The NPM test GitHub Actions workflow is currently used to verify that `npm install` and `npm run build` will complete successfully on Windows.
This generalizes the workflow and adds testing for Linux and MacOS to confirm that the scripts used to build WordPress also complete successfully in those environments.
Because MacOS workflow runs consume GHA minutes at a 10x rate, it’s added in a separate job in order to perform a more strict check.
This also adds steps to verify that using `npm run build:dev` and `npm run grunt clean`/`npm run grunt clean —dev` run successfully
Props johnbillion.
Fixes#52658.
Built from https://develop.svn.wordpress.org/trunk@50485
git-svn-id: http://core.svn.wordpress.org/trunk@50098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a list of paths to check when determining which workflows to run on `pull_request`. This will prevent certain workflows from running unnecessarily when the files updated are not related to the tests and checks being performed.
Props peterwilsoncc, johnbillion.
Fixes#52667.
Built from https://develop.svn.wordpress.org/trunk@50479
git-svn-id: http://core.svn.wordpress.org/trunk@50090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a more obviously interactive comparison for viewing the color scheme differences. Improvements on RTL and IE11. Update strings to be more clear and consistent. Switch to the CDN for loading images.
Props sarahricker, desrosj, melchoyce, SergeyBiryukov, tikifez, clorith, marybaum, audrasjb, francina, hellofromTonya.
Fixes#52693. See #52347.
Built from https://develop.svn.wordpress.org/trunk@50478
git-svn-id: http://core.svn.wordpress.org/trunk@50089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input.
Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version.
Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur.
Props johnbillion.
See #52625.
Built from https://develop.svn.wordpress.org/trunk@50474
git-svn-id: http://core.svn.wordpress.org/trunk@50085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the logic in `update_https_detection_errors()` to never store error messages from the actual request since they could use a different encoding, which would make storing them in an option potentially fail, leading WordPress to then falsely assume that HTTPS is supported.
While this doesn't actually fix the encoding issue, it is not crucial to do so anyway, since these messages are not used anywhere. A simple differentiation between whether the overall HTTPS request or only the SSL verification failed should be sufficient for the purpose of this function.
Props flixos90, tmatsuur, lukecarbis.
Fixes#52484.
Built from https://develop.svn.wordpress.org/trunk@50471
git-svn-id: http://core.svn.wordpress.org/trunk@50082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjust the background color palette rules so they don't show up on inner containers when they're not supposed to:
- When an inner container block is present, it only applies them to direct children of the block with the background color assigned.
- Since the background color should only be applied to the Cover block's overlay, not to the inner container, it opts that specific block out of this rule.
Props dianeco, kjellr, paaljoachim.
Fixes#52676.
Built from https://develop.svn.wordpress.org/trunk@50466
git-svn-id: http://core.svn.wordpress.org/trunk@50077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The editor uses the full height of its container, so the added margins cause the visual editor to break out of the container. This removes the top & bottom margins, and makes the left & right margins consistent with the meta box area.
Props antonlukin, paaljoachim, felipeelia.
Fixes#52646.
Built from https://develop.svn.wordpress.org/trunk@50465
git-svn-id: http://core.svn.wordpress.org/trunk@50076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 if `error_reporting()` is disabled in `php.ini`.
On systems with this function disabled, it's best to add a dummy function to the `wp-config.php` file, as there are multiple other calls in core or plugins.
However, as this call to the function is run prior to `wp-config.php` loading, it is now wrapped in a `function_exists()` check.
Props peterwilsoncc, fijisunshine, ayeshrajans.
Fixes#52226.
Built from https://develop.svn.wordpress.org/trunk@50447
git-svn-id: http://core.svn.wordpress.org/trunk@50058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, jQuery 1.12.4 was added to the WordPress SVN repo in order to backport an upstream security patch from jQuery 3.4.0.
Now that WordPress includes an unmodified version of jQuery 3.5.1 and no longer needs to maintain a fork, it can be removed from the SVN repo and installed via NPM again as part of the build.
Follow-up to [45342], [49101].
Props peterwilsoncc, SergeyBiryukov.
Fixes#52647.
Built from https://develop.svn.wordpress.org/trunk@50445
git-svn-id: http://core.svn.wordpress.org/trunk@50056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `external-http`, `media`, and `restapi` groups combined take roughly the same time as all the other tests combined. Splitting the test run in two speeds up the PHP 5.6 test runs which are the slowest by quite a margin. The net reduction in duration is only seen on PHP versions older than 7.0 where the reduction is greater than the time taken for the job to be set up.
Props peterwilsoncc, desrosj, johnbillion
Special shout out to manzoorwanijk whose article about running steps in parallel started me down this path.
Fixes#52645
Built from https://develop.svn.wordpress.org/trunk@50444
git-svn-id: http://core.svn.wordpress.org/trunk@50055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some PHPUnit tests were concerned with the state of files in the `build` directory. In order to allow the tests to run without requiring a build to be run first, these have been moved into assertions that run after the build step (and therefore cause it to fail if they do not pass), or into QUnit tests as necessary.
Various other PHPUnit tests implictly depend on built JavaScript files being present. These files are now touched during the test setup to avoid PHP warnings if the `build` files are not present.
The `wp-tests-config-sample.php` file and the GitHub Actions configuration have also been changed so `ABSPATH` uses `src` instead of `build`, therefore allowing the PHPUnit tests to be run without a build having to be run first. This means all new local installations of WordPress will use `src` for PHPUnit testing. If you would like to switch your existing installation over then change the location of `ABSPATH` in `wp-tests-config.php` to point to `src` instead of `build`.
Props peterwilsoncc, iandunn, gziolo, desroj, johnbillion
Fixes#51734
See #45863
Built from https://develop.svn.wordpress.org/trunk@50441
git-svn-id: http://core.svn.wordpress.org/trunk@50052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `actions/cache` GitHub action uses a `key` input to find the desired cache in storage. Currently, this is defined as a combination of the operating system being used, the software being cached (NPM or Composer), PHP version (Composer only), and a hash of the relevant lock file.
The `cache` action also supports a `restore-keys` input, which is an ordered list of keys to use for restoring a cache if no cache hit occurred for the specified key.
However, this means that every time a lock file is updated, the cache is being recreated by first restoring a previous one (when available), and then installing new versions of dependencies on top of that. This results in old, unused versions of dependencies never being removed from the cache.
In this change, the `restore-keys` are removed. This will force a new, fresh cache to be generated when the desired `key` is not matched. In testing, this results in a ~40% reduction in cache size when compared to the latest successful workflow runs. Since there is no way to manually flush the cache in GHA, the benefits of this change will not be seen until the `package-lock.json` and `composer.lock` files are updated, or the cache at the desired key is evicted.
Props johbillion.
See #52660.
Built from https://develop.svn.wordpress.org/trunk@50436
git-svn-id: http://core.svn.wordpress.org/trunk@50047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In GitHub Actions, there is a `fail-fast` option that will cancel all incomplete jobs within a workflow as soon as one failure is encountered. This defaults to `true`.
This is great for alerting you of a failure faster, but does not give you the full picture of what is failing. For example, it’s possible that there is a failing test on 2 versions of PHP, but not others. If `fail-fast` is enabled, it’s impossible to know this.
Even with `fail-fast` disabled, the workflow will still report a failure if one or more jobs produce a failing result.
Props johbillion, jorbin.
Fixes#52612.
Built from https://develop.svn.wordpress.org/trunk@50435
git-svn-id: http://core.svn.wordpress.org/trunk@50046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Different branches have support for different types of testing based on the tooling that was in place at the time each version was branched. The workflows currently in place have patterns configured to match the relevant `branches` and `tags` for each workflow, but only for `push` events.
This copies the patterns for matching supported `branches` over to the `pull_request` event to prevent workflows from running for a pull request to a branch that does not support that workflow.
Fixes#52643.
Built from https://develop.svn.wordpress.org/trunk@50432
git-svn-id: http://core.svn.wordpress.org/trunk@50043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures a transparent logo remains visible while focused. Also cleans up dark mode CSS, consolidating styles and removing overrides that are no longer needed.
Follow up to [50154].
Props poena, sabernhardt, ryelle.
Fixes#52257.
Built from https://develop.svn.wordpress.org/trunk@50423
git-svn-id: http://core.svn.wordpress.org/trunk@50034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This includes many minor adjustments to a wide array of core files to replace shorthands with full declarations.
Follow-up to [50001], [50270], [50367].
Props Clorith, hellofromTonya, peterwilsoncc, adamsilverstein, aristath.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50420
git-svn-id: http://core.svn.wordpress.org/trunk@50031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a reference to `WP_Block_Type::__construct()` for information on accepted arguments in `register_block_type()`.
Synchronize the documentation between several places, use `WP_Block_Type::__construct()` as the canonical source.
Props ediamin, audrasjb, peterwilsoncc.
Fixes#48640.
Built from https://develop.svn.wordpress.org/trunk@50419
git-svn-id: http://core.svn.wordpress.org/trunk@50030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move `wp_get_script_tag()`, `wp_print_script_tag()`, `wp_print_inline_script_tag()` and `wp_get_inline_script_tag()` functions from `functions.php` to `script-loader.php`.
Relocate related tests to `dependencies` sub-directory.
Follow up to [50167].
Props adamsilverstein, hellofromTonya, SergeyBiryukov.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50409
git-svn-id: http://core.svn.wordpress.org/trunk@50020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `wp_localize_script()` (via `WP_Scripts::localize()`) throwing warnings in PHP 8 when the translation data is passed as a string. This maintains backward compatibility with earlier versions of PHP.
Introduce a `_doing_it_wrong()` notice to `WP_Scripts::localize()` if the translation data is not passed as an array.
Props jrf, peterwilsoncc, SergeyBiryukov.
Fixes#52534.
Built from https://develop.svn.wordpress.org/trunk@50408
git-svn-id: http://core.svn.wordpress.org/trunk@50019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.
A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.
Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes#52547.
Built from https://develop.svn.wordpress.org/trunk@50399
git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a maintenance release. Changes include:
* Handle early connection errors such as 421 during connection and EHLO states.
* Make the `mail()` and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whatever `From` is set to, only falling back to the `sendmail_from` php.ini setting if `From` is unset. This avoids errors from the `mail()` function if `Sender` is not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number.
* Extend `parseAddresses` to decode encoded names.
Release notes: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.3.0
For a full list of changes in this update, see the PHPMailer GitHub:
https://github.com/PHPMailer/PHPMailer/compare/v6.2.0...v6.3.0
Props ayeshrajans.
Fixes#52577.
Built from https://develop.svn.wordpress.org/trunk@50397
git-svn-id: http://core.svn.wordpress.org/trunk@50008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an "Undefined index" PHP notice in `wp_resource_hints()` tests when running the full test suite.
Remove the unused global from `get_home_url()`.
Follow-up to [25443], [38100], [38174], [50156], [50164].
Props peterwilsoncc.
Fixes#52566.
Built from https://develop.svn.wordpress.org/trunk@50393
git-svn-id: http://core.svn.wordpress.org/trunk@50004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a term, it has to be removed individually from each object it's connected to, which can take some significant time when there are a lot of objects.
By calling `wp_remove_object_terms()` when no default term is required, we can skip the terms fetch/diff step and significantly speed up the deletion process.
Props dd32.
Fixes#52549.
Built from https://develop.svn.wordpress.org/trunk@50389
git-svn-id: http://core.svn.wordpress.org/trunk@50000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The admin bar height custom property is used in `calc` functions, which require consistent unit use, even when the value is zero. A unitless value returns an invalid value for the "height" property, where this variable is used. This also changes the stylelint rule in the theme to allow zero values with a unit, just in custom properties.
Props nico23.
Fixes#52564.
Built from https://develop.svn.wordpress.org/trunk@50388
git-svn-id: http://core.svn.wordpress.org/trunk@49999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #50547, the admin color schemes were added to the customizer UI, but at some point specificity changed and the colors were overridden by the defaults. This brings the color schemes back into the customizer, using the button color as a highlight, with the link color for text to keep things readable.
Follow up to [48371].
Props audrasjb, peterwilsoncc.
Fixes#52230.
Built from https://develop.svn.wordpress.org/trunk@50386
git-svn-id: http://core.svn.wordpress.org/trunk@49997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `blur()` method there is not the jQuery method, but is an HTML DOM method instead.
This makes the Close button on the "View details" modal on Plugins screen functional again.
Follow-up to [50367].
Props afragen.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50383
git-svn-id: http://core.svn.wordpress.org/trunk@49994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure that subsequent renders of a reusable block will render correctly and that recursively inserting a reusable block into itself does not cause an internal server (500) error.
Props bernhard-reiter, SergeyBiryukov.
Fixes#52364.
Built from https://develop.svn.wordpress.org/trunk@50382
git-svn-id: http://core.svn.wordpress.org/trunk@49993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `unstick_post()` if a post ID is duplicated in the `sticky_posts` option remove all instances.
In both `stick_post()` and `unstick_post()` check for duplicate IDs already stored in the `sticky_post` option and remove them if the option is updated.
Props rahmohn, archon810.
Fixes#52007.
Built from https://develop.svn.wordpress.org/trunk@50380
git-svn-id: http://core.svn.wordpress.org/trunk@49991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates older themes to fix alignment, spacing, and font issues to better match the frontend display. Applies to themes: Twenty Eleven, Twenty Thirteen, Twenty Fourteen, Twenty Sixteen, Twenty Seventeen, and Twenty Twenty.
Props burnuser, talldanwp, cristinasoponar, poena, kjellr
Fixes#52009.
Built from https://develop.svn.wordpress.org/trunk@50358
git-svn-id: http://core.svn.wordpress.org/trunk@49969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an explicit relationship between the upload button and the maximum upload limit, moves focus to the error dismiss button if an error occurs, and adds a call to wp.a11y.speak to report the error after it occurs.
Props afercia, anevins, antpb, adamsilverstein, poena
Fixes#47120
Built from https://develop.svn.wordpress.org/trunk@50352
git-svn-id: http://core.svn.wordpress.org/trunk@49963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress Importer plugin is now downloaded to the `tests/phpunit/data/plugins` directory when running `npm run env:install`.
This ensures that the PHPUnit test suite will not fail when the plugin is missing.
This also introduces a new `WP_IMPORTER_REVISION` variable to the `.env` file, to control the SVN revision that is checked out.
Props johnbillion.
Fixes#49720.
Built from https://develop.svn.wordpress.org/trunk@50285
git-svn-id: http://core.svn.wordpress.org/trunk@49930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [49904], [49925], [49992], [50012], [50013], [50065], [50075], [50131], [50150], [50157].
See #38266, #52482.
Built from https://develop.svn.wordpress.org/trunk@50284
git-svn-id: http://core.svn.wordpress.org/trunk@49929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The color palette changes in #49999 introduced some contrast issues on buttons, input elements, and links. This change ensures that all interactive elements have an appropriate contrast ratio.
Follow-up to [50025].
Props audrasjb, joedolson.
Fixes#52402.
Built from https://develop.svn.wordpress.org/trunk@50278
git-svn-id: http://core.svn.wordpress.org/trunk@49923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some files ignored within the `.gitignore` file were not included in the `svn:ignore` property.
This also removed `wp-config.php` and `wp-tests-config.php` from the `svn:ignore` property. It’s already specified in `svn:global-ignores`.
Props johnbillion.
Fixes#49784.
Built from https://develop.svn.wordpress.org/trunk@50277
git-svn-id: http://core.svn.wordpress.org/trunk@49922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the `adjacent_image_link()` function there is a condition that will return a linked image. Previously, the returned image was sent without alt attributes.
Now, `adjacent_image_link()` will include alt attributes of the image's title when an image is returned.
Props joedolson, Mista-Flo, sabernhardt.
Fixes#52387.
Built from https://develop.svn.wordpress.org/trunk@50274
git-svn-id: http://core.svn.wordpress.org/trunk@49919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes#52406
Built from https://develop.svn.wordpress.org/trunk@50271
git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.
In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.
See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.
Props Clorith, pixolin, helen, ratneshk.
Fixes#51466.
Built from https://develop.svn.wordpress.org/trunk@50263
git-svn-id: http://core.svn.wordpress.org/trunk@49908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a bug causing wp.i18n.isRTL() to return false in RTL langauges by manually
loading the translated 'ltr' string for the i18n dependency. This ports over an
identical fix that was made in Gutenberg.
Fixes#52441.
Props @jonsurrell @youknowriad.
Built from https://develop.svn.wordpress.org/trunk@50259
git-svn-id: http://core.svn.wordpress.org/trunk@49904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, date information was unable to be changed when using `media_handle_sideload()`.
Now you can override the date for a media item using `$post_data['post_date']` before using the function.
Props jamesgol, mukesh27, SergeyBiryukov, hellofromTonya, Mista-Flo.
Fixes#50972.
Built from https://develop.svn.wordpress.org/trunk@50258
git-svn-id: http://core.svn.wordpress.org/trunk@49903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add references to `WP_Query` to the documentation of `get_posts()`. As the developer documentation for `WP_Query` includes an expanded explanation a full link to developer.wordpress.org is included rather than a standard `@see`.
Props dam6pl, peterwilsoncc.
See #51852, #51800.
Built from https://develop.svn.wordpress.org/trunk@50257
git-svn-id: http://core.svn.wordpress.org/trunk@49902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, any video or audio playing in the media modal failed to stop playing when the modal was closed. Now we pause the player when the modal is closed.
Props adamsilverstein, hellofromTonya, paaljoachim, Mista-Flo, Clorith, justinahinon, afercia, amolv.
Fixes#48562.
Built from https://develop.svn.wordpress.org/trunk@50256
git-svn-id: http://core.svn.wordpress.org/trunk@49901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the color change was done, the background of plugins with updates had to be manually changed. This section was missed, which caused a visual bug. This fix also removes some redundant CSS for the same element.
Follow-up to [50025].
Props afragen.
Fixes#52452.
Built from https://develop.svn.wordpress.org/trunk@50237
git-svn-id: http://core.svn.wordpress.org/trunk@49898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes improper triggering of the "Are you sure?" prompt when navigating away from the old, "classic" Edit Post screen and there are no changes.
The previous check did not account for Pages or any custom post types that don't have a Title, Content, or Excerpt field.
Follow-up to [50031].
Props hwk-fr, mukesh27, audrasjb, archon810, Clorith, ibiza69, tonysandwich, roger995, bartosz777, viablethought, dbtedg, worldedu, hmabpera, magnuswebdesign.
Fixes#52440.
Built from https://develop.svn.wordpress.org/trunk@50232
git-svn-id: http://core.svn.wordpress.org/trunk@49893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.
We are now using `WP_RUN_CORE_TESTS` instead for consistency.
Props hellofromTonya, SergeyBiryukov.
See #49889.
Built from https://develop.svn.wordpress.org/trunk@50170
git-svn-id: http://core.svn.wordpress.org/trunk@49849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `network_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.
This mirrors the change made earlier for `get_home_url()`.
Follow-up to [12598], [21937], [24844], [50156].
See #52421.
Built from https://develop.svn.wordpress.org/trunk@50168
git-svn-id: http://core.svn.wordpress.org/trunk@49847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.
Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50167
git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed.
Fixes#51660.
Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@50163
git-svn-id: http://core.svn.wordpress.org/trunk@49842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.
Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes#49264.
Built from https://develop.svn.wordpress.org/trunk@50161
git-svn-id: http://core.svn.wordpress.org/trunk@49840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
Built from https://develop.svn.wordpress.org/trunk@50159
git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.
Props jason_the_adams, jnylen0, birgire, dlh.
Fixes#39494.
Built from https://develop.svn.wordpress.org/trunk@50157
git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `get_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.
This addresses the inconsistent behavior of returning different values in the admin and on the frontend.
Follow-up to [12598], [21937], [24844].
Props herregroen, mukesh27.
Fixes#52421.
Built from https://develop.svn.wordpress.org/trunk@50156
git-svn-id: http://core.svn.wordpress.org/trunk@49835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
Built from https://develop.svn.wordpress.org/trunk@50153
git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.
The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.
Props dlh, xkon, TimothyBlynJacobs.
Fixes#46191.
Built from https://develop.svn.wordpress.org/trunk@50150
git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
Built from https://develop.svn.wordpress.org/trunk@50146
git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.
Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes#44354.
Built from https://develop.svn.wordpress.org/trunk@50145
git-svn-id: http://core.svn.wordpress.org/trunk@49824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the functions to return a `WP_Error` object containing more information in case of a problem, instead of just boolean false.
The various `pre_` filters in these functions are also updated so they can return or be passed a `WP_Error` object.
Fixes#49961
Built from https://develop.svn.wordpress.org/trunk@50143
git-svn-id: http://core.svn.wordpress.org/trunk@49822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Runs cron jobs later on sites using alternative cron, ie the `ALTERNATE_WP_CRON` constant is true, to more closely match when standard cron jobs are run. Jobs now run on the `wp_loaded` hook at priority `20`. Prior to this change they would run on the `init` hook. This ensures custom post types and taxonomies are registered prior to the jobs running.
This change also prevents alternative wp-cron from running on archived or suspended multisite blogs as these are shut down prior to the `wp_loaded` hook from running.
Moves the existing functionality of `wp_cron()` in to a new private function `_wp_cron()`.
Props flixos90, jeremyfelt, johnbillion, jrf, kurtpayne, nacin, peterwilsoncc, prettyboymp, r-a-y, ryan, stevenkword, swissspidy.
Fixes#20537, #24160.
Built from https://develop.svn.wordpress.org/trunk@50135
git-svn-id: http://core.svn.wordpress.org/trunk@49814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new filter, `wp_image_src_get_dimensions` to the `wp_image_src_get_dimensions()` function to correct the dimensions returned for a file whenever WordPress isn't able to correctly get the dimensions from attachment metadata.
Fixes#51865.
Built from https://develop.svn.wordpress.org/trunk@50134
git-svn-id: http://core.svn.wordpress.org/trunk@49813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
Built from https://develop.svn.wordpress.org/trunk@50133
git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.
Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.
Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.
Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.
Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes#5272.
Built from https://develop.svn.wordpress.org/trunk@50132
git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `is_post_status_viewable()` as a sibling to `is_post_type_viewable()`. Internal and protected statuses are never considered viewable. For built in posts statuses the `public` attribute is checked, for custom statuses the `publicly_queryable` attribute is checked.
Introduces `is_post_publicly_viewable()` for determining if an individual post can be viewed by logged out users. A post is considered viewable if both `is_post_status_viewable()` and `is_post_type_viewable()` return `true` for the post's attributes.
Additionally modifies `is_post_type_viewable()` to return `false` if an unregistered post type is passed to the function to avoid attempting to access properties on a non-object.
Props peterwilsoncc, SergeyBiryukov, whyisjake, TimothyBlynJacobs.
Fixes#49380.
Built from https://develop.svn.wordpress.org/trunk@50130
git-svn-id: http://core.svn.wordpress.org/trunk@49809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
Built from https://develop.svn.wordpress.org/trunk@50129
git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
Built from https://develop.svn.wordpress.org/trunk@50128
git-svn-id: http://core.svn.wordpress.org/trunk@49807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new endpoints to allow for batch image editing using the REST API.
The new endpoints can take an array of modifiers that will be applied in the order they appear.
Props ajlende, TimothyBlynJacobs, hellofromTonya, Mista-Flo.
Fixes#52192.
Built from https://develop.svn.wordpress.org/trunk@50124
git-svn-id: http://core.svn.wordpress.org/trunk@49803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`render_block_{$this->name}`
This complements the existing `render_block` hook and allows for filtering the content of a specific block without having to use conditionals inside the filter callback.
Props manzoorwani.jk, noisysocks, birgire, johnbillion.
Fixes#46187.
Built from https://develop.svn.wordpress.org/trunk@50123
git-svn-id: http://core.svn.wordpress.org/trunk@49802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
Built from https://develop.svn.wordpress.org/trunk@50121
git-svn-id: http://core.svn.wordpress.org/trunk@49800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make the navigation menu footer sticky so a Save Menu button is always available in the viewport. Improves usability and effectiveness of the interface when in a responsive view.
Props garrett-eclipse, audrasjb, maxpertici, sabernhardt, kburgoine, poena
Fixes#51631
Built from https://develop.svn.wordpress.org/trunk@50115
git-svn-id: http://core.svn.wordpress.org/trunk@49794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.
Props johnbillion, TimothyBlynJacobs.
Fixes#51703.
Built from https://develop.svn.wordpress.org/trunk@50114
git-svn-id: http://core.svn.wordpress.org/trunk@49793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The opt-in form is shown after the comment is submitted and held for moderation.
Sorry this took five years.
Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion
Fixes#33717
Built from https://develop.svn.wordpress.org/trunk@50109
git-svn-id: http://core.svn.wordpress.org/trunk@49788 1a063a9b-81f0-0310-95a4-ce76da25c4cd