In [58470] a change was made to normalize the filename in validate_file, however this leads to instances where the list of files that are allowed aren't normalized such as in the theme editor. By normalizing the array, the comparison is apples to apples.
Reviewed by hellofromTonya.
Merges 58570 to the 6.5 branch.
Fixes#61488.
Props jorbin, hellofromtonya, swissspidy, misulicus, script2see, Presskopp, audrasjb, peterwilsoncc, siliconforks, littler.chicken, paulkevan,
Built from https://develop.svn.wordpress.org/branches/6.5@58808
git-svn-id: http://core.svn.wordpress.org/branches/6.5@58204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Editor: Fix Path Traversal issue on Windows in Template-Part Block.
- Editor: Sanitize Template Part HTML tag on save.
- HTML API: Run URL attributes through `esc_url()`.
Merges [58470], [58471], [58472] and [58473] to the 6.5 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.
Built from https://develop.svn.wordpress.org/branches/6.5@58474
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Stores the font file sub-directory in the `wp_font_face` post meta. Similar to attachments, only the portion of the path relative to the base directory is stored.
This ensures the files can be deleted alongside their post on sites using a plugin to store font files in sub-directories. Previously running such a plugin would result in the files remaining on the file system post delete.
Reviewed by hellofromTonya.
Merges [58353] to the 6.5 branch.
Props costdev, grantmkin, peterwilsoncc.
Fixes#61297.
Built from https://develop.svn.wordpress.org/branches/6.5@58448
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[57545] introduced `wp_get_plugin_action_button()`. This function is documented to return a `string`. However, if the user does not have the appropriate capabilities, it returned `void`, which is unexpected.
Resolves the issue by moving the `return $button` to the bottom of the function to ensure it always returns a `string` type. On success, the button's HTML string is returned; else, an empty string is returned.
Unit tests are included.
Follow-up to [57545].
Reviewed by jorbin.
Merges [58396] to the 6.5 branch.
Props costdev, rajinsharwar, hellofromTonya.
Fixes#61400.
Built from https://develop.svn.wordpress.org/branches/6.5@58445
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes an unassigned `sprintf` that was accidentally included as part of [57545] in the `wp_get_plugin_action_button()`. A copy/paste whoopsie.
The actual used code is assigned a wee bit lower in the function within the install case.
Follow-up to [57545].
Reviewed by jorbin.
Merges [58402] to the 6.5 branch.
Props hellofromTonya, costdev, rajinsharwar.
Fixes#61420.
Built from https://develop.svn.wordpress.org/branches/6.5@58404
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With a new direction in the 6.5.4 to restore the Activate button's href (see #61319 / [58250]), the changesets committed for 6.5.3 (see #60992) are now dead code and will not render the admin notice on successful plugin activation.
This commit is a clean revert of r58083.
Follow-up to [58250], [58257].
Reviewed by jorbin.
Reverts [58083] on the 6.5 branch.
Props swissspidy, azaozz, costdev, jorbin, hellofromTonya, afragen.
Fixes#61331.
See #60992.
Built from https://develop.svn.wordpress.org/branches/6.5@58258
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Resolves a bug by first initializing in the AJAX callback `WP_Plugin_Dependencies::check_plugin_dependencies_during_ajax()`.
More details:
[57658] removed auto-deactivation and bootstrapping logic from the Plugin Dependencies feature. In doing so, initialization calls were added to various locations in Core to ensure dependencies were detected and ready to be checked. However, an initialization call was missed in the AJAX callback before checking plugin dependencies.
This means that a plugin's dependencies may not be detected, and lead to a false positive, which in turn allows the user to click Activate only to see a failure message.
Follow-up to [57658].
Reviewed by jorbin.
Merges [58252] to the 6.5 branch.
Props kevinwhoffman, costdev, afragen.
Fixes#61294.
Built from https://develop.svn.wordpress.org/branches/6.5@58255
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Restores the Activate button's `href` native behavior by changing the AJAX activation handler introduced in 6.5.0. It restores the pre-6.5 behavior of clicking the "Activate" button, i.e. navigates the user to the button's `href` (i.e. to the `plugins.php` UI).
Why?
Feedback was given after shipping [57545] in 6.5.0 (but was unknown during the development and testing cycles) revealed significant impacts for plugins who's users valued the onboarding / configuration experiences.
6.5.3's [58081] and [58083] added a new user action / step to the workflow. Though helpful, it did not fully resolve the impacts.
For the minor, this commit seeks to restore only the "Activate" button's `href` pre-6.5 native behavior to resolve the regression.
The next phase of the Add Plugins workflow can then continue in a major release to gain the benefits of a full major to move it from ideation through the development phases. (See #61040). The questions of redirect, how / should configuration be in the workflow, etc. can best be explored and experimented with in a major.
Follow-up to [57545], [58081], [58083].
Reviewed by jorbin.
Merges [58250] to the 6.5 branch.
Props costdev, jorbin, hellofromTonya, afragen, kevinwhoffman, azaozz, adrianduffell, beaulebens, hmbashar, illuminea, ironprogrammer, jjj, lopo, louiswol94, mikachan, nerrad, mukesh27, peterwilsoncc, pooja1210, smub, swissspidy.
Fixes#61319.
See #22316, #60992.
Built from https://develop.svn.wordpress.org/branches/6.5@58254
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `version` property throws a warning when working with the local Docker environment. According to the Docker Compose spec, the property only remains for backward compatibility and should be removed.
Merges [58157] to the 6.5 branch.
Props narenin, mukesh27, swissspidy.
Fixes#61101.
Built from https://develop.svn.wordpress.org/branches/6.5@58158
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The purpose of `tests/e2e/specs/gutenberg-plugin.test.js` is to ensure that running the Gutenberg plugin (stable version) on a WordPress `trunk` install doesn't produce any fatals.
The test was introduced in [54913], i.e. it has been around since WP 6.2. It makes sense to have it present on older branches, as the Gutenberg plugin not only supports `trunk`, but also the current stable version of WordPress (i.e. currently 6.5), and one version below (6.4). However, it is not expected to work on any earlier versions beyond that; in practice, it has produced errors on some of those.
This changeset checks the REST API response from the plugin activation request. If it returns an error with error code `plugin_wp_incompatible`, it skips the test.
Reviewed by jorbin.
Merges [58046] to the 6.5 branch.
Props jorbin, johnbillion, swissspidy.
Fixes#60971.
Built from https://develop.svn.wordpress.org/branches/6.5@58151
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Package Update includes fixes for:
– Layout: Skip outputting base layout rules that reference content or wide sizes if no layout sizes exist
– Fix inserter pattern pagination focus loss
– Fix static posts page setting resolved template
– Font Library: Fix modal scrollbar
– Interactivity API: Allow multiple event handlers for the same type with data-wp-on.
– Layout: Always add semantic classes
– List View: Fix stuck dragging mode in UI in Firefox when dealing with deeply nested lists
– Don't output base flow and constrained layout rules on themes without theme.json
- PHP unit test workflow: Try removing 7.0 and 7.1 to get CI tests passing
Props grantmkin, talldanwp, ntsekouras, mikachan, darerodz, andrewserong, mamaduka, isabel_brison, jorbin, annezazu, anlino, ramonopoly, davecpage, ellatrix, colorful-tones, mamaduka, flixos90, luisherranz, wildworks, jordesign, mmaattiiaass, jorgefilipecosta, kevin940726, afercia, poena, macmanx, luminuu, anlino.
Fixes#61129.
Built from https://develop.svn.wordpress.org/branches/6.5@58086
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Plugin activation on the Plugins > Add New screen is performed using AJAX, no longer performing redirects. This means that users will not see a newly activated plugin's menu items, admin notices, or other UI elements until the user refreshes or navigates to another screen. Without adequate messaging and direction, users may be unsure of what to do next.
This shows an admin notice when a plugin is activated from its plugin card or modal, informing the user that the plugin was activated, and that some changes may not occur until they refresh the page.
Follow-up to [57545].
Reviewed by joedolson.
Merges [58081] to the 6.5 branch.
Props costdev, jorbin, jeherve, flixos90, joedolson, ironprogrammer, audrasjb, alanfuller, kevinwhoffman, devsahadat, afragen, adrianduffell, azaozz, jason_the_adams, JeffPaul, webdevmattcrom, DrewAPicture, justlevine, stevejonesdev, benlk, roytanck.
Fixes#60992. See #22316.
Built from https://develop.svn.wordpress.org/branches/6.5@58083
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This prevents a number of php notices that are surfaced due to the endpoint being called on load of the post editor even when there are no templates.
Reviewed by joemcgill.
Merges [58079] to the 6.5 branch.
Props grantmkin, CookiesForDevo, britner, wildworks, jorbin.
Fixes#60909.
Built from https://develop.svn.wordpress.org/branches/6.5@58080
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before, wp_localize_script() did not work when the $wp_scripts global was not already set (for example because of a script registration happening elsewhere) and even emitted a warning in that case. Due to side effects such as block registration early in the load process, this usually never happened. However, the absence of these side effects in 6.5 caused the wp_localize_script() to no longer work in places such as the login_enqueue_scripts.
By calling wp_scripts() in wp_localize_script(), the $wp_scripts global is automatically set if needed, restoring previous behavior. Adds both a PHP unit test and an e2e test to verify this use case. Hat tip: jorbin.
Thanks for the birthday wishes, Pascal!
Reviewed by Jorbin.
Merges [58068] to the 6.5 branch.
Props salcode, aslamdoctor, jorbin, swissspidy.
Fixes#60862.
Built from https://develop.svn.wordpress.org/branches/6.5@58078
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some plugins pass invalid values such as `null` instead of a string, which has never been supported by WordPress (no translations are loaded) and was technically undefined behavior. With the introduction of the new l10n library in #59656, which has stricter type hints, this could end up causing warnings or even fatal errors.
This change adds a deliberate short-circuit to `load_textdomain()` & co. to better handle such a case and document that it is not supported.
Merges [57925] to the 6.5 branch.
Reviewed by jorbin.
Props verygoode, swissspidy.
Fixes#60888.
Built from https://develop.svn.wordpress.org/branches/6.5@58066
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Two `@since` PHPDoc fields, and the version argument to one `_deprecated_argument()` incorrectly stated 6.5.1 as the relevant WordPress version where a change was introduced.
This changeset fixes them by setting them to 6.5.3 instead.
Reviewed by swissspidy.
Merges [58042] to the to the 6.5 branch.
Follow-up to [58041].
See #60754.
Built from https://develop.svn.wordpress.org/branches/6.5@58043
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$context` argument passed to filters such as `hooked_block_types`, `hooked_block`, and `hooked_block_{$hooked_block_type}` allows them to conditionally insert a hooked block. If the anchor block is contained in a template or template part, `$context` will be set to a `WP_Block_Template` object reflecting that template or part.
The aforementioned filters are applied when hooked block insertion is run upon reading a template (or part) from the DB (and before sending the template/part content with hooked blocks inserted over the REST API to the client), but also upon writing to the DB, as that's when the `ignoredHookedBlocks` metadata attribute is set.
Prior to this changeset, the `$context` passed to Block Hooks related filters in the latter case reflected the template/part that was already stored in the database (if any), which is a bug; instead, it needs to reflect the template/part that will result from the incoming `POST` network request that will trigger a database update.
Those incoming changes are encapsulated in the `$changes` argument passed to the `reset_pre_insert_template` and `reset_pre_insert_template_part` filters, respectively, and thus to the `inject_ignored_hooked_blocks_metadata_attributes` function that is hooked to them. `$changes` is of type `stdClass` and only contains the fields that need to be updated. That means that in order to create a `WP_Block_Template` object, a two-step process is needed:
- Emulate what the updated `wp_template` or `wp_template_part` post object in the database will look like by merging `$changes` on top of the existing `$post` object fetched from the DB, or from the theme's block template (part) file, if any.
- Create a `WP_Block_Template` from the resulting object.
To achieve the latter, a new helper method (`_build_block_template_object_from_post_object`) is extracted from the existing `_build_block_template_result_from_post` function. (The latter cannot be used directly as it includes a few database calls that will fail if no post object for the template has existed yet in the database.)
While somewhat complicated to implement, the overall change allows for better separation of concerns and isolation of entities. This is visible e.g. in the fact that `inject_ignored_hooked_blocks_metadata_attributes` no longer requires a `$request` argument, which is reflected by unit tests no longer needing to create a `$request` object to pass to it, thus decoupling the function from the templates endpoint controller.
Unit tests for `inject_ignored_hooked_blocks_metadata_attributes` have been moved to a new, separate file. Test coverage has been added such that now, all three relevant scenarios are covered:
- The template doesn't exist in the DB, nor is there a block theme template file for it.
- The template doesn't exist in the DB, but there is a block theme template file for it.
- The template already exists in the DB.
Those scenarios also correspond to the logical branching inside `WP_REST_Templates_Controller::prepare_item_for_database`, which is where `inject_ignored_hooked_blocks_metadata_attributes` gets its data from.
Reviewed by gziolo.
Merges [57919] to the to the 6.5 branch.
Props tomjcafferkey, bernhard-reiter, gziolo, swissspidy.
Fixes#60754.
Built from https://develop.svn.wordpress.org/branches/6.5@58041
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset put back the context parameter of the "Patterns" string which was previously removed to fix a translation issue without introducing a string change during WP 6.5 string freeze period.
Follow-up to [57864].
Reviewed by audrasjb, jorbin.
Merges [57887] to the to the 6.5 branch.
Props kebbet, narenin, nestea29950.
Fixes#60827.
Built from https://develop.svn.wordpress.org/branches/6.5@58038
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The value of start is not fully supported by Opera Mini which has 1.01% usage. There is no material change in functionality with this change.
Follow-up to [55919].
Props davidbaumwald, sabernhardt, khokansardar, devsahadat.
Reviewed by joedolson.
Merges [57881] to the 6.5 branch.
Fixes#60876.
Built from https://develop.svn.wordpress.org/branches/6.5@58036
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove `target="_blank"` from two links to developer resources on adding the personal data eraser to plugins in the Help info for the privacy screens. Also rectifies differences between the export and erase screens for consistency and changes the order of paragraphs.
Props sabernhardt, joedolson.
Fixes#60097.
Built from https://develop.svn.wordpress.org/branches/6.5@58018
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds an is_dir() check in _get_block_templates_paths before trying to run a RecursiveDirectoryIterator to avoid errors being reported in New Relic even thought the errors should be handled by a try/catch block.
Follow-up to [57215].
Reviewed by jorbin.
Merges [57928] to the to the 6.5 branch.
Props iCaleb, sean212, mukesh27, joemcgill.
Fixes#60915.
Built from https://develop.svn.wordpress.org/branches/6.5@57947
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to some changes on the WP.com side to compress the requested images on the fly, the exact image size in the response could be different between platforms.
This commit aims to make the affected tests more reliable.
Follow-up to [139/tests], [31258], [34568], [47142], [57903], [57904], [57924].
Reviewed by jorbin.
Merges [57931] to the 6.5 branch.
Props peterwilsoncc, jorbin.
See #60865.
Built from https://develop.svn.wordpress.org/branches/6.5@57935
git-svn-id: http://core.svn.wordpress.org/branches/6.5@57436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
