Adds a new filter `'http_allowed_safe_ports'` to control which ports are allowed for remote requests. By default, ports 80, 443, and 8080 are allowed for safe remote requests.
Adds tests.
Follow-up to [24480].
Props xknown, johnbillion, jorbin, costdev, dd32.
Fixes#54331.
Built from https://develop.svn.wordpress.org/trunk@52084
git-svn-id: http://core.svn.wordpress.org/trunk@51676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new `wp_mail_succeeded` action in `wp_mail` after the mail is sent. Also, adds a disclaimer to the hook's docblock, clarifying that the hook's firing doesn't necessarily mean the recipient received the mail, only that the mail was processed without any errors.
Props birgire, donmhico, johnbillion.
Fixes#53826.
Built from https://develop.svn.wordpress.org/trunk@52083
git-svn-id: http://core.svn.wordpress.org/trunk@51675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a privacy policy is set, the page links to the footer of the site. As done in the other bundled themes, this link is added using `the_privacy_policy_link()`.
Follow-up to [49216].
Props ryelle, desrosj, kapilpaul, sabernhardt, audrasjb, justinahinon.
Fixes#53445.
Built from https://develop.svn.wordpress.org/trunk@52082
git-svn-id: http://core.svn.wordpress.org/trunk@51674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-Two arrives during an exciting time for WordPress themes. With the advent of Full Site Editing and Global Styles, themes are changing structurally and functionally to enable far more avenues for customization than users have come to expect in the past.
To take advantage of these new abilities, Twenty Twenty-Two has been designed to be the most flexible default theme ever created for WordPress.
Props sourav926, aristath, audrasjb, bgardner, briceduclos, poena, colorful-tones, dgwyer, dimadin, gregrickaby, ellenbauer, jffng, kafleg, karmatosed, kraftbj, kjellr, littlebigthing, onemaggie, matveb, mburridge, mtoensing, nickcernis, nielslange, williampatton, pgking, ribaricplusplus, scruffian, soean, utz119, youknowriad, desrosj, richtabor.
See #54318.
Built from https://develop.svn.wordpress.org/trunk@52081
git-svn-id: http://core.svn.wordpress.org/trunk@51673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit introduces the `/wp/v2/menus`, `/wp/v2/menu-items` and `/wp/v2/menu-locations` REST API endpoints. These endpoints are fully available to users with the `edit_theme_options` capability, but can be read by any user who can edit a REST API available post type.
The `nav_menu` taxonomy and `nav_menu_item` post type now map their capabilities to the `edit_theme_options` primitive capability. This allows developers to provide more fine-grained access control. However, if a developer is currently dynamically removing the `edit_theme_options` capability using `map_meta_cap`, they should use the `user_has_cap` filter instead.
The `wp_update_nav_menu_item()` function has been adjusted to return an error if saving the menu item post or assigning the menu item to a menu generate an error.
Lastly, a new menu item type is introduced, `block`, that can be used to store a Block as a menu item.
Props andraganescu, antonvlasenko, dingo_d, dlh, isabel_brison, kadamwhite, Mamaduka, NateWr, noisysocks, peterwilsoncc, ryelle, schlessera, soean, Spacedmonkey, talldanwp, TimothyBlynJacobs, tobifjellner, westonruter, wpscholar, zieladam.
Fixes#40878.
Built from https://develop.svn.wordpress.org/trunk@52079
git-svn-id: http://core.svn.wordpress.org/trunk@51671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes the use of `get_theme_file_path()` within `WP_Theme_JSON_Resolver` in favor of the similar `get_file_path_from_theme()` method.
The former is found within `wp-includes/link-template.php`, which is not currently loaded when `load-styles.php` attempts to load the necessary styles. `self::get_file_path_from_theme()` was used previously, but this was changed in [52049].
Props Mamaduka, audrasjb, hellofromTonya, jorbin, desrosj.
Fixes#54401. See #54336.
Built from https://develop.svn.wordpress.org/trunk@52077
git-svn-id: http://core.svn.wordpress.org/trunk@51669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds the `wp_login_url()` login link to the Error message to be more helpful to users when their user email already is registered.
Improves the error message to more clearly communicate next step.
Follow-up to [16009], [22124], [31963].
Props andynick, costdev, dansoschin, sabernhardt, webcommsat.
Fixes#53631.
Built from https://develop.svn.wordpress.org/trunk@52074
git-svn-id: http://core.svn.wordpress.org/trunk@51666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- First pass at adding the site editor from the Gutenberg plugin to
wp-admin/site-editor.php.
- Adds miscellaneous PHP changes from Gutenberg 10.1 - 11.9.
Follows [52042].
See #54337.
Props youknowriad, aristath, hellofromtonya, gziolo.
Built from https://develop.svn.wordpress.org/trunk@52069
git-svn-id: http://core.svn.wordpress.org/trunk@51661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The code in `wp_list_filter()` was a duplicate of `wp_filter_object_list()`, minus the `WP_List_Util::pluck()` (used when `$field` is configured).
In testing the wrapper, discovered an edge case (and potential bug) in `WP_List_Util::filter()` where if the operator matches an empty array was returned without resetting the output property. Without that property being set correctly, `WP_List_Util::get_output()` was not correct. This commit also fixes this by resetting the property to an empty array.
Follow-up to [15686], [17427], [38928], [51044].
Props pbearne, sergeybiryukov, hellofromTonya.
Fixes#53988.
Built from https://develop.svn.wordpress.org/trunk@52066
git-svn-id: http://core.svn.wordpress.org/trunk@51658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements the refined lazy-loading behavior outlined in https://make.wordpress.org/core/2021/07/15/refining-wordpress-cores-lazy-loading-implementation/ in order to improve the Largest Contentful Paint metric, which can see a regression from images or iframes above the fold being lazy-loaded. Adjusting this so far has been possible for developers via filters and still is, however this enhancement brings a more accurate behavior out of the box for the majority of themes.
Specifically, this changeset skips the very first "content image or iframe" on the page from being lazy-loaded. "Content image or iframe" denotes any image or iframe that is found within content of any post in the current main query loop as well as any featured image of such a post. This applies both to "singular" as well as "archive" content: On a "singular" page the first image/iframe of the post is not lazy-loaded, while on an "archive" page the first image/iframe of the _first_ post in the query is not lazy-loaded.
This approach refines the lazy-loading behavior correctly for the majority of themes, which use a single-column layout for post content. For themes with multi-column layouts, a new `wp_omit_loading_attr_threshold` filter can be used to change how many of the first images/iframes are being skipped from lazy-loaded (default is `1`). For example, a theme using a three-column grid of latest posts for archives could use the filter to override the threshold to `3` on archive pages, so that the first three content images/iframes would not be lazy-loaded.
Props adamsilverstein, azaozz, flixos90, hellofromtonya, jonoaldersonwp, mte90, rviscomi, tweetythierry, westonruter.
Fixes#53675. See #50425.
Built from https://develop.svn.wordpress.org/trunk@52065
git-svn-id: http://core.svn.wordpress.org/trunk@51657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new function called `wp_list_users()`. Similar to other list functions such as `wp_list_authors()`, it lists all the users of the site. Options are available to configure the HTML output.
Following the same pattern of the other list functions, the list's HTML output is rendered by default. Setting the `echo` argument to `false`, returns the list's HTML output.
A new test class is included.
Props afercia, audrasjb, chriscct7, costdev, desrosj, greenshady, hellofromTonya, mte90, nacin, rohan013, sergeybiryukov.
Fixes#15145.
Built from https://develop.svn.wordpress.org/trunk@52064
git-svn-id: http://core.svn.wordpress.org/trunk@51656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the bookmarks walker `_walk_bookmarks()`, add a `'noopener'` to the bookmark's `rel` attribute when there's `target` attribute.
Adds a new test class for `wp_list_bookmarks()` and tests for this change.
Follow-up to [3880], [10712].
Props birgire, costdev, hellofromTonya, mukesh27 , sergeybiryukov, tw2113.
Fixes#53839.
Built from https://develop.svn.wordpress.org/trunk@52061
git-svn-id: http://core.svn.wordpress.org/trunk@51653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Load a language switcher on the login and registration screens that allows users to choose any already-installed language. Set user locale on registration.
Props johnbillion, Nikschavan, afercia, sabernhardt, garrett-eclipse, keyur5, paaljoachim, Clorith, tobifjellner.
Fixes#43700.
Built from https://develop.svn.wordpress.org/trunk@52058
git-svn-id: http://core.svn.wordpress.org/trunk@51650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change intends to better guide users towards many of the useful resources available on WordPress.org.
* Appearance/Customizer - Add link to Customizer docs.
* Appearance/Editor - Improve link text & destination.
* Privacy Settings - Link to Privacy Settings docs.
* Site Health - Link to Site Health docs.
Props audrasjb, jdy68, webcommsat.
Fixes#54357.
Built from https://develop.svn.wordpress.org/trunk@52053
git-svn-id: http://core.svn.wordpress.org/trunk@51645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds global styles user content escaping. In addition, it ports the logic on the Gutenberg plugin implemented on WordPress/gutenberg#28061 to the core.
The logic tries to follow what was done for standard post content.
See #54336.
Props oandregal.
Built from https://develop.svn.wordpress.org/trunk@52052
git-svn-id: http://core.svn.wordpress.org/trunk@51644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to `wp_array_slice_assoc()` or other array-related functions, this appears to be a general-purpose function unrelated to the Formatting component.
Add missing `public` visibility keyword.
Follow-up to [52037].
See #53971.
Built from https://develop.svn.wordpress.org/trunk@52048
git-svn-id: http://core.svn.wordpress.org/trunk@51640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates several NPM dependencies to their latest (or latest allowed) versions for bundled themes that have a `package.json` file (Twenty Nineteen and newer).
These updates did not result in any changes to the built files in Twenty Nineteen or Twenty Twenty. Some unnecessary parenthesis have been removed from `calc()` function calls within Twenty Twenty-One.
This change also contains several updates to the `package-lock.json` files made by running `npm audit fix` within each of these themes.
See #53361.
Built from https://develop.svn.wordpress.org/trunk@52047
git-svn-id: http://core.svn.wordpress.org/trunk@51639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates several NPM dependencies to their latest (or latest allowed) versions.
- `autoprefixer` from `9.8.6` to `9.8.8`
- `chalk` from `4.1.1` to `4.1.2`
- `grunt-contrib-concat` from `1.0.1` to `2.0.0`
- `grunt-contrib-jshint` from `3.0.0` to `3.1.1`
- `grunt-contrib-qunit` from `4.0.0` to `5.1.1`
- `qunit` from `2.16.0` to `2.17.2`
- `sass` from `1.34.1` to `1.43.4`
- `sinon` from `11.1.1` to `12.0.1`
- `sinon-test` from `3.1.0` to `3.1.1`
- `uglify-js` from `3.13.9` to `3.14.3`
- `wait-on` from `5.3.0` to `6.0.0`
This change also contains several updates to the `package-lock.json` file made by running `npm audit fix`.
See #53361.
Built from https://develop.svn.wordpress.org/trunk@52046
git-svn-id: http://core.svn.wordpress.org/trunk@51638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As a follow-up to [52024], simplifies the strict boolean type check to conserve memory and processing. Also includes an explanation of why a strict boolean is required as the returned filtered value. This commit is consistent with the implementation in [52043].
Follow-up to [33666], [36402], [52024].
Props hellofromTonya, peterwilsoncc, cybr, jrf.
Fixes#49628.
Built from https://develop.svn.wordpress.org/trunk@52045
git-svn-id: http://core.svn.wordpress.org/trunk@51637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These checks were added in [51193] and [51197] as a temporary measure to prevent a site owner from activating a Full Site Editing theme when Gutenberg plugin was not active.
Because Core only had partial support for the features required for FSE, the front end of the site would display a white screen or error message to visitors. Unless the site owner visited the front end, there would be no indication that there was a problem.
Since 5.9 will include the remaining features required for FSE, these checks can be removed.
Props poena, jffng.
Fixes#54366. See #534190.
Built from https://develop.svn.wordpress.org/trunk@52044
git-svn-id: http://core.svn.wordpress.org/trunk@51636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new filter 'is_post_status_viewable' which allows overriding the check.
The function's return signature is a boolean type. This commit ensures
the return signature remains unchanged by requirinng a strict boolean
type of the returned filtered value.
Why?
* To maintain this signature and backwards-compatibility.
* To future prepare for PHP 8.1 and beyond.
An explanation is included in the filter's DocBlock.
Follow-up to [50130].
Props audrasjb, hellofromTonya, peterwilsoncc.
Fixes#54375.
Built from https://develop.svn.wordpress.org/trunk@52043
git-svn-id: http://core.svn.wordpress.org/trunk@51635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the JS packages up to date and is the first step that will allow us
to include the other block editor updates for WordPress 5.9:
FSE infrastrucutre, site editor and global styles.
Props noisysocks.
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52042
git-svn-id: http://core.svn.wordpress.org/trunk@51634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds the wp_global_styles custom post type following the same approach used to add other core custom post types. It also updates the wp_theme taxonomy to include the wp_global_styles post type.
The post type is registered in the same way it is on the plugin we just adapt the location for the core.
See #54336.
Props oandregal.
Built from https://develop.svn.wordpress.org/trunk@52041
git-svn-id: http://core.svn.wordpress.org/trunk@51633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When styles got inlined, relative URLs break. The problem was that URLs inside CSS files are relative to the stylesheet's path, and when styles get inlined that relation is lost. This patch fixes the issue by finding relative URLs which then get modified to be relative to the site's root.
Fixes#54243.
Props aristath, cdyerkes, hellofromtonya.
Built from https://develop.svn.wordpress.org/trunk@52036
git-svn-id: http://core.svn.wordpress.org/trunk@51628 1a063a9b-81f0-0310-95a4-ce76da25c4cd