Commit Graph

358 Commits

Author SHA1 Message Date
Felix Arntz
c94c954d02 Media: Add lazy-loading support to block-based widgets.
This changeset adds the `wp_filter_content_tags()` function as a filter to `widget_block_content`.

Props spacedmonkey, walbo, daisyo.
Fixes #53463, #53464.

Built from https://develop.svn.wordpress.org/trunk@51207


git-svn-id: http://core.svn.wordpress.org/trunk@50816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-22 21:23:57 +00:00
jorgefilipecosta
ab25191895 Block Editor: Package updates for Beta 3.
The commit updates the WordPress packages for beta 3.

Props nosolosw, noisysocks, youknowriad.
See #53397.
Built from https://develop.svn.wordpress.org/trunk@51199


git-svn-id: http://core.svn.wordpress.org/trunk@50808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-22 10:00:50 +00:00
youknowriad
1516d05128 Block Editor: Package updates for 5.8 beta 1.
This includes the following fixes:


Widgets Editor:
  - Load widgets.php https://github.com/WordPress/gutenberg/pull/32299
 - Fix Legacy Widget Preview https://github.com/WordPress/gutenberg/pull/32300
 - Fix error when saving empty Legacy Widget block https://github.com/WordPress/gutenberg/pull/32359

Widget blocks in the customizer: 
 - Fix deselection blocks when the inspector is open https://github.com/WordPress/gutenberg/pull/32361
 - Display wide widgets as popovers https://github.com/WordPress/gutenberg/pull/31736

Global Styles:
 - Align classNames generation between client and server https://github.com/WordPress/gutenberg/pull/32352
 - Group typography block supports https://github.com/WordPress/gutenberg/pull/32252 https://github.com/WordPress/gutenberg/pull/32444 https://github.com/WordPress/gutenberg/pull/32459
 - Make theme.json syntax errors more visible to the users https://github.com/WordPress/gutenberg/pull/32404


Template Editor:
  - Update the appearance of the template details https://github.com/WordPress/gutenberg/pull/32042
  - Fix layout definition https://github.com/WordPress/gutenberg/pull/32425
  - Fix grouping post content block https://github.com/WordPress/gutenberg/pull/32453

Miscellaneous:
 - Prevent saving when the post is locked https://github.com/WordPress/gutenberg/pull/32341
 - Fix allowed block patterns selector https://github.com/WordPress/gutenberg/pull/32376
 - Fix wrong results in the Post Author picker https://github.com/WordPress/gutenberg/pull/32344
 - Fix notices position in top toolbar mode https://github.com/WordPress/gutenberg/pull/32238
 - Allow non-latin characters in post slugs https://github.com/WordPress/gutenberg/pull/32232
 - Fix Random collapse of the color settings panel https://github.com/WordPress/gutenberg/pull/32388
 - Fix theme logo theme mode not being removed on theme removal https://github.com/WordPress/gutenberg/pull/32370
 - Fix block alignment styles in the editor https://github.com/WordPress/gutenberg/pull/32454
 - Fix some block toolbar overlaps https://github.com/WordPress/gutenberg/pull/32424
 - Fix content loss when switching list types https://github.com/WordPress/gutenberg/pull/32432


Performance:
 - Improve the performance of buttons block https://github.com/WordPress/gutenberg/pull/32356
 - Improve the performance of the container blocks https://github.com/WordPress/gutenberg/pull/32380

Props noisysocks, nosolosw, jorgefilipecosta.
See #52991.

Built from https://develop.svn.wordpress.org/trunk@51089


git-svn-id: http://core.svn.wordpress.org/trunk@50698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-08 08:09:53 +00:00
noisysocks
222541d7c3 REST API: Delete fresh_site option when updating widgets via REST API
Adds new hooks (rest_save_sidebar, rest_delete_widget, rest_after_save_widget)
to the widgets REST API and uses them to delete the fresh_site option when
updating widgets via the REST API. This ensures that starter content isn't
loaded in the Customizer after a user makes changes.

Fixes #53317.
Props kevin940726, garrett-eclipse, andraganescu, hellofromtonya.

Built from https://develop.svn.wordpress.org/trunk@51068


git-svn-id: http://core.svn.wordpress.org/trunk@50677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-04 00:45:56 +00:00
noisysocks
38cea1e659 Widget block: Add widget_block_content filter
Adds a new 'widget_block_content' filter to the widget block and hooks
`run_shortcode`, `autoembed`, `do_blocks`, and `do_shortcode` into it by
default. This is simlar to `widget_text_content.`

Fixes #51566.
Props talldanwp.

Built from https://develop.svn.wordpress.org/trunk@51058


git-svn-id: http://core.svn.wordpress.org/trunk@50667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-02 01:18:57 +00:00
ryelle
56ca42b5d9 Block Editor: Add support for the pattern directory.
Add an endpoint for fetching block patterns from WordPress.org, and load the block patterns from this new API. Remove the block patterns that have already been moved to WordPress.org/patterns.

Props ryelle, iandunn, youknowriad, timothyblynjacobs.
Fixes #53246.


Built from https://develop.svn.wordpress.org/trunk@51021


git-svn-id: http://core.svn.wordpress.org/trunk@50630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-26 01:11:59 +00:00
desrosj
f8947ceb0b Formatting: Introduce the document_title filter.
In `wp_get_document_title(), the returned value is currently passed directly through `wptexturize()`, `convert_chars()`, and `capital_P_dangit()`, and is done so after the `document_title_parts` filter is run.

This makes it impossible to fully control the output of `wp_get_document_title()` and is inconsistent with how other similar text is processed with these functions.

This commit introduces the `document_title` filter, which is run immediately before returning the results of the `wp_get_document_title()` function and moves the three formatting functions mentioned above to the new filter hook. This allows developers to further modify the title after being prepared by WordPress, or to modify the functions hooked to this filter as they wish.

Props dragunoff, jeremyfelt, paaggeli, audrasjb.
Fixes #51643.
Built from https://develop.svn.wordpress.org/trunk@51019


git-svn-id: http://core.svn.wordpress.org/trunk@50628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 23:43:57 +00:00
youknowriad
4ae0e4220f Block Editor: Introduce block templates for classic themes.
With this patch, users will be able to create custom block based templates
and assign them to specific pages/posts.

Themes can also opt-out of this feature

Props bernhard-reiter, carlomanf.
Fixes #53176.

Built from https://develop.svn.wordpress.org/trunk@51003


git-svn-id: http://core.svn.wordpress.org/trunk@50612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 14:20:57 +00:00
jorgefilipecosta
18200cc30c Block Editor: Add Global Styles support using theme.json file.
This is the second piece of landing the theme.json processing in WordPress core. 
It includes the mechanism that outputs the CSS styles of a theme.json file.

Props nosolosw, youknowriad.
See #53175.
Built from https://develop.svn.wordpress.org/trunk@50973


git-svn-id: http://core.svn.wordpress.org/trunk@50582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-24 17:39:57 +00:00
gziolo
8df663cbfa Editor: Enqueue script and style assets only for blocks present on the page
Adds styles for individual core blocks to make it possible to render only styles for those blocks that are rendered on the page (frontend). This is optinal functionality for start that can be controlled with the new `separate_core_block_assets` filter.

In addition to that, styles can be inlined when `path` is passed when registering an individual styles. This functionality can be changed with the new `styles_inline_size_limit` filter. The maximum size of inlined styles in bytes defaults to 20 000.

Props aristath, aduth, westonruter, mcsf.
Fixes #50328, #52620.


Built from https://develop.svn.wordpress.org/trunk@50836


git-svn-id: http://core.svn.wordpress.org/trunk@50445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-11 09:43:08 +00:00
Sergey Biryukov
3697386083 Editor: Consolidate enqueueing block editor assets in wp-includes/default-filters.php.
Follow-up to [44157], [46111], [48537], [50620].

See #52920.
Built from https://develop.svn.wordpress.org/trunk@50629


git-svn-id: http://core.svn.wordpress.org/trunk@50241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-01 11:46:09 +00:00
gziolo
6d42a21103 Editor: Enqueue assets for format library for the block editor
Ensures that `wp-format-library` assets are always loaded for the block editor. Otherwise, they have to be loaded individually for every screen that needs it. It's similar to how `wp-block-directory` assets are handled.

Props ellatrix.
See #52920.


Built from https://develop.svn.wordpress.org/trunk@50620


git-svn-id: http://core.svn.wordpress.org/trunk@50233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-31 05:52:10 +00:00
John Blackbourn
dd53775247 Comments: Revert the introduction of the opt-in comment approval notification feature.
This reverts the following commits: [50113], [50112], [50109].

See #33717

Built from https://develop.svn.wordpress.org/trunk@50375


git-svn-id: http://core.svn.wordpress.org/trunk@49986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-17 13:08:05 +00:00
Sergey Biryukov
a9d04adf20 Robots: Rename wp_embed_no_robots to wp_robots_noindex_embeds().
This brings the naming in line with `wp_robots_noindex_search()`.

Follow-up to [49992], [50370].

See #51511, #52457.
Built from https://develop.svn.wordpress.org/trunk@50371


git-svn-id: http://core.svn.wordpress.org/trunk@49982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-17 10:51:04 +00:00
Peter Wilson
b51a707468 General: Add noindex robots meta tag to search results.
Prevent search engines indexing internal search results to protect against reflected web spam attacks.

Props abagtcs, audrasjb, ayeshrajans, burtrw, johnbillion, jonoaldersonwp, peterwilsoncc, poena, sabernhardt, xkon.
Fixes #52457

Built from https://develop.svn.wordpress.org/trunk@50370


git-svn-id: http://core.svn.wordpress.org/trunk@49981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-16 23:38:06 +00:00
Felix Arntz
dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
John Blackbourn
dad34fe877 Comments: Introduce a method for commenters to opt-in to receiving an email notification when their moderated comment gets approved.
The opt-in form is shown after the comment is submitted and held for moderation.

Sorry this took five years.

Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion

Fixes #33717

Built from https://develop.svn.wordpress.org/trunk@50109


git-svn-id: http://core.svn.wordpress.org/trunk@49788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-31 12:50:01 +00:00
Felix Arntz
8aacac3486 Robots: Add max-image-preview:large directive by default.
This changeset introduces a `wp_robots_max_image_preview_large()` function which is hooked into the `wp_robots` filter to include the `max-image-preview:large` directive for all sites which are configured to be indexed by search engines. The directive allows search engines to display large image previews for the site in search results.

Props adamsilverstein, Clorith, flixos90, helen, joostdevalk, tweetythierry, westonruter.
Fixes #51511.

Built from https://develop.svn.wordpress.org/trunk@50078


git-svn-id: http://core.svn.wordpress.org/trunk@49778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 20:38:03 +00:00
TimothyBlynJacobs
cd6238947e App Passwords: Introduce introspection endpoint.
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.

Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes #52275.

Built from https://develop.svn.wordpress.org/trunk@50065


git-svn-id: http://core.svn.wordpress.org/trunk@49766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 00:07:02 +00:00
Felix Arntz
3716c8c20f Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.

* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
    * `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
    * `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
    * `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.

Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.

Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.

Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.

Built from https://develop.svn.wordpress.org/trunk@49992


git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 01:37:00 +00:00
Felix Arntz
c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00
youknowriad
d6cff7965a Block Editor: Update the WordPress Packages to the latest version.
This includes the packages that match the Gutenberg 9.2 Release.
It is going to be the last block-editor features update for WordPress 5.6.
It also updates the block-supports code base to the latest APIs.

Props isabel_brison, noisysocks, desrosj.
Fixes #51570.

Built from https://develop.svn.wordpress.org/trunk@49226


git-svn-id: http://core.svn.wordpress.org/trunk@48988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 13:36:16 +00:00
Sergey Biryukov
1c1aadbe54 Pings/Trackbacks: Split do_all_pings() into several functions:
* `do_all_pingbacks()`
* `do_all_enclosures()`
* `do_all_trackbacks()`

This allows for the specific removal/replacement of one of more services.

Props dshanske, garrett-eclipse, Mista-Flo, azaozz, hellofromTonya.
Fixes #36576.
Built from https://develop.svn.wordpress.org/trunk@49211


git-svn-id: http://core.svn.wordpress.org/trunk@48973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 21:16:02 +00:00
TimothyBlynJacobs
d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
John Blackbourn
526f0d01d4 Posts, Post Types: Don't output the adjacent posts rel link by default.
This has a considerable performance impact on sites which don't otherwise show previous and next post links, and has no SEO benefit.

Props joostdevalk, swissspidy, johnbillion

Fixes #39111
Built from https://develop.svn.wordpress.org/trunk@48966


git-svn-id: http://core.svn.wordpress.org/trunk@48728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-09 21:34:08 +00:00
desrosj
3dda74c337 Editor: Ensure the required assets for the block directory are enqueued.
This fixes an issue where the block directory appears unstyled due to the stylesheets not being enqueued.

Props ryelle, timothyblynjacobs, earnjam.
Fixes #50661.
Built from https://develop.svn.wordpress.org/trunk@48537


git-svn-id: http://core.svn.wordpress.org/trunk@48299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 15:38:03 +00:00
Sergey Biryukov
3cd9474d68 Block Editor: Move the add_action() call for _register_core_block_patterns_and_categories() above check_theme_switched().
Follow-up to [48492], [48531].

See #50669.
Built from https://develop.svn.wordpress.org/trunk@48533


git-svn-id: http://core.svn.wordpress.org/trunk@48295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 14:37:07 +00:00
Sergey Biryukov
6d207771d3 Block Editor: Move the add_action() call for _register_core_block_patterns_and_categories() to wp-includes/default-filters.php.
Follow-up to [48492].

Props desrosj.
Fixes #50669.
Built from https://develop.svn.wordpress.org/trunk@48531


git-svn-id: http://core.svn.wordpress.org/trunk@48293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 13:15:05 +00:00
Andrew Ozz
86317e3e85 Media: Show an error message when a .heic file is uploaded that this type of files cannot be displayed in a web browser and suggesting to convert to JPEG. The message is shown by using filters, plugins that want to handle uploading of .heic files can remove it.
Props mattheweppelsheimer, mikeschroder, jeffr0, andraganescu, desrosj, azaozz.
Fixes #42775.
Built from https://develop.svn.wordpress.org/trunk@48288


git-svn-id: http://core.svn.wordpress.org/trunk@48057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-03 23:15:03 +00:00
Sergey Biryukov
5aa7f46a4f Docs: Improve DocBlocks in wp-includes/theme.php per the documentation standards.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48189


git-svn-id: http://core.svn.wordpress.org/trunk@47958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-27 12:02:03 +00:00
TimothyBlynJacobs
9dc7058be9 Themes: Introduce register_theme_feature API.
Currently themes can declare support for a given feature by using add_theme_support(). This commit adds a register_theme_feature() API that allows plugins and WordPress Core to declare a list of available features that themes can support.

The REST API uses this to expose a theme's supported features if the feature has been registered with "show_in_rest" set to true.

Props kadamwhite, spacedmonkey, williampatton, desrosj, TimothyBlynJacobs.
Fixes #49406.

Built from https://develop.svn.wordpress.org/trunk@48171


git-svn-id: http://core.svn.wordpress.org/trunk@47940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-25 22:13:10 +00:00
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Pascal Birchler
609dd1d14f Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

Built from https://develop.svn.wordpress.org/trunk@48072


git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 15:24:07 +00:00
whyisjake
2ae3b3b801 Embeds: Ensure that the title attribute is set correctly on embeds.
Props xknown.

Built from https://develop.svn.wordpress.org/trunk@47947


git-svn-id: http://core.svn.wordpress.org/trunk@47719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 17:20:10 +00:00
Sergey Biryukov
61a2f62ffd Comments: Use comment instead of an empty string for the comment_type DB field value in comments table.
This is the first step to bring support for custom comment types into WordPress.

Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.

Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes #49236.
Built from https://develop.svn.wordpress.org/trunk@47597


git-svn-id: http://core.svn.wordpress.org/trunk@47372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-17 19:35:06 +00:00
Andrew Ozz
0e38f8ed26 Media: Enable lazy-loading of images by automatically adding the new loading="lazy" attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.

Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.

Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554


git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 00:55:07 +00:00
Sergey Biryukov
dacd7a55ea Toolbar: Move the logic for rendering the admin bar on wp_footer to wp_admin_bar_render().
Clarify in the function documentation that it is now called on `wp_body_open` action first, with `wp_footer` as a fallback.

Follow-up to [47221].

Fixes #47053.
Built from https://develop.svn.wordpress.org/trunk@47455


git-svn-id: http://core.svn.wordpress.org/trunk@47242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-14 16:01:08 +00:00
joedolson
1dbe25bc0a Toolbar: Load toolbar in wp_body_open when available.
For accessibility, the visual appearance and source order should match. Moving the toolbar to load in the new hook `wp_body_open` (5.2) fixes a long-standing source order problem.

Props jankimoradiya, afercia, SergeyBiryukov, audrasjb, ocean90, xkon, dinhtungdu.
Fixes #47053.

Built from https://develop.svn.wordpress.org/trunk@47221


git-svn-id: http://core.svn.wordpress.org/trunk@47021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 18:26:08 +00:00
Sergey Biryukov
001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov
d858656023 Bootstrap/Load: Make handling the /favicon.ico requests more flexible.
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.

While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.

This changeset implements the following logic (only applied if WordPress is installed in the root directory):

* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.

Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.

New functions and hooks:

* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.

Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes #47398.
Built from https://develop.svn.wordpress.org/trunk@47018


git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-28 21:20:04 +00:00
whyisjake
317465e2fe Prevent stored XSS in the block editor.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras, 

Built from https://develop.svn.wordpress.org/trunk@46896


git-svn-id: http://core.svn.wordpress.org/trunk@46696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:02:03 +00:00
Sergey Biryukov
bcd399918f Coding Standards: Correct the number of accepted arguments in add_action() calls in wp-includes/default-filters.php for functions that don't accept any arguments.
Props itowhid06, johnbillion, jrf.
Fixes #48123.
Built from https://develop.svn.wordpress.org/trunk@46432


git-svn-id: http://core.svn.wordpress.org/trunk@46230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-08 03:20:02 +00:00
Sergey Biryukov
2afdc64723 Comments: Add rel="nofollow ugc" attribute to links in comments.
UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46349


git-svn-id: http://core.svn.wordpress.org/trunk@46148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-30 01:30:58 +00:00
jorgefilipecosta
b7fbf7d373 Block Editor: Backport block styles server functions from block editor.
This commit backports the block styles functionality added to the block editor in https://github.com/WordPress/gutenberg/pull/16356.

Props: youknowriad, aduth, swissspidy.
Fixes #48039.
Built from https://develop.svn.wordpress.org/trunk@46111


git-svn-id: http://core.svn.wordpress.org/trunk@45923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 18:21:54 +00:00
Andrew Ozz
3b976836a8 Media: Add two new intermediate image sizes, 1536px and 2048px. They are meant to enhance the way WordPress displays images on the front-end on larger, high-density devices. They make it possible to generate more suitable srcset and sizes attributes, and not use the original, often non-optimized image.
Also change the default `max_srcset_image_width` value to match the new max size.

Props pierlo, azaozz.
See #43524.
Built from https://develop.svn.wordpress.org/trunk@46066


git-svn-id: http://core.svn.wordpress.org/trunk@45878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-05 22:27:58 +00:00
Sergey Biryukov
12aa694ee5 Date/Time: Introduce wp_date() to retrieve the date in localized format.
Convert `date_i18n()` into a wrapper for `wp_date()`.

`wp_date()` is intended as a replacement for `date_i18n()` without legacy quirks in it. It accepts a true Unix timestamp (not summed with timezone offset) and an arbitrary timezone.

Props Rarst, mboynes, MikeHansenMe, rmccue, nacin.
Fixes #28636.
Built from https://develop.svn.wordpress.org/trunk@45901


git-svn-id: http://core.svn.wordpress.org/trunk@45712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-28 00:52:56 +00:00
Peter Wilson
a5e57d7245 Site health: Introduce view_site_health_checks capability.
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.

The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.

The capability is granted on the `user_has_cap` filter.

Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Fixes #46957.


Built from https://develop.svn.wordpress.org/trunk@45507


git-svn-id: http://core.svn.wordpress.org/trunk@45318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 07:42:52 +00:00
Felix Arntz
3a77265148 Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44973


git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 21:53:51 +00:00
Andrea Fercia
b2ae00cd21 Accessibility: Ensure embed iframes have a title attribute.
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).

- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe

Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes #40245.

Built from https://develop.svn.wordpress.org/trunk@44942


git-svn-id: http://core.svn.wordpress.org/trunk@44773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 17:22:51 +00:00
Boone Gorges
05fa2363ab Posts: Avoid the use of globals in get_the_content() and related functions.
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.

The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.

Props spacedmonkey, kraftbj, Shital Patel.
Fixes #42814.
Built from https://develop.svn.wordpress.org/trunk@44941


git-svn-id: http://core.svn.wordpress.org/trunk@44772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 15:49:49 +00:00