Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/trunk@50717
git-svn-id: http://core.svn.wordpress.org/trunk@50326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when exporting personal data, if the JSON encoding of the data failed, the invalid JSON was still written to `export.json`. This change captures the JSON encoding failure and adds a notice to the UI.
Props hellofromTonya, jrf, SergeyBiryukov.
Fixes#52892.
Built from https://develop.svn.wordpress.org/trunk@50713
git-svn-id: http://core.svn.wordpress.org/trunk@50322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [48390], plugins and themes can be updated with an uploaded ZIP file. Strings were added for comparing the "current" and "uploaded" versions of a plugin or theme, but lacked context for each as to the object being referenced. This change adds a `plugin` or `theme` context to each of these strings for disambiguation.
Props dimadin, SergeyBiryukov.
Fixes#53017.
Built from https://develop.svn.wordpress.org/trunk@50705
git-svn-id: http://core.svn.wordpress.org/trunk@50314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the "Reading Settings" page, the post excerpt was referred to as a "Summary". For consistency with the rest of Core, this change updates "summary" to "excerpt" both in the setting and the relevant help tab.
Props SergeyBiryukov, ravipatel, mukesh27.
Fixes#52987.
Built from https://develop.svn.wordpress.org/trunk@50702
git-svn-id: http://core.svn.wordpress.org/trunk@50311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the `playsinline` attribute the video can also autoplay on mobile browsers without asking the user to open it up fullscreen.
Also, change all video element properties to use boolean values.
Props klevyke, ocean90.
Fixes#50111.
Built from https://develop.svn.wordpress.org/trunk@50698
git-svn-id: http://core.svn.wordpress.org/trunk@50307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove `travis:` tasks in Gruntfile.js.
* Remove status badge in README.md that comes from Travis CI via shields.io.
* Remove Travis CI related skipping in the `WP_UnitTestCase_Base::skipOnAutomatedBranches()` test method and related Docker environment variables.
Props johnbillion, SergeyBiryukov, ocean90.
See #52161.
Fixes#52666.
Built from https://develop.svn.wordpress.org/trunk@50697
git-svn-id: http://core.svn.wordpress.org/trunk@50306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Variables created within the scope of a function are discarded automatically when PHP leaves the scope of the function, i.e. on `return`, so doing a call to `unset()` straight before a `return` statement is redundant.
Props jrf, ravipatel, rachelbaker, mukesh27.
Fixes#52996.
Built from https://develop.svn.wordpress.org/trunk@50692
git-svn-id: http://core.svn.wordpress.org/trunk@50301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that contrast between text color and background meets the WCAG 2.0 AA recommended value. The following locations were changed:
- Network List Tables: Use lighter background colors for site status indicator.
- Nav Menus: Use a lighter background color for invalid menu items.
- Pointers: Use a darker background for pointer header.
- Themes: Use darker background on filter button hover.
- Customizer: Use darker background for selected widget.
Follow-up to [50025], [50571].
Props kebbet, melchoyce, peterwilsoncc.
Fixes#52760.
Built from https://develop.svn.wordpress.org/trunk@50687
git-svn-id: http://core.svn.wordpress.org/trunk@50296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improve the check for sourceless or dimensionless media when determining if the lazy loading attribute should be added to iframes and images. Never include the lazy loading attribute on embeds of WordPress posts as the iframe is initially hidden.
Including `loading="lazy"` on initially hidden iframes and images can prevent the media from loading in some browsers.
Props adamsilverstein, fabianpimminger, flixos90, johnbillion, jonkastonka, joyously, peterwilsoncc, SergeyBiryukov, SirStuey, swissspidy.
Fixes#52768.
Built from https://develop.svn.wordpress.org/trunk@50682
git-svn-id: http://core.svn.wordpress.org/trunk@50291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The reorganization of the PHPUnit workflow in [50441] unintentionally caused the tests to be run for every `push` event, even for forks and private mirrors.
Previously, the second job required the first one to pass, and the conditional check on the first prevented both from running. Because the first job is no longer required for the second, both jobs must have the appropriate conditional check.
Fixes#52983.
Built from https://develop.svn.wordpress.org/trunk@50670
git-svn-id: http://core.svn.wordpress.org/trunk@50282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.
Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Fixes#52783.
Built from https://develop.svn.wordpress.org/trunk@50659
git-svn-id: http://core.svn.wordpress.org/trunk@50271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When validating `enum` values as `integer` or `number`, consider a number with a zero fractional part to be equivalent to an integer of the same value.
In `rest_are_values_equal()`, when comparing two values of type `int` or `float` (in any combination), first cast both of them to `float` and then compare.
This matches some test cases from the official JSON Schema test suite.
Follow-up to [50010].
Props yakimun, stefanjoebstl, TimothyBlynJacobs, rachelbaker.
Fixes#52932.
Built from https://develop.svn.wordpress.org/trunk@50653
git-svn-id: http://core.svn.wordpress.org/trunk@50265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
Built from https://develop.svn.wordpress.org/trunk@50641
git-svn-id: http://core.svn.wordpress.org/trunk@50253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [48242], the `link-manager` plugin is copied from `DIR_TESTDATA/plugins` to `DIR_TESTDATA` during the REST API unit tests, but was not cleaned up afterward. This created a "dirty" local working copy. This change `unlink`s the copied plugin from `DIR_TESTDATA` after unit tests are completed.
Props johnbillion, TimothyBlynJacobs, desrosj, rachelbaker.
Fixes#52579.
Built from https://develop.svn.wordpress.org/trunk@50633
git-svn-id: http://core.svn.wordpress.org/trunk@50245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [47198], parentheses were removed from `include` and `require` statements, as they are language constructs, not function calls. However, [50161] introduced a new `require_once` instance in `wp-admin/options-privacy.php`. This change removes the unnecessary parentheses.
See #53627.
Built from https://develop.svn.wordpress.org/trunk@50631
git-svn-id: http://core.svn.wordpress.org/trunk@50243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that `wp-format-library` assets are always loaded for the block editor. Otherwise, they have to be loaded individually for every screen that needs it. It's similar to how `wp-block-directory` assets are handled.
Props ellatrix.
See #52920.
Built from https://develop.svn.wordpress.org/trunk@50620
git-svn-id: http://core.svn.wordpress.org/trunk@50233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following polyfill libraries:
- `formdata-polyfill` from `3.0.13` to `3.0.20`.
- `objectFitPolyfill` from `2.3.4` to `2.3.5`.
- `polyfill-library` from `3.42.0` to `3.104.0`.
Props gziolo, desrosj.
Fixes#52854.
Built from https://develop.svn.wordpress.org/trunk@50615
git-svn-id: http://core.svn.wordpress.org/trunk@50228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `fields` and `orderby` properties in `WP_Term_Query` are arrays and each accepts a variety of keys. To properly indent each key in the docblock, a `*` should be used, not `-`.
Props whyisjake, audrasjb, SergeyBiryukov.
Fixes#52839.
Built from https://develop.svn.wordpress.org/trunk@50614
git-svn-id: http://core.svn.wordpress.org/trunk@50227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 in `wp_privacy_generate_personal_data_export_file()` if the `_export_data_grouped` post meta exists but is not an array.
Additionally, refactor unit tests for the function to:
* Reduce redundant code
* Switch to data provider
* Test on the full HTML output instead of select pieces of the output
* Expand unhappy path coverage
Follow-up to [43012], [44786], [47146], [47278].
Props hellofromTonya, jrf, xknown.
See #51423.
Built from https://develop.svn.wordpress.org/trunk@50613
git-svn-id: http://core.svn.wordpress.org/trunk@50226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was added in [48177] to fix an issue where Puppeteer was not being installed correctly as a dependency of `@wordpress/wp-scripts`. This has been fixed, so this explicit dependency can be removed.
Props isabel_brison, desrosj, SergeyBiryukov.
Fixes#52843.
Built from https://develop.svn.wordpress.org/trunk@50612
git-svn-id: http://core.svn.wordpress.org/trunk@50225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because the changes in Twenty Twelve did not impact site look or functionality, version 3.4 of Twenty Twelve was not released in coordination with WordPress 5.7.
This reverts the portion of [50508] relevant to Twenty Twelve, changing the version back to 3.3 so that version 3.4 is not skipped accidentally when there are changes that should be released.
See #52704.
Built from https://develop.svn.wordpress.org/trunk@50596
git-svn-id: http://core.svn.wordpress.org/trunk@50209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [50441-50442] switched the test workflows to run from `src` instead of `build`, code coverage reporting has stopped working. This was caused by the code coverage configuration continuing to reference `build`. This corrects the configuration so coverage reporting can resume.
This change also introduces the `workflow_dispatch` event to the workflow, which will allow committers to manually run the workflow when desired. For example, to confirm changes to the test suite do not break reporting.
This also adds the `phpunit.xml.dist` and `tests/phpunit/multisite.xml` files to the `paths` list. Since these files are responsible for configuring the test suite and code coverage reporting, any changes to them should verify that no problems were introduced.
Props jrf, johnbillion.
Fixes#52786. See #51734.
Built from https://develop.svn.wordpress.org/trunk@50592
git-svn-id: http://core.svn.wordpress.org/trunk@50205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On TravisCI, old branches still receiving security updates were tested on a regular basis. This ensured tests continued to pass as time passed even if updates were not made to these branches.
On GitHub Actions, there is no interface to configure this (TravisCI had a UI), but there is a `schedule` event that can trigger workflow runs on cron that can be used to accomplish the same thing.
This introduces a workflow file that runs twice a month (on the 1st and 15th) to verify the tests within older branches.
Because the `schedule` event only runs within the primary branch, the appropriate workflows in each old branch will be triggered manually through the `workflow_dispatch` trigger using the GitHub REST API. `workflow_dispatch` will need to be added to all workflows in all old branches in order for the event to dispatch successfully.
Fixes#52653.
Built from https://develop.svn.wordpress.org/trunk@50590
git-svn-id: http://core.svn.wordpress.org/trunk@50203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the wrapper function `wp_getimagesize()` check if the second parameter was passed before sending it to the PHP function `getimagesize()`.
The PHP function has a different execution path depending on the number of parameters passed, this ensures the wrapper function follows the appropriate path.
Follow up to [50552].
Props azaozz, hellofromtonya, Mista-Flo, peterwilsoncc, rinatkhaziev, RogerTheriault, SergeyBiryukov, terriann, whyisjake.
Fixes#52826.
Built from https://develop.svn.wordpress.org/trunk@50586
git-svn-id: http://core.svn.wordpress.org/trunk@50199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change switches out `sprintf` for `printf` on the "Copy suggested policy text from..." button screen reader text. Also, wrap the actual button text in a `<span aria-hidden="true">` to prevent both the button text and the screen reader text from being spoken.
Props mukesh27, SergeyBiryukov, sabernhardt.
Fixes#52891.
Built from https://develop.svn.wordpress.org/trunk@50585
git-svn-id: http://core.svn.wordpress.org/trunk@50198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49178], self-closing `br` tags were switched to non-self-closing `div` elements for "clearing" purposes, but the self-closing "/" remained in place. This fix removes the unnecessary slash.
Props pavelvisualcomposer, audrasjb, sabernhardt, akabarikalpesh, SergeyBiryukov.
Fixes#52878.
Built from https://develop.svn.wordpress.org/trunk@50582
git-svn-id: http://core.svn.wordpress.org/trunk@50195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This disables the `fail-fast` option in the GitHub Actions workflow for testing NPM. This allows all jobs in the test matrix to complete, even if one fails, painting a clear picture of where the issue lies.
Follow up to [50435].
See #52625.
Built from https://develop.svn.wordpress.org/trunk@50579
git-svn-id: http://core.svn.wordpress.org/trunk@50192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent misalignment of "generate password" and "save password" buttons on the password reset screen on narrow screens and in languages requiring longer text than English.
Props audrasjb, grapplerulrich, ryelle.
Fixes#52834.
Built from https://develop.svn.wordpress.org/trunk@50569
git-svn-id: http://core.svn.wordpress.org/trunk@50182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On narrow screens allow the text to wrap in the copy buttons on the privacy policy guide screen to avoid horizontal overflow of the parent container.
Props audrasjb, davidbaumwald, jaymanpandya, paaljoachim, palmiak, sabernhardt, SergeyBiryukov, sumitsingh.
Fixes#52751.
Built from https://develop.svn.wordpress.org/trunk@50568
git-svn-id: http://core.svn.wordpress.org/trunk@50181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a check to `WP_REST_Meta_Fields::delete_meta_value()` ensuring meta data is set before attempting to delete it from the database. If the data does not exist, the delete is considered successful as the data matches the desired state.
Props BrechtVds, goaroundagain, TimothyBlynJacobs.
Fixes#52787.
Built from https://develop.svn.wordpress.org/trunk@50567
git-svn-id: http://core.svn.wordpress.org/trunk@50180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes the mutually exclusive directives check in `wp_robots()`, ie allow both `follow` and `nofollow` to be specified and for `archive` and `noarchive` to be specified.
This fixes a bug in which WordPress would defer to the most permissive over the least permissive. When contradictory instructions are included, WordPress will defer to the search engine's or archivist's resolution policy: generally this is to observe the least, not most permissive.
Props Cybr, flixos90.
Fixes#52713.
Built from https://develop.svn.wordpress.org/trunk@50566
git-svn-id: http://core.svn.wordpress.org/trunk@50179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `get_bookmark()`
* `get_comment()`
* `get_post()`
* `get_children()`
* `wp_get_recent_posts()`
* `wp_get_post_revision()`
* `wp_get_nav_menu_items()`
Follow-up to [45710] for `get_term()`, [48507] for `wpdb::get_row()` and `wpdb::get_results()`.
See #52627.
Built from https://develop.svn.wordpress.org/trunk@50558
git-svn-id: http://core.svn.wordpress.org/trunk@50171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When collapsed or on a small screen, these styles would override the color schemes, causing a dark background to appear regardless of the color scheme's settings. This change also uses `focus-within` to show or hide the menu item's arrow, consistent with how the arrow behaves on hover.
Props afercia, Bueltge.
Fixes#32579.
Built from https://develop.svn.wordpress.org/trunk@50549
git-svn-id: http://core.svn.wordpress.org/trunk@50162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This point release does not add any new Emoji and only slightly modifies 14 existing Emoji without changing their meanings.
Because of this, the same CDN location (currently `/images/core/emoji/13.0.1`) can be updated with the new versions and sites running WordPress 5.6 or higher will start using the updated versions once their cache expires.
See #52852.
Built from https://develop.svn.wordpress.org/trunk@50548
git-svn-id: http://core.svn.wordpress.org/trunk@50161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was added in [48177] to fix an issue where Puppeteer was not being installed correctly as a dependency of `@wordpress/wp-scripts`. This has been fixed, so this explicit dependency can be removed.
Props isabel_brison.
Fixes#52843.
Built from https://develop.svn.wordpress.org/trunk@50540
git-svn-id: http://core.svn.wordpress.org/trunk@50153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the callback is called before the images are loaded, the comparison doesn't work. `wp.domReady` uses `DOMContentLoaded`, which does not guarantee that the images are loaded. This switches to use the `load` event, which waits for all resources to load.
Props vladytimy, joyously, sergeybiryukov.
Fixes#52758.
Built from https://develop.svn.wordpress.org/trunk@50535
git-svn-id: http://core.svn.wordpress.org/trunk@50148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The editor uses the full height of its container, so the added margins cause the visual editor to break out of the container. This removes the top & bottom margins, and makes the left & right margins consistent with the meta box area.
Follow-up to [50465].
Props joseeyoast, audrasjb.
Fixes#52816.
Built from https://develop.svn.wordpress.org/trunk@50534
git-svn-id: http://core.svn.wordpress.org/trunk@50147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `unregister_block_style`, the `$block_name` parameter was documented as an array. This change corrects the type to `string`, as that's what is expected in `WP_Block_Styles_Registry->unregister`.
Props kraftner.
Fixes#52795.
Built from https://develop.svn.wordpress.org/trunk@50528
git-svn-id: http://core.svn.wordpress.org/trunk@50141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, adjust the "Update to latest nightly" button to include the major version number of the nightly build.
This makes the button labels more accurate and provides more clear understanding of what the update will be.
Follow-up to [49984].
Props afragen, pbiron, SergeyBiryukov.
Fixes#52513.
Built from https://develop.svn.wordpress.org/trunk@50506
git-svn-id: http://core.svn.wordpress.org/trunk@50119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change ensures that the text in the Media & Text block is readable when dark background colors are selected.
This is a regression that was introduced in [49987].
Props hellofromTonya, poena, paaljoachim, ryelle.
Fixes#52702.
Built from https://develop.svn.wordpress.org/trunk@50493
git-svn-id: http://core.svn.wordpress.org/trunk@50106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure `current_user_can()` and `user_can()` return the same results for logged out users. For core capabilities this changes `user_can( 0, 'exist' )` to return `true` rather than `false` in line with `current_user_can( 'exist' )` for logged out users.
Convert `current_user_can()` and `current_user_can_for_blog()` to wrapper functions ultimately calling `user_can()`.
Add anonymous user to primitive capability checks as appropriate. Convert `Tests_User_Capabilities::test_other_caps_for_all_roles()` to use a data provider and add tests to check whether user exists in the database (`WP_User::exists()`) as that intentionally differs from the `exist` capability.
Props jjj, johnbillion, peterwilsoncc, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52076.
Built from https://develop.svn.wordpress.org/trunk@50490
git-svn-id: http://core.svn.wordpress.org/trunk@50103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This also adds inline comments to the end of each action installed using a SHA value to make it easier to determine which version of an action is currently being used.
Follow up to [50474,50476].
Props johnbillion.
See #52625.
Built from https://develop.svn.wordpress.org/trunk@50486
git-svn-id: http://core.svn.wordpress.org/trunk@50099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The NPM test GitHub Actions workflow is currently used to verify that `npm install` and `npm run build` will complete successfully on Windows.
This generalizes the workflow and adds testing for Linux and MacOS to confirm that the scripts used to build WordPress also complete successfully in those environments.
Because MacOS workflow runs consume GHA minutes at a 10x rate, it’s added in a separate job in order to perform a more strict check.
This also adds steps to verify that using `npm run build:dev` and `npm run grunt clean`/`npm run grunt clean —dev` run successfully
Props johnbillion.
Fixes#52658.
Built from https://develop.svn.wordpress.org/trunk@50485
git-svn-id: http://core.svn.wordpress.org/trunk@50098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a list of paths to check when determining which workflows to run on `pull_request`. This will prevent certain workflows from running unnecessarily when the files updated are not related to the tests and checks being performed.
Props peterwilsoncc, johnbillion.
Fixes#52667.
Built from https://develop.svn.wordpress.org/trunk@50479
git-svn-id: http://core.svn.wordpress.org/trunk@50090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a more obviously interactive comparison for viewing the color scheme differences. Improvements on RTL and IE11. Update strings to be more clear and consistent. Switch to the CDN for loading images.
Props sarahricker, desrosj, melchoyce, SergeyBiryukov, tikifez, clorith, marybaum, audrasjb, francina, hellofromTonya.
Fixes#52693. See #52347.
Built from https://develop.svn.wordpress.org/trunk@50478
git-svn-id: http://core.svn.wordpress.org/trunk@50089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input.
Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version.
Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur.
Props johnbillion.
See #52625.
Built from https://develop.svn.wordpress.org/trunk@50474
git-svn-id: http://core.svn.wordpress.org/trunk@50085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the logic in `update_https_detection_errors()` to never store error messages from the actual request since they could use a different encoding, which would make storing them in an option potentially fail, leading WordPress to then falsely assume that HTTPS is supported.
While this doesn't actually fix the encoding issue, it is not crucial to do so anyway, since these messages are not used anywhere. A simple differentiation between whether the overall HTTPS request or only the SSL verification failed should be sufficient for the purpose of this function.
Props flixos90, tmatsuur, lukecarbis.
Fixes#52484.
Built from https://develop.svn.wordpress.org/trunk@50471
git-svn-id: http://core.svn.wordpress.org/trunk@50082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjust the background color palette rules so they don't show up on inner containers when they're not supposed to:
- When an inner container block is present, it only applies them to direct children of the block with the background color assigned.
- Since the background color should only be applied to the Cover block's overlay, not to the inner container, it opts that specific block out of this rule.
Props dianeco, kjellr, paaljoachim.
Fixes#52676.
Built from https://develop.svn.wordpress.org/trunk@50466
git-svn-id: http://core.svn.wordpress.org/trunk@50077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The editor uses the full height of its container, so the added margins cause the visual editor to break out of the container. This removes the top & bottom margins, and makes the left & right margins consistent with the meta box area.
Props antonlukin, paaljoachim, felipeelia.
Fixes#52646.
Built from https://develop.svn.wordpress.org/trunk@50465
git-svn-id: http://core.svn.wordpress.org/trunk@50076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 if `error_reporting()` is disabled in `php.ini`.
On systems with this function disabled, it's best to add a dummy function to the `wp-config.php` file, as there are multiple other calls in core or plugins.
However, as this call to the function is run prior to `wp-config.php` loading, it is now wrapped in a `function_exists()` check.
Props peterwilsoncc, fijisunshine, ayeshrajans.
Fixes#52226.
Built from https://develop.svn.wordpress.org/trunk@50447
git-svn-id: http://core.svn.wordpress.org/trunk@50058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, jQuery 1.12.4 was added to the WordPress SVN repo in order to backport an upstream security patch from jQuery 3.4.0.
Now that WordPress includes an unmodified version of jQuery 3.5.1 and no longer needs to maintain a fork, it can be removed from the SVN repo and installed via NPM again as part of the build.
Follow-up to [45342], [49101].
Props peterwilsoncc, SergeyBiryukov.
Fixes#52647.
Built from https://develop.svn.wordpress.org/trunk@50445
git-svn-id: http://core.svn.wordpress.org/trunk@50056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `external-http`, `media`, and `restapi` groups combined take roughly the same time as all the other tests combined. Splitting the test run in two speeds up the PHP 5.6 test runs which are the slowest by quite a margin. The net reduction in duration is only seen on PHP versions older than 7.0 where the reduction is greater than the time taken for the job to be set up.
Props peterwilsoncc, desrosj, johnbillion
Special shout out to manzoorwanijk whose article about running steps in parallel started me down this path.
Fixes#52645
Built from https://develop.svn.wordpress.org/trunk@50444
git-svn-id: http://core.svn.wordpress.org/trunk@50055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some PHPUnit tests were concerned with the state of files in the `build` directory. In order to allow the tests to run without requiring a build to be run first, these have been moved into assertions that run after the build step (and therefore cause it to fail if they do not pass), or into QUnit tests as necessary.
Various other PHPUnit tests implictly depend on built JavaScript files being present. These files are now touched during the test setup to avoid PHP warnings if the `build` files are not present.
The `wp-tests-config-sample.php` file and the GitHub Actions configuration have also been changed so `ABSPATH` uses `src` instead of `build`, therefore allowing the PHPUnit tests to be run without a build having to be run first. This means all new local installations of WordPress will use `src` for PHPUnit testing. If you would like to switch your existing installation over then change the location of `ABSPATH` in `wp-tests-config.php` to point to `src` instead of `build`.
Props peterwilsoncc, iandunn, gziolo, desroj, johnbillion
Fixes#51734
See #45863
Built from https://develop.svn.wordpress.org/trunk@50441
git-svn-id: http://core.svn.wordpress.org/trunk@50052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `actions/cache` GitHub action uses a `key` input to find the desired cache in storage. Currently, this is defined as a combination of the operating system being used, the software being cached (NPM or Composer), PHP version (Composer only), and a hash of the relevant lock file.
The `cache` action also supports a `restore-keys` input, which is an ordered list of keys to use for restoring a cache if no cache hit occurred for the specified key.
However, this means that every time a lock file is updated, the cache is being recreated by first restoring a previous one (when available), and then installing new versions of dependencies on top of that. This results in old, unused versions of dependencies never being removed from the cache.
In this change, the `restore-keys` are removed. This will force a new, fresh cache to be generated when the desired `key` is not matched. In testing, this results in a ~40% reduction in cache size when compared to the latest successful workflow runs. Since there is no way to manually flush the cache in GHA, the benefits of this change will not be seen until the `package-lock.json` and `composer.lock` files are updated, or the cache at the desired key is evicted.
Props johbillion.
See #52660.
Built from https://develop.svn.wordpress.org/trunk@50436
git-svn-id: http://core.svn.wordpress.org/trunk@50047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In GitHub Actions, there is a `fail-fast` option that will cancel all incomplete jobs within a workflow as soon as one failure is encountered. This defaults to `true`.
This is great for alerting you of a failure faster, but does not give you the full picture of what is failing. For example, it’s possible that there is a failing test on 2 versions of PHP, but not others. If `fail-fast` is enabled, it’s impossible to know this.
Even with `fail-fast` disabled, the workflow will still report a failure if one or more jobs produce a failing result.
Props johbillion, jorbin.
Fixes#52612.
Built from https://develop.svn.wordpress.org/trunk@50435
git-svn-id: http://core.svn.wordpress.org/trunk@50046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Different branches have support for different types of testing based on the tooling that was in place at the time each version was branched. The workflows currently in place have patterns configured to match the relevant `branches` and `tags` for each workflow, but only for `push` events.
This copies the patterns for matching supported `branches` over to the `pull_request` event to prevent workflows from running for a pull request to a branch that does not support that workflow.
Fixes#52643.
Built from https://develop.svn.wordpress.org/trunk@50432
git-svn-id: http://core.svn.wordpress.org/trunk@50043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures a transparent logo remains visible while focused. Also cleans up dark mode CSS, consolidating styles and removing overrides that are no longer needed.
Follow up to [50154].
Props poena, sabernhardt, ryelle.
Fixes#52257.
Built from https://develop.svn.wordpress.org/trunk@50423
git-svn-id: http://core.svn.wordpress.org/trunk@50034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This includes many minor adjustments to a wide array of core files to replace shorthands with full declarations.
Follow-up to [50001], [50270], [50367].
Props Clorith, hellofromTonya, peterwilsoncc, adamsilverstein, aristath.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50420
git-svn-id: http://core.svn.wordpress.org/trunk@50031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a reference to `WP_Block_Type::__construct()` for information on accepted arguments in `register_block_type()`.
Synchronize the documentation between several places, use `WP_Block_Type::__construct()` as the canonical source.
Props ediamin, audrasjb, peterwilsoncc.
Fixes#48640.
Built from https://develop.svn.wordpress.org/trunk@50419
git-svn-id: http://core.svn.wordpress.org/trunk@50030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move `wp_get_script_tag()`, `wp_print_script_tag()`, `wp_print_inline_script_tag()` and `wp_get_inline_script_tag()` functions from `functions.php` to `script-loader.php`.
Relocate related tests to `dependencies` sub-directory.
Follow up to [50167].
Props adamsilverstein, hellofromTonya, SergeyBiryukov.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50409
git-svn-id: http://core.svn.wordpress.org/trunk@50020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `wp_localize_script()` (via `WP_Scripts::localize()`) throwing warnings in PHP 8 when the translation data is passed as a string. This maintains backward compatibility with earlier versions of PHP.
Introduce a `_doing_it_wrong()` notice to `WP_Scripts::localize()` if the translation data is not passed as an array.
Props jrf, peterwilsoncc, SergeyBiryukov.
Fixes#52534.
Built from https://develop.svn.wordpress.org/trunk@50408
git-svn-id: http://core.svn.wordpress.org/trunk@50019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.
A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.
Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes#52547.
Built from https://develop.svn.wordpress.org/trunk@50399
git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a maintenance release. Changes include:
* Handle early connection errors such as 421 during connection and EHLO states.
* Make the `mail()` and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whatever `From` is set to, only falling back to the `sendmail_from` php.ini setting if `From` is unset. This avoids errors from the `mail()` function if `Sender` is not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number.
* Extend `parseAddresses` to decode encoded names.
Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.3.0
For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.2.0...v6.3.0
Props ayeshrajans.
Fixes#52577.
Built from https://develop.svn.wordpress.org/trunk@50397
git-svn-id: http://core.svn.wordpress.org/trunk@50008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an "Undefined index" PHP notice in `wp_resource_hints()` tests when running the full test suite.
Remove the unused global from `get_home_url()`.
Follow-up to [25443], [38100], [38174], [50156], [50164].
Props peterwilsoncc.
Fixes#52566.
Built from https://develop.svn.wordpress.org/trunk@50393
git-svn-id: http://core.svn.wordpress.org/trunk@50004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a term, it has to be removed individually from each object it's connected to, which can take some significant time when there are a lot of objects.
By calling `wp_remove_object_terms()` when no default term is required, we can skip the terms fetch/diff step and significantly speed up the deletion process.
Props dd32.
Fixes#52549.
Built from https://develop.svn.wordpress.org/trunk@50389
git-svn-id: http://core.svn.wordpress.org/trunk@50000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The admin bar height custom property is used in `calc` functions, which require consistent unit use, even when the value is zero. A unitless value returns an invalid value for the "height" property, where this variable is used. This also changes the stylelint rule in the theme to allow zero values with a unit, just in custom properties.
Props nico23.
Fixes#52564.
Built from https://develop.svn.wordpress.org/trunk@50388
git-svn-id: http://core.svn.wordpress.org/trunk@49999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #50547, the admin color schemes were added to the customizer UI, but at some point specificity changed and the colors were overridden by the defaults. This brings the color schemes back into the customizer, using the button color as a highlight, with the link color for text to keep things readable.
Follow up to [48371].
Props audrasjb, peterwilsoncc.
Fixes#52230.
Built from https://develop.svn.wordpress.org/trunk@50386
git-svn-id: http://core.svn.wordpress.org/trunk@49997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `blur()` method there is not the jQuery method, but is an HTML DOM method instead.
This makes the Close button on the "View details" modal on Plugins screen functional again.
Follow-up to [50367].
Props afragen.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50383
git-svn-id: http://core.svn.wordpress.org/trunk@49994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure that subsequent renders of a reusable block will render correctly and that recursively inserting a reusable block into itself does not cause an internal server (500) error.
Props bernhard-reiter, SergeyBiryukov.
Fixes#52364.
Built from https://develop.svn.wordpress.org/trunk@50382
git-svn-id: http://core.svn.wordpress.org/trunk@49993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `unstick_post()` if a post ID is duplicated in the `sticky_posts` option remove all instances.
In both `stick_post()` and `unstick_post()` check for duplicate IDs already stored in the `sticky_post` option and remove them if the option is updated.
Props rahmohn, archon810.
Fixes#52007.
Built from https://develop.svn.wordpress.org/trunk@50380
git-svn-id: http://core.svn.wordpress.org/trunk@49991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates older themes to fix alignment, spacing, and font issues to better match the frontend display. Applies to themes: Twenty Eleven, Twenty Thirteen, Twenty Fourteen, Twenty Sixteen, Twenty Seventeen, and Twenty Twenty.
Props burnuser, talldanwp, cristinasoponar, poena, kjellr
Fixes#52009.
Built from https://develop.svn.wordpress.org/trunk@50358
git-svn-id: http://core.svn.wordpress.org/trunk@49969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an explicit relationship between the upload button and the maximum upload limit, moves focus to the error dismiss button if an error occurs, and adds a call to wp.a11y.speak to report the error after it occurs.
Props afercia, anevins, antpb, adamsilverstein, poena
Fixes#47120
Built from https://develop.svn.wordpress.org/trunk@50352
git-svn-id: http://core.svn.wordpress.org/trunk@49963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress Importer plugin is now downloaded to the `tests/phpunit/data/plugins` directory when running `npm run env:install`.
This ensures that the PHPUnit test suite will not fail when the plugin is missing.
This also introduces a new `WP_IMPORTER_REVISION` variable to the `.env` file, to control the SVN revision that is checked out.
Props johnbillion.
Fixes#49720.
Built from https://develop.svn.wordpress.org/trunk@50285
git-svn-id: http://core.svn.wordpress.org/trunk@49930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [49904], [49925], [49992], [50012], [50013], [50065], [50075], [50131], [50150], [50157].
See #38266, #52482.
Built from https://develop.svn.wordpress.org/trunk@50284
git-svn-id: http://core.svn.wordpress.org/trunk@49929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The color palette changes in #49999 introduced some contrast issues on buttons, input elements, and links. This change ensures that all interactive elements have an appropriate contrast ratio.
Follow-up to [50025].
Props audrasjb, joedolson.
Fixes#52402.
Built from https://develop.svn.wordpress.org/trunk@50278
git-svn-id: http://core.svn.wordpress.org/trunk@49923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some files ignored within the `.gitignore` file were not included in the `svn:ignore` property.
This also removed `wp-config.php` and `wp-tests-config.php` from the `svn:ignore` property. It’s already specified in `svn:global-ignores`.
Props johnbillion.
Fixes#49784.
Built from https://develop.svn.wordpress.org/trunk@50277
git-svn-id: http://core.svn.wordpress.org/trunk@49922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the `adjacent_image_link()` function there is a condition that will return a linked image. Previously, the returned image was sent without alt attributes.
Now, `adjacent_image_link()` will include alt attributes of the image's title when an image is returned.
Props joedolson, Mista-Flo, sabernhardt.
Fixes#52387.
Built from https://develop.svn.wordpress.org/trunk@50274
git-svn-id: http://core.svn.wordpress.org/trunk@49919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes#52406
Built from https://develop.svn.wordpress.org/trunk@50271
git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.
In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.
See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.
Props Clorith, pixolin, helen, ratneshk.
Fixes#51466.
Built from https://develop.svn.wordpress.org/trunk@50263
git-svn-id: http://core.svn.wordpress.org/trunk@49908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a bug causing wp.i18n.isRTL() to return false in RTL langauges by manually
loading the translated 'ltr' string for the i18n dependency. This ports over an
identical fix that was made in Gutenberg.
Fixes#52441.
Props @jonsurrell @youknowriad.
Built from https://develop.svn.wordpress.org/trunk@50259
git-svn-id: http://core.svn.wordpress.org/trunk@49904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, date information was unable to be changed when using `media_handle_sideload()`.
Now you can override the date for a media item using `$post_data['post_date']` before using the function.
Props jamesgol, mukesh27, SergeyBiryukov, hellofromTonya, Mista-Flo.
Fixes#50972.
Built from https://develop.svn.wordpress.org/trunk@50258
git-svn-id: http://core.svn.wordpress.org/trunk@49903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add references to `WP_Query` to the documentation of `get_posts()`. As the developer documentation for `WP_Query` includes an expanded explanation a full link to developer.wordpress.org is included rather than a standard `@see`.
Props dam6pl, peterwilsoncc.
See #51852, #51800.
Built from https://develop.svn.wordpress.org/trunk@50257
git-svn-id: http://core.svn.wordpress.org/trunk@49902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, any video or audio playing in the media modal failed to stop playing when the modal was closed. Now we pause the player when the modal is closed.
Props adamsilverstein, hellofromTonya, paaljoachim, Mista-Flo, Clorith, justinahinon, afercia, amolv.
Fixes#48562.
Built from https://develop.svn.wordpress.org/trunk@50256
git-svn-id: http://core.svn.wordpress.org/trunk@49901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the color change was done, the background of plugins with updates had to be manually changed. This section was missed, which caused a visual bug. This fix also removes some redundant CSS for the same element.
Follow-up to [50025].
Props afragen.
Fixes#52452.
Built from https://develop.svn.wordpress.org/trunk@50237
git-svn-id: http://core.svn.wordpress.org/trunk@49898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes improper triggering of the "Are you sure?" prompt when navigating away from the old, "classic" Edit Post screen and there are no changes.
The previous check did not account for Pages or any custom post types that don't have a Title, Content, or Excerpt field.
Follow-up to [50031].
Props hwk-fr, mukesh27, audrasjb, archon810, Clorith, ibiza69, tonysandwich, roger995, bartosz777, viablethought, dbtedg, worldedu, hmabpera, magnuswebdesign.
Fixes#52440.
Built from https://develop.svn.wordpress.org/trunk@50232
git-svn-id: http://core.svn.wordpress.org/trunk@49893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.
We are now using `WP_RUN_CORE_TESTS` instead for consistency.
Props hellofromTonya, SergeyBiryukov.
See #49889.
Built from https://develop.svn.wordpress.org/trunk@50170
git-svn-id: http://core.svn.wordpress.org/trunk@49849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `network_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.
This mirrors the change made earlier for `get_home_url()`.
Follow-up to [12598], [21937], [24844], [50156].
See #52421.
Built from https://develop.svn.wordpress.org/trunk@50168
git-svn-id: http://core.svn.wordpress.org/trunk@49847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.
Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50167
git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed.
Fixes#51660.
Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@50163
git-svn-id: http://core.svn.wordpress.org/trunk@49842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.
Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes#49264.
Built from https://develop.svn.wordpress.org/trunk@50161
git-svn-id: http://core.svn.wordpress.org/trunk@49840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
Built from https://develop.svn.wordpress.org/trunk@50159
git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.
Props jason_the_adams, jnylen0, birgire, dlh.
Fixes#39494.
Built from https://develop.svn.wordpress.org/trunk@50157
git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `get_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.
This addresses the inconsistent behavior of returning different values in the admin and on the frontend.
Follow-up to [12598], [21937], [24844].
Props herregroen, mukesh27.
Fixes#52421.
Built from https://develop.svn.wordpress.org/trunk@50156
git-svn-id: http://core.svn.wordpress.org/trunk@49835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
Built from https://develop.svn.wordpress.org/trunk@50153
git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.
The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.
Props dlh, xkon, TimothyBlynJacobs.
Fixes#46191.
Built from https://develop.svn.wordpress.org/trunk@50150
git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
Built from https://develop.svn.wordpress.org/trunk@50146
git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.
Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes#44354.
Built from https://develop.svn.wordpress.org/trunk@50145
git-svn-id: http://core.svn.wordpress.org/trunk@49824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the functions to return a `WP_Error` object containing more information in case of a problem, instead of just boolean false.
The various `pre_` filters in these functions are also updated so they can return or be passed a `WP_Error` object.
Fixes#49961
Built from https://develop.svn.wordpress.org/trunk@50143
git-svn-id: http://core.svn.wordpress.org/trunk@49822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Runs cron jobs later on sites using alternative cron, ie the `ALTERNATE_WP_CRON` constant is true, to more closely match when standard cron jobs are run. Jobs now run on the `wp_loaded` hook at priority `20`. Prior to this change they would run on the `init` hook. This ensures custom post types and taxonomies are registered prior to the jobs running.
This change also prevents alternative wp-cron from running on archived or suspended multisite blogs as these are shut down prior to the `wp_loaded` hook from running.
Moves the existing functionality of `wp_cron()` in to a new private function `_wp_cron()`.
Props flixos90, jeremyfelt, johnbillion, jrf, kurtpayne, nacin, peterwilsoncc, prettyboymp, r-a-y, ryan, stevenkword, swissspidy.
Fixes#20537, #24160.
Built from https://develop.svn.wordpress.org/trunk@50135
git-svn-id: http://core.svn.wordpress.org/trunk@49814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new filter, `wp_image_src_get_dimensions` to the `wp_image_src_get_dimensions()` function to correct the dimensions returned for a file whenever WordPress isn't able to correctly get the dimensions from attachment metadata.
Fixes#51865.
Built from https://develop.svn.wordpress.org/trunk@50134
git-svn-id: http://core.svn.wordpress.org/trunk@49813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
Built from https://develop.svn.wordpress.org/trunk@50133
git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.
Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.
Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.
Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.
Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes#5272.
Built from https://develop.svn.wordpress.org/trunk@50132
git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `is_post_status_viewable()` as a sibling to `is_post_type_viewable()`. Internal and protected statuses are never considered viewable. For built in posts statuses the `public` attribute is checked, for custom statuses the `publicly_queryable` attribute is checked.
Introduces `is_post_publicly_viewable()` for determining if an individual post can be viewed by logged out users. A post is considered viewable if both `is_post_status_viewable()` and `is_post_type_viewable()` return `true` for the post's attributes.
Additionally modifies `is_post_type_viewable()` to return `false` if an unregistered post type is passed to the function to avoid attempting to access properties on a non-object.
Props peterwilsoncc, SergeyBiryukov, whyisjake, TimothyBlynJacobs.
Fixes#49380.
Built from https://develop.svn.wordpress.org/trunk@50130
git-svn-id: http://core.svn.wordpress.org/trunk@49809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
Built from https://develop.svn.wordpress.org/trunk@50129
git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
Built from https://develop.svn.wordpress.org/trunk@50128
git-svn-id: http://core.svn.wordpress.org/trunk@49807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new endpoints to allow for batch image editing using the REST API.
The new endpoints can take an array of modifiers that will be applied in the order they appear.
Props ajlende, TimothyBlynJacobs, hellofromTonya, Mista-Flo.
Fixes#52192.
Built from https://develop.svn.wordpress.org/trunk@50124
git-svn-id: http://core.svn.wordpress.org/trunk@49803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`render_block_{$this->name}`
This complements the existing `render_block` hook and allows for filtering the content of a specific block without having to use conditionals inside the filter callback.
Props manzoorwani.jk, noisysocks, birgire, johnbillion.
Fixes#46187.
Built from https://develop.svn.wordpress.org/trunk@50123
git-svn-id: http://core.svn.wordpress.org/trunk@49802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
Built from https://develop.svn.wordpress.org/trunk@50121
git-svn-id: http://core.svn.wordpress.org/trunk@49800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make the navigation menu footer sticky so a Save Menu button is always available in the viewport. Improves usability and effectiveness of the interface when in a responsive view.
Props garrett-eclipse, audrasjb, maxpertici, sabernhardt, kburgoine, poena
Fixes#51631
Built from https://develop.svn.wordpress.org/trunk@50115
git-svn-id: http://core.svn.wordpress.org/trunk@49794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.
Props johnbillion, TimothyBlynJacobs.
Fixes#51703.
Built from https://develop.svn.wordpress.org/trunk@50114
git-svn-id: http://core.svn.wordpress.org/trunk@49793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The opt-in form is shown after the comment is submitted and held for moderation.
Sorry this took five years.
Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion
Fixes#33717
Built from https://develop.svn.wordpress.org/trunk@50109
git-svn-id: http://core.svn.wordpress.org/trunk@49788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
Built from https://develop.svn.wordpress.org/trunk@50082
git-svn-id: http://core.svn.wordpress.org/trunk@49782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following dependencies:
- `@wordpress/browserslist-config` from `2.7.0` to `3.0.0`.
- `autoprefixer` from `9.8.5` to `9.8.6`.
- `node-sass` from `4.14.1` to `5.0.0`.
- `postcss-cli` from `7.1.1` to `7.1.2`.
- `postcss-focus-within` from `3.0.0` to `4.0.0`.
- `rtlcss` from `2.5.0` to `2.6.2`.
There are no changes after running `build`.
See #51801.
Built from https://develop.svn.wordpress.org/trunk@50081
git-svn-id: http://core.svn.wordpress.org/trunk@49781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `wp_robots_max_image_preview_large()` function which is hooked into the `wp_robots` filter to include the `max-image-preview:large` directive for all sites which are configured to be indexed by search engines. The directive allows search engines to display large image previews for the site in search results.
Props adamsilverstein, Clorith, flixos90, helen, joostdevalk, tweetythierry, westonruter.
Fixes#51511.
Built from https://develop.svn.wordpress.org/trunk@50078
git-svn-id: http://core.svn.wordpress.org/trunk@49778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following packages:
- `@wordpress/browserslist-config` from `2.6.0` to `2.7.0`.
- `autoprefixer` from `9.6.1` to `9.8.6`.
- `concurrently` from `5.2.0` to `5.3.0`.
- `postcss-cli` from `7.1.1` to `7.1.2`.
- `rtlcss` from `2.5.0` to `2.6.2`.
See #51801.
Built from https://develop.svn.wordpress.org/trunk@50077
git-svn-id: http://core.svn.wordpress.org/trunk@49777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `pre_wp_update_https_detection_errors` filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a `WP_Error` object.
Props timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50075
git-svn-id: http://core.svn.wordpress.org/trunk@49775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following dependencies:
- `@wordpress/browserslist-confg` from `2.7.0` to `3.0.0`.
- `@wordpress/eslint-plugin` from `7.3.0` to `8.0.1`.
- `sass` from `1.29.0` to `1.32.5`.
- `stylelint` from `13.8.0` to `13.9.0`
There are no changes after running `build`.
See #51801.
Built from https://develop.svn.wordpress.org/trunk@50073
git-svn-id: http://core.svn.wordpress.org/trunk@49774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50072
git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `defaultEditorStyles` setting was missing from the default block
editor settings. This causes the "Use theme styles" setting which was
added in WordPress 5.6 to not function properly.
Also, the RTL version of editor styles were not being loaded. This
change has not yet been ported over from Gutenberg.
Fixes#52394.
Built from https://develop.svn.wordpress.org/trunk@50069
git-svn-id: http://core.svn.wordpress.org/trunk@49770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, newly uploaded media attachments were missing when filtering media items by date due to lack of cache invalidation.
Props adamsilverstein, teamdnk, afercia, Mista-Flo, joedolson, youknowriad, talldanwp.
Fixes#50025.
Built from https://develop.svn.wordpress.org/trunk@50067
git-svn-id: http://core.svn.wordpress.org/trunk@49768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.
Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes#52275.
Built from https://develop.svn.wordpress.org/trunk@50065
git-svn-id: http://core.svn.wordpress.org/trunk@49766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49084] (for #50679), wp_get_attachment_metadata() was changed to improve performance, but it had the side effect of eliminating the ability to call it with no arguments and have it default to using the global $post.
This change restores that ability, while keeping the performance improvements from the original change.
Fixes#52196.
Props cfinke, hellofromTonya, mukesh27, dilipbheda, Mista-Flo, audrasjb, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@50039
git-svn-id: http://core.svn.wordpress.org/trunk@49740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function `wp_text_diff` generated an invalid table structure if the $args parameter contained any values. This patch corrects the structure generated by `wp_text_diff` and related usages so that the column count matches the data generated. Additionally, this patch passes arguments to the Revisions screen so that the screen has column headings that reflect the content in each column. Improves the accessibility and usability of the Revisions table.
Props joedolson, mehulkaklotar, afercia, adamsilverstein, zodiac1978, jeremyfelt
Fixes#25473
Built from https://develop.svn.wordpress.org/trunk@50034
git-svn-id: http://core.svn.wordpress.org/trunk@49735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Twenty Twenty search modal uses aria-expanded correctly on the Search button, but toggles the aria-expanded value on the 'close' button. The close button is a different control, however, so the attribute value toggling is uneven. The close button does not toggle any behavior; it only closes a control that has already been opened.
Props alexstine, audrasjb
Fixes#52355
Built from https://develop.svn.wordpress.org/trunk@50033
git-svn-id: http://core.svn.wordpress.org/trunk@49734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.
Props afercia, xkon, audrasjb
Fixes#47327
Built from https://develop.svn.wordpress.org/trunk@50032
git-svn-id: http://core.svn.wordpress.org/trunk@49733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.
Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes#51941.
Built from https://develop.svn.wordpress.org/trunk@50030
git-svn-id: http://core.svn.wordpress.org/trunk@49731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The update icon rotation should not occur when the user has opted to reduce motion, for example by selecting the "Reduce motion" option in macOS' preferences or unselecting "Show animations in Windows" in Windows' preferences.
Follow-up to [47813], [50027].
Props xkon, audrasjb, johnbillion.
Fixes#52263. See #51476.
Built from https://develop.svn.wordpress.org/trunk@50028
git-svn-id: http://core.svn.wordpress.org/trunk@49729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides better indication within the viewport about ongoing processes on the page when updating several plugins at the same time, but without using the bulk updater.
Props ravipatel, audrasjb, johnjamesjacoby, paaljoachim, hellofromTonya, sabernhardt, mdwolinski, karmatosed, SergeyBiryukov.
Fixes#51476.
Built from https://develop.svn.wordpress.org/trunk@50027
git-svn-id: http://core.svn.wordpress.org/trunk@49728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is part of a larger project in cleaning up core's admin CSS. This collapses all colors used in the CSS to one of 12 blues, greens, reds, and yellows, 13 grays, pure black, and pure white. The colors are perceptually uniform from light to dark, half of each range has a 4.5 or higher contrast against white, the other half has a 4.5 or higher contrast against black.
Standardizing on this set of colors will help contributors make consistent, accessible design decisions. The full color palette can be seen here: https://codepen.io/ryelle/full/WNGVEjw
Props notlaura, danfarrow, kburgoine, drw158, audrasjb, Joen, hedgefield, ibdz, melchoyce.
See #49999.
Built from https://develop.svn.wordpress.org/trunk@50025
git-svn-id: http://core.svn.wordpress.org/trunk@49726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows a menu item `post_date` to be set to particular value, rather than only allowing it to be set to "now". In particular, the WordPress Importer can use this to perform faster, more accurate duplicate checks.
Props jmdodd.
Fixes#52189.
Built from https://develop.svn.wordpress.org/trunk@50013
git-svn-id: http://core.svn.wordpress.org/trunk@49714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_insert_post()` has a few checks using `post_date` and `post_date_gmt`, to determine the correct post date. This functionality is now extracted out into a new `wp_resolve_post_date()` function, allowing the checks to be reused elsewhere.
Props jmdodd.
Fixes#52187.
Built from https://develop.svn.wordpress.org/trunk@50012
git-svn-id: http://core.svn.wordpress.org/trunk@49713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since WordPress 2.5 and 2.6, `post_content` and `post_excerpt` have both had export-specific filters: `the_content_export`, and `the_excerpt_export`, respectively. `post_title`, however, has used `the_title_rss`, which behaves differently in two important ways:
- It strips HTML tags from the string.
- It HTML-encodes the title string.
These behaviours are not ideal for exports, since it changes the post title, resulting in data loss in export files, and incorrect post duplicate matching on import. This changes replaces the usage of `the_title_rss` with a new filter, `the_title_export`. The new filter is intended to be used in the same as `the_content_export` and `the_excerpt_export`.
Props jmdodd, audrasjb.
Fixes#52250.
Built from https://develop.svn.wordpress.org/trunk@50011
git-svn-id: http://core.svn.wordpress.org/trunk@49712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `enum` keyword was validated by perform a strict equality check. For `string` types this is generally ok, but it prevented using alternative types like `number` when rich type support isn't available.
Now the same level of type coercion/sanitization is applied when validating `enum` as all other validation checks. This means that a value of `"1"` will be accepted for an `enum` of `[ 0, 1 ]`. Additionally, `object` types now properly ignore key order when checking for equality.
Props yakimun.
Fixes#51911.
Built from https://develop.svn.wordpress.org/trunk@50010
git-svn-id: http://core.svn.wordpress.org/trunk@49711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the majority of JSON Schema validation errors returned a generic `rest_invalid_param` error code. In preparation for #46191, where the underlying validation error code will be exposed, this commit adds specific error codes for each failure scenario.
Fixes#52317.
Built from https://develop.svn.wordpress.org/trunk@50007
git-svn-id: http://core.svn.wordpress.org/trunk@49708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/trunk@50006
git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To be able to disable jQuery Migrate as step 3 of updating the jQuery version shipped with WordPress, all `JQMIGRATE` warnings in the browser console will have to be addressed.
This includes many minor adjustments to a wide array of core files.
Follow-up to:
* Step 1: Disabling jQuery Migrate 1.4.1 in WordPress 5.5: [48323], [48324]
* Step 2: Updating jQuery to 3.5.1 and adding jQuery Migrate 3.3.x in WordPress 5.6: [49101], [49338], [49615], [49649]
Props Clorith, azaozz.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50001
git-svn-id: http://core.svn.wordpress.org/trunk@49702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change restructures the Button element styles for better a11y and expected color behaviors. Here what has changed:
- The `button-style()` mixin is now the ''single source or truth'' for how Button should look site-wide.
- Button Block, File Block, and Search form Blocks all rely on this one mixin.
- The same styles is also applied to the `<button>` element which appears in widgets, the 404 search form and comments form.
- Improves expected button styles for various conditions and contexts as follows:
- User color palette selections for Buttons are retained regardless of a parent block’s color settings or dark-mode.
- Supports both Default/Filled styles and Outline styles.
- More consistent `:hover` and `:active` styles.
- `:focus` styles are now always visible and legible.
- Adds a `--local-color` color variable to scope color relationships to nested blocks.
- Reduces selectors in `style.css` output.
- 1:1 experience between editor and front end button styles.
- Properly supports Dark-mode.
Props allancole, poena, scruffian, megphillips91.
Fixes#51927.
Built from https://develop.svn.wordpress.org/trunk@49987
git-svn-id: http://core.svn.wordpress.org/trunk@49688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `get_post_status()` returning `false` for attachments if the parent post has been deleted. The returned attachment post status is now passed through the `get_post_status` filter.
Add tests for `get_post_status()`.
Props peterwilsoncc, timothyblynjacobs for review.
Fixes#52326.
Built from https://develop.svn.wordpress.org/trunk@49985
git-svn-id: http://core.svn.wordpress.org/trunk@49686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new PostCSS plugin, `postcss-discard-duplicates`, which will automatically remove any duplicate CSS rules. All the CSS that is removed shows up again later in the file. This also fixes a bug from `postcss-css-variables`, where media queries are duplicated.
Fixes#52158.
Props poena.
Built from https://develop.svn.wordpress.org/trunk@49980
git-svn-id: http://core.svn.wordpress.org/trunk@49681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TinyMCE was not implemented on the accessibility mode for widgets, disabling text editing fields. Change ensures that TinyMCE is initialized when accessibility mode is set up. Prior implementation hid the text widget fields if they were empty, which they always were for new widgets.
Props MadtownLems, alexstine, hareesh-pillai, dariak
Built from https://develop.svn.wordpress.org/trunk@49973
git-svn-id: http://core.svn.wordpress.org/trunk@49674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows for the string to be distinguished from a post status of the same name, which is useful for better translations in languages were "public" can be masculine or feminine depending on context.
Props audrasjb.
Fixes#52309.
Built from https://develop.svn.wordpress.org/trunk@49962
git-svn-id: http://core.svn.wordpress.org/trunk@49663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a border along the side of admin menu links when hovering or focusing on them, as color should not be the only indicator of link state.
Props accessiblejoe florianziegler afercia rianrietveld michael-arestad ryan hedgefield audrasjb ibdz.
Fixes#28599.
Built from https://develop.svn.wordpress.org/trunk@49961
git-svn-id: http://core.svn.wordpress.org/trunk@49660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If every single label is emphasized with a `<strong>` tag, none of them is really emphasized anymore.
This removes the tags in favor of CSS styling, for consistency with the other labels on the screen.
Props chemiker, audrasjb, mukesh27, paaljoachim, estelaris, ibdz, SergeyBiryukov.
Fixes#52232.
Built from https://develop.svn.wordpress.org/trunk@49958
git-svn-id: http://core.svn.wordpress.org/trunk@49657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings consistency between single site and multisite in REST API plugin installation tests.
Previously, multisite tests were unnecessarily downloading the plugin from WordPress.org on each test run, causing external HTTP requests and leading to failures in case of a timeout.
Follow-up to [48242], [49491], [49913].
See #51669.
Built from https://develop.svn.wordpress.org/trunk@49951
git-svn-id: http://core.svn.wordpress.org/trunk@49650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per accessibility best practices, it is recommended that all HTML `<img>` elements have an `alt` attribute. Any decorative images should have an empty `alt` attribute (`alt=""`).
Props laxman-prajapati, sabernhardt, audrasjb.
Fixes#51846.
Built from https://develop.svn.wordpress.org/trunk@49949
git-svn-id: http://core.svn.wordpress.org/trunk@49648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds 2 new hooks in `register_block_type_from_metadata`:
- Named `block_type_metadata` to filter the content of metadata read from `block.json`
- Named `block_type_metadata_settings` to filter the settings object determined from the metadata that is passed to `register_block_type` call
Props swissspidy.
Fixes#52138.
Built from https://develop.svn.wordpress.org/trunk@49948
git-svn-id: http://core.svn.wordpress.org/trunk@49647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This joyous marriage means that users will no longer find a selected top bulk action on a list table unexpectedly being applied instead of their selected bottom bulk action. The top and bottom controls for changing user roles are equally wedded forever too.
Props clayray, subrataemfluence, garrett-eclipse, pbiron, hareesh-pillai
Fixes#46872
Built from https://develop.svn.wordpress.org/trunk@49944
git-svn-id: http://core.svn.wordpress.org/trunk@49643 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following packages to the latest versions.
Updated packages:
- `copy-webpack-plugin` from `5.1.1` to `5.1.2`.
- `grunt` from `1.1.0` to `1.3.0`.
- `grunt-contrib-jshint` from `2.1.0` to `3.0.0`.
- `grunt-contrib-qunit` from `3.1.0` to `4.0.0`.
- `grunt-rtlcss` from `2.0.1` to `2.0.2`.
- `qunit` from `2.9.0` to `2.13.0`.
- `sinon` from `9.0.0` to `9.2.2`.
- `source-map-loader` from `0.2.4` to `1.1.3`.
- `uuid` from `8.2.0` to `8.3.2`.
- `webpack-dev-server` from `3.11.0` to `3.11.1`.
See #51801.
Built from https://develop.svn.wordpress.org/trunk@49939
git-svn-id: http://core.svn.wordpress.org/trunk@49638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This simplifies the caching of Composer dependencies in the coding standards and PHP compatibility workflows by using a published action. This combines 3 steps into 1 within these workflows.
Because the Composer implementation within the PHPUnit test workflow is a bit specialized (`composer install` is run within the Docker container), caching has been left as is in that workflow. However, the cache key has been changed to include the version of PHP being tested. This will prevent incorrect versions of dependencies being present when they are required on jobs other than PHP 8.
Props jrf.
See #50401.
Built from https://develop.svn.wordpress.org/trunk@49938
git-svn-id: http://core.svn.wordpress.org/trunk@49637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following packages to the latest versions.
Updated packages:
- `grunt-contrib-uglify` from `4.0.1` to `5.0.0`.
- `grunt-jsdoc` from `2.4.0` to `2.4.1`.
- `grunt-legacy-util` from `1.1.1` to `2.0.0`.
- `grunt-webpack` from `3.1.3` to `4.0.2`.
See #51801.
Built from https://develop.svn.wordpress.org/trunk@49933
git-svn-id: http://core.svn.wordpress.org/trunk@49632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before the coverage reports were submitted to Codecov.io, HTML coverage reports were compressed into ZIP files and uploaded to the workflow run as an artifact. A weekly schedule was chosen to run this workflow because generating a coverage report is more time consuming, and the resulting reports are quite large (~150-200MB each).
This changes the schedule for the code coverage workflow from weekly to daily and eliminates the ZIP artifacts that were previously generated. This will ensure the code coverage data found at https://codecov.io/gh/WordPress/wordpress-develop is relatively accurate on any given day of the week without needlessly consuming artifact storage.
Props jorbin.
See #50401, #52141.
Built from https://develop.svn.wordpress.org/trunk@49931
git-svn-id: http://core.svn.wordpress.org/trunk@49630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.
This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.
Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes#50152.
Built from https://develop.svn.wordpress.org/trunk@49925
git-svn-id: http://core.svn.wordpress.org/trunk@49624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When App Passwords was introduced, the `wp_authorize_application_password_form` and `wp_application_passwords_approve_app_request_success` hook were mistakenly duplicated and incorrectly documented. This commit corrects the hook names and ensures the correct parameters are passed.
Props johnbillion, engahmeds3ed.
Fixes#52013.
Built from https://develop.svn.wordpress.org/trunk@49920
git-svn-id: http://core.svn.wordpress.org/trunk@49619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
Built from https://develop.svn.wordpress.org/trunk@49919
git-svn-id: http://core.svn.wordpress.org/trunk@49618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.
This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.
Props Clorith.
Fixes#52097.
See #48105.
Built from https://develop.svn.wordpress.org/trunk@49917
git-svn-id: http://core.svn.wordpress.org/trunk@49616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows for more flexibility when determining which version of a post is the latest one, and makes it possible to implement import logic involving updating and adding revisions to existing posts or pages.
Props jmdodd.
Fixes#52180.
Built from https://develop.svn.wordpress.org/trunk@49910
git-svn-id: http://core.svn.wordpress.org/trunk@49609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the accessibility improvements previously made for other areas of the admin in WordPress 5.3 to the installation screens too.
Follow-up to [46241-46244], [46247], [46248], [46293], [46425].
Props Maigret, audrasjb.
Fixes#51854.
Built from https://develop.svn.wordpress.org/trunk@49907
git-svn-id: http://core.svn.wordpress.org/trunk@49606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.
* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.
Props Clorith, flixos90, miinasikk, westonruter.
Fixes#47577.
Built from https://develop.svn.wordpress.org/trunk@49904
git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49162], GitHub Action workflow configuration files were introduced to run all of Core’s automated testing with the intent to fully transition after some time was allowed for testing.
After two full months of testing, the time to finish this transition has come.
We thank TravisCI for testing the codebase through nearly 20 major and many more minor releases.
Fixes#52161. See #50401.
Built from https://develop.svn.wordpress.org/trunk@49876
git-svn-id: http://core.svn.wordpress.org/trunk@49595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `twenty-twenty-one-ie11-polyfills` script now has a `null` source, and the new `twenty-twenty-one-ie11-polyfills-asset` (which points to the actual `polyfills.js` source) will be loaded only if IE is detected by through the use of `wp_get_script_polyfill()`.
Because the original script name remains the same, this change is backwards compatible with any code registering `twenty-twenty-one-id11-polyfills` as a script dependency.
Props poena, ismail.elkorchi, peterwilsoncc
Fixes#52098.
Built from https://develop.svn.wordpress.org/trunk@49865
git-svn-id: http://core.svn.wordpress.org/trunk@49584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change improves the display of table blocks with the “Stripes” style selected.
Previously, the text was not visible in striped rows when using Dark Mode.
Props ryelle, poena, melchoyce, celendesign, audrasjb.
Fixes#52129.
Built from https://develop.svn.wordpress.org/trunk@49864
git-svn-id: http://core.svn.wordpress.org/trunk@49583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While `loading=“eager”` is a supported alternative to omitting the attribute entirely, browsers follow the value of this attribute explicitly when specified.
Specifying `eager` would prevent the user from receiving any additional potential benefits implemented at the browser level, such as further mechanisms to automatically decide which elements to lazy-load.
Props flixos90, ryelle, poena.
Fixes#52139.
Built from https://develop.svn.wordpress.org/trunk@49860
git-svn-id: http://core.svn.wordpress.org/trunk@49579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds some JavaScript to detect when an anchor link is clicked within the primary navigation on mobile devices and closes the menu before scrolling to the location on the page.
Props poena, macmanx, t-p.
Fixes#52006.
Built from https://develop.svn.wordpress.org/trunk@49854
git-svn-id: http://core.svn.wordpress.org/trunk@49573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Related Gutenberg PR: https://github.com/WordPress/gutenberg/pull/25220.
It aligns with the latest changes added by aristath to the Gutenberg project. As part of styles splitting for core blocks, there was a special pattern introduced for how style handles are named. Ideally, we would apply it to all blocks but there might be some backward compatibility considerations so I left the handling for non-core blocks unchanged.
Props aristath.
See #50328.
Built from https://develop.svn.wordpress.org/trunk@49850
git-svn-id: http://core.svn.wordpress.org/trunk@49569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In addition to MySQL, WordPress also supports MariaDB for databases. This makes changes to the local Docker environment to allow MariaDB to be used instead, if desired.
The `LOCAL_DB_TYPE` environment variable will now be used to determine which type of database container to use. This will default to `mysql`, but will also accept `mariadb`.
The `LOCAL_MYSQL` environment variable (which previously held the version of MySQL to use) has been replaced with the new, more generic `LOCAL_DB_VERSION` environment variable.
This change will make it possible to perform automated testing on a wider array of supported database types and versions.
Props davidbaumwald.
Fixes#51744. See #30462.
Built from https://develop.svn.wordpress.org/trunk@49836
git-svn-id: http://core.svn.wordpress.org/trunk@49555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This will help catch issues with Ajax related functionality on multisite.
A few tests have also been marked as `skipWithMultisite()` as they require network admin level capabilities when performing the same operations on a multisite install.
Props garrett-eclipse, netweb.
Fixes#46567.
Built from https://develop.svn.wordpress.org/trunk@49835
git-svn-id: http://core.svn.wordpress.org/trunk@49554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a new GitHub Action workflow to generate a code coverage report when running the PHPUnit test suite as both a single and multisite install.
The workflow will run once per week on Sunday at 00:00 UTC.
For now, the reports are not submitted anywhere, but they will be uploaded to the workflow run as ZIP file artifacts where they will persist for 90 days.
Making code coverage reports more readily available will hopefully better highlight areas of Core with poor coverage, and encourage more contributors to help increase test coverage of those areas.
Props ocean90, johnbillion.
Fixes#52034.
Built from https://develop.svn.wordpress.org/trunk@49834
git-svn-id: http://core.svn.wordpress.org/trunk@49553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After this change, the relevant `read_private_posts` capability is checked for
each queried post type. This ensures that private posts appear in search and
archive queries for users who have the ability to view those posts.
Props leogermani.
Fixes#13509, #48968, #48556.
Built from https://develop.svn.wordpress.org/trunk@49830
git-svn-id: http://core.svn.wordpress.org/trunk@49549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `1.0.0` was used for the version. This is inconsistent with the versioning used in the other default themes, which use use X.X and not X.X.X.
This change corrects all `1.0.0` occurrences to `1.0`, and adds the additional context of `Twenty Twenty-One` to avoid confusion with `WordPress 1.0`.
Props SergeyBiryukov, poena.
Fixes#51958.
Built from https://develop.svn.wordpress.org/trunk@49826
git-svn-id: http://core.svn.wordpress.org/trunk@49545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change ensures that the primary text color specific to Dark Mode is used instead of the one specified for normal mode. The latter is not legible in Dark Mode.
Props slaFFik, poena, mukesh27, justinahinon.
Fixes#51985.
Built from https://develop.svn.wordpress.org/trunk@49825
git-svn-id: http://core.svn.wordpress.org/trunk@49544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Expands the capabilities of `wp_filter_content_tags()` to add the attribute to iframe tags if enabled.
* Modifies the default behavior of `wp_lazy_loading_enabled()` so that it returns `true` for `iframe` tags.
* Introduces a `wp_iframe_tag_add_loading_attr()` function.
* Introduces a `wp_iframe_tag_add_loading_attr` filter.
Like for images, the attribute is only added to iframes which have both `width` and `height` specified (see related #50367).
Props azaozz, flixos90, westonruter.
Fixes#50756.
Built from https://develop.svn.wordpress.org/trunk@49808
git-svn-id: http://core.svn.wordpress.org/trunk@49531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When SimplePie parses HTTP headers, it combines multiple values for the same header into a comma-separated string. `WP_SimplePie_File` overrides the parsing, but was leaving them as an array instead.
That lead to a fatal error in PHP 8, because other parts of the codebase ended up passing an array to a function that expected a string.
Props david.binda, litemotiv, inc2734, NicolasKulka, hellofromTonya, mbabker, skithund, SergeyBiryukov, desrosj, timothyblynjacobs.
Fixes#51056. See #51956.
Built from https://develop.svn.wordpress.org/trunk@49803
git-svn-id: http://core.svn.wordpress.org/trunk@49526 1a063a9b-81f0-0310-95a4-ce76da25c4cd