This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
Built from https://develop.svn.wordpress.org/trunk@55094
git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When lazy-loading images was introduced, in [52065] the check for `wp_lazy_loading_enabled()` was omitted by accident in the logic to set the attribute with its default value on `img` tags from `get_the_post_thumbnail()`. Without this check, it is impossible for third-party developers to modify the behavior for featured images.
This changeset fixes the problem by introducing the check.
Props flixos90, joemcgill, mukesh27.
Fixes#57490.
Built from https://develop.svn.wordpress.org/trunk@55093
git-svn-id: http://core.svn.wordpress.org/trunk@54626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calls to `wp-admin/load-styles.php` do not include the loading of `wp_cache_*()` functions. With [55086], this caused a fatal error:
{{{
Fatal error: Uncaught Error: Call to undefined function wp_cache_get() in /wp-includes/global-styles-and-settings.php on line 285
}}}
In some production and local environments running `trunk`, the admin area looked broken as the styling was not loaded as there were no HTTP requests.
This commit reverts the caching from [55086] to restore sites running `trunk` until a solution is found.
Follow-up to [55086].
Props Otto42, dmsnell, costdev.
See #56975.
Built from https://develop.svn.wordpress.org/trunk@55092
git-svn-id: http://core.svn.wordpress.org/trunk@54625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$string` parameter to `$content` in:
* `Tests_Kses::test_wp_filter_post_kses_address()`
* `Tests_Kses::test_wp_filter_post_kses_a()`
* `Tests_Kses::test_wp_filter_post_kses_abbr()`
* Amends a few parameters and variables in other tests in the same file for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951], [54952], [54956], [54959], [54960], [54961], [54962], [54964], [54965], [54969], [54970], [54971], [54972], [54996], [55000], [55011], [55013], [55014], [55015], [55016], [55017], [55020], [55021], [55023], [55027], [55028], [55034], [55036], [55037], [55038], [55039], [55049], [55050], [55060], [55062], [55064], [55065], [55076], [55077], [55078], [55081].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55090
git-svn-id: http://core.svn.wordpress.org/trunk@54623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds `wp_theme_has_theme_json()` for public consumption, to replace the private internal Core-only `WP_Theme_JSON_Resolver::theme_has_support()` method. This new global function checks if a theme or its parent has a `theme.json` file.
For performance, results are cached as an integer `1` or `0` in the `'theme_json'` group with `'wp_theme_has_theme_json'` key. This is a non-persistent cache. Why? To make the derived data from `theme.json` is always fresh from the potential modifications done via hooks that can use dynamic data (modify the stylesheet depending on some option, settings depending on user permissions, etc.).
Also adds a new public function `wp_clean_theme_json_cache()` to clear the cache on `'switch_theme'` and `start_previewing_theme'`.
References:
* [https://github.com/WordPress/gutenberg/pull/45168 Gutenberg PR 45168] Add `wp_theme_has_theme_json` as a public API to know whether a theme has a `theme.json`.
* [https://github.com/WordPress/gutenberg/pull/45380 Gutenberg PR 45380] Deprecate `WP_Theme_JSON_Resolver:theme_has_support()`.
* [https://github.com/WordPress/gutenberg/pull/46150 Gutenberg PR 46150] Make `theme.json` object caches non-persistent.
* [https://github.com/WordPress/gutenberg/pull/45979 Gutenberg PR 45979] Don't check if constants set by `wp_initial_constants()` are defined.
* [https://github.com/WordPress/gutenberg/pull/45950 Gutenberg PR 45950] Cleaner logic in `wp_theme_has_theme_json`.
Follow-up to [54493], [53282], [52744], [52049], [50959].
Props oandregal, afragen, alexstine, aristath, azaozz, costdev, flixos90, hellofromTonya, mamaduka, mcsf, ocean90, spacedmonkey.
Fixes#56975.
Built from https://develop.svn.wordpress.org/trunk@55086
git-svn-id: http://core.svn.wordpress.org/trunk@54619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function `get_adjacent_post` cached the results of database query in the cache group `counts`. This is a none persistent group and meant cache would not persist on the next request. Change cache to save to the `posts` cache group. Cache invalidation is done by using get last changed value of the `posts` and `terms` group as a salt for the cache key.
Props spacedmonkey, peterwilsoncc, johnbillion, boonebgorges, mukesh27, dd32.
Fixes#41131.
Built from https://develop.svn.wordpress.org/trunk@55085
git-svn-id: http://core.svn.wordpress.org/trunk@54618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove escape placeholder from query cache key, as placeholders are on a based on a unique id on every request. This meant that it is impossible for a cache to be reused, making queries that use escape placeholders such as searches, meta queries or using the `description__like` / `name__like` parameters were unable to be cached.
Follow on from [54634].
Props spacedmonkey, peterwilsoncc.
Fixes#57298.
Built from https://develop.svn.wordpress.org/trunk@55083
git-svn-id: http://core.svn.wordpress.org/trunk@54616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes a few use case:
- When referring to the Privacy Policy page, "Privacy Policy" should use capitalization on "Privacy Policy", but "page" should remain lowercase;
- When referring to the fact that a website needs, let's say "a relevant privacy policy", "privacy policy" should stay lowercase.
This changeset also updates other small capitalization issues.
Props aravindajith, audrasjb, sarathar, nithi22, costdev.
Fixes#57226.
Built from https://develop.svn.wordpress.org/trunk@55082
git-svn-id: http://core.svn.wordpress.org/trunk@54615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When passed a `WP_Image_Editor` instance as the `$image` parameter, `wp_save_image_file()` returns an array on success, so we can specifically check for an array instead of any non-empty result.
Likewise, in PDF tests, when creating an attachment is expected to return an integer ID and not a `WP_Error` object, we can specifically check for that.
Follow-up to [1061/tests], [38949], [39617], [42792], [53529], [53530], [53531], [55019], [55066].
See #56793.
Built from https://develop.svn.wordpress.org/trunk@55070
git-svn-id: http://core.svn.wordpress.org/trunk@54603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When passed a GD resource as `$image`, `wp_save_image_file()` should throw a deprecated argument notice:
{{{
Function wp_save_image_file was called with an argument that is deprecated since version 3.5.0!
$image needs to be a WP_Image_Editor object.
}}}
The test verifies that the notice is thrown as expected.
Includes:
* Removing the `Tests_Functions_Deprecated` class. It appears to be initially intended for testing deprecated functions or arguments, but this was later superseded by the `@expectedDeprecated` annotation.
* Removing a redundant test for `wp_save_image_file()` **not** throwing a deprecation notice when passed a `WP_Image_Editor` instance. This is already covered by `test_wp_save_image_file()`, which would fail if there is an unexpected deprecation notice.
Follow-up to [1061/tests], [25408], [25409], [53529].
See #56793.
Built from https://develop.svn.wordpress.org/trunk@55066
git-svn-id: http://core.svn.wordpress.org/trunk@54599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds the top 10 Mastodon domains by popularity to Twenty Twenty and Twenty Twenty-One Social icon feature.
Note: other Mastodon domains can be added to the array of domain mapping using `twentytwenty_social_icons_map` and `twenty_twenty_one_social_icons_map` filters.
Props triumvirate, sabernhardt, audrasjb, peterwilsoncc, rryyaanndd, ianbelanger.
Fixes#57293, #49099.
Built from https://develop.svn.wordpress.org/trunk@55061
git-svn-id: http://core.svn.wordpress.org/trunk@54594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$case` parameter to `$filename` in `Tests_File::test_wp_tempnam()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951], [54952], [54956], [54959], [54960], [54961], [54962], [54964], [54965], [54969], [54970], [54971], [54972], [54996], [55000], [55011], [55013], [55014], [55015], [55016], [55017], [55020], [55021], [55023], [55027], [55028], [55034], [55036], [55037], [55038], [55039], [55049], [55050].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55060
git-svn-id: http://core.svn.wordpress.org/trunk@54593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces the `wp_set_password` action hook, triggered after a password is set for a given user. As several plugins are calling `wp_set_password()` directly, adding an action to the end of the function will help plugin authors to catch all instances of password setting.
Props tanner-m, audrasjb.
Fixes#57436.
Built from https://develop.svn.wordpress.org/trunk@55056
git-svn-id: http://core.svn.wordpress.org/trunk@54589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The [https://make.wordpress.org/core/2021/02/19/feature-plugin-rollback-update-failure/ Rollback Update Failure feature project] has been split into two plugins for testing:
* [https://github.com/afragen/faster-updates Faster Updates] speeds up plugin or theme updates by moving files rather than copying them, thus decreasing the memory usage and reducing the chance of timeouts or running out of disk space during updates.
* [https://wordpress.org/plugins/rollback-update-failure/ Rollback Update Failure] creates a temporary backup of plugins and themes before updating. This aims to make the update process more reliable and ensure that if a plugin or theme update fails, the previous version can be safely restored.
The current priority of the feature project is to test the new `move_dir()` function, which offers better performance than `copy_dir()`. Instead of copying a directory in a recursive manner file by file from one location to another, `move_dir()` uses the `rename()` PHP function to speed up the process, which is instrumental in updating large plugins without a delay. If the renaming failed, it falls back to the `copy_dir()` WP function.
The `move_dir()` function is self-contained in the Faster Updates plugin and does not require any special hooks in core, so the conditional previously added to `WP_Upgrader::install_package()` to facilitate testing is no longer needed and can be removed.
Follow-up to [53578], [54484], [54643].
Props afragen, costdev, peterwilsoncc.
See #56057, #57375, #57386.
Built from https://develop.svn.wordpress.org/trunk@55055
git-svn-id: http://core.svn.wordpress.org/trunk@54588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset moves typecasting to affect the `get_option` value, which ensures that when math is done it does not generate any error. In PHP 7.4 and earlier the previous implementation was dismissed as a warning, but in PHP 8+ it would have throw a fatal error.
Follow-up to [45856].
Props Nick_theGeek, SergeyBiryukov, johnbillion.
Fixes#57035.
Built from https://develop.svn.wordpress.org/trunk@55054
git-svn-id: http://core.svn.wordpress.org/trunk@54587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset indirectly improves performance of the commonly used `esc_url()` function by optimizing the low-level function `wp_kses_bad_protocol()` for the by far most common scenarios, which are URLs using either the `http` or `https` protocol.
For this common scenario, the changeset now avoids the `do while` loop. While for a single call to the `esc_url()` function the performance wins are negligible, given that `esc_url()` is often called many times in one page load, they can add up, making this a worthwhile improvement.
Props mukesh27, schlessera, markjaquith, azaozz, spacedmonkey.
Fixes#22951.
Built from https://develop.svn.wordpress.org/trunk@55053
git-svn-id: http://core.svn.wordpress.org/trunk@54586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$type` and `$object` parameters to `$object_type` and `$object_name` in `Test_WP_Customize_Nav_Menus::filter_items()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951], [54952], [54956], [54959], [54960], [54961], [54962], [54964], [54965], [54969], [54970], [54971], [54972], [54996], [55000], [55011], [55013], [55014], [55015], [55016], [55017], [55020], [55021], [55023], [55027], [55028], [55034], [55036], [55037], [55038], [55039].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55049
git-svn-id: http://core.svn.wordpress.org/trunk@54582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Initializing the `WP_Locale` array properties to an empty array at the class definition point. Why?
* Ensure the properties initialize to an `array` data type at instantiation (rather than `null`).
This initialization is needed to ensure the properties are not `null` if another class inherits from `WP_Locale` but does not run `WP_Locale::init()` from the constructor. In this case, the initialization prevents
{{{
Warning: array_values() expects parameter 1 to be array, null given
}}}
when Core uses any of the properties.
* Good design practice.
The code and documentation are clearly expecting these properties to be an `array` data type. Setting each to a default `array()` state further helps to clearly communicate the code design.
Follow-up to [37889], [36292], [31078], [3676], [6589].
Props tyxla, SergeyBiryukov, azaozz, hellofromTonya, mukesh27.
See #57427.
Built from https://develop.svn.wordpress.org/trunk@55047
git-svn-id: http://core.svn.wordpress.org/trunk@54580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Renaming the class was missed in [54997] when updating changes in `WP_Http::request()` for the Requests 2.0.0 external library upgrade. The `HTTP` class no longer exists and caused a fatal error:
{{{
PHP Fatal error: Class 'WpOrg\Requests\Proxy\HTTP' not found in wp-includes/class-wp-http.php on line 382
}}}
This commit renames the class to `Http` and resolves the fatal error.
Follow-up to [52244], [52315], [52327], [52328], [54997], [55007].
Props danielbachhuber, jrf.
See #54504.
Built from https://develop.svn.wordpress.org/trunk@55046
git-svn-id: http://core.svn.wordpress.org/trunk@54579 1a063a9b-81f0-0310-95a4-ce76da25c4cd