect_status' );
|
|
|
|
add_action( 'auth_cookie_bad_username', 'rest_cookie_collect_status' );
|
|
|
|
add_action( 'auth_cookie_bad_hash', 'rest_cookie_collect_status' );
|
|
|
|
add_action( 'auth_cookie_valid', 'rest_cookie_collect_status' );
|
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
|
|
|
add_action( 'application_password_failed_authentication', 'rest_application_password_collect_status' );
|
2021-01-29 01:07:02 +01:00
|
|
|
add_action( 'application_password_did_authenticate', 'rest_application_password_collect_status', 10, 2 );
|
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
|
|
|
add_filter( 'rest_authentication_errors', 'rest_application_password_check_errors', 90 );
|
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
|
|
|
add_filter( 'rest_authentication_errors', 'rest_cookie_check_errors', 100 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Actions.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'wp_head', '_wp_render_title_tag', 1 );
|
|
|
|
add_action( 'wp_head', 'wp_enqueue_scripts', 1 );
|
|
|
|
add_action( 'wp_head', 'wp_resource_hints', 2 );
|
|
|
|
add_action( 'wp_head', 'feed_links', 2 );
|
|
|
|
add_action( 'wp_head', 'feed_links_extra', 3 );
|
|
|
|
add_action( 'wp_head', 'rsd_link' );
|
|
|
|
add_action( 'wp_head', 'wlwmanifest_link' );
|
|
|
|
add_action( 'wp_head', 'locale_stylesheet' );
|
|
|
|
add_action( 'publish_future_post', 'check_and_publish_future_post', 10, 1 );
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
add_action( 'wp_head', 'wp_robots', 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'wp_head', 'print_emoji_detection_script', 7 );
|
|
|
|
add_action( 'wp_head', 'wp_print_styles', 8 );
|
|
|
|
add_action( 'wp_head', 'wp_print_head_scripts', 9 );
|
|
|
|
add_action( 'wp_head', 'wp_generator' );
|
|
|
|
add_action( 'wp_head', 'rel_canonical' );
|
|
|
|
add_action( 'wp_head', 'wp_shortlink_wp_head', 10, 0 );
|
|
|
|
add_action( 'wp_head', 'wp_custom_css_cb', 101 );
|
|
|
|
add_action( 'wp_head', 'wp_site_icon', 99 );
|
|
|
|
add_action( 'wp_footer', 'wp_print_footer_scripts', 20 );
|
|
|
|
add_action( 'template_redirect', 'wp_shortlink_header', 11, 0 );
|
|
|
|
add_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
|
2020-07-21 15:15:05 +02:00
|
|
|
add_action( 'init', '_register_core_block_patterns_and_categories' );
|
2020-07-21 16:37:07 +02:00
|
|
|
add_action( 'init', 'check_theme_switched', 99 );
|
2020-10-20 15:36:16 +02:00
|
|
|
add_action( 'init', array( 'WP_Block_Supports', 'init' ), 22 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'after_switch_theme', '_wp_menus_changed' );
|
|
|
|
add_action( 'after_switch_theme', '_wp_sidebars_changed' );
|
|
|
|
add_action( 'wp_print_styles', 'print_emoji_styles' );
|
|
|
|
|
|
|
|
if ( isset( $_GET['replytocom'] ) ) {
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
add_filter( 'wp_robots', 'wp_robots_no_robots' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2015-07-02 02:47:24 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Login actions.
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
add_action( 'login_head', 'wp_robots', 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'login_head', 'wp_resource_hints', 8 );
|
|
|
|
add_action( 'login_head', 'wp_print_head_scripts', 9 );
|
|
|
|
add_action( 'login_head', 'print_admin_styles', 9 );
|
|
|
|
add_action( 'login_head', 'wp_site_icon', 99 );
|
|
|
|
add_action( 'login_footer', 'wp_print_footer_scripts', 20 );
|
|
|
|
add_action( 'login_init', 'send_frame_options_header', 10, 0 );
|
2010-10-27 08:57:10 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Feed generator tags.
|
2010-02-13 17:45:16 +01:00
|
|
|
foreach ( array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' ) as $action ) {
|
|
|
|
add_action( $action, 'the_generator' );
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Feed Site Icon.
|
Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.
Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.
Built from https://develop.svn.wordpress.org/trunk@32994
git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 14:58:25 +02:00
|
|
|
add_action( 'atom_head', 'atom_site_icon' );
|
|
|
|
add_action( 'rss2_head', 'rss2_site_icon' );
|
|
|
|
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// WP Cron.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! defined( 'DOING_CRON' ) ) {
|
2012-04-30 23:02:54 +02:00
|
|
|
add_action( 'init', 'wp_cron' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2009-10-15 19:27:45 +02:00
|
|
|
|
2020-12-23 20:13:04 +01:00
|
|
|
// HTTPS detection.
|
|
|
|
add_action( 'init', 'wp_schedule_https_detection' );
|
|
|
|
add_action( 'wp_https_detection', 'wp_update_https_detection_errors' );
|
|
|
|
add_filter( 'cron_request', 'wp_cron_conditionally_prevent_sslverify', 9999 );
|
|
|
|
|
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
|
|
|
// HTTPS migration.
|
|
|
|
add_action( 'update_option_home', 'wp_update_https_migration_required', 10, 2 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// 2 Actions 2 Furious.
|
2019-10-08 05:20:02 +02:00
|
|
|
add_action( 'do_feed_rdf', 'do_feed_rdf', 10, 0 );
|
|
|
|
add_action( 'do_feed_rss', 'do_feed_rss', 10, 0 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'do_feed_rss2', 'do_feed_rss2', 10, 1 );
|
|
|
|
add_action( 'do_feed_atom', 'do_feed_atom', 10, 1 );
|
2019-10-08 05:20:02 +02:00
|
|
|
add_action( 'do_pings', 'do_all_pings', 10, 0 );
|
2020-10-19 23:16:02 +02:00
|
|
|
add_action( 'do_all_pings', 'do_all_pingbacks', 10, 0 );
|
|
|
|
add_action( 'do_all_pings', 'do_all_enclosures', 10, 0 );
|
|
|
|
add_action( 'do_all_pings', 'do_all_trackbacks', 10, 0 );
|
|
|
|
add_action( 'do_all_pings', 'generic_ping', 10, 0 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'do_robots', 'do_robots' );
|
Bootstrap/Load: Make handling the `/favicon.ico` requests more flexible.
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes #47398.
Built from https://develop.svn.wordpress.org/trunk@47018
git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-28 22:20:04 +01:00
|
|
|
add_action( 'do_favicon', 'do_favicon' );
|
2018-03-04 17:41:33 +01:00
|
|
|
add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 3 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'sanitize_comment_cookies', 'sanitize_comment_cookies' );
|
|
|
|
add_action( 'admin_print_scripts', 'print_emoji_detection_script' );
|
|
|
|
add_action( 'admin_print_scripts', 'print_head_scripts', 20 );
|
|
|
|
add_action( 'admin_print_footer_scripts', '_wp_footer_scripts' );
|
|
|
|
add_action( 'admin_print_styles', 'print_emoji_styles' );
|
|
|
|
add_action( 'admin_print_styles', 'print_admin_styles', 20 );
|
|
|
|
add_action( 'init', 'smilies_init', 5 );
|
|
|
|
add_action( 'plugins_loaded', 'wp_maybe_load_widgets', 0 );
|
|
|
|
add_action( 'plugins_loaded', 'wp_maybe_load_embeds', 0 );
|
|
|
|
add_action( 'shutdown', 'wp_ob_end_flush_all', 1 );
|
2014-11-01 21:20:23 +01:00
|
|
|
// Create a revision whenever a post is updated.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'post_updated', 'wp_save_post_revision', 10, 1 );
|
|
|
|
add_action( 'publish_post', '_publish_post_hook', 5, 1 );
|
|
|
|
add_action( 'transition_post_status', '_transition_post_status', 5, 3 );
|
|
|
|
add_action( 'transition_post_status', '_update_term_count_on_transition_post_status', 10, 3 );
|
|
|
|
add_action( 'comment_form', 'wp_comment_form_unfiltered_html_nonce' );
|
|
|
|
add_action( 'admin_init', 'send_frame_options_header', 10, 0 );
|
|
|
|
add_action( 'welcome_panel', 'wp_welcome_panel' );
|
2010-05-31 18:11:20 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Privacy.
|
2018-04-27 12:12:22 +02:00
|
|
|
add_action( 'user_request_action_confirmed', '_wp_privacy_account_request_confirmed' );
|
2018-05-10 07:00:20 +02:00
|
|
|
add_action( 'user_request_action_confirmed', '_wp_privacy_send_request_confirmation_notification', 12 ); // After request marked as completed.
|
2018-04-27 12:12:22 +02:00
|
|
|
add_filter( 'wp_privacy_personal_data_exporters', 'wp_register_comment_personal_data_exporter' );
|
2018-05-01 15:45:21 +02:00
|
|
|
add_filter( 'wp_privacy_personal_data_exporters', 'wp_register_media_personal_data_exporter' );
|
2018-05-09 19:12:21 +02:00
|
|
|
add_filter( 'wp_privacy_personal_data_exporters', 'wp_register_user_personal_data_exporter', 1 );
|
2018-04-27 12:12:22 +02:00
|
|
|
add_filter( 'wp_privacy_personal_data_erasers', 'wp_register_comment_personal_data_eraser' );
|
2018-04-30 22:09:23 +02:00
|
|
|
add_action( 'init', 'wp_schedule_delete_old_privacy_export_files' );
|
|
|
|
add_action( 'wp_privacy_delete_old_export_files', 'wp_privacy_delete_old_export_files' );
|
2018-04-27 12:12:22 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Cron tasks.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'wp_scheduled_delete', 'wp_scheduled_delete' );
|
|
|
|
add_action( 'wp_scheduled_auto_draft_delete', 'wp_delete_auto_drafts' );
|
|
|
|
add_action( 'importer_scheduled_cleanup', 'wp_delete_attachment' );
|
|
|
|
add_action( 'upgrader_scheduled_cleanup', 'wp_delete_attachment' );
|
|
|
|
add_action( 'delete_expired_transients', 'delete_expired_transients' );
|
2017-10-21 15:22:49 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Navigation menu actions.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'delete_post', '_wp_delete_post_menu_item' );
|
|
|
|
add_action( 'delete_term', '_wp_delete_tax_menu_item', 10, 3 );
|
|
|
|
add_action( 'transition_post_status', '_wp_auto_add_pages_to_menu', 10, 3 );
|
|
|
|
add_action( 'delete_post', '_wp_delete_customize_changeset_dependent_auto_drafts' );
|
2009-10-15 19:27:45 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Post Thumbnail CSS class filtering.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'begin_fetch_post_thumbnail_html', '_wp_post_thumbnail_class_filter_add' );
|
|
|
|
add_action( 'end_fetch_post_thumbnail_html', '_wp_post_thumbnail_class_filter_remove' );
|
2007-05-01 03:13:06 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Redirect old slugs.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'template_redirect', 'wp_old_slug_redirect' );
|
|
|
|
add_action( 'post_updated', 'wp_check_for_changed_slugs', 12, 3 );
|
2015-09-29 06:58:25 +02:00
|
|
|
add_action( 'attachment_updated', 'wp_check_for_changed_slugs', 12, 3 );
|
2010-05-23 09:49:21 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Redirect old dates.
|
2018-08-17 03:51:36 +02:00
|
|
|
add_action( 'post_updated', 'wp_check_for_changed_dates', 12, 3 );
|
2017-12-15 09:31:47 +01:00
|
|
|
add_action( 'attachment_updated', 'wp_check_for_changed_dates', 12, 3 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Nonce check for post previews.
|
2010-05-23 09:49:21 +02:00
|
|
|
add_action( 'init', '_show_post_preview' );
|
2009-03-10 01:50:00 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Output JS to reset window.name for previews.
|
2015-06-17 01:13:26 +02:00
|
|
|
add_action( 'wp_head', 'wp_post_preview_js', 1 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Timezone.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'pre_option_gmt_offset', 'wp_timezone_override_offset' );
|
2010-02-06 06:15:26 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Admin color schemes.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'admin_init', 'register_admin_color_schemes', 1 );
|
2010-02-28 07:34:31 +01:00
|
|
|
add_action( 'admin_color_scheme_picker', 'admin_color_scheme_picker' );
|
2010-05-27 18:11:27 +02:00
|
|
|
|
2012-08-17 01:09:40 +02:00
|
|
|
// If the upgrade hasn't run yet, assume link manager is used.
|
|
|
|
add_filter( 'default_option_link_manager_enabled', '__return_true' );
|
|
|
|
|
2012-09-27 21:19:18 +02:00
|
|
|
// This option no longer exists; tell plugins we always support auto-embedding.
|
2017-04-01 15:56:43 +02:00
|
|
|
add_filter( 'pre_option_embed_autourls', '__return_true' );
|
Force comment pagination on single posts.
Previously, the 'page_comments' toggle allowed users to disable comment
pagination. This toggle was only superficial, however. Even with
'page_comments' turned on, `comments_template()` loaded all of a post's
comments into memory, and passed them to `wp_list_comments()` and
`Walker_Comment`, the latter of which produced markup for only the
current page of comments. In other words, it was possible to enable
'page_comments', thereby showing only a subset of a post's comments on a given
page, but all comments continued to be loaded in the background. This technique
scaled poorly. Posts with hundreds or thousands of comments would load slowly,
or not at all, even when the 'comments_per_page' setting was set to a
reasonable number.
Recent changesets have addressed this problem through more efficient tree-
walking, better descendant caching, and more selective queries for top-level
post comments. The current changeset completes the project by addressing the
root issue: that loading a post causes all of its comments to be loaded too.
Here's the breakdown:
* Comment pagination is now forced. Setting 'page_comments' to false leads to evil things when you have many comments. If you want to avoid pagination, set 'comments_per_page' to something high.
* The 'page_comments' setting has been expunged from options-discussion.php, and from places in the codebase where it was referenced. For plugins relying on 'page_comments', we now force the value to `true` with a `pre_option` filter.
* `comments_template()` now queries for an appropriately small number of comments. Usually, this means the `comments_per_page` value.
* To preserve the current (odd) behavior for comment pagination links, some unholy hacks have been inserted into `comments_template()`. The ugliness is insulated in this function for backward compatibility and to minimize collateral damage. A side-effect is that, for certain settings of 'default_comments_page', up to 2x the value of `comments_per_page` might be fetched at a time.
* In support of these changes, a `$format` parameter has been added to `WP_Comment::get_children()`. This param allows you to request a flattened array of comment children, suitable for feeding into `Walker_Comment`.
* `WP_Query` loops are now informed about total available comment counts and comment pages by the `WP_Comment_Query` (`found_comments`, `max_num_pages`), instead of by `Walker_Comment`.
Aside from radical performance improvements in the case of a post with many
comments, this changeset fixes a bug that caused the first page of comments to
be partial (`found_comments` % `comments_per_page`), rather than the last, as
you'd expect.
Props boonebgorges, wonderboymusic.
Fixes #8071.
Built from https://develop.svn.wordpress.org/trunk@34561
git-svn-id: http://core.svn.wordpress.org/trunk@34525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 22:40:25 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Default settings for heartbeat.
|
2013-01-29 07:15:25 +01:00
|
|
|
add_filter( 'heartbeat_settings', 'wp_heartbeat_settings' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Check if the user is logged out.
|
2014-02-09 23:34:11 +01:00
|
|
|
add_action( 'admin_enqueue_scripts', 'wp_auth_check_load' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'heartbeat_send', 'wp_auth_check' );
|
2014-02-09 23:34:11 +01:00
|
|
|
add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
|
2013-02-28 09:57:17 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Default authentication filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
|
|
|
|
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
|
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
|
|
|
add_filter( 'authenticate', 'wp_authenticate_application_password', 20, 3 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
|
|
|
|
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
|
2014-03-09 16:23:15 +01:00
|
|
|
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
|
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
|
|
|
add_filter( 'determine_current_user', 'wp_validate_application_password', 20 );
|
2013-07-29 05:23:51 +02:00
|
|
|
|
2015-02-11 20:42:25 +01:00
|
|
|
// Split term updates.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'admin_init', '_wp_check_for_scheduled_split_terms' );
|
|
|
|
add_action( 'split_shared_term', '_wp_check_split_default_terms', 10, 4 );
|
2015-02-11 20:42:25 +01:00
|
|
|
add_action( 'split_shared_term', '_wp_check_split_terms_in_menus', 10, 4 );
|
2015-08-12 16:07:26 +02:00
|
|
|
add_action( 'split_shared_term', '_wp_check_split_nav_menu_terms', 10, 4 );
|
2015-08-14 05:59:26 +02:00
|
|
|
add_action( 'wp_split_shared_term_batch', '_wp_batch_split_terms' );
|
2015-02-11 20:42:25 +01:00
|
|
|
|
2020-04-17 21:35:06 +02:00
|
|
|
// Comment type updates.
|
|
|
|
add_action( 'admin_init', '_wp_check_for_scheduled_update_comment_type' );
|
|
|
|
add_action( 'wp_update_comment_type_batch', '_wp_batch_update_comment_type' );
|
|
|
|
|
2015-09-14 04:17:26 +02:00
|
|
|
// Email notifications.
|
2015-09-17 00:26:24 +02:00
|
|
|
add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
|
2015-09-14 04:17:26 +02:00
|
|
|
add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
|
2015-09-14 04:45:25 +02:00
|
|
|
add_action( 'after_password_reset', 'wp_password_change_notification' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'register_new_user', 'wp_send_new_user_notifications' );
|
2015-11-25 23:38:29 +01:00
|
|
|
add_action( 'edit_user_created_user', 'wp_send_new_user_notifications', 10, 2 );
|
2021-01-31 13:50:01 +01:00
|
|
|
add_action( 'comment_unapproved_to_approved', 'wp_new_comment_notify_comment_author' );
|
2015-09-14 04:17:26 +02:00
|
|
|
|
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
|
|
|
// REST API actions.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'init', 'rest_api_init' );
|
|
|
|
add_action( 'rest_api_init', 'rest_api_default_filters', 10, 1 );
|
|
|
|
add_action( 'rest_api_init', 'register_initial_settings', 10 );
|
REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832
git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 04:55:32 +02:00
|
|
|
add_action( 'rest_api_init', 'create_initial_rest_routes', 99 );
|
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
|
|
|
add_action( 'parse_request', 'rest_api_loaded' );
|
|
|
|
|
Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.
See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.
This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.
This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.
Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.
Built from https://develop.svn.wordpress.org/trunk@48072
git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 17:24:07 +02:00
|
|
|
// Sitemaps actions.
|
|
|
|
add_action( 'init', 'wp_sitemaps_get_server' );
|
|
|
|
|
2015-01-12 17:40:23 +01:00
|
|
|
/**
|
2020-01-29 01:45:18 +01:00
|
|
|
* Filters formerly mixed into wp-includes.
|
2015-01-12 17:40:23 +01:00
|
|
|
*/
|
2020-01-29 01:45:18 +01:00
|
|
|
// Theme.
|
2020-06-27 14:02:03 +02:00
|
|
|
add_action( 'setup_theme', 'create_initial_theme_features', 0 );
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'wp_loaded', '_custom_header_background_just_in_time' );
|
2016-03-10 06:37:27 +01:00
|
|
|
add_action( 'wp_head', '_custom_logo_header_styles' );
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'plugins_loaded', '_wp_customize_include' );
|
Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.
See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.
Built from https://develop.svn.wordpress.org/trunk@38810
git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 22:05:31 +02:00
|
|
|
add_action( 'transition_post_status', '_wp_customize_publish_changeset', 10, 3 );
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'admin_enqueue_scripts', '_wp_customize_loader_settings' );
|
|
|
|
add_action( 'delete_attachment', '_delete_attachment_theme_mod' );
|
2017-05-16 07:37:44 +02:00
|
|
|
add_action( 'transition_post_status', '_wp_keep_alive_customize_changeset_dependent_auto_drafts', 20, 3 );
|
2015-01-12 17:40:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Calendar widget cache.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'save_post', 'delete_get_calendar_cache' );
|
|
|
|
add_action( 'delete_post', 'delete_get_calendar_cache' );
|
|
|
|
add_action( 'update_option_start_of_week', 'delete_get_calendar_cache' );
|
|
|
|
add_action( 'update_option_gmt_offset', 'delete_get_calendar_cache' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Author.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'transition_post_status', '__clear_multi_author_cache' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Post.
|
|
|
|
add_action( 'init', 'create_initial_post_types', 0 ); // Highest priority.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'admin_menu', '_add_post_type_submenus' );
|
|
|
|
add_action( 'before_delete_post', '_reset_front_page_settings_for_post' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'wp_trash_post', '_reset_front_page_settings_for_post' );
|
2016-10-26 17:36:31 +02:00
|
|
|
add_action( 'change_locale', 'create_initial_post_types' );
|
2015-01-12 17:40:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Post Formats.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_filter( 'request', '_post_format_request' );
|
|
|
|
add_filter( 'term_link', '_post_format_link', 10, 3 );
|
|
|
|
add_filter( 'get_post_format', '_post_format_get_term' );
|
|
|
|
add_filter( 'get_terms', '_post_format_get_terms', 10, 3 );
|
|
|
|
add_filter( 'wp_get_object_terms', '_post_format_wp_get_object_terms' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// KSES.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'init', 'kses_init' );
|
|
|
|
add_action( 'set_current_user', 'kses_init' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Script Loader.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'wp_default_scripts', 'wp_default_scripts' );
|
2018-12-13 18:27:38 +01:00
|
|
|
add_action( 'wp_default_scripts', 'wp_default_packages' );
|
|
|
|
|
2016-06-29 14:58:29 +02:00
|
|
|
add_action( 'wp_enqueue_scripts', 'wp_localize_jquery_ui_datepicker', 1000 );
|
|
|
|
add_action( 'admin_enqueue_scripts', 'wp_localize_jquery_ui_datepicker', 1000 );
|
2018-12-14 04:36:38 +01:00
|
|
|
add_action( 'wp_enqueue_scripts', 'wp_common_block_scripts_and_styles' );
|
|
|
|
add_action( 'admin_enqueue_scripts', 'wp_common_block_scripts_and_styles' );
|
|
|
|
add_action( 'enqueue_block_assets', 'wp_enqueue_registered_block_scripts_and_styles' );
|
|
|
|
add_action( 'enqueue_block_editor_assets', 'wp_enqueue_registered_block_scripts_and_styles' );
|
2017-05-18 16:34:43 +02:00
|
|
|
add_action( 'admin_print_scripts-index.php', 'wp_localize_community_events' );
|
2015-01-12 17:40:23 +01:00
|
|
|
add_filter( 'wp_print_scripts', 'wp_just_in_time_script_localization' );
|
|
|
|
add_filter( 'print_scripts_array', 'wp_prototype_before_jquery' );
|
2016-07-13 14:54:28 +02:00
|
|
|
add_filter( 'customize_controls_print_styles', 'wp_resource_hints', 1 );
|
2019-09-14 20:21:54 +02:00
|
|
|
add_action( 'enqueue_block_assets', 'enqueue_block_styles_assets', 30 );
|
|
|
|
add_action( 'enqueue_block_editor_assets', 'enqueue_editor_block_styles_assets' );
|
2020-07-21 17:38:03 +02:00
|
|
|
add_action( 'enqueue_block_editor_assets', 'wp_enqueue_editor_block_directory_assets' );
|
2015-01-12 17:40:23 +01:00
|
|
|
|
|
|
|
add_action( 'wp_default_styles', 'wp_default_styles' );
|
|
|
|
add_filter( 'style_loader_src', 'wp_style_loader_src', 10, 2 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Taxonomy.
|
|
|
|
add_action( 'init', 'create_initial_taxonomies', 0 ); // Highest priority.
|
2016-10-26 17:36:31 +02:00
|
|
|
add_action( 'change_locale', 'create_initial_taxonomies' );
|
2015-01-12 17:40:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Canonical.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'template_redirect', 'redirect_canonical' );
|
|
|
|
add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Shortcodes.
|
|
|
|
add_filter( 'the_content', 'do_shortcode', 11 ); // AFTER wpautop().
|
2015-01-12 17:40:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Media.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'wp_playlist_scripts', 'wp_playlist_scripts' );
|
|
|
|
add_action( 'customize_controls_enqueue_scripts', 'wp_plupload_default_settings' );
|
2019-09-06 00:27:58 +02:00
|
|
|
add_action( 'plugins_loaded', '_wp_add_additional_image_sizes', 0 );
|
2020-07-04 01:15:03 +02:00
|
|
|
add_filter( 'plupload_default_settings', 'wp_show_heic_upload_error' );
|
2015-01-12 17:40:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Nav menu.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_filter( 'nav_menu_item_id', '_nav_menu_item_id_use_once', 10, 2 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Widgets.
|
2015-05-25 08:25:25 +02:00
|
|
|
add_action( 'init', 'wp_widgets_init', 1 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Admin Bar.
|
2015-01-12 17:40:23 +01:00
|
|
|
// Don't remove. Wrong way to disable.
|
|
|
|
add_action( 'template_redirect', '_wp_admin_bar_init', 0 );
|
|
|
|
add_action( 'admin_init', '_wp_admin_bar_init' );
|
2015-10-28 21:30:25 +01:00
|
|
|
add_action( 'before_signup_header', '_wp_admin_bar_init' );
|
2015-10-30 05:24:23 +01:00
|
|
|
add_action( 'activate_header', '_wp_admin_bar_init' );
|
2020-02-09 19:26:08 +01:00
|
|
|
add_action( 'wp_body_open', 'wp_admin_bar_render', 0 );
|
2020-03-14 17:01:08 +01:00
|
|
|
add_action( 'wp_footer', 'wp_admin_bar_render', 1000 ); // Back-compat for themes not using `wp_body_open`.
|
2015-01-12 17:40:23 +01:00
|
|
|
add_action( 'in_admin_header', 'wp_admin_bar_render', 0 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Former admin filters that can also be hooked on the front end.
|
2015-08-06 22:40:26 +02:00
|
|
|
add_action( 'media_buttons', 'media_buttons' );
|
|
|
|
add_filter( 'image_send_to_editor', 'image_add_caption', 20, 8 );
|
|
|
|
add_filter( 'media_send_to_editor', 'image_media_send_to_editor', 10, 3 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Embeds.
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'rest_api_init', 'wp_oembed_register_route' );
|
2015-10-29 23:51:24 +01:00
|
|
|
add_filter( 'rest_pre_serve_request', '_oembed_rest_pre_serve_request', 10, 4 );
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'wp_head', 'wp_oembed_add_discovery_links' );
|
|
|
|
add_action( 'wp_head', 'wp_oembed_add_host_js' );
|
|
|
|
|
|
|
|
add_action( 'embed_head', 'enqueue_embed_scripts', 1 );
|
|
|
|
add_action( 'embed_head', 'print_emoji_detection_script' );
|
|
|
|
add_action( 'embed_head', 'print_embed_styles' );
|
|
|
|
add_action( 'embed_head', 'wp_print_head_scripts', 20 );
|
|
|
|
add_action( 'embed_head', 'wp_print_styles', 20 );
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
add_action( 'embed_head', 'wp_robots' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_action( 'embed_head', 'rel_canonical' );
|
|
|
|
add_action( 'embed_head', 'locale_stylesheet', 30 );
|
|
|
|
|
|
|
|
add_action( 'embed_content_meta', 'print_embed_comments_button' );
|
|
|
|
add_action( 'embed_content_meta', 'print_embed_sharing_button' );
|
|
|
|
|
|
|
|
add_action( 'embed_footer', 'print_embed_sharing_dialog' );
|
|
|
|
add_action( 'embed_footer', 'print_embed_scripts' );
|
|
|
|
add_action( 'embed_footer', 'wp_print_footer_scripts', 20 );
|
|
|
|
|
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
|
|
|
add_filter( 'wp_robots', 'wp_embed_no_robots' );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'excerpt_more', 'wp_embed_excerpt_more', 20 );
|
|
|
|
add_filter( 'the_excerpt_embed', 'wptexturize' );
|
|
|
|
add_filter( 'the_excerpt_embed', 'convert_chars' );
|
|
|
|
add_filter( 'the_excerpt_embed', 'wpautop' );
|
|
|
|
add_filter( 'the_excerpt_embed', 'shortcode_unautop' );
|
|
|
|
add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
|
|
|
|
|
2020-06-10 19:20:10 +02:00
|
|
|
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 );
|
2017-12-01 00:11:00 +01:00
|
|
|
add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 );
|
|
|
|
add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 );
|
|
|
|
add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 );
|
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 12:36:25 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Capabilities.
|
2017-08-18 20:31:44 +02:00
|
|
|
add_filter( 'user_has_cap', 'wp_maybe_grant_install_languages_cap', 1 );
|
Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 22:53:51 +01:00
|
|
|
add_filter( 'user_has_cap', 'wp_maybe_grant_resume_extensions_caps', 1 );
|
2019-06-10 09:42:52 +02:00
|
|
|
add_filter( 'user_has_cap', 'wp_maybe_grant_site_health_caps', 1, 4 );
|
2017-08-18 20:31:44 +02:00
|
|
|
|
2015-01-12 17:40:23 +01:00
|
|
|
unset( $filter, $action );
|