When saving options from the Settings page, include the `'ping_sites'` option in the allowed "writing" options list only when the `'blog_public'` option is `'1'`.
Fixes a PHP 8.1 and above "null to non-nullable" deprecation notice in `sanitize_option()` ([https://core.trac.wordpress.org/browser/trunk/src/wp-includes/formatting.php?annotate=blame#L4952 which happens when here] as part of [22255]):
{{{
Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in .../wp-includes/formatting.php
}}}
**Explanation**
[https://developer.wordpress.org/apis/options/#writing Per the documentation], the `ping_sites` option requires the `'blog_public'` option to have a value of `'1'` and must be a `string` data type. `null` is not valid for this option.
The relationship between the 2 options shows itself in the `options-writing.php` code ([https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-admin/options-writing.php#L233 shown here] and in [4326]), as the `textarea#ping_sites` only renders when `'1' === get_option( 'blog_public' )`.
**What happens if `'blog_public'` is not `'1'`?**
The `'ping_sites'` option will not be a field on the page. Upon saving:
* HTTP POST (`$_POST`) does not include `'ping_sites'`.
* Before this commit:
* The [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/options.php#L333 option's value was set to] `null` before being passed to `update_option()`.
* `update_option()` invokes `sanitize_option()`.
* A `null` value for the `'ping_sites'` case was passed to `explode()`, which threw a deprecation notice on PHP 8.1 and above.
* With this commit, the `'ping_sites'` option is no longer included in the allow list and thus will not be passed to `update_options()` > `sanitize_option()` > `explode()`.
Follow-up to [22255], [12825], [4326], [949].
Props kitchin, SergeyBiryukov, swissspidy, devmuhib, rajinsharwar, hellofromTonya.
Fixes#59818.
Built from https://develop.svn.wordpress.org/trunk@58425
git-svn-id: http://core.svn.wordpress.org/trunk@57874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [58418] a test was added without the `test_` prefix in its function
name, and because of that, it wasn't run in the test suite.
The prefix has been added to ensure that it runs.
In the original patch, due to a logical bug, a recursive loop to
transform the inside contents of the bogus comments was never run
more than once. This has been fixed.
This patch also includes one more case where `kses` wasn't
properly detecting the bogus comment state, and adds a test case
to cover this. It limits itself to some but not all constructions
of invalid markup declaration so that it doesn't conflict with
existing behaviors around those and other kinds of invalid comments.
Props ellatrix, dmsnell.
See #61009.
Follow-up to [58418].
Built from https://develop.svn.wordpress.org/trunk@58424
git-svn-id: http://core.svn.wordpress.org/trunk@57873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `wp_kses_split` processes a document it attempts to leave HTML comments
alone. It makes minor adjustments, but leaves the comments in the document in
its output. Unfortunately it only recognizes one kind of HTML comment and
rejects many others.
This patch makes a minor adjustment to the algorithm in `wp_kses_split` to
recognize and preserve an additional kind of HTML comment: closing tags with
an invalid tag name, e.g. `</%dolly>`.
These invalid closing tags must be interpreted as comments by a browser.
This bug fix aligns the implementation of `wp_kses_split()` more closely
with its stated goal of leaving HTML comments as comments.
It doesn't attempt to fully fix the mis-parsed comments, but it does propose a
minor fix that hopefully won't break any existing code or projects.
Developed in https://github.com/WordPress/wordpress-develop/pull/6395
Discussed in https://core.trac.wordpress.org/ticket/61009
Props ellatrix, dmsnell, joemcgill, jorbin, westonruter, zieladam.
See #61009.
Built from https://develop.svn.wordpress.org/trunk@58418
git-svn-id: http://core.svn.wordpress.org/trunk@57867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is a clean revert of r58415 as tests seem to now be failing with this change. Likely the test needs an update as well to accomodate the new successful version check.
Follow-up to [60798].
Props jorbin, hellofromTonya.
See #60798.
Built from https://develop.svn.wordpress.org/trunk@58417
git-svn-id: http://core.svn.wordpress.org/trunk@57866 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes some autoload values that were updated in [58105] that used the database values of `"on"` and `"off"` instead of the boolean values `true` and `false` when being passed to `add|update_option()`.
Props joemcgill, desrosj, rajinsharwar.
Fixes#61045. See #42441.
Built from https://develop.svn.wordpress.org/trunk@58416
git-svn-id: http://core.svn.wordpress.org/trunk@57865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously `remove_pdf_alpha_channel()` used `Imagick::getVersion()` to validate the environment is capable of handling alpha. This was the incorrect function to use to check the module version as it will only provide the ImageMagick API version. This patch adjusts to instead use `phpversion()` as this is the correct method to get the Imagick version needed to determine alpha compatibility. This fixes a number of host tests that have been correctly failing on subsets of environments. Serendipidously, sometimes the API version was high enough to avoid shining light on this problem.
Props swissspidy, joedolson, antpb.
Fixes#60798.
Built from https://develop.svn.wordpress.org/trunk@58415
git-svn-id: http://core.svn.wordpress.org/trunk@57864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replaces `trigger_error()` with `wp_trigger_error()`.
The usage of `wp_trigger_error()` avoids generating `E_USER` family errors unless `WP_DEBUG` is on. In doing so, users should not see these messages in normal production.
Notes:
* Removes `E_USER_NOTICE` when passed as an argumnent, as it's the default error level.
* An empty string is passed for the function name when its name is already in the error message or does not add value to the error message.
* Externally maintained libraries are not included.
Follow-up to [55204], [25956], [29630], [38883], [52062], [52049], [54272], [38883], [55245], [51599], [14452], [38883], [24976].
Props prasadkarmalkar, rajinsharwar, thelovekesh, hellofromTonya, swissspidy.
Fixes#59652.
Built from https://develop.svn.wordpress.org/trunk@58409
git-svn-id: http://core.svn.wordpress.org/trunk@57858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix issue where the attachment thumbnail would be rendered as the site logo on attachment single templates if no site logo is set. Avoid calling `wp_attachment_is_image()` with no value, since that function will fallback to the global `$post` variable. Follow up to [58213]. See #60922.
Props greenshady, krupajnanda, hmbashar, rajinsharwar, joedolson.
Fixes#61408.
Built from https://develop.svn.wordpress.org/trunk@58407
git-svn-id: http://core.svn.wordpress.org/trunk@57856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This prevents the display of an inaccurate message when the `wp_insert_post_data` filter is used to change the status of a post while saving. This bug was only present when using the Classic Editor.
The previous code incorrectly assumed that a filter would never change a post’s status to `draft`, resulting in a “Post published.” message instead of “Post draft updated.”.
Props freibergergarcia, sirzooro, hakre, blepoxp, scribu, kawauso.
Fixes#11207.
Built from https://develop.svn.wordpress.org/trunk@58406
git-svn-id: http://core.svn.wordpress.org/trunk@57855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Finish task to replace placeholders used for labels with visible label elements. Add label elements in theme browser and theme installation screen. Change position of search input to match other user interfaces in WordPress.
Also crediting all contributors to ticket #61389, which this also closes.
Props joedolson, rcreators, sabernhardt, balub, rejaulalomkhan, syamraj24, nazmul111, krupajnanda, huzaifaalmesbah, hmbashar, mdnesarmridha, colorful-tones, printsachen1.
Fixes#40331, #61389.
Built from https://develop.svn.wordpress.org/trunk@58405
git-svn-id: http://core.svn.wordpress.org/trunk@57854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes an unassigned `sprintf` that was accidentally included as part of [57545] in the `wp_get_plugin_action_button()`. A copy/paste whoopsie.
The actual used code is assigned a wee bit lower in the function within the `install` case.
Follow-up to [57545].
Props hellofromTonya, costdev, rajinsharwar.
Fixes#61420.
Built from https://develop.svn.wordpress.org/trunk@58402
git-svn-id: http://core.svn.wordpress.org/trunk@57851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure new multisite installs are up to date with the current mime types supported in core.
Note that this will only affect newly created networks, since this is only used to populate the schema for new networks, not change the allowed mime types for existing networks
Props spacedmonkey, costdev, pavanpatil1, joemcgill, rajinsharwar, tb1909.
Fixes#53167.
Built from https://develop.svn.wordpress.org/trunk@58400
git-svn-id: http://core.svn.wordpress.org/trunk@57849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset reverts part of the changes made in [58298] to avoid using regex that can cause potential bugs. It is indeed safer to revert these changes for now and do the refactoring once the HTML API supports CSS selectors and provides a way to set inner content.
It also adds a unit test to cover the regression experienced in https://github.com/WordPress/gutenberg/issues/62347.
Follow-up to [58298].
Props santosguillamot, gziolo.
Fixes#61385.
See #61351.
Built from https://develop.svn.wordpress.org/trunk@58398
git-svn-id: http://core.svn.wordpress.org/trunk@57847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[57545] introduced `wp_get_plugin_action_button()`. This function is documented to return a `string`. However, if the user does not have the appropriate capabilities, it returned `void`, which is unexpected.
Resolves the issue by moving the `return $button` to the bottom of the function to ensure it always returns a `string` type. On success, the button's HTML string is returned; else, an empty string is returned.
Unit tests are included.
Follow-up to [57545].
Props costdev, rajinsharwar, hellofromTonya.
Fixes#61400.
Built from https://develop.svn.wordpress.org/trunk@58396
git-svn-id: http://core.svn.wordpress.org/trunk@57845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Scalar values passed to `esc_attr()` are already converted internally to a string via both `wp_check_invalid_utf8()` and `_wp_specialchars()`.
Includes adding `@covers` tags for unit tests.
Follow-up to [58379].
See #58379.
Built from https://develop.svn.wordpress.org/trunk@58389
git-svn-id: http://core.svn.wordpress.org/trunk@57838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These attributes are needed to indicate that both fields are required. This changeset doesn't add the attribute by default but allows extenders to enable it by passing `true` to the `$required_username` and `$required_password` to `wp_login_form()` arguments array.
Props alesflex, sabernhardt, joedolson, rcreators, rajinsharwar.
Fixes#60062.
Built from https://develop.svn.wordpress.org/trunk@58382
git-svn-id: http://core.svn.wordpress.org/trunk@57831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Lowers the priority at which `wp_filter_default_autoload_value_via_option_size()` is registered to run on the `wp_default_autoload_value()` filter. The default filter now runs at priority 5.
This is to allow third party developers to modify whether an option is autoloaded using the default priority, 10, rather than require they register their code to run at a higher priority.
Follow up to [57920].
Props peterwilsoncc, joemcgill.
Fixes#42441.
Built from https://develop.svn.wordpress.org/trunk@58381
git-svn-id: http://core.svn.wordpress.org/trunk@57830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Escapes the return value of `wp_autoload_values_to_autoload()` for use in the database query loading 'all options'. This is a hardening fix to protect against future changes to the options API which may allow developers to further customize the return value of the `wp_autoload_values_to_autoload` filter.
Follow up to [57920].
Props peterwilsoncc, joemcgill.
Fixes#42441.
Built from https://develop.svn.wordpress.org/trunk@58380
git-svn-id: http://core.svn.wordpress.org/trunk@57829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `WP_List_Table::search_box()` from throwing an array to string conversion notice when post list tables are loaded with an array of orderby parameters in the URL, eg: `/wp-admin/edit.php?post_type=page&orderby[menu_order]=ASC&orderby[title]=ASC`.
Follow up to [29027].
Props leonidasmilossis, rajinsharwar, swissspidy, NomNom99, pls78, SergeyBiryukov.
Fixes#59494.
See #17065.
Built from https://develop.svn.wordpress.org/trunk@58379
git-svn-id: http://core.svn.wordpress.org/trunk@57828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates tests calling `get_stylesheet` to not output layout styles if they’re not relevant to the test or to call `get_styles_for_block` instead where more appropriate.
Props isabel_brison, andrewserong, ramonopoly.
Fixes#61371.
Built from https://develop.svn.wordpress.org/trunk@58378
git-svn-id: http://core.svn.wordpress.org/trunk@57827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the label `template_name` to post types and taxonomies for use by the site editor to display on the templates/add new template screens to allow extenders to customize the display.
For post types the template name applies to templates for a singular pages with the default value "Single item: [singular name]".
For taxonomies the template name applies to templates for term archives with the default value "[singular name] Archives".
Props aljullu, audrasjb, ntsekouras, ellatrix, oglekler, rajinsharwar.
Fixes#60881.
Built from https://develop.svn.wordpress.org/trunk@58377
git-svn-id: http://core.svn.wordpress.org/trunk@57826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes an issue where the "Bulk select" option was getting selected when only a single user, comment, media, or plugin was selected.
Follow-up to [57745].
Props haritpanchal, swissspidy, sabernhardt, faisal03, sumitbagthariya16, mohitdadhich10.
Fixes#61168.
Built from https://develop.svn.wordpress.org/trunk@58375
git-svn-id: http://core.svn.wordpress.org/trunk@57824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a filter to enable TinyMCE in the media description textarea on the attachment details screen.
The media description field may be used to provide extended descriptions of images and videos, such as a transcript or detailed graphic explanations. In these uses, it will generally require structural elements like paragraphs. Having the ability to enable TinyMCE makes it easier for users to add this content without HTML knowledge.
Props juliemoynat, sebastienserre, mukesh27, joedolson.
Fixes#60158.
Built from https://develop.svn.wordpress.org/trunk@58372
git-svn-id: http://core.svn.wordpress.org/trunk@57821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The search block border was missing inside the wrapper on the front. This was done by adding styles to the theme block styles file along with padding.
Props nidhidhandhukiya, sabernhardt, yurajsinh2211, kamran8176, imranhasanraaz, krupajnanda, harshgajipara, rejaulalomkhan, shailu25, hmbashar, rajinsharwar.
Fixes#60164.
Built from https://develop.svn.wordpress.org/trunk@58369
git-svn-id: http://core.svn.wordpress.org/trunk@57818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The latest comments block space between comments not increases based on typography size. This only impacts the margin if added within a post, widgets on the front-end still only have a 1em margin which is smaller yet variable.
Props pitamdey, sabernhardt, shailu25, harshgajipara, rajinsharwar.
Fixes#59130.
Built from https://develop.svn.wordpress.org/trunk@58367
git-svn-id: http://core.svn.wordpress.org/trunk@57816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the `WP_HTML_Processor` was introduced with its `::create_fragment()`
static creator method, that method has been returning a `new self(...)`.
Unfortunately, this means that subclasses cannot use that method since it
will return the `WP_HTML_Processor` instead of the subclass.
With this patch, the static creator method returns `new static(...)` to preserve
the intended behavior. A new test asserts this behavior for future changes.
Developed in https://github.com/WordPress/wordpress-develop/pull/6729
Discussed in https://core.trac.wordpress.org/ticket/61374
Props dmsnell, jonsurrell.
Follow-up to [56274].
Fixes#61374.
Built from https://develop.svn.wordpress.org/trunk@58363
git-svn-id: http://core.svn.wordpress.org/trunk@57812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The oEmbed endpoint for SlideShare is effectively deprecated and throws an error for the majority of slide-decks using the service.
Capitalize the name of the service in the deprecation notice in accordance with the wordmark.
Props peterwilsoncc, mukesh27, swissspidy, talldanwp, dd32.
Fixes#61349.
Built from https://develop.svn.wordpress.org/trunk@58362
git-svn-id: http://core.svn.wordpress.org/trunk@57811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Stores the font file sub-directory in the `wp_font_face` post meta. Similar to attachments, only the portion of the path relative to the base directory is stored.
This ensures the files can be deleted alongside their post on sites using a plugin to store font files in sub-directories. Previously running such a plugin would result in the files remaining on the file system post delete.
Props costdev, grantmkin, peterwilsoncc.
Fixes#61297.
Built from https://develop.svn.wordpress.org/trunk@58353
git-svn-id: http://core.svn.wordpress.org/trunk@57805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix issue where the image details would shift position during AJAX updates in the media modal. Occurred when the Attachment Details heading was translated into a language where the text no longer alowed space for the 'Saved' message to the right of the message.
Props pavelevap, SergeyBiryukov, antpb, joedolson, shailu25.
Fixes#27914.
Built from https://develop.svn.wordpress.org/trunk@58352
git-svn-id: http://core.svn.wordpress.org/trunk@57804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This prevents workflow runs in older branches that are using older versions of runner images from displaying the wrong operating system in job names.
Because the updated files are reusable, this change will automatically fix the issue in all older branches without the need to backport.
See #61213.
Built from https://develop.svn.wordpress.org/trunk@58351
git-svn-id: http://core.svn.wordpress.org/trunk@57803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a new input to separate the ability to save the built WordPress ZIP from generating the artifacts necessary for comments with Playground testing details.
The ZIP file is used by the performance testing workflow for performing comparisons, so it should be built and saved for every `push` event. The Playground related steps should only run on `pull_request`.
Follow up to [58274].
Props jorbin.
See #59416.
Built from https://develop.svn.wordpress.org/trunk@58345
git-svn-id: http://core.svn.wordpress.org/trunk@57801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds additional hardening to the Autoload options Health Check to avoid potential bugs when extenders return unserialzed values from `wp_load_alloptions()`.
Follow-up to [58332].
Props mukesh27, joemcgill, westonruter.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58338
git-svn-id: http://core.svn.wordpress.org/trunk@57794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$comment_id` parameter of the `get_comment_author` filter is documented as a numeric string, however in case a non-existing comment ID is passed to the `get_comment_author()` function, it could be an integer instead.
This commit resolves the issue and adds a PHPUnit test demonstrating the behavior.
Includes updating `get_comment_author_url()` unit tests for consistency.
Follow-up to [41127], [52818].
Props david.binda.
Fixes#60475.
Built from https://develop.svn.wordpress.org/trunk@58335
git-svn-id: http://core.svn.wordpress.org/trunk@57791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This caches the generated CSS from block nodes in merged Theme JSON data to avoid repeated costly operations required to compute style properties for blocks. The generated CSS is saved to a transient that expires every hour.
Props thekt12, spacedmonkey, pereirinha, mukesh27, isabel_brison, oandregal, andrewserong, ramonjd.
Fixes#59595.
Built from https://develop.svn.wordpress.org/trunk@58334
git-svn-id: http://core.svn.wordpress.org/trunk@57790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the `user_activation_key` is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.
Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes#58901.
See #32429
Built from https://develop.svn.wordpress.org/trunk@58333
git-svn-id: http://core.svn.wordpress.org/trunk@57789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new Site Health check that will alert site owners if they are autoloading a large amount of data from the options table, as it could result in poor performance. The issue will be shown if the size of autoloaded options is greater than 800 KB, which can be adjusted using the new `site_status_autoloaded_options_size_limit` filter.
Props mukesh27, joemcgill, rajinsharwar, costdev, audrasjb, krupajnanda, pooja1210, Ankit K Gupta, johnbillion, oglekler.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58332
git-svn-id: http://core.svn.wordpress.org/trunk@57788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows a calling workflow to configure the PHPUnit workflow to `continue-on-error` when one occurs. This is useful for older branches where support for a specific version of PHP was not at 100% within the test suite.
Follow up to [58165], [58269], [58270], [58329].
See #61213.
Built from https://develop.svn.wordpress.org/trunk@58331
git-svn-id: http://core.svn.wordpress.org/trunk@57787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Interactivity API has a concept of "derived state" but it only worked on the client (JavaScript). This is the implementation that mirrors it, so derived state has good server-side solution.
Props jonsurrell, darerodz, gziolo, luisherranz, cbravobernal.
Fixes#61037.
Built from https://develop.svn.wordpress.org/trunk@58327
git-svn-id: http://core.svn.wordpress.org/trunk@57784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset deactivates the download authenticity message by disabling package signature verification, at least until software signing is fully implemented on wordpress.org. The provided message had no actionability and only led to more support.
Props jipmoors, afercia, bridgetwillard, s0what, rajinsharwar, audrasjb, johnbillion, peterwilsoncc.
Fixes#47315.
Built from https://develop.svn.wordpress.org/trunk@58319
git-svn-id: http://core.svn.wordpress.org/trunk@57776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
