- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 6.0 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/6.0@57395
git-svn-id: http://core.svn.wordpress.org/branches/6.0@56901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- REST API: Limit `search_columns` for users without `list_users`.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
- Restrict media shortcode ajax to certain type
- REST API: Ensure no-cache headers are sent when methods are overriden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 6.0 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/6.0@56870
git-svn-id: http://core.svn.wordpress.org/branches/6.0@56381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates three GitHub Actions to their latest versions:
- `shivammathur/setup-php`
- `actions/cache`
- `wow-actions/welcome`
The welcome action now uses the `GITHUB_TOKEN` by default, so it no longer needs to be passed manually.
Merges [54651] and [55487] to the 6.0 branch.
See #56793, #57572.
Built from https://develop.svn.wordpress.org/branches/6.0@55490
git-svn-id: http://core.svn.wordpress.org/branches/6.0@55023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 6.0 branch.
Fixes#57306.
See #56793.
Built from https://develop.svn.wordpress.org/branches/6.0@54975
git-svn-id: http://core.svn.wordpress.org/branches/6.0@54527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a bug in Featured Image blocks where `object-fit` was being removed during the `render_callback`.
Props raduiason, pbiron, kebbet, SergeyBiryukov, bernhard-reiter, ironprogrammer, xknown, audrasjb, ckanderson22, ivanjeronimo, seriouslysenpai, davidbaumwald.
Merges [54675] to the 6.0 branch.
Fixes#56855.
Built from https://develop.svn.wordpress.org/branches/6.0@54763
git-svn-id: http://core.svn.wordpress.org/branches/6.0@54315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `Europe/Kiev` timezone has been deprecated in PHP 8.2 and replaced with `Europe/Kyiv`.
The tests updated in this commit are testing the WordPress date/time functionality. They are **not** testing whether WP or PHP can handle deprecated timezone names correctly.
To ensure the tests follow the original purpose, the use of `Europe/Kiev` within these tests is now replaced with the `Europe/Helsinki` timezone, which is within the same timezone as `Europe/Kyiv`. This should ensure that these tests run without issue and test what they are supposed to be testing on every supported PHP version (unless at some point in the future `Europe/Helsinki` would be renamed, but that's a bridge to cross if and when).
Note: Separate tests should/will be added to ensure that relevant date/time related functions handle a deprecated timezone correctly, but that is not something ''these'' tests are supposed to be testing.
Follow-up to [45853], [45856], [45876], [45882], [45887], [45908], [45914], [46577], [46154], [46580], [46864], [46974], [54207].
Props jrf, costdev, SergeyBiryukov.
Merges [54217] to the 6.0 branch.
See #56468.
Built from https://develop.svn.wordpress.org/branches/6.0@54512
git-svn-id: http://core.svn.wordpress.org/branches/6.0@54071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 6.0 branch.
See #56532.
Built from https://develop.svn.wordpress.org/branches/6.0@54430
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings a new version of the Gutenberg code from the [https://github.com/WordPress/gutenberg/tree/wp/6.0 wp/6.0 branch] into core.
- @wordpress/block-directory@3.4.14
- @wordpress/block-editor@8.5.10
- @wordpress/block-library@7.3.14
- @wordpress/customize-widgets@3.3.14
- @wordpress/edit-post@6.3.14
- @wordpress/edit-site@4.3.14
- @wordpress/edit-widgets@4.3.14
- @wordpress/editor@12.5.10
- @wordpress/format-library@3.4.10
- @wordpress/reusable-blocks@3.4.10
- @wordpress/widgets@2.4.10
Props gziolo, SergeyBiryukov.
Merges [53929] to the 6.0 branch.
Fixes#56414.
Built from https://develop.svn.wordpress.org/branches/6.0@53930
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function was using the `array_column()` PHP function on an array of objects, which works as expected on PHP 7 or later, but not on PHP 5.6.
This resulted in customized templates being listed multiple times on the Templates and Template Parts screens, and being repeatedly added between lists when switching between the screens.
The issue is now resolved by replacing `array_column()` with the `wp_list_pluck()` WordPress core function, which provides consistent behavior beetween PHP versions.
Reference: [https://github.com/php/php-src/blob/PHP-7.0.0/UPGRADING#L626 PHP 7.0 Upgrade Notes: array_column()].
Props uofaberdeendarren, antonvlasenko, ironprogrammer, jonmackintosh, costdev, hellofromTonya, swissspidy, rudlinkon.
Merges [53927] to the 6.0 branch.
Fixes#56271.
Built from https://develop.svn.wordpress.org/branches/6.0@53928
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes a transparent circle SVG smaller by removing empty space to match the height of other images in the same section, so that all three columns are aligned correctly.
Follow-up to [53339].
Props sabernhardt, weboccults, ironprogrammer, webcommsat, marybaum, oglekler.
Merges [53924] to the 6.0 branch.
Fixes#56210.
Built from https://develop.svn.wordpress.org/branches/6.0@53925
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When registering block through PHP, using `register_block_type` function, newly introduced `ancestor` block setting in `block.json` was not recognised. It worked though, when block is registered from JavaScript.
Props lovor, annezazu, gziolo.
Merges [53718] to the 6.0 branch.
Fixes#56184.
Built from https://develop.svn.wordpress.org/branches/6.0@53923
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 6.0 there is now a functionality that allows to register selected remote patterns (from the Pattern Directory) via `theme.json`. However, it requires to fully enable all core and remote patterns. This can be a blocker for user adoption.
Many theme authors want to have all core and remote patterns disabled by default using `remove_theme_support( 'core-block-patterns' )`. This changeset ensures they are serving only patterns relevant to their theme.
It removes theme support check from the function that registers remote patterns specified in `theme.json`. This allows theme authors to disable core patterns but then selectively register the ones they want from the Pattern Directory. If a theme author intentionally specifies patterns in `theme.json`, they probably intend for them to be present in the pattern inserter and the check is not required.
This change will make the Pattern Directory more appealing/usable from a theme author's perspective.
Props ndiego, ryelle, audrasjb.
Merges [53793] to the 6.0 branch.
Fixes#56112.
Built from https://develop.svn.wordpress.org/branches/6.0@53903
git-svn-id: http://core.svn.wordpress.org/branches/6.0@53462 1a063a9b-81f0-0310-95a4-ce76da25c4cd