WP_Theme_JSON sanitization is now able to sanitize data contained on indexed arrays.
So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array will be sanitized.
Props mmaattiiaass, mukesh27.
Fixes#60360.
Built from https://develop.svn.wordpress.org/trunk@57496
git-svn-id: http://core.svn.wordpress.org/trunk@56997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `next_token()` was introduced, it brought a subtle bug. When encountering a `<` in the HTML stream which did not lead to a tag or comment or other token, it was treating the full text span to that point as one text node, and the following span another text node.
The entire span should be one text node.
In this patch the Tag Processor properly detects this scenario and combines the spans into one text node.
Follow-up to [57348]
Props jonsurrell
Fixes#60385
Built from https://develop.svn.wordpress.org/trunk@57489
git-svn-id: http://core.svn.wordpress.org/trunk@56990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that looking up a singular that is also used as a pluralized string works as expected.
This improves compatibility for cases where for example both `__( 'Product' )` and `_n( 'Product', 'Products’, num )` are used in a project, where both will use the same translation for the singular version.
Although such usage is not really recommended nor documented, it must continue to work in the new i18n library in order to maintain backward compatibility and maintain expected behavior.
See #59656.
Built from https://develop.svn.wordpress.org/trunk@57386
git-svn-id: http://core.svn.wordpress.org/trunk@56892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previous Gutenberg versions are not compatible with recent trunk because of the
WP_Navigation_Block_Renderer classname. It's present in both.
Gutenberg has been updated to avoid the use of this class but we need to auto-disable
old plugins to avoid fatals.
Props hellofromtonya.
See #60315.
Built from https://develop.svn.wordpress.org/trunk@57384
git-svn-id: http://core.svn.wordpress.org/trunk@56890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch, somewhat small brings a lot to WordPress.
This includes features like:
- DataViews.
- Customization tools like box shadow, background size and repeat.
- UI improvements in the site editor.
- Preferences sharing between the post and site editors.
- Unified panels and editors between post and site editors.
- Improved template mode in the post editor.
- Iterations to multiple interactive blocks.
- Preparing the blocks and UI for pattern overrides.
- and a lot more.
Props luisherranz, gziolo, isabel_brison, costdev, jonsurrell, peterwilsoncc, get_dave, antonvlasenko, desrosj.
See #60315.
Built from https://develop.svn.wordpress.org/trunk@57377
git-svn-id: http://core.svn.wordpress.org/trunk@56883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is part of the sync from the Gutenberg plugin that introduces the registry for block binding sources required for the new Block Bindings API: WordPress/gutenberg#54536.
See #60282.
Follow-up [57373].
Props czapla, artemiosans, santosguillamot, sc0ttkclark, lgladdy, talldanwp, swissspidy, youknowriad, fabiankaegy, mukesh27.
Built from https://develop.svn.wordpress.org/trunk@57375
git-svn-id: http://core.svn.wordpress.org/trunk@56881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit removes unnecessary access and internal annotations from two functions that are private and as such don't require the annotation. It also adds the since annotation with the 6.5 release given that the annotation may be useful.
Props swissspidy.
See #60358.
Built from https://develop.svn.wordpress.org/trunk@57374
git-svn-id: http://core.svn.wordpress.org/trunk@56880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following third-party GitHub Actions to their latest versions:
- `actions/setup-node` from `3.8.1` to `4.0.1`
- `actions/upload-artifact` from `3.1.2` to `4.3.0`
- `shivammathur/setup-php` from `2.28.0` to `2.29.0`
- `actions/cache` from `3.3.2` to `4.0.0`
- `codecov/codecov-action` from `3.1.4` to `3.1.5`
Most notably, these updates silence newly encountered notices as a result of GitHub beginning to transition away from Node.js 16 to Node.js 20 (see https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/).
Props swissspidy.
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57362
git-svn-id: http://core.svn.wordpress.org/trunk@56868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure logged out users are redirected to the media file when attachment pages are inactive. This removes the read_post capability check from the canonical redirects as anonymous users lack the permission.
This was previously committed in [57310] before being reverted in [57318]. This update includes a fix to cover instances where revealing a URL could be considered a data leak and greatly expands the unit tests to ensure that this is covered along with many other instances.
Follow-up to [56657], [56658], [56711], [57310], [57318].
Props peterwilsoncc, jorbin, afercia, aristath, chesio, joppuyo, jorbin, lakshmananphp, poena, sergeybiryukov, swissspidy, johnbillion.
Fixes#59866.
See #57913.
Built from https://develop.svn.wordpress.org/trunk@57357
git-svn-id: http://core.svn.wordpress.org/trunk@56863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a new `hooked_block_{$block_type}` filter that allows modifying a hooked block (in parsed block format) prior to insertion, while providing read access to its anchor block (in the same format).
This allows block authors to e.g. set a hooked block's attributes, or its inner blocks; the filter can peruse information about the anchor block when doing so. As such, this filter provides a solution to both #59572 and #60126.
The new filter is designed to strike a good balance and separation of concerns with regard to the existing [https://developer.wordpress.org/reference/hooks/hooked_block_types/ `hooked_block_types` filter], which allows addition or removal of a block to the list of hooked blocks for a given anchor block -- all of which are identified only by their block ''types''. This new filter, on the other hand, only applies to ''one'' hooked block at a time, and allows modifying the entire (parsed) hooked block; it also gives (read) access to the parsed anchor block.
Props gziolo, tomjcafferkey, andrewserong, isabel_brison, timbroddin, yansern.
Fixes#59572, #60126.
Built from https://develop.svn.wordpress.org/trunk@57354
git-svn-id: http://core.svn.wordpress.org/trunk@56860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since its introduction in WordPress 6.2 the HTML Tag Processor has
provided a way to scan through all of the HTML tags in a document and
then read and modify their attributes. In order to reliably do this, it
also needed to be aware of other kinds of HTML syntax, but it didn't
expose those syntax tokens to consumers of the API.
In this patch the Tag Processor introduces a new scanning method and a
few helper methods to read information about or from each token. Most
significantly, this introduces the ability to read `#text` nodes in the
document.
What's new in the Tag Processor?
================================
- `next_token()` visits every distinct syntax token in a document.
- `get_token_type()` indicates what kind of token it is.
- `get_token_name()` returns something akin to `DOMNode.nodeName`.
- `get_modifiable_text()` returns the text associated with a token.
- `get_comment_type()` indicates why a token represents an HTML comment.
Example usage.
==============
{{{
<?php
function strip_all_tags( $html ) {
$text_content = '';
$processor = new WP_HTML_Tag_Processor( $html );
while ( $processor->next_token() ) {
if ( '#text' !== $processor->get_token_type() ) {
continue;
}
$text_content .= $processor->get_modifiable_text();
}
return $text_content;
}
}}}
What changes in the Tag Processor?
==================================
Previously, the Tag Processor would scan the opening and closing tag of
every HTML element separately. Now, however, there are special tags
which it only visits once, as if those elements were void tags without
a closer.
These are special tags because their content contains no other HTML or
markup, only non-HTML content.
- SCRIPT elements contain raw text which is isolated from the rest of
the HTML document and fed separately into a JavaScript engine. There
are complicated rules to avoid escaping the script context in the HTML.
The contents are left verbatim, and character references are not decoded.
- TEXTARA and TITLE elements contain plain text which is decoded
before display, e.g. transforming `&` into `&`. Any markup which
resembles tags is treated as verbatim text and not a tag.
- IFRAME, NOEMBED, NOFRAMES, STYLE, and XMP elements are similar to the
textarea and title elements, but no character references are decoded.
For example, `&` inside a STYLE element is passed to the CSS engine
as the literal string `&` and _not_ as `&`.
Because it's important not treat this inner content separately from the
elements containing it, the Tag Processor combines them when scanning
into a single match and makes their content available as modifiable
text (see below).
This means that the Tag Processor will no longer visit a closing tag for
any of these elements unless that tag is unexpected.
{{{
<title>There is only a single token in this line</title>
<title>There are two tokens in this line></title></title>
</title><title>There are still two tokens in this line></title>
}}}
What are tokens?
================
The term "token" here is a parsing term, which means a primitive unit in
HTML. There are only a few kinds of tokens in HTML:
- a tag has a name, attributes, and a closing or self-closing flag.
- a text node, or `#text` node contains plain text which is displayed
in a browser and which is decoded before display.
- a DOCTYPE declaration indicates how to parse the document.
- a comment is hidden from the display on a page but present in the HTML.
There are a few more kinds of tokens that the HTML Tag Processor will
recognize, some of which don't exist as concepts in HTML. These mostly
comprise XML syntax elements that aren't part of HTML (such as CDATA and
processing instructions) and invalid HTML syntax that transforms into
comments.
What is a funky comment?
========================
This patch treats a specific kind of invalid comment in a special way.
A closing tag with an invalid name is considered a "funky comment." In
the browser these become HTML comments just like any other, but their
syntax is convenient for representing a variety of bits of information
in a well-defined way and which cannot be nested or recursive, given
the parsing rules handling this invalid syntax.
- `</1>`
- `</%avatar_url>`
- `</{"wp_bit": {"type": "post-author"}}>`
- `</[post-author]>`
- `</__( 'Save Post' );>`
All of these examples become HTML comments in the browser. The content
inside the funky content is easily parsable, whereby the only rule is
that it starts at the `<` and continues until the nearest `>`. There
can be no funky comment inside another, because that would imply having
a `>` inside of one, which would actually terminate the first one.
What is modifiable text?
========================
Modifiable text is similar to the `innerText` property of a DOM node.
It represents the span of text for a given token which may be modified
without changing the structure of the HTML document or the token.
There is currently no mechanism to change the modifiable text, but this
is planned to arrive in a later patch.
Tags
====
Most tags have no modifiable text because they have child nodes where
text nodes are found. Only the special tags mentioned above have
modifiable text.
{{{
<div class="post">Another day in HTML</div>
└─ tag ──────────┘└─ text node ─────┘└────┴─ tag
}}}
{{{
<title>Is <img> > <image>?</title>
│ └ modifiable text ───┘ │ "Is <img> > <image>?"
└─ tag ─────────────────────────────┘
}}}
Text nodes
==========
Text nodes are entirely modifiable text.
{{{
This HTML document has no tags.
└─ modifiable text ───────────┘
}}}
Comments
========
The modifiable text inside a comment is the portion of the comment that
doesn't form its syntax. This applies for a number of invalid comments.
{{{
<!-- this is inside a comment -->
│ └─ modifiable text ──────┘ │
└─ comment token ───────────────┘
}}}
{{{
<!-->
This invalid comment has no modifiable text.
}}}
{{{
<? this is an invalid comment -->
│ └─ modifiable text ────────┘ │
└─ comment token ───────────────┘
}}}
{{{
<[CDATA[this is an invalid comment]]>
│ └─ modifiable text ───────┘ │
└─ comment token ───────────────────┘
}}}
Other token types also have modifiable text. Consult the code or tests
for further information.
Developed in https://github.com/WordPress/wordpress-develop/pull/5683
Discussed in https://core.trac.wordpress.org/ticket/60170
Follows [57575]
Props bernhard-reiter, dlh, dmsnell, jonsurrell, zieladam
Fixes#60170
Built from https://develop.svn.wordpress.org/trunk@57348
git-svn-id: http://core.svn.wordpress.org/trunk@56854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Incremental import maps fail if the import map is printed after the module scripts.
This means, we should always render import maps first. This means that for classic themes, we need to move the import map and modules to the footer because we can't know before that which modules are needed.
Props luisherranz, cbravobernal.
Fixes#60240.
Built from https://develop.svn.wordpress.org/trunk@57345
git-svn-id: http://core.svn.wordpress.org/trunk@56851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a more lightweight library for loading `.mo` translation files which offers increased speed and lower memory usage.
It also supports loading multiple locales at the same time, which makes locale switching faster too.
For plugins interacting with the `$l10n` global variable in core, a shim is added to retain backward compatibility with the existing `pomo` library.
In addition to that, this library supports translations contained in PHP files, avoiding a binary file format and leveraging OPCache if available.
If an `.mo` translation file has a corresponding `.l10n.php` file, the latter will be loaded instead.
This behavior can be adjusted using the new `translation_file_format` and `load_translation_file` filters.
PHP translation files will be typically created by downloading language packs, but can also be generated by plugins.
See https://make.wordpress.org/core/2023/11/08/merging-performant-translations-into-core/ for more context.
Props dd32, swissspidy, flixos90, joemcgill, westonruter, akirk, SergeyBiryukov.
Fixes#59656.
Built from https://develop.svn.wordpress.org/trunk@57337
git-svn-id: http://core.svn.wordpress.org/trunk@56843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, this changeset fixes some of the `block.json` and `theme.json` files in PHPUnit tests by adding missing `title` properties to satisfy the schema. Those changes have no impact on the runtime whatsoever and do not change the result of unit tests.
Note that some block and theme JSON files still aren't valid according to the schema. Fixing is underway; the required changes will be merged subsequently.
Props jonsurrell, dmsnell, gziolo.
Fixes#60255.
Built from https://develop.svn.wordpress.org/trunk@57336
git-svn-id: http://core.svn.wordpress.org/trunk@56842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Renames all mentions to "module" with "script module", including function names, comments, and tests.
Follow up to [57269]
The list of functions renamed are:
- `wp_module()` -> `wp_script_module()`.
- `wp_register_module()` -> `wp_register_script_module()`.
- `wp_enqueue_module()` -> `wp_enqueue_script_module()`.
- `wp_dequeue_module()` -> `wp_dequeue_script_module()`.
- `WP_Script_Modules::print_enqueued_modules()` -> `WP_Script_Modules::print_enqueued_script_modules()`.
- `WP_Script_Modules::print_module_preloads()` -> `WP_Script_Modules::print_script_module_preloads()`.
It also adds PHP 7 typing to all the functions and improves the types of the `$deps` argument of `wp_register_script_module()` and `wp_enqueue_script_module()` using `@type`.
Props luisherranz, idad5, costdev, nefff, joemcgill, jorbin, swisspidy, jonsurrel, flixos90, gziolo, westonruter, bernhard-reiter, kamranzafar4343
See #56313
Built from https://develop.svn.wordpress.org/trunk@57327
git-svn-id: http://core.svn.wordpress.org/trunk@56833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- PARAM, SOURCE, TRACK
Previously these elements were not supported and the HTML Processor would bail when encountering them. Now, with this patch applied, it will proceed to parse an HTML document when encountering those tags.
Props jonsurrell, dmsnell
Fixes#60283
Built from https://develop.svn.wordpress.org/trunk@57326
git-svn-id: http://core.svn.wordpress.org/trunk@56832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the message about deleting a plugin or having no plugins installed is displayed in full width.
Follow-up to [26134], [33016].
Props shailu25, mukesh27, passoniate, JavierCasares, sabernhardt.
Fixes#50069.
Built from https://develop.svn.wordpress.org/trunk@57321
git-svn-id: http://core.svn.wordpress.org/trunk@56827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch adds newly supported elements to tests that should have been updated
in recent PRs, but which were merged without that. Those PRs removed failing
tests showing that the elements were unsupported, but did not add the elements
to the list of supported ones.
It also removes some elements from the special-exclusion list of unsupported IN
BODY elements. These did not present in failing tests because earlier
conditions in the switch structure caught the tags before hitting the default
block.
Finally it adds some missing elements to the list of void elements. These
elements are not listed as void in the HTML specification because they are
deprecated. However, they are treated as void for the sake of HTML
serialization and the parsing rules indicate that they behave as void elements,
so it's safe to list them within the HTML API as void.
Developed in WordPress/wordpress-develop#5913
Fixes#60307
Built from https://develop.svn.wordpress.org/trunk@57319
git-svn-id: http://core.svn.wordpress.org/trunk@56825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- PRE, LISTING
Previously, these elements were not supported and the HTML Processor would bail when encountering them. Now, with this patch applied, it will proceed to parse an HTML document when encountering those tags.
Developed in WordPress/wordpress-develop#5903
Props jonsurrell, dmsnell
Fixes#60283
Built from https://develop.svn.wordpress.org/trunk@57317
git-svn-id: http://core.svn.wordpress.org/trunk@56823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- AREA, BR, EMBED, KEYGEN, WBR
- Only the opening BR tag is supported, as the invalid closer `</br>`
involves more complicated rules, to be implemented later.
Previously, these elements were not supported and the HTML Processor
would bail when encountering them. With this patch it will proceed to
parse an HTML document when encountering those tags as long as other
normal conditions don't cause it to bail (such as complicated format
reconstruction rules).
Props jonsurrell, dmsnell
Fixes#60283
Built from https://develop.svn.wordpress.org/trunk@57316
git-svn-id: http://core.svn.wordpress.org/trunk@56822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When registering blocks on the server using `register_block_type()` or similar functions, a set of block type variations can also be registered. However, in some cases building this variation data during block registration can be an expensive process, which is not needed in most contexts.
To address this problem, this adds support to the `WP_Block_Type` object for a new property, `variation_callback`, which can be used to register a callback for building variation data only when the block variations data is needed. The `WP_Block_Type::variations` property has been changed to a private property that is now accessed through the magic `__get()` method. The magic getter makes use of a new public method, `WP_Block_Type::get_variations` which will build variations from a registered callback if variations have not already been built.
Props spacedmonkey, thekt12, Mamaduka, gaambo, gziolo, mukesh27, joemcgill.
Fixes#59969.
Built from https://develop.svn.wordpress.org/trunk@57315
git-svn-id: http://core.svn.wordpress.org/trunk@56821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- HR
Previously, this element was not supported and the HTML Processor would bail when encountering
it. Now, with this patch, it will proceed to parse an HTML document when encountering one.
Developed in WordPress/wordpress-develop#5897
Props jonsurrell, dmsnell
Fixes#60283
Built from https://develop.svn.wordpress.org/trunk@57314
git-svn-id: http://core.svn.wordpress.org/trunk@56820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.
Both functions should only be used after the `parse_request` action.
All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.
A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.
Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes#42061.
Built from https://develop.svn.wordpress.org/trunk@57312
git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure logged out users are redirected to the media file when attachment pages are inactive. This removes the `read_post` capability check from the canonical redirects as anonymous users lack the permission.
Follow-up to [56657], [56658], [56711].
Props afercia, aristath, chesio, joppuyo, jorbin, lakshmananphp, poena, sergeybiryukov.
Fixes#59866.
See #57913.
Built from https://develop.svn.wordpress.org/trunk@57310
git-svn-id: http://core.svn.wordpress.org/trunk@56816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since the cache key in `::get_language_files_from_path()` is based on a path that always includes a trailing slash, the path in `::invalidate_mo_files_cache()` should include the trailing slash as well.
Includes adjusting the test expectations accordingly.
Follow-up to [57287], [57290], [57298].
See #58919.
Built from https://develop.svn.wordpress.org/trunk@57299
git-svn-id: http://core.svn.wordpress.org/trunk@56805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the `action` attribute in the login language selector, privacy forms, and classic widget forms.
An empty `action` attribute is invalid HTML4 and unsupported HTML5. The `action` attribute is optional, but must have a valid URL when provided.
Props Malae, audrasjb, bartkleinreesink, nicolefurlan, shubhamsedani, costdev, peterwilsoncc, rajinsharwar, joedolson.
Fixes#58226.
Built from https://develop.svn.wordpress.org/trunk@57295
git-svn-id: http://core.svn.wordpress.org/trunk@56801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this changeset, WordPress core would use the original image size, which in the particular case of inline images would be severely off, as they are usually very small. This could lead to incorrect application of `fetchpriority="high"` and other performance optimizations.
Props westonruter, flixos90, joemcgill, mukesh27.
Fixes#59352.
Built from https://develop.svn.wordpress.org/trunk@57294
git-svn-id: http://core.svn.wordpress.org/trunk@56800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Loading a list of language file paths using `glob()` can be expensive if involving thousands of files.
Expands scope of `WP_Textdomain_Registry` to cache list of language file paths in object cache and provides a way to invalidate that cache upon translation updates. Plugins can clear the cache using calls such as `wp_cache_delete( 'cached_mo_files_' . md5( $path ), 'translations' );`
Props mreishus, swissspidy
Fixes#58919
Built from https://develop.svn.wordpress.org/trunk@57287
git-svn-id: http://core.svn.wordpress.org/trunk@56793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Blocks registration causes scripts to be initialized and localized very early, before the current locale has been properly set on the installation page.
This changes `determine_locale()` so that the locale chosen during installation is recognized and loaded earlier, ensuring proper script localization.
Props sabernhardt, NekoJonez, jornp, costdev.
Fixes#58696
Built from https://develop.svn.wordpress.org/trunk@57286
git-svn-id: http://core.svn.wordpress.org/trunk@56792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces the `new_admin_email_subject` hook which allow developers to filter the subject of the email sent when a change of site admin email address is attempted.
Props MadtownLems, johnbillion, alexanderkoledov, shooper, Marc_J, nikmeyer, xlthlx, devmuhib, nuhel, audrasjb.
Fixes#59250.
Built from https://develop.svn.wordpress.org/trunk@57283
git-svn-id: http://core.svn.wordpress.org/trunk@56789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds missing text domain to block patterns in Twenty Sixteen, Twenty Seventeen and Twenty Twenty-Four.
Follow-up to [49583] (Twenty Sixteen), [49584] (Twenty Seventeen) and [56716] (Twenty Twenty-Four.)
Props shailu25, sabernhardt.
Fixes#60245.
Built from https://develop.svn.wordpress.org/trunk@57281
git-svn-id: http://core.svn.wordpress.org/trunk@56787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the `maxlength` attribute on screen options number of items per page input. Previously kept due to input inconsistencies in IE 11 and Edge, this invalid usage is no longer needed. IE 11 is no longer supported, and Edge now behaves according to specifications.
Props Arena94, afercia, joedolson.
Fixes#40610.
Built from https://develop.svn.wordpress.org/trunk@57272
git-svn-id: http://core.svn.wordpress.org/trunk@56778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new API for WordPress, designed to work with native ES Modules and Import Maps. It introduces functions such as `wp_register_module`, and `wp_enqueue_module`.
The API aims to provide a familiar experience to the existing `WP_Scripts` class, offering similar functionality. However, **it's not intended to duplicate the exact functionality of `WP_Scripts`**; rather, it is carefully tailored to address the specific needs and capabilities of ES modules.
For this initial version, **the current proposal is intentionally simplistic**, covering only the essential features needed to work with ES modules. Other enhancements and optimizations can be added later as the community identifies additional requirements and use cases.
== Differences Between WP_Script_Modules and WP_Scripts
=== Dependency Specification
With `WP_Script_Modules`, the array of dependencies supports not only strings but also arrays that include the dependency import type (`static` or `dynamic`). This design choice allows for future extensions of dependency properties, such as adding a `version` property to support "scopes" within import maps.
=== Module Identifier
Instead of a handle, `WP_Script_Modules` utilizes the module identifier, aligning with the module identifiers used in JavaScript files and import maps.
=== Deregistration
There is no equivalent of `wp_deregister_script` at this stage.
== API
=== `wp_register_module( $module_identifier, $src, $deps, $version )`
Registers a module.
{{{
// Registers a module with dependencies and versioning.
wp_register_module(
'my-module',
'/path/to/my-module.js',
array( 'static-dependency-1', 'static-dependency-2' ),
'1.2.3'
);
}}}
{{{
// my-module.js
import { ... } from 'static-dependency-1';
import { ... } from 'static-dependency-2';
// ...
}}}
{{{
// Registers a module with a dynamic dependency.
wp_register_module(
'my-module',
'/path/to/my-module.js',
array(
'static-dependency',
array(
'id' => 'dynamic-dependency',
'import' => 'dynamic'
),
)
);
}}}
{{{
// my-module.js
import { ... } from 'static-dependency';
// ...
const dynamicModule = await import('dynamic-dependency');
}}}
=== `wp_enqueue_module( $module_identifier, $src, $deps, $version )`
Enqueues a module. If a source is provided, it will also register the module.
{{{
wp_enqueue_module( 'my-module' );
}}}
=== `wp_dequeue_module( $module_identifier )`
Dequeues a module.
{{{
wp_dequeue_module( 'my-module' );
}}}
== Output
- When modules are enqueued, they are printed within script tags containing `type="module"` attributes.
- Additionally, static dependencies of enqueued modules utilize `link` tags with `rel="modulepreload"` attributes.
- Lastly, an import map is generated and inserted using a `<script type="importmap">` tag.
{{{
<script type="module" src="/path/to/my-module.js" id="my-module"></script>
<link rel="modulepreload" href="/path/to/static-dependency.js" id="static-dependency" />
<script type="importmap">
{
"imports": {
"static-dependency": "/path/to/static-dependency.js",
"dynamic-dependency": "/path/to/dynamic-dependency.js"
}
}
</script>
}}}
== Import Map Polyfill Requirement
Even though all major browsers already support import maps, an import map polyfill is required until the percentage of users using old browser versions without import map support drops significantly.
This work is ongoing and will be added once it's ready. Progress is tracked in #60232.
Props luisherranz, idad5, costdev, neffff, joemcgill, jorbin, swissspidy, jonsurrell, flixos90, gziolo, westonruter.
Fixes#56313.
Built from https://develop.svn.wordpress.org/trunk@57269
git-svn-id: http://core.svn.wordpress.org/trunk@56775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exif standards expect the UserComment field to be used as a substitute for ImageDescription if multibyte characters are needed. WordPress media only mapped the ImageDescription field and did not correctly handle descriptions with multibyte characters.
Fix metadata saving to better handle media with multibyte characters in metadata and update unit tests.
Props fotodrachen, antpb, joedolson, mikinc860, azaozz, nicolefurlan.
Fixes#58082.
Built from https://develop.svn.wordpress.org/trunk@57267
git-svn-id: http://core.svn.wordpress.org/trunk@56773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- LI, OL, UL.
- DD, DL, DT.
Previously, these elements were not supported and the HTML Processor would bail when encountering them.
With this patch it will proceed to parse an HTML document when encountering those tags as long as other normal conditions don't cause it to bail (such as complicated format reconstruction).
Props audrasjb, jonsurrell, bernhard-reiter.
Fixes#60215.
Built from https://develop.svn.wordpress.org/trunk@57264
git-svn-id: http://core.svn.wordpress.org/trunk@56770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds happy (integer) and unhappy (non-integer) tests for validating the priority call order for:
* `do_action()`
* `WP_Hook::do_action()`
* `apply_filters()`
* `WP_Hook::apply_filters()`
As each of these functions have differing code, the tests are added to each to ensure expected results and protect against future regressions.
Follow-up to [53804], [52010], [25002], [25/tests], [62/tests].
Props hellofromTonya, mukesh27, dd32, valendesigns, drrobotnik.
Fixes#60193.
Built from https://develop.svn.wordpress.org/trunk@57257
git-svn-id: http://core.svn.wordpress.org/trunk@56763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, bulk upgrades did not verify that a theme package was compatible with the site's WordPress version or the server's PHP version.
This was previusly done for plugins in #59198, but themes were missed.
Follow-up to: [56525].
Props salcode, lakshmananphp.
Fixes#59758.
Built from https://develop.svn.wordpress.org/trunk@57252
git-svn-id: http://core.svn.wordpress.org/trunk@56758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When inserting a new term in the database, `wp_insert_term()` will check if the term is empty and return a corresponding error.
Afterwards the term is sanitized and inserted in the database. However, there is a chance the term is empty after the DB sanitization.
This commit adds a check for an empty term name after the term is sanitized, returning an error in that case.
Follow-up to [5726], [8393].
Props fgiannar, kraftbj.
Fixes#59995.
Built from https://develop.svn.wordpress.org/trunk@57251
git-svn-id: http://core.svn.wordpress.org/trunk@56757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML API HTML processor does not yet support all tags. Many tags (e.g. list elements) have some complicated rules in the [https://html.spec.whatwg.org/#parsing-main-inbody "in body" insertion mode].
Implementing these special rules is blocking the implementation for a catch-all rule for "any other tag" because we need to prevent special rules from being handled by the catch-all.
Any other start tag
Reconstruct the active formatting elements, if any.
Insert an HTML element for the token.
…
This change ensures the HTML Processor fails when handling special tags. This is the same as existing behavior, but will allow us to implement the catch-all "any other tag" handling without unintentionally handling special elements.
Additionally, we add tests that assert the special elements are unhandled. As these tags are implemented, this should help to ensure they're removed from the unsupported tag list.
Props jonsurrell, dmsnell.
Fixes#60092.
Built from https://develop.svn.wordpress.org/trunk@57248
git-svn-id: http://core.svn.wordpress.org/trunk@56754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [55859], [56380], [56802], [57115], [57129], [57185].
See #59655.
Built from https://develop.svn.wordpress.org/trunk@57244
git-svn-id: http://core.svn.wordpress.org/trunk@56750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The phrase "sanity check" unnecessarily references mental health. It's an old phrase used to denote an extra step in verifying code works as expected.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
While "sanity check" is a well-known phrase with a specific meaning, "confidence check" is a direct replacement that is more clear of its intent while being more inclusive.
Words matter.
Follow-up to [49216], [46271], [40583], [38832], [38637], [37409], [33359], [32162], [30346], [30345], [30238], [30055], [29902], [28763], [26141], [25002], [22227], [13428], [12148], [11025], [8927].
Props dartiss, hellofromTonya.
Fixes#60187.
Built from https://develop.svn.wordpress.org/trunk@57239
git-svn-id: http://core.svn.wordpress.org/trunk@56745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the correct number of arguments is passed to post trash hooks in `WP_Customize_Manager::trash_changeset_post()`, which bypasses `wp_trash_post()`.
Follow-up to [56043].
Props joelcj91, mukesh27.
Fixes#60183.
Built from https://develop.svn.wordpress.org/trunk@57238
git-svn-id: http://core.svn.wordpress.org/trunk@56744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update copyright year to 2024 in `license.txt` and bundled themes.
Follow-up to [18201], [23306], [28064], [36855], [36856], [39659], [40241], [42424], [46719], [46720], [47025], [47026], [49915], [52427], [55024].
Built from https://develop.svn.wordpress.org/trunk@57235
git-svn-id: http://core.svn.wordpress.org/trunk@56741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a PHP warning or error when viewing an author on the front end, while an array is passed as `$_GET['author']`.
Follow-up to [12034], [12040], [12202].
Props david.binda, antonvlasenko, azaozz, SergeyBiryukov.
Fixes#60059.
Built from https://develop.svn.wordpress.org/trunk@57232
git-svn-id: http://core.svn.wordpress.org/trunk@56738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`clipboard.js` used to suffer from a bug that triggered a focus loss when activating the Copy buttons. The bug was fixed a while ago with the `clipboard.js` 2.0.11 release so that the workaround implemented in WordPress is no longer necessary.
Props dhrumilk, paulkevan, afercia.
Fixes#60139.
Built from https://develop.svn.wordpress.org/trunk@57231
git-svn-id: http://core.svn.wordpress.org/trunk@56737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the JSON data files that supply the PHP/MySQL version support to the installation test workflow are changed, the workflow should be run to confirm the changes are correct. This updates the `path` filtering rules to ensure this happens.
Follow up to [57218], [57219].
See #58977.
Built from https://develop.svn.wordpress.org/trunk@57220
git-svn-id: http://core.svn.wordpress.org/trunk@56726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [56661], a new GitHub Actions workflow was introduced that focused on running some minimal installation tests for a version of WordPress for every PHP and MySQL combination.
This workflow has tested well, but lacks flexibility and possesses one flaw: tests are only ever performed with currently supported versions, even if the version being tested had a different support policy.
This updates the workflow to be more flexible, allowing all versions of WordPress currently receiving security fixes (back through 4.1) to be tested under the correct support policy.
Additionally, the workflow can now run against the `nightly` build of WordPress. This replaces `latest` as the new default. This allows the tests to be run at any point during a release cycle without the need for an officially tagged version.
Props jorbin, joemcgill, costdev.
See #58977.
Built from https://develop.svn.wordpress.org/trunk@57218
git-svn-id: http://core.svn.wordpress.org/trunk@56724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids redundant recursive lookups for block template paths in the same base directory by implementing a static cache. It also replaces an potentially expensive `file_exists` call in favor of doing recursive iteration of files inside a try/catch block.
Props thekt12, spacedmonkey, flixos90, mukesh27, joemcgill.
Fixes#58196.
Built from https://develop.svn.wordpress.org/trunk@57215
git-svn-id: http://core.svn.wordpress.org/trunk@56721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds the `engines` field to the `package.json` file for the three default themes with build processes in order to encourage consistent tooling for contributors.
Some minor dependency updates for these themes are also included in this change.
Props jorbin, joemcgill, swissspidy.
See #59663.
Built from https://develop.svn.wordpress.org/trunk@57213
git-svn-id: http://core.svn.wordpress.org/trunk@56719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This bumps the minimum required version of Node.js/npm from 16.19.1 and 8.19.3 to 20.10.0 and 10.2.3.
Since 20.10.0 is the latest 20.x version of Node.js, the `check-latest` option has been enabled for `actions/setup-node` in GitHub Actions workflows. This performs an additional external call to the Node.js API confirming the latest version is installed on the runner for use. In testing, it seems that 20.10.0 was not consistently deployed to all runner machines in use. This should be removed in the near future when the version of Node.js is reliably above the new minimum requirement.
The Gutenberg repository has also been updated to use the same values for `engines`.
Props jorbin, joemcgill, swissspidy, benharri, dhrupo, flootr, gziolo, noahtallen.
See #59663.
Built from https://develop.svn.wordpress.org/trunk@57212
git-svn-id: http://core.svn.wordpress.org/trunk@56718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently the Tag Processor assumes that an input document is a ''full'' HTML document. Because of this, if there's lingering content after the last tag match it will treat that content as plaintext and skip over it. This is fine for the Tag Processor because if there is lingering content that isn't a valid tag then there's nothing for `next_tag()` to match.
However, in order to support a number of feature expansions it is important to recognize that the remaining content ''may'' involve partial syntax elements, such as incomplete tags, attributes, or comments.
In this patch we're adding a mode inside the Tag Processor which will flip when we start parsing HTML syntax but the document finishes before the token does. This will provide the ability to:
- extend the input document,
- avoid misinterpreting syntax as text, and
- guess if we have a complete document, know if we have an incomplete document.
In the process of building this patch a few fixes were identified and fixed in the Tag Processor, namely in the handling of incomplete syntax elements.
Props dmsnell, jonsurrell.
Fixes#60122, #60108.
Built from https://develop.svn.wordpress.org/trunk@57211
git-svn-id: http://core.svn.wordpress.org/trunk@56717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a bit more context to the E2E workflow artifact names in order to avoid duplicates being uploaded.
With the update to v4 of `actions/upload-artifact` in [57197], artifacts are now uploaded on a per job basis. Multiple jobs cannot upload the same artifact.
Props johnbillion.
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57203
git-svn-id: http://core.svn.wordpress.org/trunk@56711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following GitHub Actions to their latest versions:
- `actions/checkout`
- `actions/setup-node`
- `actions/upload-artifact`
- `actions/cache`
- `actions/github-script`
- `shivammathur/setup-php`
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57197
git-svn-id: http://core.svn.wordpress.org/trunk@56708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously these have been unsupported, but in this patch, support is added for the tags so that the HTML Processor can process documents containing them.
There was a design discussion about introducing a constant to communicate "any of the H1 - H6 elements" but this posed a number of challenges that don't need to be answered in this patch. For the time being, because the HTML specification treats H1 - H6 specially as a single kind of element, the HTML Processor uses an internal hard-coded string to indicate this. By using a hard-coded string it's possible to avoid introducing a class constant which cannot be made private due to PHP's class design. In the future, this will probably appear as a special constant in a new constant-containing class.
Props dmsnell, jonsurrell.
Fixes#60060.
Built from https://develop.svn.wordpress.org/trunk@57186
git-svn-id: http://core.svn.wordpress.org/trunk@56697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [50941] the version of lodash was updated, however the version inside `wp_default_packages_vendor` was not updated at the same time. This updates the version to correctly reflect the version that is loaded.
Also adds some basic tests for the scripts in `wp_default_packages_vendor` that match the name of the package from package.json to help prevent errors like this in the future.
Props jadpm, jorbin, swissspidy.
Fixes#60048. See #52991.
Built from https://develop.svn.wordpress.org/trunk@57185
git-svn-id: http://core.svn.wordpress.org/trunk@56696 1a063a9b-81f0-0310-95a4-ce76da25c4cd