- Editor: Fix Path Traversal issue on Windows in Template-Part Block.
- Editor: Sanitize Template Part HTML tag on save.
- HTML API: Run URL attributes through `esc_url()`.
Merges [58470], [58471], [58472] and [58473] to the 6.4 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.
Built from https://develop.svn.wordpress.org/branches/6.4@58475
git-svn-id: http://core.svn.wordpress.org/branches/6.4@57924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to some changes on the WP.com side to compress the requested images on the fly, the exact image size in the response could be different between platforms.
This commit aims to make the affected tests more reliable.
Follow-up to [139/tests], [31258], [34568], [47142], [57903], [57904], [57924].
Merges [57931] to the 6.4 branch.
Props peterwilsoncc, jorbin.
See #60865.
Built from https://develop.svn.wordpress.org/branches/6.4@57938
git-svn-id: http://core.svn.wordpress.org/branches/6.4@57439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It appears that something has changed on the WP.com side to compress the requested images on the fly, which interfered with the previous expectations in these tests.
This commit uses a direct file URL and updates the expected image size to match the currently returned response.
Follow-up to [139/tests], [31258], [47142].
Reviewed by jorbin.
Merges [57903] to the 6.4 branch.
Props dextorlobo, swissspidy, davidbaumwald, SergeyBiryukov.
See #60865.
Built from https://develop.svn.wordpress.org/branches/6.4@57930
git-svn-id: http://core.svn.wordpress.org/branches/6.4@57431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.
This introduces the new function wp_zip_file_is_valid() to validate archives.
Follow up to [57388].
Reviewed by jorbin.
Merges [57537] to the 6.4 branch.
Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes#60398.
Built from https://develop.svn.wordpress.org/branches/6.4@57929
git-svn-id: http://core.svn.wordpress.org/branches/6.4@57430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The MySQL Docker containers for versions 5.7 and below do not support recent Apple silicone chips. Previously this was fixed by including `amd64/` as a prefix to the image name in the `docker-compose.yml` file (see [54096]). However, this stopped working after recent updates to Docker Desktop.
This changeset removes the `amd64/` prefix for the image used as the database container and raises the default version of MySQL in the local development environment to the current LTS version (8.0). Because this version is still maintained, there are `arm64` containers available to use.
This also documents a new workaround for contributors looking to run the local Docker environment using MySQL 5.7 or earlier, which entails creating a small `docker-compose.override.yml`.
Merges [57568] to the 6.4 branch.
Props bernhard-reiter, johnbillion, afragen, huzaifaalmesbah.
Fixes#59930.
Built from https://develop.svn.wordpress.org/branches/6.4@57862
git-svn-id: http://core.svn.wordpress.org/branches/6.4@57363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure logged out users are redirected to the media file when attachment pages are inactive. This removes the read_post capability check from the canonical redirects as anonymous users lack the permission.
This was previously committed in [57310] before being reverted in [57318]. This update includes a fix to cover instances where revealing a URL could be considered a data leak and greatly expands the unit tests to ensure that this is covered along with many other instances.
Follow-up to [56657], [56658], [56711], [57310], [57318].
Reviewed by joemcgill.
Merges [57357] to 6.4 branch.
Props peterwilsoncc, jorbin, afercia, aristath, chesio, joppuyo, jorbin, lakshmananphp, poena, sergeybiryukov, swissspidy, johnbillion, mukesh27.
Fixes#59866.
See #57913.
Built from https://develop.svn.wordpress.org/branches/6.4@57358
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Package Update includes fixes for:
- Fix block rename control shown in "Advanced" for unsupported blocks
- Query block: remove unnecessary class
- Fix duotone not showing in site editor style block level styles
- Query Loop - Add accessibility markup at the end of the loop in all cases.
- Background Image Support: Hide the background image reset button when there's no image
- Background image support: Fix focus loss when resetting background image
- Autocomplete: Fix Voiceover not announcing suggestions
- Fix pattern category renaming causing potential duplicate categories
- Patterns: use existing download function for JSON downloads to fix non-ASCII encoding
- Add context for translators to any unclear usage of "synced"
- Image block: Add check for lightbox values during image block migration
- Image Block: Enable image block to be selected correctly when clicked
- Reduce specificity of default Cover text color styles.
- Image Block: Fix deprecation when width/height attribute is number
- Text selection: show CSS hack to Safari only.
- SlotFill: Allow contextual SlotFillProviders
Reviewed by peterwilsoncc.
Merges [57258] and [57109] to 6.4 branch.
Props mikachan, isabel_brison, kebbet, artemiosans, talldanwp, ramonopoly, alexstine, andrewserong, mamaduka, cbravobernal, ajlende, luisherranz, wildworks, poena, czapla, andraganescu, joen, ellatrix, youknowriad, ntsekouras.
Fixes#59828.
Built from https://develop.svn.wordpress.org/branches/6.4@57346
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the `wp_login_errors` filter is used to add an error message followed by an instructional message, the former was not displayed and the latter was errouneously displayed twice above the login form.
This commit ensures that the error message is displayed as expected.
Follow-up to [56654].
Reviewed by jorbin.
Merges [57142] to the 6.4 branch.
Props mapumba, SergeyBiryukov.
Fixes#59983.
Built from https://develop.svn.wordpress.org/branches/6.4@57288
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This bumps the minimum required version of Node.js/npm from 16.19.1 and 8.19.3 to 20.10.0 and 10.2.3.
Since 20.10.0 is the latest 20.x version of Node.js, the check-latest option has been enabled for actions/setup-node in GitHub Actions workflows. This performs an additional external call to the Node.js API confirming the latest version is installed on the runner for use. In testing, it seems that 20.10.0 was not consistently deployed to all runner machines in use. This should be removed in the near future when the version of Node.js is reliably above the new minimum requirement.
The Gutenberg repository has also been updated to use the same values for engines.
Merges [57212] to the 6.4 branch.
Props jorbin, joemcgill, swissspidy, benharri, dhrupo, flootr, gziolo, noahtallen.
See #59663.
Built from https://develop.svn.wordpress.org/branches/6.4@57214
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the default value for `LOCAL_PHP` in the 6.4 branch from `latest` to `8.3-fpm` to reflect the highest version of PHP this branch will support (with beta support).
After this change, future updates to the `latest` container built and published by the `wpdev-docker-images` repository will not cause failures in this branch.
While there are currently no failures in the 6.4 branch, the `latest` container was recently changed from using PHP 7.4 to 8.2 and caused failures in the 5.8-6.3 branches. Pinning a PHP version to this branch now will prevent that same scenario in the future. Going forward, this should be done at the time of branching.
Older branches already have specific PHP versions defined.
See #60095.
Built from https://develop.svn.wordpress.org/branches/6.4@57198
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The values of start and end are not fully supported by Opera Mini which has 1.01% usage. There is no material change in functionality with this change.
Reviewed by hellofromTonya.
Merges [57151] to 6.4 branch.
Props kebbet, NekoJonez, luminuu, hellofromTonya.
Fixes#59819.
Built from https://develop.svn.wordpress.org/branches/6.4@57160
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes bugs introduced in [56635] whereby the template or stylesheet path could be memoized incorrectly if get_template_directory() or get_stylesheet_directory() were called before the theme has been fully initialized.
Reviewed by Jorbin.
Merges [57129] to 6.4 branch.
Props partyfrikadelle, coreyw, kdowns, rebasaurus, meta4, flixos90, mukesh27, joemcgill, icaleb.
Fixes#59847.
Built from https://develop.svn.wordpress.org/branches/6.4@57156
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Restores setting the site's logo, icon, and wp-admin's back button image (which defaults to W).
Prior to [56566], the site logo and icon were unconditionally added to the index. [56566] changed this by conditionally adding them if either the `_links` or `_embedded` fields were included. However, these fields are not included when using the Site Logo block, as it uses the `site_logo`, `site_icon`, and `site_icon_url` fields instead.
This changeset restores the functionality by checking specifically for the `site_*` fields when neither of the `_links` or `_embedded` fields are present.
Follow up to [56566].
Reviewed by jorbin.
Merges [57147] to the 6.4 branch.
Props antonvlasenko, hellofromTonya, ironprogrammer, priethor, wildworks.
Fixes#59935.
Built from https://develop.svn.wordpress.org/branches/6.4@57154
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The recently introduced Block Hooks API exposes a filter (`hooked_block_types`) which is given a `$context` argument, among others. If the filter is called on a block that's part of a template or template part, `$context` is set to the corresponding `WP_Block_Template` object.
However, that object's `$content` property is currently ''not'' exposed to the filter. This changeset amends that shortcoming.
This is useful for callbacks that might want to detect the presence of a serialized block instance (or potentially in the future utilize the HTML API) to restrict where the block is injected (before the template is rendered).
Addressing this also achieves parity with the structure of `$context` when it represents a pattern (where pattern serialized content is present).
Merges [57118] to the 6.4 branch.
Props nerrad.
Fixes#59882.
Built from https://develop.svn.wordpress.org/branches/6.4@57119
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The example code in the PHPDoc comment for the HTML Tag Processor class
previously showed calling `next_tag()` with an array containing a `class`
key, which should have been `class_name`. This patch fixes this by using
the appropriate `class_name` key.
Merges [57116] to the 6.4 branch.
Props dmsnell, gaambo, crstauf, atachibana, audrasjb, krupalpanchal.
Fixes#59891.
Built from https://develop.svn.wordpress.org/branches/6.4@57117
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the '@since 6.4.0' annotation in _register_theme_block_patterns to reference WP_Theme::get_block_patterns instead of _wp_get_block_patterns, which was changed in [56978].
Reviewed by audrasjb.
Merges [57102] to the to the 6.4 branch.
Props audrasjb, mukesh27, joemcgill.
Fixes#59869.
Built from https://develop.svn.wordpress.org/branches/6.4@57103
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
During a bulk edit of posts with different categories, the categories for the edited posts would be reset to the default category: uncategorized by default.
This reverts [56712] to resolve the issue.
Merges [57093] to the 6.4 branch.
Props peterwilsoncc, hellofromtonya, jorbin.
Fixes#59837.
See #11302.
Built from https://develop.svn.wordpress.org/branches/6.4@57094
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partial revert of [56475] to reinstate the private `wpdb::$use_mysqli` property and set to its default to true. This private property was / is accessible through the magic methods. Though Core's usage of this property was removed by [56475], plugins are using the property. Reinstating it resolves the BC break.
Follow up to [56475].
Reviewed by jorbin.
Merges [57089] to the 6.4 branch.
Props jason_the_adams, joemcgill, johnbillion, johnjamesjacoby, jrf, rajinsharwar, renehermi.
Fixes#59846.
Built from https://develop.svn.wordpress.org/branches/6.4@57090
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the Requests library from version 2.0.8 to 2.0.9. This is a hotfix release.
Reviewed by jorbin, desrosj.
Merges [57086] to 6.4 branch.
Props jorbin, hellofromTonya, desrosj, barry, cenkdemir, nexflaszlo, schlessera, jrf, Clorith, tomsommer, azaozz, pbiron, afragen, howdy_mcgee.
Fixes#59842.
Built from https://develop.svn.wordpress.org/branches/6.4@57088
git-svn-id: http://core.svn.wordpress.org/branches/6.4@56599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
