This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
Built from https://develop.svn.wordpress.org/trunk@53455
git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, only users with the `edit_theme_options` capability can access the sidebars and widgets REST API endpoints. In this commit, A new `show_in_rest` parameter is added to the `register_sidebar` function. When enabled, all users will be able to access that sidebar and any widgets belonging to that sidebar.
This commit reduces the `context` for a widget's `instance` information to only `edit`. This is to ensure that internal widget data is not inadvertently exposed to the public. A future ticket may expose additional APIs to allow widget authors to indicate that their instance data can be safely exposed. REST API consumers intending to access this `instance` information should take care to explicitly set the `context` parameter to `edit`.
Props spacedmonkey, zieladam.
Fixes#53915.
Built from https://develop.svn.wordpress.org/trunk@52016
git-svn-id: http://core.svn.wordpress.org/trunk@51608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the new name is much better, it doesn't fully tell what will happen when invoked nor does it fully solve the root problems.
Why? The function is doing too much. And naming is hard.
Props azaozz, desrosj, andraganescu, zieladam, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51791
git-svn-id: http://core.svn.wordpress.org/trunk@51398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original name `retrieve_widgets()` was unclear as it suggested it was a getter, i.e. getting the widgets. This function does more than get: finds orphaned widgets, assigns them to the inactive sidebar, and updates the database.
The new name is `sync_registered_widgets()` which better represents what happens when this function is invoked.
The original `retrieve_widgets()` function is soft deprecated to avoid unnecessary code churn downstream for developers that support more than the latest version of WordPress.
Follow-up to [18630].
Props zieladam, timothyblynjacobs, andraganescu, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51705
git-svn-id: http://core.svn.wordpress.org/trunk@51311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing short description for the function.
* Correct function names in `_doing_it_wrong()` calls.
* Document the usage of `$wp_scripts` and `$wp_styles` globals.
* Update syntax for multi-line comment per the documentation standards.
Follow-up to [51387], [51388].
See #53437, #53569.
Built from https://develop.svn.wordpress.org/trunk@51390
git-svn-id: http://core.svn.wordpress.org/trunk@51001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is common that plugins erroneously have `wp-editor` or `wp-edit-post` as a
dependency in a script that is loaded in the new widgets editor. This is a smell
since both `@wordpress/editor` and `@wordpress/edit-post` assume the existence
of a global "post" object which the widgets editor does not have.
[51387] fixes the user-facing errors typically caused by this mistake, but we
can go a step further and warn developers about this by calling
`_doing_it_wrong()` when we detect that the `wp-editor` script or `wp-edit-post`
style is enqueued alongside `wp-edit-widgets` or `wp-customize-widgets`.
See #53437.
Fixes#53569.
Props zieladam, spacedmonkey, TimothyBlynJacobs, andraganescu, dlh.
Built from https://develop.svn.wordpress.org/trunk@51388
git-svn-id: http://core.svn.wordpress.org/trunk@50999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This better aligns with developer expectations, as `add_theme_support()` and `remove_theme_support()` are meant to be called within functions attached to the `after_setup_theme` hook.
This also adds the `widgets-block-editor` feature to the docblock for `add_theme_support()`.
Props kevin940726, caseymilne, jamesros161, noisysocks, Mamaduka, audrasjb, zieladam, hellofromTonya, desrosj.
Fixes#53424.
Built from https://develop.svn.wordpress.org/trunk@51214
git-svn-id: http://core.svn.wordpress.org/trunk@50823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the widgets block editor from Gutenberg into WordPress Core.
- Adds @wordpress/edit-widgets, @wordpress/customize-widgets and
@wordpress/widgets.
- Modifies wp-admin/widgets.php to branch between the old editor and new editor
depending on wp_use_widgets_block_editor().
- Modifies WP_Customize_Widgets to branch between the old editor control and new
editor control depending on wp_use_widgets_block_editor().
Fixes#51506.
Props isabel_brison, TimothyBlynJacobs, andraganescu, kevin940726, talldanwp.
Built from https://develop.svn.wordpress.org/trunk@50996
git-svn-id: http://core.svn.wordpress.org/trunk@50605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reverts the changes to `id_base` from [50953] due to backward compatibility concerns, and instead focuses on the `id` and `class` attributes specifically.
With this change, any backslashes in the `id` or `class` attributes for a namespaced widget class are converted to underscores, making it easier to style the output or target the widget with JavaScript.
Follow-up to [50953].
Fixes#44098.
Built from https://develop.svn.wordpress.org/trunk@50961
git-svn-id: http://core.svn.wordpress.org/trunk@50570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is due to the new `before|after_sidebar` args, which are empty by default, but can introduce markup that causes admin JS to stop working.
Also adds documentation for the `sprintf()` on `before_sidebar`.
Props audrasjb, lpointet.
See #19709.
Built from https://develop.svn.wordpress.org/trunk@49560
git-svn-id: http://core.svn.wordpress.org/trunk@49298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As per the documentation of `call_user_func_array()`, the `$param_arr` should be a (numerically) indexed array, not a string-keyed array.
As we can use the spread operator in PHP 5.6+, there isn't really any need to use `call_user_func_array()` anyhow, we can call the `array_merge()` function directly.
The caveat to this is that the spread operator only works on numerically indexed arrays, so we need to wrap the `$sidebars_widgets` variable in a call to `array_values()` when using the spread operator.
Using `array_values()` in the existing `call_user_func_array()` call would also have solved this, but the solution now proposed, has the added benefit of getting rid of the overhead of `call_user_func_array()`.
Props jrf.
See #50913.
Built from https://develop.svn.wordpress.org/trunk@48839
git-svn-id: http://core.svn.wordpress.org/trunk@48601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Follow-up to [47598]:
- further improves the spacing after [47598] by better scoping the CSS to avoid layout glitches for custom widgets
- changes the RSS widget form to wrap the checkboxes in one single paragraph
Ideally, multiple related checkboxes and radio buttons should be grouped within a fieldset element with a legend. This will be addressed in a new Trac ticket.
Props mukesh27, SergeyBiryukov, sabernhardt.
Fixes#49228.
Built from https://develop.svn.wordpress.org/trunk@48389
git-svn-id: http://core.svn.wordpress.org/trunk@48158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd