2014-11-21 05:01:22 +01:00
< ? php
2007-12-25 21:48:01 +01:00
/**
* Sets up the default filters and actions for most
* of the WordPress hooks .
*
2024-08-28 16:36:17 +02:00
* This file is loaded very early in the bootstrap which
* means many functions are not yet available and site
* information such as if this is multisite is unknown .
* Before using functions besides `add_filter` and
* `add_action` , verify things will work as expected .
*
2007-12-25 21:48:01 +01:00
* If you need to remove a default hook , this file will
2022-04-28 18:39:11 +02:00
* give you the priority to use for removing the hook .
2007-12-25 21:48:01 +01:00
*
2022-04-26 08:32:08 +02:00
* Not all of the default hooks are found in this file .
2022-04-28 18:39:11 +02:00
* For instance , administration - related hooks are located in
2022-04-26 08:32:08 +02:00
* wp - admin / includes / admin - filters . php .
*
* If a hook should only be called from a specific context
* ( admin area , multisite environment… ), please move it
* to a more appropriate file instead .
2007-12-25 21:48:01 +01:00
*
* @ package WordPress
*/
2005-02-07 08:46:41 +01:00
2020-01-29 01:45:18 +01:00
// Strip, trim, kses, special chars for string saves.
2009-10-15 19:27:45 +02:00
foreach ( array ( 'pre_term_name' , 'pre_comment_author_name' , 'pre_link_name' , 'pre_link_target' , 'pre_link_rel' , 'pre_user_display_name' , 'pre_user_first_name' , 'pre_user_last_name' , 'pre_user_nickname' ) as $filter ) {
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'sanitize_text_field' );
add_filter ( $filter , 'wp_filter_kses' );
2009-10-15 19:27:45 +02:00
add_filter ( $filter , '_wp_specialchars' , 30 );
2007-08-21 00:50:04 +02:00
}
2020-01-29 01:45:18 +01:00
// Strip, kses, special chars for string display.
2009-10-15 19:27:45 +02:00
foreach ( array ( 'term_name' , 'comment_author_name' , 'link_name' , 'link_target' , 'link_rel' , 'user_display_name' , 'user_first_name' , 'user_last_name' , 'user_nickname' ) as $filter ) {
2010-09-02 17:06:07 +02:00
if ( is_admin () ) {
// These are expensive. Run only on admin pages for defense in depth.
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'sanitize_text_field' );
add_filter ( $filter , 'wp_kses_data' );
2010-09-02 17:06:07 +02:00
}
2009-10-15 19:27:45 +02:00
add_filter ( $filter , '_wp_specialchars' , 30 );
2007-08-21 00:50:04 +02:00
}
2020-01-29 01:45:18 +01:00
// Kses only for textarea saves.
2009-10-29 18:15:58 +01:00
foreach ( array ( 'pre_term_description' , 'pre_link_description' , 'pre_link_notes' , 'pre_user_description' ) as $filter ) {
2013-03-01 17:28:40 +01:00
add_filter ( $filter , 'wp_filter_kses' );
2009-09-14 15:57:48 +02:00
}
2020-01-29 01:45:18 +01:00
// Kses only for textarea admin displays.
2010-09-02 17:06:07 +02:00
if ( is_admin () ) {
2011-02-08 21:17:09 +01:00
foreach ( array ( 'term_description' , 'link_description' , 'link_notes' , 'user_description' ) as $filter ) {
2010-09-02 17:06:07 +02:00
add_filter ( $filter , 'wp_kses_data' );
}
2011-02-08 21:17:09 +01:00
add_filter ( 'comment_text' , 'wp_kses_post' );
2009-10-29 18:15:58 +01:00
}
2020-01-29 01:45:18 +01:00
// Email saves.
2009-10-15 19:27:45 +02:00
foreach ( array ( 'pre_comment_author_email' , 'pre_user_email' ) as $filter ) {
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'trim' );
2009-10-15 19:27:45 +02:00
add_filter ( $filter , 'sanitize_email' );
2013-03-01 17:28:40 +01:00
add_filter ( $filter , 'wp_filter_kses' );
2007-08-21 00:50:04 +02:00
}
2020-01-29 01:45:18 +01:00
// Email admin display.
2009-10-15 19:27:45 +02:00
foreach ( array ( 'comment_author_email' , 'user_email' ) as $filter ) {
add_filter ( $filter , 'sanitize_email' );
2017-12-01 00:11:00 +01:00
if ( is_admin () ) {
2010-09-02 17:06:07 +02:00
add_filter ( $filter , 'wp_kses_data' );
2017-12-01 00:11:00 +01:00
}
2009-09-14 15:57:48 +02:00
}
2020-01-29 01:45:18 +01:00
// Save URL.
2017-12-01 00:11:00 +01:00
foreach ( array (
'pre_comment_author_url' ,
'pre_user_url' ,
'pre_link_url' ,
'pre_link_image' ,
'pre_link_rss' ,
'pre_post_guid' ,
) as $filter ) {
2009-10-15 19:27:45 +02:00
add_filter ( $filter , 'wp_strip_all_tags' );
2022-06-01 20:14:10 +02:00
add_filter ( $filter , 'sanitize_url' );
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'wp_filter_kses' );
2007-10-03 18:16:55 +02:00
}
2020-01-29 01:45:18 +01:00
// Display URL.
2011-05-23 01:19:42 +02:00
foreach ( array ( 'user_url' , 'link_url' , 'link_image' , 'link_rss' , 'comment_url' , 'post_guid' ) as $filter ) {
2017-12-01 00:11:00 +01:00
if ( is_admin () ) {
2010-09-02 17:06:07 +02:00
add_filter ( $filter , 'wp_strip_all_tags' );
2017-12-01 00:11:00 +01:00
}
add_filter ( $filter , 'esc_url' );
if ( is_admin () ) {
add_filter ( $filter , 'wp_kses_data' );
}
2007-08-21 00:50:04 +02:00
}
2006-05-27 00:47:13 +02:00
2020-01-29 01:45:18 +01:00
// Slugs.
2013-08-27 13:59:11 +02:00
add_filter ( 'pre_term_slug' , 'sanitize_title' );
Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.
See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.
Built from https://develop.svn.wordpress.org/trunk@38810
git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 22:05:31 +02:00
add_filter ( 'wp_insert_post_data' , '_wp_customize_changeset_filter_insert_post_data' , 10 , 2 );
2007-08-24 16:44:26 +02:00
2020-01-29 01:45:18 +01:00
// Keys.
2012-03-21 16:04:00 +01:00
foreach ( array ( 'pre_post_type' , 'pre_post_status' , 'pre_post_comment_status' , 'pre_post_ping_status' ) as $filter ) {
2011-02-06 19:37:20 +01:00
add_filter ( $filter , 'sanitize_key' );
}
2008-02-02 20:22:14 +01:00
2020-01-29 01:45:18 +01:00
// Mime types.
2011-05-23 01:19:42 +02:00
add_filter ( 'pre_post_mime_type' , 'sanitize_mime_type' );
add_filter ( 'post_mime_type' , 'sanitize_mime_type' );
2020-01-29 01:45:18 +01:00
// Meta.
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
add_filter ( 'register_meta_args' , '_wp_register_meta_args_allowed_list' , 10 , 2 );
2016-06-30 03:02:29 +02:00
Users: Introduce the concept of a large site to single site installations.
Currently in WordPress multisite there is a concept of large networks. The function `wp_is_large_network` is used to determine if a network has a large number of sites or users. If a network is marked as large, then
expensive queries to calculate user counts are not run on page load but deferred to scheduled events. However there are a number of places in a single site installation where this functionality would also be useful, as
expensive calls to count users and roles can make screens in the admin extremely slow.
In this change, the `get_user_count` function and related functionality around it is ported to be available in a single site context. This means that expensive calls to the `count_users` function are replaced with
calls to `get_user_count`. This change also includes a new function called `wp_is_large_user_count` and a filter of the same name, to mark if a site is large.
Props johnbillion, Spacedmonkey, Mista-Flo, lumpysimon, tharsheblows, obenland, miss_jwo, jrchamp, flixos90, macbookandrew, pento, desrosj, johnjamesjacoby, jb510, davidbaumwald, costdev.
Fixes #38741.
Built from https://develop.svn.wordpress.org/trunk@53011
git-svn-id: http://core.svn.wordpress.org/trunk@52600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-29 14:42:13 +02:00
// Counts.
add_action ( 'admin_init' , 'wp_schedule_update_user_counts' );
add_action ( 'wp_update_user_counts' , 'wp_schedule_update_user_counts' , 10 , 0 );
foreach ( array ( 'user_register' , 'deleted_user' ) as $action ) {
add_action ( $action , 'wp_maybe_update_user_counts' , 10 , 0 );
}
2020-01-29 01:45:18 +01:00
// Post meta.
2018-12-12 04:02:24 +01:00
add_action ( 'added_post_meta' , 'wp_cache_set_posts_last_changed' );
add_action ( 'updated_post_meta' , 'wp_cache_set_posts_last_changed' );
add_action ( 'deleted_post_meta' , 'wp_cache_set_posts_last_changed' );
Users: Cache database queries within `WP_User_Query` class.
Cache the results of database queries within `WP_User_Query` class. Only cache queries that are requesting 3 or less fields so that caches are not storing full user objects. Cache results are stored in a new global cache group named `users-queries`. Add a new parameter to `WP_User_Query` called `cache_results` to allow developers to opt out of a receiving cached results. `cache_results` parameter defaults to true. Also add a new helper function called `wp_cache_set_users_last_changed`, similar to `wp_cache_set_posts_last_changed` that incroments last changed value in cache group `users`. Ensure that `wp_cache_set_users_last_changed` is called whenever user / user meta is modified for proper cache invalidation.
Props johnjamesjacoby, spacedmonkey, westi, dd32, strategio, srikanthmeenakshi, OllieJones, khoipro, rjasdfiii, flixos90, mukesh27, peterwilsoncc.
Fixes #40613.
Built from https://develop.svn.wordpress.org/trunk@55657
git-svn-id: http://core.svn.wordpress.org/trunk@55169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-18 13:50:27 +02:00
// User meta.
add_action ( 'added_user_meta' , 'wp_cache_set_users_last_changed' );
add_action ( 'updated_user_meta' , 'wp_cache_set_users_last_changed' );
add_action ( 'deleted_user_meta' , 'wp_cache_set_users_last_changed' );
add_action ( 'add_user_role' , 'wp_cache_set_users_last_changed' );
add_action ( 'set_user_role' , 'wp_cache_set_users_last_changed' );
add_action ( 'remove_user_role' , 'wp_cache_set_users_last_changed' );
2020-01-29 01:45:18 +01:00
// Term meta.
2018-12-12 04:02:24 +01:00
add_action ( 'added_term_meta' , 'wp_cache_set_terms_last_changed' );
add_action ( 'updated_term_meta' , 'wp_cache_set_terms_last_changed' );
add_action ( 'deleted_term_meta' , 'wp_cache_set_terms_last_changed' );
add_filter ( 'get_term_metadata' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'add_term_metadata' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'update_term_metadata' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'delete_term_metadata' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'get_term_metadata_by_mid' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'update_term_metadata_by_mid' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'delete_term_metadata_by_mid' , 'wp_check_term_meta_support_prefilter' );
add_filter ( 'update_term_metadata_cache' , 'wp_check_term_meta_support_prefilter' );
2020-01-29 01:45:18 +01:00
// Comment meta.
2018-12-12 04:02:24 +01:00
add_action ( 'added_comment_meta' , 'wp_cache_set_comments_last_changed' );
add_action ( 'updated_comment_meta' , 'wp_cache_set_comments_last_changed' );
add_action ( 'deleted_comment_meta' , 'wp_cache_set_comments_last_changed' );
2020-01-29 01:45:18 +01:00
// Places to balance tags on input.
2009-10-15 19:27:45 +02:00
foreach ( array ( 'content_save_pre' , 'excerpt_save_pre' , 'comment_save_pre' , 'pre_comment_content' ) as $filter ) {
2015-06-21 02:59:26 +02:00
add_filter ( $filter , 'convert_invalid_entities' );
2009-10-15 19:27:45 +02:00
add_filter ( $filter , 'balanceTags' , 50 );
2007-08-21 00:50:04 +02:00
}
2018-03-02 15:42:31 +01:00
// Add proper rel values for links with target.
2019-01-29 22:29:50 +01:00
add_action ( 'init' , 'wp_init_targeted_link_rel_filters' );
2018-03-02 15:42:31 +01:00
2007-08-21 00:50:04 +02:00
// Format strings for display.
2021-05-26 01:43:57 +02:00
foreach ( array ( 'comment_author' , 'term_name' , 'link_name' , 'link_description' , 'link_notes' , 'bloginfo' , 'wp_title' , 'document_title' , 'widget_title' ) as $filter ) {
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'wptexturize' );
2009-10-15 19:27:45 +02:00
add_filter ( $filter , 'convert_chars' );
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'esc_html' );
2007-08-21 00:50:04 +02:00
}
2020-01-29 01:45:18 +01:00
// Format WordPress.
2021-05-26 01:43:57 +02:00
foreach ( array ( 'the_content' , 'the_title' , 'wp_title' , 'document_title' ) as $filter ) {
2010-07-08 21:35:29 +02:00
add_filter ( $filter , 'capital_P_dangit' , 11 );
2017-12-01 00:11:00 +01:00
}
2010-10-21 00:44:15 +02:00
add_filter ( 'comment_text' , 'capital_P_dangit' , 31 );
2010-05-27 18:11:27 +02:00
2020-01-29 01:45:18 +01:00
// Format titles.
2010-05-24 00:56:51 +02:00
foreach ( array ( 'single_post_title' , 'single_cat_title' , 'single_tag_title' , 'single_month_title' , 'nav_menu_attr_title' , 'nav_menu_description' ) as $filter ) {
2015-05-28 07:52:25 +02:00
add_filter ( $filter , 'wptexturize' );
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'strip_tags' );
2010-02-27 19:57:04 +01:00
}
2007-09-20 20:23:33 +02:00
// Format text area for display.
2018-01-13 02:11:49 +01:00
foreach ( array ( 'term_description' , 'get_the_post_type_description' ) as $filter ) {
2017-12-01 00:11:00 +01:00
add_filter ( $filter , 'wptexturize' );
add_filter ( $filter , 'convert_chars' );
add_filter ( $filter , 'wpautop' );
add_filter ( $filter , 'shortcode_unautop' );
2007-09-20 20:23:33 +02:00
}
2020-01-29 01:45:18 +01:00
// Format for RSS.
2013-08-27 13:59:11 +02:00
add_filter ( 'term_name_rss' , 'convert_chars' );
2007-08-29 23:10:20 +02:00
2020-01-29 01:45:18 +01:00
// Pre save hierarchy.
2010-10-14 17:09:04 +02:00
add_filter ( 'wp_insert_post_parent' , 'wp_check_post_hierarchy_for_loops' , 10 , 2 );
add_filter ( 'wp_update_term_parent' , 'wp_check_term_hierarchy_for_loops' , 10 , 3 );
2020-01-29 01:45:18 +01:00
// Display filters.
2017-12-01 00:11:00 +01:00
add_filter ( 'the_title' , 'wptexturize' );
2009-10-15 19:27:45 +02:00
add_filter ( 'the_title' , 'convert_chars' );
2017-12-01 00:11:00 +01:00
add_filter ( 'the_title' , 'trim' );
2005-02-07 08:46:41 +01:00
2018-12-13 23:22:38 +01:00
add_filter ( 'the_content' , 'do_blocks' , 9 );
2017-12-01 00:11:00 +01:00
add_filter ( 'the_content' , 'wptexturize' );
add_filter ( 'the_content' , 'convert_smilies' , 20 );
add_filter ( 'the_content' , 'wpautop' );
add_filter ( 'the_content' , 'shortcode_unautop' );
add_filter ( 'the_content' , 'prepend_attachment' );
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
add_filter ( 'the_content' , 'wp_replace_insecure_home_url' );
2023-09-26 02:13:12 +02:00
add_filter ( 'the_content' , 'do_shortcode' , 11 ); // AFTER wpautop().
add_filter ( 'the_content' , 'wp_filter_content_tags' , 12 ); // Runs after do_shortcode().
2005-02-07 08:46:41 +01:00
2017-12-01 00:11:00 +01:00
add_filter ( 'the_excerpt' , 'wptexturize' );
add_filter ( 'the_excerpt' , 'convert_smilies' );
add_filter ( 'the_excerpt' , 'convert_chars' );
add_filter ( 'the_excerpt' , 'wpautop' );
add_filter ( 'the_excerpt' , 'shortcode_unautop' );
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
add_filter ( 'the_excerpt' , 'wp_replace_insecure_home_url' );
2023-09-26 02:13:12 +02:00
add_filter ( 'the_excerpt' , 'wp_filter_content_tags' , 12 );
2019-03-20 16:49:49 +01:00
add_filter ( 'get_the_excerpt' , 'wp_trim_excerpt' , 10 , 2 );
2016-06-29 19:28:28 +02:00
2017-12-01 00:11:00 +01:00
add_filter ( 'the_post_thumbnail_caption' , 'wptexturize' );
2016-06-29 19:28:28 +02:00
add_filter ( 'the_post_thumbnail_caption' , 'convert_smilies' );
2017-12-01 00:11:00 +01:00
add_filter ( 'the_post_thumbnail_caption' , 'convert_chars' );
2005-02-15 01:21:21 +01:00
2017-12-01 00:11:00 +01:00
add_filter ( 'comment_text' , 'wptexturize' );
add_filter ( 'comment_text' , 'convert_chars' );
add_filter ( 'comment_text' , 'make_clickable' , 9 );
2009-10-15 19:27:45 +02:00
add_filter ( 'comment_text' , 'force_balance_tags' , 25 );
2017-12-01 00:11:00 +01:00
add_filter ( 'comment_text' , 'convert_smilies' , 20 );
add_filter ( 'comment_text' , 'wpautop' , 30 );
2007-08-21 00:50:04 +02:00
2009-10-15 19:27:45 +02:00
add_filter ( 'comment_excerpt' , 'convert_chars' );
2007-08-21 00:50:04 +02:00
2017-12-01 00:11:00 +01:00
add_filter ( 'list_cats' , 'wptexturize' );
2005-02-07 08:46:41 +01:00
2009-10-15 19:27:45 +02:00
add_filter ( 'wp_sprintf' , 'wp_sprintf_l' , 10 , 2 );
2008-02-22 06:53:47 +01:00
2017-12-01 00:11:00 +01:00
add_filter ( 'widget_text' , 'balanceTags' );
2017-05-11 20:55:43 +02:00
add_filter ( 'widget_text_content' , 'capital_P_dangit' , 11 );
2017-12-01 00:11:00 +01:00
add_filter ( 'widget_text_content' , 'wptexturize' );
add_filter ( 'widget_text_content' , 'convert_smilies' , 20 );
add_filter ( 'widget_text_content' , 'wpautop' );
add_filter ( 'widget_text_content' , 'shortcode_unautop' );
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
add_filter ( 'widget_text_content' , 'wp_replace_insecure_home_url' );
2017-12-01 00:11:00 +01:00
add_filter ( 'widget_text_content' , 'do_shortcode' , 11 ); // Runs after wpautop(); note that $post global will be null when shortcodes run.
2023-09-26 02:13:12 +02:00
add_filter ( 'widget_text_content' , 'wp_filter_content_tags' , 12 ); // Runs after do_shortcode().
2015-10-13 03:40:26 +02:00
2021-06-02 03:18:57 +02:00
add_filter ( 'widget_block_content' , 'do_blocks' , 9 );
2022-09-21 17:06:12 +02:00
add_filter ( 'widget_block_content' , 'do_shortcode' , 11 );
2023-09-26 02:13:12 +02:00
add_filter ( 'widget_block_content' , 'wp_filter_content_tags' , 12 ); // Runs after do_shortcode().
2021-06-02 03:18:57 +02:00
2021-06-08 10:09:53 +02:00
add_filter ( 'block_type_metadata' , 'wp_migrate_old_typography_shape' );
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
add_filter ( 'wp_get_custom_css' , 'wp_replace_insecure_home_url' );
2020-01-29 01:45:18 +01:00
// RSS filters.
2017-12-01 00:11:00 +01:00
add_filter ( 'the_title_rss' , 'strip_tags' );
add_filter ( 'the_title_rss' , 'ent2ncr' , 8 );
add_filter ( 'the_title_rss' , 'esc_html' );
add_filter ( 'the_content_rss' , 'ent2ncr' , 8 );
add_filter ( 'the_content_feed' , 'wp_staticize_emoji' );
add_filter ( 'the_content_feed' , '_oembed_filter_feed_content' );
add_filter ( 'the_excerpt_rss' , 'convert_chars' );
add_filter ( 'the_excerpt_rss' , 'ent2ncr' , 8 );
add_filter ( 'comment_author_rss' , 'ent2ncr' , 8 );
add_filter ( 'comment_text_rss' , 'ent2ncr' , 8 );
add_filter ( 'comment_text_rss' , 'esc_html' );
add_filter ( 'comment_text_rss' , 'wp_staticize_emoji' );
add_filter ( 'bloginfo_rss' , 'ent2ncr' , 8 );
add_filter ( 'the_author' , 'ent2ncr' , 8 );
add_filter ( 'the_guid' , 'esc_url' );
2005-04-05 19:25:57 +02:00
2020-01-29 01:45:18 +01:00
// Email filters.
2015-04-20 06:15:26 +02:00
add_filter ( 'wp_mail' , 'wp_staticize_emoji_for_email' );
2015-03-11 23:49:28 +01:00
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
// Robots filters.
add_filter ( 'wp_robots' , 'wp_robots_noindex' );
2021-02-17 11:51:04 +01:00
add_filter ( 'wp_robots' , 'wp_robots_noindex_embeds' );
2021-02-17 00:38:06 +01:00
add_filter ( 'wp_robots' , 'wp_robots_noindex_search' );
2021-01-29 21:38:03 +01:00
add_filter ( 'wp_robots' , 'wp_robots_max_image_preview_large' );
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
2020-01-29 01:45:18 +01:00
// Mark site as no longer fresh.
2021-06-04 02:45:56 +02:00
foreach (
array (
'publish_post' ,
'publish_page' ,
'wp_ajax_save-widget' ,
'wp_ajax_widgets-order' ,
'customize_save_after' ,
'rest_after_save_widget' ,
'rest_delete_widget' ,
'rest_save_sidebar' ,
) as $action
) {
2017-05-10 23:25:41 +02:00
add_action ( $action , '_delete_option_fresh_site' , 0 );
Customize: Introduce starter content and site freshness state.
A theme can opt-in for tailored starter content to apply to the customizer when previewing the theme on a fresh install, when `fresh_site` is at its initial `1` value. Starter content is staged in the customizer and does not go live unless the changes are published. Initial starter content is added to Twenty Seventeen.
* The `fresh_site` flag is cleared when a published post or page is saved, when widgets are modified, or when the customizer state is saved.
* Starter content is registered via `starter-content` theme support, where the argument is an array containing `widgets`, `posts`, `nav_menus`, `options`, and `theme_mods`. Posts/pages in starter content are created with the `auto-draft` status, re-using the page/post stubs feature added to nav menus and the static front page controls.
* A `get_theme_starter_content` filter allows for plugins to extend a theme's starter content.
* Starter content in themes can/should re-use existing starter content items in core by using named placeholders.
* Import theme starter content into customized state when fresh site.
* Prevent original_title differences from causing refreshes if title is present.
* Ensure nav menu item url is set according to object when previewing.
* Make sure initial saved state is false if there are dirty settings without an existing changeset.
* Ensure dirty settings are cleaned upon changeset publishing.
Props helen, westonruter, ocean90.
Fixes #38114, #38533.
Built from https://develop.svn.wordpress.org/trunk@38991
git-svn-id: http://core.svn.wordpress.org/trunk@38934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 04:57:35 +02:00
}
2020-01-29 01:45:18 +01:00
// Misc filters.
2024-06-11 04:40:14 +02:00
add_filter ( 'wp_default_autoload_value' , 'wp_filter_default_autoload_value_via_option_size' , 5 , 4 ); // Allow the value to be overridden at the default priority.
2017-12-01 00:11:00 +01:00
add_filter ( 'option_ping_sites' , 'privacy_ping_filter' );
2020-01-29 01:45:18 +01:00
add_filter ( 'option_blog_charset' , '_wp_specialchars' ); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop.
2017-12-01 00:11:00 +01:00
add_filter ( 'option_blog_charset' , '_canonical_charset' );
add_filter ( 'option_home' , '_config_wp_home' );
add_filter ( 'option_siteurl' , '_config_wp_siteurl' );
add_filter ( 'tiny_mce_before_init' , '_mce_set_direction' );
add_filter ( 'teeny_mce_before_init' , '_mce_set_direction' );
add_filter ( 'pre_kses' , 'wp_pre_kses_less_than' );
2019-12-12 19:02:03 +01:00
add_filter ( 'pre_kses' , 'wp_pre_kses_block_attributes' , 10 , 3 );
2017-12-01 00:11:00 +01:00
add_filter ( 'sanitize_title' , 'sanitize_title_with_dashes' , 10 , 3 );
add_action ( 'check_comment_flood' , 'check_comment_flood_db' , 10 , 4 );
add_filter ( 'comment_flood_filter' , 'wp_throttle_comment_flood' , 10 , 3 );
2019-09-30 03:30:58 +02:00
add_filter ( 'pre_comment_content' , 'wp_rel_ugc' , 15 );
2017-12-01 00:11:00 +01:00
add_filter ( 'comment_email' , 'antispambot' );
add_filter ( 'option_tag_base' , '_wp_filter_taxonomy_base' );
add_filter ( 'option_category_base' , '_wp_filter_taxonomy_base' );
add_filter ( 'the_posts' , '_close_comments_for_old_posts' , 10 , 2 );
add_filter ( 'comments_open' , '_close_comments_for_old_post' , 10 , 2 );
add_filter ( 'pings_open' , '_close_comments_for_old_post' , 10 , 2 );
add_filter ( 'editable_slug' , 'urldecode' );
add_filter ( 'editable_slug' , 'esc_textarea' );
add_filter ( 'pingback_ping_source_uri' , 'pingback_ping_source_uri' );
add_filter ( 'xmlrpc_pingback_error' , 'xmlrpc_pingback_error' );
add_filter ( 'title_save_pre' , 'trim' );
2006-11-30 09:48:56 +01:00
2016-10-25 22:48:29 +02:00
add_action ( 'transition_comment_status' , '_clear_modified_cache_on_transition_comment_status' , 10 , 2 );
2017-12-01 00:11:00 +01:00
add_filter ( 'http_request_host_is_external' , 'allowed_http_request_hosts' , 10 , 2 );
2013-07-31 08:44:57 +02:00
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
// REST API filters.
2017-12-01 00:11:00 +01:00
add_action ( 'xmlrpc_rsd_apis' , 'rest_output_rsd' );
add_action ( 'wp_head' , 'rest_output_link_wp_head' , 10 , 0 );
add_action ( 'template_redirect' , 'rest_output_link_header' , 11 , 0 );
add_action ( 'auth_cookie_malformed' , 'rest_cookie_collect_status' );
add_action ( 'auth_cookie_expired' , 'rest_cookie_collect_status' );
add_action ( 'auth_cookie_bad_username' , 'rest_cookie_collect_status' );
add_action ( 'auth_cookie_bad_hash' , 'rest_cookie_collect_status' );
add_action ( 'auth_cookie_valid' , 'rest_cookie_collect_status' );
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
add_action ( 'application_password_failed_authentication' , 'rest_application_password_collect_status' );
2021-01-29 01:07:02 +01:00
add_action ( 'application_password_did_authenticate' , 'rest_application_password_collect_status' , 10 , 2 );
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
add_filter ( 'rest_authentication_errors' , 'rest_application_password_check_errors' , 90 );
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
add_filter ( 'rest_authentication_errors' , 'rest_cookie_check_errors' , 100 );
2020-01-29 01:45:18 +01:00
// Actions.
2017-12-01 00:11:00 +01:00
add_action ( 'wp_head' , '_wp_render_title_tag' , 1 );
add_action ( 'wp_head' , 'wp_enqueue_scripts' , 1 );
add_action ( 'wp_head' , 'wp_resource_hints' , 2 );
Script loader: enable resource preloading with rel='preload'.
Add a `wp_preload_resources` filter that developers can use to add resource preloading.
Preloading helps the browser discover and prioritize important resources earlier during the page load. This ensures that they are available earlier and are less likely to block the page's render.
Props nico23, swissspidy, igrigorik, westonruter, azaozz, furi3r, aristath, spacedmonkey, peterwilsoncc, mihai2u, gziolo.
Fixes #42438.
Built from https://develop.svn.wordpress.org/trunk@53846
git-svn-id: http://core.svn.wordpress.org/trunk@53405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-05 20:26:08 +02:00
add_action ( 'wp_head' , 'wp_preload_resources' , 1 );
2017-12-01 00:11:00 +01:00
add_action ( 'wp_head' , 'feed_links' , 2 );
add_action ( 'wp_head' , 'feed_links_extra' , 3 );
add_action ( 'wp_head' , 'rsd_link' );
add_action ( 'wp_head' , 'locale_stylesheet' );
add_action ( 'publish_future_post' , 'check_and_publish_future_post' , 10 , 1 );
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
add_action ( 'wp_head' , 'wp_robots' , 1 );
2017-12-01 00:11:00 +01:00
add_action ( 'wp_head' , 'print_emoji_detection_script' , 7 );
add_action ( 'wp_head' , 'wp_print_styles' , 8 );
add_action ( 'wp_head' , 'wp_print_head_scripts' , 9 );
add_action ( 'wp_head' , 'wp_generator' );
add_action ( 'wp_head' , 'rel_canonical' );
add_action ( 'wp_head' , 'wp_shortlink_wp_head' , 10 , 0 );
add_action ( 'wp_head' , 'wp_custom_css_cb' , 101 );
add_action ( 'wp_head' , 'wp_site_icon' , 99 );
add_action ( 'wp_footer' , 'wp_print_footer_scripts' , 20 );
add_action ( 'template_redirect' , 'wp_shortlink_header' , 11 , 0 );
add_action ( 'wp_print_footer_scripts' , '_wp_footer_scripts' );
2020-07-21 15:15:05 +02:00
add_action ( 'init' , '_register_core_block_patterns_and_categories' );
2020-07-21 16:37:07 +02:00
add_action ( 'init' , 'check_theme_switched' , 99 );
2020-10-20 15:36:16 +02:00
add_action ( 'init' , array ( 'WP_Block_Supports' , 'init' ), 22 );
Themes: Introduce wp_theme_has_theme_json() for public consumption.
Adds `wp_theme_has_theme_json()` for public consumption, to replace the private internal Core-only `WP_Theme_JSON_Resolver::theme_has_support()` method. This new global function checks if a theme or its parent has a `theme.json` file.
For performance, results are cached as an integer `1` or `0` in the `'theme_json'` group with `'wp_theme_has_theme_json'` key. This is a non-persistent cache. Why? To make the derived data from `theme.json` is always fresh from the potential modifications done via hooks that can use dynamic data (modify the stylesheet depending on some option, settings depending on user permissions, etc.).
Also adds a new public function `wp_clean_theme_json_cache()` to clear the cache on `'switch_theme'` and `start_previewing_theme'`.
References:
* [https://github.com/WordPress/gutenberg/pull/45168 Gutenberg PR 45168] Add `wp_theme_has_theme_json` as a public API to know whether a theme has a `theme.json`.
* [https://github.com/WordPress/gutenberg/pull/45380 Gutenberg PR 45380] Deprecate `WP_Theme_JSON_Resolver:theme_has_support()`.
* [https://github.com/WordPress/gutenberg/pull/46150 Gutenberg PR 46150] Make `theme.json` object caches non-persistent.
* [https://github.com/WordPress/gutenberg/pull/45979 Gutenberg PR 45979] Don't check if constants set by `wp_initial_constants()` are defined.
* [https://github.com/WordPress/gutenberg/pull/45950 Gutenberg PR 45950] Cleaner logic in `wp_theme_has_theme_json`.
Follow-up to [54493], [53282], [52744], [52049], [50959].
Props oandregal, afragen, alexstine, aristath, azaozz, costdev, flixos90, hellofromTonya, mamaduka, mcsf, ocean90, spacedmonkey.
Fixes #56975.
Built from https://develop.svn.wordpress.org/trunk@55086
git-svn-id: http://core.svn.wordpress.org/trunk@54619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-18 12:40:10 +01:00
add_action ( 'switch_theme' , 'wp_clean_theme_json_cache' );
add_action ( 'start_previewing_theme' , 'wp_clean_theme_json_cache' );
2017-12-01 00:11:00 +01:00
add_action ( 'after_switch_theme' , '_wp_menus_changed' );
add_action ( 'after_switch_theme' , '_wp_sidebars_changed' );
Script Loader: Replace hardcoded output of style tags with calls to `wp_add_inline_style`.
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.
To ensure backward compatibility, the following functions have been deprecated and replaced:
- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb
Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.
However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:
- custom-background
- wp-custom
These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.
Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes #58775.
Built from https://develop.svn.wordpress.org/trunk@56682
git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 19:06:34 +02:00
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_emoji_styles' );
add_action ( 'wp_print_styles' , 'print_emoji_styles' ); // Retained for backwards-compatibility. Unhooked by wp_enqueue_emoji_styles().
2017-12-01 00:11:00 +01:00
if ( isset ( $_GET [ 'replytocom' ] ) ) {
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
add_filter ( 'wp_robots' , 'wp_robots_no_robots' );
2017-12-01 00:11:00 +01:00
}
2015-07-02 02:47:24 +02:00
2020-01-29 01:45:18 +01:00
// Login actions.
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
add_action ( 'login_head' , 'wp_robots' , 1 );
2017-12-01 00:11:00 +01:00
add_filter ( 'login_head' , 'wp_resource_hints' , 8 );
add_action ( 'login_head' , 'wp_print_head_scripts' , 9 );
add_action ( 'login_head' , 'print_admin_styles' , 9 );
add_action ( 'login_head' , 'wp_site_icon' , 99 );
add_action ( 'login_footer' , 'wp_print_footer_scripts' , 20 );
add_action ( 'login_init' , 'send_frame_options_header' , 10 , 0 );
2010-10-27 08:57:10 +02:00
2020-01-29 01:45:18 +01:00
// Feed generator tags.
2010-02-13 17:45:16 +01:00
foreach ( array ( 'rss2_head' , 'commentsrss2_head' , 'rss_head' , 'rdf_header' , 'atom_head' , 'comments_atom_head' , 'opml_head' , 'app_head' ) as $action ) {
add_action ( $action , 'the_generator' );
}
2020-01-29 01:45:18 +01:00
// Feed Site Icon.
Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.
Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.
Built from https://develop.svn.wordpress.org/trunk@32994
git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 14:58:25 +02:00
add_action ( 'atom_head' , 'atom_site_icon' );
add_action ( 'rss2_head' , 'rss2_site_icon' );
2020-01-29 01:45:18 +01:00
// WP Cron.
2017-12-01 00:11:00 +01:00
if ( ! defined ( 'DOING_CRON' ) ) {
2012-04-30 23:02:54 +02:00
add_action ( 'init' , 'wp_cron' );
2017-12-01 00:11:00 +01:00
}
2009-10-15 19:27:45 +02:00
Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes #51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
// HTTPS migration.
add_action ( 'update_option_home' , 'wp_update_https_migration_required' , 10 , 2 );
2020-01-29 01:45:18 +01:00
// 2 Actions 2 Furious.
2019-10-08 05:20:02 +02:00
add_action ( 'do_feed_rdf' , 'do_feed_rdf' , 10 , 0 );
add_action ( 'do_feed_rss' , 'do_feed_rss' , 10 , 0 );
2017-12-01 00:11:00 +01:00
add_action ( 'do_feed_rss2' , 'do_feed_rss2' , 10 , 1 );
add_action ( 'do_feed_atom' , 'do_feed_atom' , 10 , 1 );
2019-10-08 05:20:02 +02:00
add_action ( 'do_pings' , 'do_all_pings' , 10 , 0 );
2020-10-19 23:16:02 +02:00
add_action ( 'do_all_pings' , 'do_all_pingbacks' , 10 , 0 );
add_action ( 'do_all_pings' , 'do_all_enclosures' , 10 , 0 );
add_action ( 'do_all_pings' , 'do_all_trackbacks' , 10 , 0 );
add_action ( 'do_all_pings' , 'generic_ping' , 10 , 0 );
2017-12-01 00:11:00 +01:00
add_action ( 'do_robots' , 'do_robots' );
Bootstrap/Load: Make handling the `/favicon.ico` requests more flexible.
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes #47398.
Built from https://develop.svn.wordpress.org/trunk@47018
git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-28 22:20:04 +01:00
add_action ( 'do_favicon' , 'do_favicon' );
2018-03-04 17:41:33 +01:00
add_action ( 'set_comment_cookies' , 'wp_set_comment_cookies' , 10 , 3 );
2017-12-01 00:11:00 +01:00
add_action ( 'sanitize_comment_cookies' , 'sanitize_comment_cookies' );
add_action ( 'init' , 'smilies_init' , 5 );
add_action ( 'plugins_loaded' , 'wp_maybe_load_widgets' , 0 );
add_action ( 'plugins_loaded' , 'wp_maybe_load_embeds' , 0 );
add_action ( 'shutdown' , 'wp_ob_end_flush_all' , 1 );
2014-11-01 21:20:23 +01:00
// Create a revision whenever a post is updated.
Revisions: framework for storing post meta revisions.
Enable the storing of post meta in revisions including autosaves and previews:
Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.
Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.
Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.
Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.
Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.
Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes #20564, #20299.
Built from https://develop.svn.wordpress.org/trunk@56714
git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:32:19 +02:00
add_action ( 'wp_after_insert_post' , 'wp_save_post_revision_on_insert' , 9 , 3 );
2017-12-01 00:11:00 +01:00
add_action ( 'post_updated' , 'wp_save_post_revision' , 10 , 1 );
add_action ( 'publish_post' , '_publish_post_hook' , 5 , 1 );
add_action ( 'transition_post_status' , '_transition_post_status' , 5 , 3 );
add_action ( 'transition_post_status' , '_update_term_count_on_transition_post_status' , 10 , 3 );
add_action ( 'comment_form' , 'wp_comment_form_unfiltered_html_nonce' );
2010-05-31 18:11:20 +02:00
2020-01-29 01:45:18 +01:00
// Privacy.
2018-04-27 12:12:22 +02:00
add_action ( 'user_request_action_confirmed' , '_wp_privacy_account_request_confirmed' );
2018-05-10 07:00:20 +02:00
add_action ( 'user_request_action_confirmed' , '_wp_privacy_send_request_confirmation_notification' , 12 ); // After request marked as completed.
2018-04-27 12:12:22 +02:00
add_filter ( 'wp_privacy_personal_data_exporters' , 'wp_register_comment_personal_data_exporter' );
2018-05-01 15:45:21 +02:00
add_filter ( 'wp_privacy_personal_data_exporters' , 'wp_register_media_personal_data_exporter' );
2018-05-09 19:12:21 +02:00
add_filter ( 'wp_privacy_personal_data_exporters' , 'wp_register_user_personal_data_exporter' , 1 );
2018-04-27 12:12:22 +02:00
add_filter ( 'wp_privacy_personal_data_erasers' , 'wp_register_comment_personal_data_eraser' );
2018-04-30 22:09:23 +02:00
add_action ( 'init' , 'wp_schedule_delete_old_privacy_export_files' );
add_action ( 'wp_privacy_delete_old_export_files' , 'wp_privacy_delete_old_export_files' );
2018-04-27 12:12:22 +02:00
2020-01-29 01:45:18 +01:00
// Cron tasks.
2017-12-01 00:11:00 +01:00
add_action ( 'wp_scheduled_delete' , 'wp_scheduled_delete' );
add_action ( 'wp_scheduled_auto_draft_delete' , 'wp_delete_auto_drafts' );
add_action ( 'importer_scheduled_cleanup' , 'wp_delete_attachment' );
add_action ( 'upgrader_scheduled_cleanup' , 'wp_delete_attachment' );
add_action ( 'delete_expired_transients' , 'delete_expired_transients' );
2017-10-21 15:22:49 +02:00
2020-01-29 01:45:18 +01:00
// Navigation menu actions.
2017-12-01 00:11:00 +01:00
add_action ( 'delete_post' , '_wp_delete_post_menu_item' );
add_action ( 'delete_term' , '_wp_delete_tax_menu_item' , 10 , 3 );
add_action ( 'transition_post_status' , '_wp_auto_add_pages_to_menu' , 10 , 3 );
add_action ( 'delete_post' , '_wp_delete_customize_changeset_dependent_auto_drafts' );
2009-10-15 19:27:45 +02:00
2023-05-17 20:31:24 +02:00
// Post Thumbnail specific image filtering.
2017-12-01 00:11:00 +01:00
add_action ( 'begin_fetch_post_thumbnail_html' , '_wp_post_thumbnail_class_filter_add' );
add_action ( 'end_fetch_post_thumbnail_html' , '_wp_post_thumbnail_class_filter_remove' );
2023-05-17 20:31:24 +02:00
add_action ( 'begin_fetch_post_thumbnail_html' , '_wp_post_thumbnail_context_filter_add' );
add_action ( 'end_fetch_post_thumbnail_html' , '_wp_post_thumbnail_context_filter_remove' );
2007-05-01 03:13:06 +02:00
2020-01-29 01:45:18 +01:00
// Redirect old slugs.
2017-12-01 00:11:00 +01:00
add_action ( 'template_redirect' , 'wp_old_slug_redirect' );
add_action ( 'post_updated' , 'wp_check_for_changed_slugs' , 12 , 3 );
2015-09-29 06:58:25 +02:00
add_action ( 'attachment_updated' , 'wp_check_for_changed_slugs' , 12 , 3 );
2010-05-23 09:49:21 +02:00
2020-01-29 01:45:18 +01:00
// Redirect old dates.
2018-08-17 03:51:36 +02:00
add_action ( 'post_updated' , 'wp_check_for_changed_dates' , 12 , 3 );
2017-12-15 09:31:47 +01:00
add_action ( 'attachment_updated' , 'wp_check_for_changed_dates' , 12 , 3 );
2020-01-29 01:45:18 +01:00
// Nonce check for post previews.
2010-05-23 09:49:21 +02:00
add_action ( 'init' , '_show_post_preview' );
2009-03-10 01:50:00 +01:00
2020-01-29 01:45:18 +01:00
// Output JS to reset window.name for previews.
2015-06-17 01:13:26 +02:00
add_action ( 'wp_head' , 'wp_post_preview_js' , 1 );
2020-01-29 01:45:18 +01:00
// Timezone.
2017-12-01 00:11:00 +01:00
add_filter ( 'pre_option_gmt_offset' , 'wp_timezone_override_offset' );
2010-02-06 06:15:26 +01:00
2012-08-17 01:09:40 +02:00
// If the upgrade hasn't run yet, assume link manager is used.
add_filter ( 'default_option_link_manager_enabled' , '__return_true' );
2012-09-27 21:19:18 +02:00
// This option no longer exists; tell plugins we always support auto-embedding.
2017-04-01 15:56:43 +02:00
add_filter ( 'pre_option_embed_autourls' , '__return_true' );
Force comment pagination on single posts.
Previously, the 'page_comments' toggle allowed users to disable comment
pagination. This toggle was only superficial, however. Even with
'page_comments' turned on, `comments_template()` loaded all of a post's
comments into memory, and passed them to `wp_list_comments()` and
`Walker_Comment`, the latter of which produced markup for only the
current page of comments. In other words, it was possible to enable
'page_comments', thereby showing only a subset of a post's comments on a given
page, but all comments continued to be loaded in the background. This technique
scaled poorly. Posts with hundreds or thousands of comments would load slowly,
or not at all, even when the 'comments_per_page' setting was set to a
reasonable number.
Recent changesets have addressed this problem through more efficient tree-
walking, better descendant caching, and more selective queries for top-level
post comments. The current changeset completes the project by addressing the
root issue: that loading a post causes all of its comments to be loaded too.
Here's the breakdown:
* Comment pagination is now forced. Setting 'page_comments' to false leads to evil things when you have many comments. If you want to avoid pagination, set 'comments_per_page' to something high.
* The 'page_comments' setting has been expunged from options-discussion.php, and from places in the codebase where it was referenced. For plugins relying on 'page_comments', we now force the value to `true` with a `pre_option` filter.
* `comments_template()` now queries for an appropriately small number of comments. Usually, this means the `comments_per_page` value.
* To preserve the current (odd) behavior for comment pagination links, some unholy hacks have been inserted into `comments_template()`. The ugliness is insulated in this function for backward compatibility and to minimize collateral damage. A side-effect is that, for certain settings of 'default_comments_page', up to 2x the value of `comments_per_page` might be fetched at a time.
* In support of these changes, a `$format` parameter has been added to `WP_Comment::get_children()`. This param allows you to request a flattened array of comment children, suitable for feeding into `Walker_Comment`.
* `WP_Query` loops are now informed about total available comment counts and comment pages by the `WP_Comment_Query` (`found_comments`, `max_num_pages`), instead of by `Walker_Comment`.
Aside from radical performance improvements in the case of a post with many
comments, this changeset fixes a bug that caused the first page of comments to
be partial (`found_comments` % `comments_per_page`), rather than the last, as
you'd expect.
Props boonebgorges, wonderboymusic.
Fixes #8071.
Built from https://develop.svn.wordpress.org/trunk@34561
git-svn-id: http://core.svn.wordpress.org/trunk@34525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 22:40:25 +02:00
2020-01-29 01:45:18 +01:00
// Default settings for heartbeat.
2013-01-29 07:15:25 +01:00
add_filter ( 'heartbeat_settings' , 'wp_heartbeat_settings' );
2020-01-29 01:45:18 +01:00
// Check if the user is logged out.
2014-02-09 23:34:11 +01:00
add_action ( 'admin_enqueue_scripts' , 'wp_auth_check_load' );
2017-12-01 00:11:00 +01:00
add_filter ( 'heartbeat_send' , 'wp_auth_check' );
2014-02-09 23:34:11 +01:00
add_filter ( 'heartbeat_nopriv_send' , 'wp_auth_check' );
2013-02-28 09:57:17 +01:00
2020-01-29 01:45:18 +01:00
// Default authentication filters.
2017-12-01 00:11:00 +01:00
add_filter ( 'authenticate' , 'wp_authenticate_username_password' , 20 , 3 );
add_filter ( 'authenticate' , 'wp_authenticate_email_password' , 20 , 3 );
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
add_filter ( 'authenticate' , 'wp_authenticate_application_password' , 20 , 3 );
2017-12-01 00:11:00 +01:00
add_filter ( 'authenticate' , 'wp_authenticate_spam_check' , 99 );
add_filter ( 'determine_current_user' , 'wp_validate_auth_cookie' );
2014-03-09 16:23:15 +01:00
add_filter ( 'determine_current_user' , 'wp_validate_logged_in_cookie' , 20 );
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-09 00:14:06 +02:00
add_filter ( 'determine_current_user' , 'wp_validate_application_password' , 20 );
2013-07-29 05:23:51 +02:00
2015-02-11 20:42:25 +01:00
// Split term updates.
2017-12-01 00:11:00 +01:00
add_action ( 'admin_init' , '_wp_check_for_scheduled_split_terms' );
add_action ( 'split_shared_term' , '_wp_check_split_default_terms' , 10 , 4 );
2015-02-11 20:42:25 +01:00
add_action ( 'split_shared_term' , '_wp_check_split_terms_in_menus' , 10 , 4 );
2015-08-12 16:07:26 +02:00
add_action ( 'split_shared_term' , '_wp_check_split_nav_menu_terms' , 10 , 4 );
2015-08-14 05:59:26 +02:00
add_action ( 'wp_split_shared_term_batch' , '_wp_batch_split_terms' );
2015-02-11 20:42:25 +01:00
2020-04-17 21:35:06 +02:00
// Comment type updates.
add_action ( 'admin_init' , '_wp_check_for_scheduled_update_comment_type' );
add_action ( 'wp_update_comment_type_batch' , '_wp_batch_update_comment_type' );
2015-09-14 04:17:26 +02:00
// Email notifications.
2015-09-17 00:26:24 +02:00
add_action ( 'comment_post' , 'wp_new_comment_notify_moderator' );
2015-09-14 04:17:26 +02:00
add_action ( 'comment_post' , 'wp_new_comment_notify_postauthor' );
2015-09-14 04:45:25 +02:00
add_action ( 'after_password_reset' , 'wp_password_change_notification' );
2017-12-01 00:11:00 +01:00
add_action ( 'register_new_user' , 'wp_send_new_user_notifications' );
2015-11-25 23:38:29 +01:00
add_action ( 'edit_user_created_user' , 'wp_send_new_user_notifications' , 10 , 2 );
2015-09-14 04:17:26 +02:00
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
// REST API actions.
2017-12-01 00:11:00 +01:00
add_action ( 'init' , 'rest_api_init' );
add_action ( 'rest_api_init' , 'rest_api_default_filters' , 10 , 1 );
add_action ( 'rest_api_init' , 'register_initial_settings' , 10 );
REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832
git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 04:55:32 +02:00
add_action ( 'rest_api_init' , 'create_initial_rest_routes' , 99 );
REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes #33982.
Built from https://develop.svn.wordpress.org/trunk@34928
git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 04:31:25 +02:00
add_action ( 'parse_request' , 'rest_api_loaded' );
Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.
See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.
This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.
This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.
Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.
Built from https://develop.svn.wordpress.org/trunk@48072
git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 17:24:07 +02:00
// Sitemaps actions.
add_action ( 'init' , 'wp_sitemaps_get_server' );
2015-01-12 17:40:23 +01:00
/**
2020-01-29 01:45:18 +01:00
* Filters formerly mixed into wp - includes .
2015-01-12 17:40:23 +01:00
*/
2020-01-29 01:45:18 +01:00
// Theme.
2020-06-27 14:02:03 +02:00
add_action ( 'setup_theme' , 'create_initial_theme_features' , 0 );
Themes: Fix block theme supports being added too early, leading to Customizer live preview bugs in 6.4.
The Customizer live preview broke because of [56635], however the root cause for the bug was a lower-level problem that had been present since WordPress 5.8: The block theme specific functions `_add_default_theme_supports()` and `wp_enable_block_templates()` were being hooked into the `setup_theme` action, which fires too early to initialize theme features. Because of that, theme functionality would be initialized before the current theme setup being completed. In the case of the Customizer, that includes overriding which theme is the current theme entirely, thus leading to an inconsistent experience.
This changeset fixes the bug by moving those two callbacks to the `after_setup_theme` action, which is the appropriate action to initialize theme features.
Props karl94, hellofromTonya, joemcgill, flixos90.
Fixes #59732.
See #18298, #53397, #54597.
Built from https://develop.svn.wordpress.org/trunk@57009
git-svn-id: http://core.svn.wordpress.org/trunk@56520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-26 20:44:26 +02:00
add_action ( 'after_setup_theme' , '_add_default_theme_supports' , 1 );
2015-01-12 17:40:23 +01:00
add_action ( 'wp_loaded' , '_custom_header_background_just_in_time' );
2016-03-10 06:37:27 +01:00
add_action ( 'wp_head' , '_custom_logo_header_styles' );
2015-01-12 17:40:23 +01:00
add_action ( 'plugins_loaded' , '_wp_customize_include' );
Customize: Implement customized state persistence with changesets.
Includes infrastructure developed in the Customize Snapshots feature plugin.
See https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
Props westonruter, valendesigns, utkarshpatel, stubgo, lgedeon, ocean90, ryankienstra, mihai2u, dlh, aaroncampbell, jonathanbardo, jorbin.
See #28721.
See #31089.
Fixes #30937.
Fixes #31517.
Fixes #30028.
Fixes #23225.
Fixes #34142.
Fixes #36485.
Built from https://develop.svn.wordpress.org/trunk@38810
git-svn-id: http://core.svn.wordpress.org/trunk@38753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-18 22:05:31 +02:00
add_action ( 'transition_post_status' , '_wp_customize_publish_changeset' , 10 , 3 );
2015-01-12 17:40:23 +01:00
add_action ( 'admin_enqueue_scripts' , '_wp_customize_loader_settings' );
add_action ( 'delete_attachment' , '_delete_attachment_theme_mod' );
2017-05-16 07:37:44 +02:00
add_action ( 'transition_post_status' , '_wp_keep_alive_customize_changeset_dependent_auto_drafts' , 20 , 3 );
2015-01-12 17:40:23 +01:00
2023-09-06 23:48:17 +02:00
// Block Theme Previews.
2023-10-03 00:42:24 +02:00
add_action ( 'plugins_loaded' , 'wp_initialize_theme_preview_hooks' , 1 );
2023-09-06 23:48:17 +02:00
2020-01-29 01:45:18 +01:00
// Calendar widget cache.
2015-01-12 17:40:23 +01:00
add_action ( 'save_post' , 'delete_get_calendar_cache' );
add_action ( 'delete_post' , 'delete_get_calendar_cache' );
add_action ( 'update_option_start_of_week' , 'delete_get_calendar_cache' );
add_action ( 'update_option_gmt_offset' , 'delete_get_calendar_cache' );
2020-01-29 01:45:18 +01:00
// Author.
2015-01-12 17:40:23 +01:00
add_action ( 'transition_post_status' , '__clear_multi_author_cache' );
2020-01-29 01:45:18 +01:00
// Post.
add_action ( 'init' , 'create_initial_post_types' , 0 ); // Highest priority.
2015-01-12 17:40:23 +01:00
add_action ( 'admin_menu' , '_add_post_type_submenus' );
add_action ( 'before_delete_post' , '_reset_front_page_settings_for_post' );
2017-12-01 00:11:00 +01:00
add_action ( 'wp_trash_post' , '_reset_front_page_settings_for_post' );
2016-10-26 17:36:31 +02:00
add_action ( 'change_locale' , 'create_initial_post_types' );
2015-01-12 17:40:23 +01:00
2020-01-29 01:45:18 +01:00
// Post Formats.
2015-01-12 17:40:23 +01:00
add_filter ( 'request' , '_post_format_request' );
add_filter ( 'term_link' , '_post_format_link' , 10 , 3 );
add_filter ( 'get_post_format' , '_post_format_get_term' );
add_filter ( 'get_terms' , '_post_format_get_terms' , 10 , 3 );
add_filter ( 'wp_get_object_terms' , '_post_format_wp_get_object_terms' );
2020-01-29 01:45:18 +01:00
// KSES.
2015-01-12 17:40:23 +01:00
add_action ( 'init' , 'kses_init' );
add_action ( 'set_current_user' , 'kses_init' );
2020-01-29 01:45:18 +01:00
// Script Loader.
2015-01-12 17:40:23 +01:00
add_action ( 'wp_default_scripts' , 'wp_default_scripts' );
2018-12-13 18:27:38 +01:00
add_action ( 'wp_default_scripts' , 'wp_default_packages' );
2016-06-29 14:58:29 +02:00
add_action ( 'wp_enqueue_scripts' , 'wp_localize_jquery_ui_datepicker' , 1000 );
2018-12-14 04:36:38 +01:00
add_action ( 'wp_enqueue_scripts' , 'wp_common_block_scripts_and_styles' );
2022-09-29 20:55:10 +02:00
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_classic_theme_styles' );
2021-04-01 13:46:09 +02:00
add_action ( 'admin_enqueue_scripts' , 'wp_localize_jquery_ui_datepicker' , 1000 );
2018-12-14 04:36:38 +01:00
add_action ( 'admin_enqueue_scripts' , 'wp_common_block_scripts_and_styles' );
add_action ( 'enqueue_block_assets' , 'wp_enqueue_registered_block_scripts_and_styles' );
2021-04-01 13:46:09 +02:00
add_action ( 'enqueue_block_assets' , 'enqueue_block_styles_assets' , 30 );
2023-05-24 11:24:23 +02:00
/*
* `wp_enqueue_registered_block_scripts_and_styles` is bound to both
* `enqueue_block_editor_assets` and `enqueue_block_assets` hooks
* since the introduction of the block editor in WordPress 5.0 .
*
* The way this works is that the block assets are loaded before any other assets .
* For example , this is the order of styles for the editor :
*
* - front styles registered for blocks , via `styles` handle ( block . json )
* - editor styles registered for blocks , via `editorStyles` handle ( block . json )
* - editor styles enqueued via `enqueue_block_editor_assets` hook
* - front styles enqueued via `enqueue_block_assets` hook
*/
add_action ( 'enqueue_block_editor_assets' , 'wp_enqueue_registered_block_scripts_and_styles' );
2021-04-01 13:46:09 +02:00
add_action ( 'enqueue_block_editor_assets' , 'enqueue_editor_block_styles_assets' );
add_action ( 'enqueue_block_editor_assets' , 'wp_enqueue_editor_block_directory_assets' );
add_action ( 'enqueue_block_editor_assets' , 'wp_enqueue_editor_format_library_assets' );
2021-12-14 02:57:26 +01:00
add_action ( 'enqueue_block_editor_assets' , 'wp_enqueue_global_styles_css_custom_properties' );
2023-07-05 18:21:27 +02:00
add_action ( 'wp_print_scripts' , 'wp_just_in_time_script_localization' );
2015-01-12 17:40:23 +01:00
add_filter ( 'print_scripts_array' , 'wp_prototype_before_jquery' );
2023-07-05 18:21:27 +02:00
add_action ( 'customize_controls_print_styles' , 'wp_resource_hints' , 1 );
2021-07-09 03:18:57 +02:00
add_action ( 'admin_head' , 'wp_check_widget_editor_deps' );
2022-10-25 14:19:18 +02:00
add_filter ( 'block_editor_settings_all' , 'wp_add_editor_classic_theme_styles' );
2015-01-12 17:40:23 +01:00
2021-07-02 20:47:58 +02:00
// Global styles can be enqueued in both the header and the footer. See https://core.trac.wordpress.org/ticket/53494.
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_global_styles' );
add_action ( 'wp_footer' , 'wp_enqueue_global_styles' , 1 );
2022-09-19 22:56:10 +02:00
// Block supports, and other styles parsed and stored in the Style Engine.
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_stored_styles' );
add_action ( 'wp_footer' , 'wp_enqueue_stored_styles' , 1 );
2015-01-12 17:40:23 +01:00
add_action ( 'wp_default_styles' , 'wp_default_styles' );
add_filter ( 'style_loader_src' , 'wp_style_loader_src' , 10 , 2 );
2021-05-11 11:43:08 +02:00
add_action ( 'wp_head' , 'wp_maybe_inline_styles' , 1 ); // Run for styles enqueued in <head>.
add_action ( 'wp_footer' , 'wp_maybe_inline_styles' , 1 ); // Run for late-loaded styles in the footer.
2023-10-12 15:28:23 +02:00
/*
* Block specific actions and filters .
*/
// Footnotes Block.
add_action ( 'init' , '_wp_footnotes_kses_init' );
add_action ( 'set_current_user' , '_wp_footnotes_kses_init' );
add_filter ( 'force_filtered_html_on_import' , '_wp_footnotes_force_filtered_html_on_import_filter' , 999 );
2021-11-12 04:55:01 +01:00
/*
* Disable " Post Attributes " for wp_navigation post type . The attributes are
* also conditionally enabled when a site has custom templates . Block Theme
* templates can be available for every post type .
*/
add_filter ( 'theme_wp_navigation_templates' , '__return_empty_array' );
2020-01-29 01:45:18 +01:00
// Taxonomy.
add_action ( 'init' , 'create_initial_taxonomies' , 0 ); // Highest priority.
2016-10-26 17:36:31 +02:00
add_action ( 'change_locale' , 'create_initial_taxonomies' );
2015-01-12 17:40:23 +01:00
2020-01-29 01:45:18 +01:00
// Canonical.
2015-01-12 17:40:23 +01:00
add_action ( 'template_redirect' , 'redirect_canonical' );
add_action ( 'template_redirect' , 'wp_redirect_admin_locations' , 1000 );
2020-01-29 01:45:18 +01:00
// Media.
2015-01-12 17:40:23 +01:00
add_action ( 'wp_playlist_scripts' , 'wp_playlist_scripts' );
add_action ( 'customize_controls_enqueue_scripts' , 'wp_plupload_default_settings' );
2019-09-06 00:27:58 +02:00
add_action ( 'plugins_loaded' , '_wp_add_additional_image_sizes' , 0 );
2020-07-04 01:15:03 +02:00
add_filter ( 'plupload_default_settings' , 'wp_show_heic_upload_error' );
2015-01-12 17:40:23 +01:00
2020-01-29 01:45:18 +01:00
// Nav menu.
2015-01-12 17:40:23 +01:00
add_filter ( 'nav_menu_item_id' , '_nav_menu_item_id_use_once' , 10 , 2 );
Menus: Prevent infinite loop in menus.
This modifies how the `menu-item-has-children` class is removed from bottom level menu items. Instead of removing the class within `wp_nav_menu()` a filter is applied to the `nav_menu_css_class` hook to remove the class as required.
Introduces `wp_nav_menu_remove_menu_item_has_children_class()` for removing the class.
Reverts source code changes in [54478,54801], the tests are retained.
Props davidbinda, SergeyBiryukov, mhkuu, JeffPaul, jmdodd, priethor, desrosj, hellofromTonya, azaozz, peterwilsoncc.
Fixes #56926.
See #28620.
Built from https://develop.svn.wordpress.org/trunk@54999
git-svn-id: http://core.svn.wordpress.org/trunk@54532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-16 03:40:15 +01:00
add_filter ( 'nav_menu_css_class' , 'wp_nav_menu_remove_menu_item_has_children_class' , 10 , 4 );
2015-01-12 17:40:23 +01:00
2020-01-29 01:45:18 +01:00
// Widgets.
2021-06-23 03:08:58 +02:00
add_action ( 'after_setup_theme' , 'wp_setup_widgets_block_editor' , 1 );
2015-05-25 08:25:25 +02:00
add_action ( 'init' , 'wp_widgets_init' , 1 );
2022-04-12 17:40:11 +02:00
add_action ( 'change_locale' , array ( 'WP_Widget_Media' , 'reset_default_labels' ) );
Widgets: Preserve classic sidebars when switching to a block theme.
When switching to a block theme, classic sidebars were orphaned and their widgets remapping to the `'wp_inactive_widgets'` sidebar . This changeset preserves the sidebars and their widgets, providing a migration path to a block theme without losing the widgets.
Classic sidebars are now:
* Stored in a new theme mod called `'wp_classic_sidebars'`;
* Restored to the `$wp_registered_sidebars` global variable when the `'widgets_init'` action fires (via a new internal function called `_wp_block_theme_register_classic_sidebars()`);
* And marked as `'inactive'` when interacting with sidebars REST API endpoint.
References:
* [https://github.com/WordPress/gutenberg/pull/45509 Gutenberg PR 45509] which adds an option for importing widgets from sidebars into template parts.
Follow-up to [50995], [6334].
Props mamaduka, audrasjb, hellofromTonya, ironprogrammer, jameskoster, joen, matveb, mukesh27, noisysocks, poena, youknowriad.
Fixes #57531.
Built from https://develop.svn.wordpress.org/trunk@55200
git-svn-id: http://core.svn.wordpress.org/trunk@54733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 01:15:21 +01:00
add_action ( 'widgets_init' , '_wp_block_theme_register_classic_sidebars' , 1 );
2015-05-25 08:25:25 +02:00
2020-01-29 01:45:18 +01:00
// Admin Bar.
2015-01-12 17:40:23 +01:00
// Don't remove. Wrong way to disable.
add_action ( 'template_redirect' , '_wp_admin_bar_init' , 0 );
add_action ( 'admin_init' , '_wp_admin_bar_init' );
Script Loader: Replace hardcoded output of style tags with calls to `wp_add_inline_style`.
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.
To ensure backward compatibility, the following functions have been deprecated and replaced:
- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb
Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.
However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:
- custom-background
- wp-custom
These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.
Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes #58775.
Built from https://develop.svn.wordpress.org/trunk@56682
git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 19:06:34 +02:00
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_admin_bar_bump_styles' );
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_admin_bar_header_styles' );
add_action ( 'admin_enqueue_scripts' , 'wp_enqueue_admin_bar_header_styles' );
2015-10-28 21:30:25 +01:00
add_action ( 'before_signup_header' , '_wp_admin_bar_init' );
2015-10-30 05:24:23 +01:00
add_action ( 'activate_header' , '_wp_admin_bar_init' );
2020-02-09 19:26:08 +01:00
add_action ( 'wp_body_open' , 'wp_admin_bar_render' , 0 );
2020-03-14 17:01:08 +01:00
add_action ( 'wp_footer' , 'wp_admin_bar_render' , 1000 ); // Back-compat for themes not using `wp_body_open`.
2015-01-12 17:40:23 +01:00
add_action ( 'in_admin_header' , 'wp_admin_bar_render' , 0 );
2020-01-29 01:45:18 +01:00
// Former admin filters that can also be hooked on the front end.
2015-08-06 22:40:26 +02:00
add_action ( 'media_buttons' , 'media_buttons' );
add_filter ( 'image_send_to_editor' , 'image_add_caption' , 20 , 8 );
add_filter ( 'media_send_to_editor' , 'image_media_send_to_editor' , 10 , 3 );
2020-01-29 01:45:18 +01:00
// Embeds.
2017-12-01 00:11:00 +01:00
add_action ( 'rest_api_init' , 'wp_oembed_register_route' );
2015-10-29 23:51:24 +01:00
add_filter ( 'rest_pre_serve_request' , '_oembed_rest_pre_serve_request' , 10 , 4 );
2017-12-01 00:11:00 +01:00
add_action ( 'wp_head' , 'wp_oembed_add_discovery_links' );
2022-01-04 16:23:59 +01:00
add_action ( 'wp_head' , 'wp_oembed_add_host_js' ); // Back-compat for sites disabling oEmbed host JS by removing action.
add_filter ( 'embed_oembed_html' , 'wp_maybe_enqueue_oembed_host_js' );
2017-12-01 00:11:00 +01:00
add_action ( 'embed_head' , 'enqueue_embed_scripts' , 1 );
add_action ( 'embed_head' , 'print_emoji_detection_script' );
Script Loader: Replace hardcoded output of style tags with calls to `wp_add_inline_style`.
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.
To ensure backward compatibility, the following functions have been deprecated and replaced:
- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb
Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.
However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:
- custom-background
- wp-custom
These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.
Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes #58775.
Built from https://develop.svn.wordpress.org/trunk@56682
git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 19:06:34 +02:00
add_action ( 'embed_head' , 'wp_enqueue_embed_styles' , 9 );
add_action ( 'embed_head' , 'print_embed_styles' ); // Retained for backwards-compatibility. Unhooked by wp_enqueue_embed_styles().
2017-12-01 00:11:00 +01:00
add_action ( 'embed_head' , 'wp_print_head_scripts' , 20 );
add_action ( 'embed_head' , 'wp_print_styles' , 20 );
Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 02:37:00 +01:00
add_action ( 'embed_head' , 'wp_robots' );
2017-12-01 00:11:00 +01:00
add_action ( 'embed_head' , 'rel_canonical' );
add_action ( 'embed_head' , 'locale_stylesheet' , 30 );
2024-01-17 22:36:16 +01:00
add_action ( 'enqueue_embed_scripts' , 'wp_enqueue_emoji_styles' );
2017-12-01 00:11:00 +01:00
add_action ( 'embed_content_meta' , 'print_embed_comments_button' );
add_action ( 'embed_content_meta' , 'print_embed_sharing_button' );
add_action ( 'embed_footer' , 'print_embed_sharing_dialog' );
add_action ( 'embed_footer' , 'print_embed_scripts' );
add_action ( 'embed_footer' , 'wp_print_footer_scripts' , 20 );
add_filter ( 'excerpt_more' , 'wp_embed_excerpt_more' , 20 );
add_filter ( 'the_excerpt_embed' , 'wptexturize' );
add_filter ( 'the_excerpt_embed' , 'convert_chars' );
add_filter ( 'the_excerpt_embed' , 'wpautop' );
add_filter ( 'the_excerpt_embed' , 'shortcode_unautop' );
add_filter ( 'the_excerpt_embed' , 'wp_embed_excerpt_attachment' );
2020-06-10 19:20:10 +02:00
add_filter ( 'oembed_dataparse' , 'wp_filter_oembed_iframe_title_attribute' , 5 , 3 );
2017-12-01 00:11:00 +01:00
add_filter ( 'oembed_dataparse' , 'wp_filter_oembed_result' , 10 , 3 );
add_filter ( 'oembed_response_data' , 'get_oembed_response_data_rich' , 10 , 4 );
add_filter ( 'pre_oembed_result' , 'wp_filter_pre_oembed_result' , 10 , 3 );
Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.
In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.
For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.
Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia
Fixes #32522.
Built from https://develop.svn.wordpress.org/trunk@34903
git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 12:36:25 +02:00
2020-01-29 01:45:18 +01:00
// Capabilities.
2017-08-18 20:31:44 +02:00
add_filter ( 'user_has_cap' , 'wp_maybe_grant_install_languages_cap' , 1 );
Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 22:53:51 +01:00
add_filter ( 'user_has_cap' , 'wp_maybe_grant_resume_extensions_caps' , 1 );
2019-06-10 09:42:52 +02:00
add_filter ( 'user_has_cap' , 'wp_maybe_grant_site_health_caps' , 1 , 4 );
2017-08-18 20:31:44 +02:00
2021-12-10 21:30:05 +01:00
// Block templates post type and rendering.
2021-05-25 16:20:57 +02:00
add_filter ( 'render_block_context' , '_block_template_render_without_post_block_context' );
add_filter ( 'pre_wp_unique_post_slug' , 'wp_filter_wp_template_unique_post_slug' , 10 , 5 );
2021-11-09 00:10:59 +01:00
add_action ( 'save_post_wp_template_part' , 'wp_set_unique_slug_on_create_template_part' );
2023-10-13 19:21:22 +02:00
add_action ( 'wp_enqueue_scripts' , 'wp_enqueue_block_template_skip_link' );
add_action ( 'wp_footer' , 'the_block_template_skip_link' ); // Retained for backwards-compatibility. Unhooked by wp_enqueue_block_template_skip_link().
Themes: Fix block theme supports being added too early, leading to Customizer live preview bugs in 6.4.
The Customizer live preview broke because of [56635], however the root cause for the bug was a lower-level problem that had been present since WordPress 5.8: The block theme specific functions `_add_default_theme_supports()` and `wp_enable_block_templates()` were being hooked into the `setup_theme` action, which fires too early to initialize theme features. Because of that, theme functionality would be initialized before the current theme setup being completed. In the case of the Customizer, that includes overriding which theme is the current theme entirely, thus leading to an inconsistent experience.
This changeset fixes the bug by moving those two callbacks to the `after_setup_theme` action, which is the appropriate action to initialize theme features.
Props karl94, hellofromTonya, joemcgill, flixos90.
Fixes #59732.
See #18298, #53397, #54597.
Built from https://develop.svn.wordpress.org/trunk@57009
git-svn-id: http://core.svn.wordpress.org/trunk@56520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-26 20:44:26 +02:00
add_action ( 'after_setup_theme' , 'wp_enable_block_templates' , 1 );
2021-12-03 20:39:00 +01:00
add_action ( 'wp_loaded' , '_add_template_loader_filters' );
2021-05-25 16:20:57 +02:00
Editor: Move `wp_navigation` schema updating to `WP_Navigation_Fallback` class.
This aims to better align the navigation fallback implementation with core architecture and best practices.
The function that updates the `wp_navigation` post response schema is now a public method of the `WP_Navigation_Fallback` class, so an extra file previously used for that specific function is no longer necessary.
Follow-up to [56052].
Props ramonopoly, scruffian, isabel_brison, mukesh27, swissspidy, rajinsharwar, afercia, audrasjb, mikeschroder, JeffPaul, johnjamesjacoby, TimothyBlynJacobs, oglekler, SergeyBiryukov.
Fixes #58910.
Built from https://develop.svn.wordpress.org/trunk@56793
git-svn-id: http://core.svn.wordpress.org/trunk@56305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-06 16:06:22 +02:00
// wp_navigation post type.
add_filter ( 'rest_wp_navigation_item_schema' , array ( 'WP_Navigation_Fallback' , 'update_wp_navigation_post_schema' ) );
2022-10-11 20:44:13 +02:00
// Fluid typography.
add_filter ( 'render_block' , 'wp_render_typography_support' , 10 , 2 );
Editor: Persist preferences in user meta.
Adds a new feature to persist editor UI preferences between page loads and browsers.
* Adds a new preferences persistence API.
* Saves editor preferences in user meta instead of in browser's local storage.
Why?
Due to the transient nature of browser storage, this persistence is not as sticky as it is expected to be, including: switching browsers (unique storage between browsers), or using private browsing tabs (storage cleared between sessions), or the same user across a network of sites (storage unique by domain).
This is a backport from Gutenberg.[https://github.com/WordPress/gutenberg/pull/39795 See WordPress/gutenberg PR 39795].
Props talldanwp, youknowriad, noisysocks, mamaduka, costdev, ironprogrammer, hellofromTonya.
See #56467.
Built from https://develop.svn.wordpress.org/trunk@54182
git-svn-id: http://core.svn.wordpress.org/trunk@53741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-15 18:45:40 +02:00
// User preferences.
add_action ( 'init' , 'wp_register_persisted_preferences_meta' );
2023-06-26 10:57:25 +02:00
// CPT wp_block custom postmeta field.
add_action ( 'init' , 'wp_create_initial_post_meta' );
Revisions: framework for storing post meta revisions.
Enable the storing of post meta in revisions including autosaves and previews:
Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.
Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.
Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.
Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.
Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.
Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes #20564, #20299.
Built from https://develop.svn.wordpress.org/trunk@56714
git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:32:19 +02:00
// Include revisioned meta when considering whether a post revision has changed.
add_filter ( 'wp_save_post_revision_post_has_changed' , 'wp_check_revisioned_meta_fields_have_changed' , 10 , 3 );
// Save revisioned post meta immediately after a revision is saved
add_action ( '_wp_put_post_revision' , 'wp_save_revisioned_meta_fields' , 10 , 2 );
// Include revisioned meta when creating or updating an autosave revision.
add_action ( 'wp_creating_autosave' , 'wp_autosave_post_revisioned_meta_fields' );
// When restoring revisions, also restore revisioned meta.
add_action ( 'wp_restore_post_revision' , 'wp_restore_post_revision_meta' , 10 , 2 );
Introduce font-face styles generator and printer.
Introducing Font Face, a server-side `@font-face` styles generator and printer.
tl;dr:
* Introduces Font Face.
* Deprecates `_wp_theme_json_webfonts_handler()`.
**Introduce Font Face**
From an array of fonts (i.e. each font-family and its font variations to be processed), it:
1. Validates each `font-face` declaration, i.e. the CSS property and value pairing. If validation fails, processing stops with no font-face styles printed.
3. Generates the `@font-face` CSS for each font-family.
4. Prints the CSS within a `<style id="wp-fonts-local">` element.
The entry point into Font Face is through a new global function called `wp_print_font_faces()`, which is automatically called:
* when the `'wp_head'` hook runs (for the front-end).
* when the `'admin_print_styles'` hook runs (for the back-end).
* when `_wp_get_iframed_editor_assets()` runs to inject the `@font-face` styles into the iframed editor.
Once called, it gets the fonts from Theme_JSON merged data layer, which includes theme defined fonts and user activated fonts (once the Font Library #59166 is introduced into Core).
For classic sites, themes and plugins can directly call `wp_print_font_faces()` and pass their fonts array to it for processing.
**Deprecates `_wp_theme_json_webfonts_handler()`.**
As Font Face is a direct replacement, the stopgap code in `_wp_theme_json_webfonts_handler()` (introduced in 6.0.0 via [53282]) is deprecated and unused in Core.
**Props note:**
There's a long multiple year history baked into Font Face, which dates back to the early versions of a web font API (see #46370 and [https://github.com/WordPress/gutenberg/issues/41479 roadmap]. The props list includes those who contributed from those early versions up to this commit.
**References:**
* #46370 original (Web)Fonts API proposal for registering and enqueuing web fonts.
* [https://github.com/WordPress/gutenberg/issues/41479 Gutenberg tracking issue] which includes the evolution from Webfonts API to Fonts API to Font Face.
* [53282] / #55567 Added the stopgap code `_wp_theme_json_webfonts_handler()` in 6.0.
* [https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face @font-face on mdn web docs]
* #59166 Font Library: Font manager for WordPress
Follow-up to [53282].
Props aristath, jonoaldersonwp, hellofromTonya, andraganescu, annezazu, antonvlasenko, arena, askdesign, azaozz, bph, bradley2083, colorful-tones, costdev, davidbaumwald, desrosj, dingo_d, djcowan, domainsupport, dryanpress, elmastudio, flixos90, francina, garrett-eclipse, gigitux, grantmkin, grapplerulrich, gziolo, ironprogrammer, jb510, jeffpaul, jeremyyip, jffng, joostdevalk, jorgefilipecosta, juanmaguitar, mamaduka, matveb, mburridge, mitogh, ndiego, ntsekouras, oandregal, ocean90, oglekler, paaljoachim, pagelab, peterwilsoncc, poena, priethor, scruffian, SergeyBiryukov, shiloey, simison, skorasaurus, soean, westonruter, wildworks, zaguiini.
Fixes #59165.
Built from https://develop.svn.wordpress.org/trunk@56500
git-svn-id: http://core.svn.wordpress.org/trunk@56012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-31 23:49:20 +02:00
// Font management.
add_action ( 'wp_head' , 'wp_print_font_faces' , 50 );
2024-02-06 09:42:12 +01:00
add_action ( 'deleted_post' , '_wp_after_delete_font_family' , 10 , 2 );
add_action ( 'before_delete_post' , '_wp_before_delete_font_face' , 10 , 2 );
2024-02-08 08:38:19 +01:00
add_action ( 'init' , '_wp_register_default_font_collections' );
Introduce font-face styles generator and printer.
Introducing Font Face, a server-side `@font-face` styles generator and printer.
tl;dr:
* Introduces Font Face.
* Deprecates `_wp_theme_json_webfonts_handler()`.
**Introduce Font Face**
From an array of fonts (i.e. each font-family and its font variations to be processed), it:
1. Validates each `font-face` declaration, i.e. the CSS property and value pairing. If validation fails, processing stops with no font-face styles printed.
3. Generates the `@font-face` CSS for each font-family.
4. Prints the CSS within a `<style id="wp-fonts-local">` element.
The entry point into Font Face is through a new global function called `wp_print_font_faces()`, which is automatically called:
* when the `'wp_head'` hook runs (for the front-end).
* when the `'admin_print_styles'` hook runs (for the back-end).
* when `_wp_get_iframed_editor_assets()` runs to inject the `@font-face` styles into the iframed editor.
Once called, it gets the fonts from Theme_JSON merged data layer, which includes theme defined fonts and user activated fonts (once the Font Library #59166 is introduced into Core).
For classic sites, themes and plugins can directly call `wp_print_font_faces()` and pass their fonts array to it for processing.
**Deprecates `_wp_theme_json_webfonts_handler()`.**
As Font Face is a direct replacement, the stopgap code in `_wp_theme_json_webfonts_handler()` (introduced in 6.0.0 via [53282]) is deprecated and unused in Core.
**Props note:**
There's a long multiple year history baked into Font Face, which dates back to the early versions of a web font API (see #46370 and [https://github.com/WordPress/gutenberg/issues/41479 roadmap]. The props list includes those who contributed from those early versions up to this commit.
**References:**
* #46370 original (Web)Fonts API proposal for registering and enqueuing web fonts.
* [https://github.com/WordPress/gutenberg/issues/41479 Gutenberg tracking issue] which includes the evolution from Webfonts API to Fonts API to Font Face.
* [53282] / #55567 Added the stopgap code `_wp_theme_json_webfonts_handler()` in 6.0.
* [https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face @font-face on mdn web docs]
* #59166 Font Library: Font manager for WordPress
Follow-up to [53282].
Props aristath, jonoaldersonwp, hellofromTonya, andraganescu, annezazu, antonvlasenko, arena, askdesign, azaozz, bph, bradley2083, colorful-tones, costdev, davidbaumwald, desrosj, dingo_d, djcowan, domainsupport, dryanpress, elmastudio, flixos90, francina, garrett-eclipse, gigitux, grantmkin, grapplerulrich, gziolo, ironprogrammer, jb510, jeffpaul, jeremyyip, jffng, joostdevalk, jorgefilipecosta, juanmaguitar, mamaduka, matveb, mburridge, mitogh, ndiego, ntsekouras, oandregal, ocean90, oglekler, paaljoachim, pagelab, peterwilsoncc, poena, priethor, scruffian, SergeyBiryukov, shiloey, simison, skorasaurus, soean, westonruter, wildworks, zaguiini.
Fixes #59165.
Built from https://develop.svn.wordpress.org/trunk@56500
git-svn-id: http://core.svn.wordpress.org/trunk@56012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-31 23:49:20 +02:00
Block Hooks: Use new Templates Controller filter instead of action.
This changeset adds a new `rest_pre_insert_{$this->post_type}` filter in the `WP_REST_Templates_Controller`, where it is applied to the return value of the `prepare_item_for_database` method. (This is consistent with the `WP_REST_Post_Controller`, where that filter has existed before.)
The new filter is then used to inject hooked blocks into the template (or template part) content received via the endpoint, prior to persisting it to the database.
This supersedes the previous mechanism, which was using the `rest_after_insert_{$this->post_type}` ''action'', from which it performed an additional `wp_update_post` call to update the template (part) content with the hooked blocks injected. The new technique eschews that additional call and the resulting extra revision it created, as well as a problem with regard to duplicated escaping and sanitization, which had caused some special characters to be garbled.
Props tomjcafferkey, gziolo, swissspidy, karolmanijak.
Fixes #60671.
Built from https://develop.svn.wordpress.org/trunk@57790
git-svn-id: http://core.svn.wordpress.org/trunk@57291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-03-07 15:12:11 +01:00
// Add ignoredHookedBlocks metadata attribute to the template and template part post types.
Block Hooks: Pass correct context to filters.
The `$context` argument passed to filters such as `hooked_block_types`, `hooked_block`, and `hooked_block_{$hooked_block_type}` allows them to conditionally insert a hooked block. If the anchor block is contained in a template or template part, `$context` will be set to a `WP_Block_Template` object reflecting that template or part.
The aforementioned filters are applied when hooked block insertion is run upon reading a template (or part) from the DB (and before sending the template/part content with hooked blocks inserted over the REST API to the client), but also upon writing to the DB, as that's when the `ignoredHookedBlocks` metadata attribute is set.
Prior to this changeset, the `$context` passed to Block Hooks related filters in the latter case reflected the template/part that was already stored in the database (if any), which is a bug; instead, it needs to reflect the template/part that will result from the incoming `POST` network request that will trigger a database update.
Those incoming changes are encapsulated in the `$changes` argument passed to the `reset_pre_insert_template` and `reset_pre_insert_template_part` filters, respectively, and thus to the `inject_ignored_hooked_blocks_metadata_attributes` function that is hooked to them. `$changes` is of type `stdClass` and only contains the fields that need to be updated. That means that in order to create a `WP_Block_Template` object, a two-step process is needed:
- Emulate what the updated `wp_template` or `wp_template_part` post object in the database will look like by merging `$changes` on top of the existing `$post` object fetched from the DB, or from the theme's block template (part) file, if any.
- Create a `WP_Block_Template` from the resulting object.
To achieve the latter, a new helper method (`_build_block_template_object_from_post_object`) is extracted from the existing `_build_block_template_result_from_post` function. (The latter cannot be used directly as it includes a few database calls that will fail if no post object for the template has existed yet in the database.)
While somewhat complicated to implement, the overall change allows for better separation of concerns and isolation of entities. This is visible e.g. in the fact that `inject_ignored_hooked_blocks_metadata_attributes` no longer requires a `$request` argument, which is reflected by unit tests no longer needing to create a `$request` object to pass to it, thus decoupling the function from the templates endpoint controller.
Unit tests for `inject_ignored_hooked_blocks_metadata_attributes` have been moved to a new, separate file. Test coverage has been added such that now, all three relevant scenarios are covered:
- The template doesn't exist in the DB, nor is there a block theme template file for it.
- The template doesn't exist in the DB, but there is a block theme template file for it.
- The template already exists in the DB.
Those scenarios also correspond to the logical branching inside `WP_REST_Templates_Controller::prepare_item_for_database`, which is where `inject_ignored_hooked_blocks_metadata_attributes` gets its data from.
Props tomjcafferkey, bernhard-reiter, gziolo, swissspidy.
Fixes #60754.
Built from https://develop.svn.wordpress.org/trunk@57919
git-svn-id: http://core.svn.wordpress.org/trunk@57420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-03 17:11:14 +02:00
add_filter ( 'rest_pre_insert_wp_template' , 'inject_ignored_hooked_blocks_metadata_attributes' );
add_filter ( 'rest_pre_insert_wp_template_part' , 'inject_ignored_hooked_blocks_metadata_attributes' );
2024-02-13 16:12:09 +01:00
Block Hooks: Move ignoredHookedBlocks metadata injection logic.
As of [57790], the Templates endpoint uses the `rest_pre_insert_*` filter to inject the `ignoredHookedBlocks` metadata attribute into anchor blocks, prior to persisting a template or template part to the database. The same principle was implemented for the Navigation endpoint (where additionally, first and last child blocks added at the top level are store in the `wp_navigation` post object's post meta). The required logic was added to the Navigation block's code, i.e. inside the Gutenberg code repository, and then synchronized to Core.
In order to harmonize the code between the two endpoints, this changeset introduces a new `update_ignored_hooked_blocks_postmeta` function, which is based on the Navigation block's `block_core_navigation_update_ignore_hooked_blocks_meta`, alongside a few helper functions, and hooks it to the `rest_pre_insert_wp_navigation` filter hook. (The Navigation block has been prepared in [58275] to add an additional conditional to check for the new `update_ignored_hooked_blocks_postmeta` filter so there won't be any collisions.)
Eventually, this will allow to deprecate `block_core_navigation_update_ignore_hooked_blocks_meta` (and some related functions), and remove the relevant code from the Navigation block. It also paves the way for some other future changes, such as inserting a hooked block as a Template Part block's first or last child (#60854).
Props tomjcafferkey, bernhard-reiter.
Fixes #60759.
Built from https://develop.svn.wordpress.org/trunk@58291
git-svn-id: http://core.svn.wordpress.org/trunk@57751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-03 14:05:15 +02:00
// Update ignoredHookedBlocks postmeta for wp_navigation post type.
add_filter ( 'rest_pre_insert_wp_navigation' , 'update_ignored_hooked_blocks_postmeta' );
2024-06-03 14:37:14 +02:00
// Inject hooked blocks into the wp_navigation post type REST response.
add_filter ( 'rest_prepare_wp_navigation' , 'insert_hooked_blocks_into_rest_response' , 10 , 2 );
2015-01-12 17:40:23 +01:00
unset ( $filter , $action );