In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/trunk@50006
git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To be able to disable jQuery Migrate as step 3 of updating the jQuery version shipped with WordPress, all `JQMIGRATE` warnings in the browser console will have to be addressed.
This includes many minor adjustments to a wide array of core files.
Follow-up to:
* Step 1: Disabling jQuery Migrate 1.4.1 in WordPress 5.5: [48323], [48324]
* Step 2: Updating jQuery to 3.5.1 and adding jQuery Migrate 3.3.x in WordPress 5.6: [49101], [49338], [49615], [49649]
Props Clorith, azaozz.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50001
git-svn-id: http://core.svn.wordpress.org/trunk@49702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change restructures the Button element styles for better a11y and expected color behaviors. Here what has changed:
- The `button-style()` mixin is now the ''single source or truth'' for how Button should look site-wide.
- Button Block, File Block, and Search form Blocks all rely on this one mixin.
- The same styles is also applied to the `<button>` element which appears in widgets, the 404 search form and comments form.
- Improves expected button styles for various conditions and contexts as follows:
- User color palette selections for Buttons are retained regardless of a parent block’s color settings or dark-mode.
- Supports both Default/Filled styles and Outline styles.
- More consistent `:hover` and `:active` styles.
- `:focus` styles are now always visible and legible.
- Adds a `--local-color` color variable to scope color relationships to nested blocks.
- Reduces selectors in `style.css` output.
- 1:1 experience between editor and front end button styles.
- Properly supports Dark-mode.
Props allancole, poena, scruffian, megphillips91.
Fixes#51927.
Built from https://develop.svn.wordpress.org/trunk@49987
git-svn-id: http://core.svn.wordpress.org/trunk@49688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `get_post_status()` returning `false` for attachments if the parent post has been deleted. The returned attachment post status is now passed through the `get_post_status` filter.
Add tests for `get_post_status()`.
Props peterwilsoncc, timothyblynjacobs for review.
Fixes#52326.
Built from https://develop.svn.wordpress.org/trunk@49985
git-svn-id: http://core.svn.wordpress.org/trunk@49686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new PostCSS plugin, `postcss-discard-duplicates`, which will automatically remove any duplicate CSS rules. All the CSS that is removed shows up again later in the file. This also fixes a bug from `postcss-css-variables`, where media queries are duplicated.
Fixes#52158.
Props poena.
Built from https://develop.svn.wordpress.org/trunk@49980
git-svn-id: http://core.svn.wordpress.org/trunk@49681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TinyMCE was not implemented on the accessibility mode for widgets, disabling text editing fields. Change ensures that TinyMCE is initialized when accessibility mode is set up. Prior implementation hid the text widget fields if they were empty, which they always were for new widgets.
Props MadtownLems, alexstine, hareesh-pillai, dariak
Built from https://develop.svn.wordpress.org/trunk@49973
git-svn-id: http://core.svn.wordpress.org/trunk@49674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows for the string to be distinguished from a post status of the same name, which is useful for better translations in languages were "public" can be masculine or feminine depending on context.
Props audrasjb.
Fixes#52309.
Built from https://develop.svn.wordpress.org/trunk@49962
git-svn-id: http://core.svn.wordpress.org/trunk@49663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a border along the side of admin menu links when hovering or focusing on them, as color should not be the only indicator of link state.
Props accessiblejoe florianziegler afercia rianrietveld michael-arestad ryan hedgefield audrasjb ibdz.
Fixes#28599.
Built from https://develop.svn.wordpress.org/trunk@49961
git-svn-id: http://core.svn.wordpress.org/trunk@49660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If every single label is emphasized with a `<strong>` tag, none of them is really emphasized anymore.
This removes the tags in favor of CSS styling, for consistency with the other labels on the screen.
Props chemiker, audrasjb, mukesh27, paaljoachim, estelaris, ibdz, SergeyBiryukov.
Fixes#52232.
Built from https://develop.svn.wordpress.org/trunk@49958
git-svn-id: http://core.svn.wordpress.org/trunk@49657 1a063a9b-81f0-0310-95a4-ce76da25c4cd