Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.
* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.
Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes#58664.
See #39941.
Built from https://develop.svn.wordpress.org/trunk@56687
git-svn-id: http://core.svn.wordpress.org/trunk@56199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This new function makes it easier to switch to a specific user’s locale by reducing duplicate code and storing the user’s ID as additional context for plugins to consume. Existing usage of `switch_to_locale()` in core has been replaced with `switch_to_user_locale()` where appropriate.
Also, this change ensures `WP_Locale_Switcher` properly filters `determine_locale` so that anyyone using the `determine_locale()` function will get the correct locale information when switching is in effect.
Props costdev.
Fixes#57123.
See #26511.
Built from https://develop.svn.wordpress.org/trunk@55161
git-svn-id: http://core.svn.wordpress.org/trunk@54694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133
git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$default` parameter to `$default_value` in `WP_Customize_Widgets` class methods.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53257
git-svn-id: http://core.svn.wordpress.org/trunk@52846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new `WP_Block_Editor_Context::$name` and field. This allows plugin
developers to tell which block editor is being loaded when using filters such as
`allowed_block_types_all` and `block_editor_rest_api_preload_paths`.
Fixes#55301.
Props talldanwp, gziolo, andraganescu.
Built from https://develop.svn.wordpress.org/trunk@52942
git-svn-id: http://core.svn.wordpress.org/trunk@52531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By setting 'theme_supports' on the panel, we ensure that the Widgets panel is
removed if a theme does not have support for 'widgets'.
This makes the behaviour of the Widgets and Menus panels consistent.
Follows [52621].
See #54888.
Props hellofromTonya, costdev, peterwilsoncc.
Built from https://develop.svn.wordpress.org/trunk@52622
git-svn-id: http://core.svn.wordpress.org/trunk@52210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the new name is much better, it doesn't fully tell what will happen when invoked nor does it fully solve the root problems.
Why? The function is doing too much. And naming is hard.
Props azaozz, desrosj, andraganescu, zieladam, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51791
git-svn-id: http://core.svn.wordpress.org/trunk@51398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original name `retrieve_widgets()` was unclear as it suggested it was a getter, i.e. getting the widgets. This function does more than get: finds orphaned widgets, assigns them to the inactive sidebar, and updates the database.
The new name is `sync_registered_widgets()` which better represents what happens when this function is invoked.
The original `retrieve_widgets()` function is soft deprecated to avoid unnecessary code churn downstream for developers that support more than the latest version of WordPress.
Follow-up to [18630].
Props zieladam, timothyblynjacobs, andraganescu, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51705
git-svn-id: http://core.svn.wordpress.org/trunk@51311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_block_categories()` function expects either a `WP_Post` or a `WP_Block_Editor_Context` instance as the context argument, not a string.
Follow-up to [50996], [50997].
Props Enchiridion, pbearne, audrasjb.
Fixes#53757.
Built from https://develop.svn.wordpress.org/trunk@51700
git-svn-id: http://core.svn.wordpress.org/trunk@51306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a regression introduced in [50996] where sites that have been opted-out of the block-based widget editor experienced an “Invalid value.” error when adding a new widget to a sidebar in the Customizer.
This was caused by the early return value was changed to `null` from `$value` when set to an empty `array`, resulting in the widget being evaluated as invalid elsewhere.
Props jamesros161, caseymilne, naoki0h, ixkaito, zieladam, noisysocks, hellofromTonya.
Fixes#53479.
Built from https://develop.svn.wordpress.org/trunk@51232
git-svn-id: http://core.svn.wordpress.org/trunk@50841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing `@since` tags for the `$id_base` parameter of ::sanitize_widget_instance()` and `::sanitize_widget_js_instance()`.
* Document the usage of `$wp_widget_factory` global in `::sanitize_widget_instance()`.
* Use multi-line comment syntax for a comment in `::enqueue_scripts()`.
Follow-up to [50996], [51141].
See #52628.
Built from https://develop.svn.wordpress.org/trunk@51142
git-svn-id: http://core.svn.wordpress.org/trunk@50751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the widgets block editor from Gutenberg into WordPress Core.
- Adds @wordpress/edit-widgets, @wordpress/customize-widgets and
@wordpress/widgets.
- Modifies wp-admin/widgets.php to branch between the old editor and new editor
depending on wp_use_widgets_block_editor().
- Modifies WP_Customize_Widgets to branch between the old editor control and new
editor control depending on wp_use_widgets_block_editor().
Fixes#51506.
Props isabel_brison, TimothyBlynJacobs, andraganescu, kevin940726, talldanwp.
Built from https://develop.svn.wordpress.org/trunk@50996
git-svn-id: http://core.svn.wordpress.org/trunk@50605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make the structure of `::$rendered_sidebars` and `::$rendered_widgets` properties consistent.
This resolves an issue with every widget being marked as inactive by default on the Widgets panel.
Props dlh, afercia, SergeyBiryukov.
Fixes#50508.
Built from https://develop.svn.wordpress.org/trunk@48299
git-svn-id: http://core.svn.wordpress.org/trunk@48068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- debounces the widgets search to avoid multiple `speak()` audible messages while typing: search results and messages are now triggered when users stop typing
- clarifies the Remove button title attribute
- removes a couple unnecessary `preventDefault()`
Props davetgreen, afercia.
Fixes#28888.
Built from https://develop.svn.wordpress.org/trunk@44825
git-svn-id: http://core.svn.wordpress.org/trunk@44657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd