This allows screen readers to properly announce each search landmark region independently.
Introduce `search_form_args` filter for the arguments used when generating the search form.
Props afercia, williampatton.
Fixes#42057.
Built from https://develop.svn.wordpress.org/trunk@44956
git-svn-id: http://core.svn.wordpress.org/trunk@44787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.
This code relies on the new sodium_compat library for PHP versions prior to 7.2.
Props dd32, paragoninitiativeenterprises.
See #39309, #45806.
Built from https://develop.svn.wordpress.org/trunk@44954
git-svn-id: http://core.svn.wordpress.org/trunk@44785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a pure PHP implementation of the cryptographic functions supported in PHP 7.2+. It provides the necessary backwards compatibility required to support signature verification and other security features going forward across all supported PHP versions.
Props paragoninitiativeenterprises
Fixes#45806. See #39309.
Built from https://develop.svn.wordpress.org/trunk@44953
git-svn-id: http://core.svn.wordpress.org/trunk@44784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`.
See https://github.com/WordPress/gutenberg/pull/13451
See #45113
Props adamsilverstein, nerrad .
Fixes#46107 .
Built from https://develop.svn.wordpress.org/trunk@44949
git-svn-id: http://core.svn.wordpress.org/trunk@44780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Displaying the correct build date in feeds is as important today as it was twelve years ago when this ticket was opened.
Fix an issue where all feeds in WordPress showed the same date for their last build date (the datapoint is `lastBuildDate`, `updated` or `dc:date` depending on the feed type).
Introduce a new `get_last_build_date` filter to adjust the date used for `lastBuildDate`. Developers who previously filtered `get_lastcommentmodified` to alter feed dates should use this filter instead.
* `get_last_build_date` extracts the latest post (or comment) in the current WP_Query object.
* In all feed templates, use `get_last_build_date` vs `get_lastpostmodified( 'GMT' );`.
Props stevenkword, spacedmonkey, ryanshoover, mauteri, nacin, jorbin, MikeNGarrett, Denis-de-Bernardy, peaceablewhale.
Fixes#4575.
Built from https://develop.svn.wordpress.org/trunk@44948
git-svn-id: http://core.svn.wordpress.org/trunk@44779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [29630], this admin notice informs administrators (or network administrators on multisite installs) that the `WPLANG` constant is no longer needed when the locale returned by `get_locale()` does not match. After 5 years, the notice is being removed to avoid causing confusion for non-technical users.
The `_deprecated_argument()` call will persist to inform developers of the issue within log files.
Props flixos90, iworks, ocean90.
Fixes#39675.
Built from https://develop.svn.wordpress.org/trunk@44946
git-svn-id: http://core.svn.wordpress.org/trunk@44777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change ensures that the values of time and date fields for comments and posts (both Classic Editor and quick edit) are consistently aligned in the center of the input fields. The block editor already enforces this alignment separately.
Props birgire, jainnidhi, melchoyce.
Fixes#43675.
Built from https://develop.svn.wordpress.org/trunk@44945
git-svn-id: http://core.svn.wordpress.org/trunk@44776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).
- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe
Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes#40245.
Built from https://develop.svn.wordpress.org/trunk@44942
git-svn-id: http://core.svn.wordpress.org/trunk@44773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.
The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.
Props spacedmonkey, kraftbj, Shital Patel.
Fixes#42814.
Built from https://develop.svn.wordpress.org/trunk@44941
git-svn-id: http://core.svn.wordpress.org/trunk@44772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the following new icons to the Dashicon font:
- `.dashicons-admin-site-alt (f11d)`
- `.dashicons-admin-site-alt2 (f11e)`
- `.dashicons-admin-site-alt3 (f11f)`
- `.dashicons-buddicons-activity (f452)`
- `.dashicons-buddicons-bbpress-logo (f12b)`
- `.dashicons-buddicons-buddypress-logo (f448)`
- `.dashicons-buddicons-community (f453)`
- `.dashicons-buddicons-forums (f449)`
- `.dashicons-buddicons-friends (f454)`
- `.dashicons-buddicons-groups (f456)`
- `.dashicons-buddicons-pm (f457)`
- `.dashicons-buddicons-replies (f451)`
- `.dashicons-buddicons-topics (f450)`
- `.dashicons-buddicons-tracking (f455)`
- `.dashicons-businessperson (f12e)`
- `.dashicons-businesswoman (f12f)`
- `.dashicons-color-picker (f131)`
- `.dashicons-editor-ltr (f129)`
- `.dashicons-editor-ol-rtl (f12c)`
- `.dashicons-email-alt2 (f10a)`
- `.dashicons-instagram (f12d)`
- `.dashicons-menu-alt (f10b)`
- `.dashicons-rest-api (f124)`
- `.dashicons-yes-alt (f12a)`
- `.dashicons-tide (f10d)`
These icons were added to the `.ttf, ` and `.eot` font files, as well as the SVG sprite. However, they were not added to the `.woff` font file. The new `dashicons.woff2` file should be utilized instead.
For instances where IE<11 needs to be supported, the `.woff` file will remain for backwards compatibility. However, if the new icons are needed in those scenarios, the WOFF format is now included as embedded within the `dashicons.css`.
Props EmpireOfLight, liljimmi, jaymanpandya, netweb, melchoyce, joen, folletto, nateallen, bahia0019, JeffPaul, desrosj, cathibosco1.
Fixes#41074.
Built from https://develop.svn.wordpress.org/trunk@44940
git-svn-id: http://core.svn.wordpress.org/trunk@44771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the changes in [44937] to the WordPress Updates page in the admin. Now, when a site does not meet the minimum PHP version requirements for a plugin update, the user will not be able to update. Instead, they will be presented with educational information to guide them through the process of updating PHP.
Props afragen, miyauchi, TimothyBlynJacobs, desrosj.
Fixes#44350.
Built from https://develop.svn.wordpress.org/trunk@44939
git-svn-id: http://core.svn.wordpress.org/trunk@44770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a case where saving in the block editor fails if there are two `_wpnonce` arguments in the request, one overriding the other so that `use_block_editor_for_post()` wasn't able to check the nonce properly.
Props Chouby.
See #45253.
Built from https://develop.svn.wordpress.org/trunk@44938
git-svn-id: http://core.svn.wordpress.org/trunk@44769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin states it requires a specific minimum PHP version (as defined in the `requires_php` field included in the plugin update API response), a user should not be allowed to update that plugin when the server does not satisfy the minimum PHP version.
When this scenario is encountered, the update buttons and links are disabled and links to educational resources about PHP are displayed to the user with a notice.
Props afragen, schlessera, desrosj.
Fixes#43987.
Built from https://develop.svn.wordpress.org/trunk@44937
git-svn-id: http://core.svn.wordpress.org/trunk@44768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the `wp_get_update_php_annotation()` function, which returns the message displayed when a host filters the direct PHP update or PHP update education URLs to indicate the information is site specific and provided by the host, not WordPress core.
It also updates `wp_update_php_annotation()` to accept a `$before` and `$after` parameter, which makes this notice more flexible for displaying in multiple locations within the admin area. Previously, the markup output in `wp_update_php_annotation()` was hardcoded, which was making it difficult to display it properly in multiple locations.
Props afragen, aaroncampbell, flixos90, TimothyBlynJacobs, desrosj.
Fixes#46044.
Built from https://develop.svn.wordpress.org/trunk@44935
git-svn-id: http://core.svn.wordpress.org/trunk@44766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures `$request->set_url_params()` is called while fulfilling OPTIONS requests, where previously it was skipped because OPTIONS requests short-circuit the logic in `dispatch` which handles this setup for other request methods. Omitting the URL parameters prevented the Allow header from being set.
Props killua99, noisysocks.
Fixes#45753.
Built from https://develop.svn.wordpress.org/trunk@44933
git-svn-id: http://core.svn.wordpress.org/trunk@44764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code.
Props garrett-eclipse, birgire.
Fixes#44901.
Built from https://develop.svn.wordpress.org/trunk@44931
git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds a visually hidden text to give context to the lyrics
- the text is `Quote from Hello Dolly song, by Jerry Herman:`
- adds a `lang` HTML attribute (when the admin language is not English) to better support assistive technologies
- adds a `dir` HTML attribute to better support the LTR English lyrics with RTL languages
- CSS adjustments
Props audrasjb, SergeyBiryukov, danieltj, birgire, karmatosed, desrosj, afercia.
Fixes#43632.
Built from https://develop.svn.wordpress.org/trunk@44929
git-svn-id: http://core.svn.wordpress.org/trunk@44760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, querying sites early in the bootstrap process could potentially cause a fatal error, since at that stage the filter to bail on updating site meta cache if the respective database table has not been installed yet is not hooked in yet. This changeset forces the filter to be added if that is not already the case.
Props spacedmonkey.
Fixes#46167.
Built from https://develop.svn.wordpress.org/trunk@44925
git-svn-id: http://core.svn.wordpress.org/trunk@44756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- standardizes the Comment count string to `%s Comment in moderation', '%s Comments in moderation` so it can be bulk-updated
- adds the string as visually hidden text in the admin menu
- introduces an `updateInModerationText` JS simple function, responsible to correctly update all the related text using the data from the AJAX response
- adds a visually hidden text "1 Privacy Policy update" to the Privacy menu items count
- adds/improves translators comments
Changes that apply to all the count bubbles (Updates, plugins, etc.)
- makes the bubbles and their text slightly bigger
- improves the active menu item bubble contrast by changing the background color to red (option 2 in the screenshot attached in a previous comment)
Props adamsoucie, afercia.
Fixes#33030.
Built from https://develop.svn.wordpress.org/trunk@44924
git-svn-id: http://core.svn.wordpress.org/trunk@44755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For accessibility and usability, if an input error is detected, the item that is in error needs to be identified and the error needs to be described to the user in text (WCAG Success Criterion 3.3.1). The login form displays an error when the username field is empty or when the password field is empty. It omits to do so when both fields are empty.
This change restores the login form behavior to the one that used to work in WordPress 2.3 (!) and displays the related error messages also when both fields are empty.
Props birgire, audrasjb.
See #8938, #5405, #3708.
Fixes#42985.
Built from https://develop.svn.wordpress.org/trunk@44918
git-svn-id: http://core.svn.wordpress.org/trunk@44749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improves the logic in `wp_schedule_single_event()` to ensure an identical event is not scheduled within ten minutes.
This moves the logic for checking for identical events to be self contained rather than relying on `wp_next_scheduled()` as this fails to account for events with a past timestamp when wp-cron fails to trigger or for multiple identical events being scheduled already.
Props bodohugobarwich.
Fixes#44818.
Built from https://develop.svn.wordpress.org/trunk@44917
git-svn-id: http://core.svn.wordpress.org/trunk@44748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `populate_site_meta` filter can be used to modify the site meta added during the creation of a new site. This filter mirrors the approach used for networks in `populate_network_meta`.
Props spacedmonkey, davidbaumwald.
Fixes#46437.
Built from https://develop.svn.wordpress.org/trunk@44912
git-svn-id: http://core.svn.wordpress.org/trunk@44743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By changing the way the post title is added to the array of data from `$post->post_title` to `get_the_title()`, the title can now be modified using the `the_title` filter. This ensures post titles returned in oEmbed responses are consistent with those that show on a site.
Props mheikkila, swissspidy.
Fixes#42826.
Built from https://develop.svn.wordpress.org/trunk@44907
git-svn-id: http://core.svn.wordpress.org/trunk@44738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When dealing with personal data exports and erasure requests, it is important to have a log of all the requests for a specific person. This is often required to confirm when and how many times requests were completed and fulfilled properly.
This change allows a new request to be created after a previous data request has reached completed status (`request-completed`) instead of requiring admins to delete or re-initiate the existing request. The latter approach removes the historical log of requests for that user when creating a new request.
Full unit tests for the `wp_create_user_request()` function are also included.
Props garrett-eclipse, cc0a, birgire, desrosj.
Fixes#44707.
Built from https://develop.svn.wordpress.org/trunk@44906
git-svn-id: http://core.svn.wordpress.org/trunk@44737 1a063a9b-81f0-0310-95a4-ce76da25c4cd