When `next_token()` was introduced to the HTML Tag Processor, it started
classifying comments that look like they were intended to be CDATA sections.
In one of the changes made during development, however, a typo slipped
through code review that treated comments as CDATA even if they only
ended in `]>` and not the required `]]>`.
The consequences of this defect were minor because in all cases these are
treated as HTML comments from invalid syntax, but this patch adds the
missing check to ensure the proper reporting of CDATA-lookalikes.
Follow-up to [57348]
Props jonsurrell
Fixes#60406
Built from https://develop.svn.wordpress.org/trunk@57506
git-svn-id: http://core.svn.wordpress.org/trunk@57007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WP_Theme_JSON sanitization is now able to sanitize data contained on indexed arrays.
So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array will be sanitized.
Props mmaattiiaass, mukesh27.
Fixes#60360.
Built from https://develop.svn.wordpress.org/trunk@57496
git-svn-id: http://core.svn.wordpress.org/trunk@56997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `next_token()` was introduced, it brought a subtle bug. When encountering a `<` in the HTML stream which did not lead to a tag or comment or other token, it was treating the full text span to that point as one text node, and the following span another text node.
The entire span should be one text node.
In this patch the Tag Processor properly detects this scenario and combines the spans into one text node.
Follow-up to [57348]
Props jonsurrell
Fixes#60385
Built from https://develop.svn.wordpress.org/trunk@57489
git-svn-id: http://core.svn.wordpress.org/trunk@56990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that looking up a singular that is also used as a pluralized string works as expected.
This improves compatibility for cases where for example both `__( 'Product' )` and `_n( 'Product', 'Products’, num )` are used in a project, where both will use the same translation for the singular version.
Although such usage is not really recommended nor documented, it must continue to work in the new i18n library in order to maintain backward compatibility and maintain expected behavior.
See #59656.
Built from https://develop.svn.wordpress.org/trunk@57386
git-svn-id: http://core.svn.wordpress.org/trunk@56892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previous Gutenberg versions are not compatible with recent trunk because of the
WP_Navigation_Block_Renderer classname. It's present in both.
Gutenberg has been updated to avoid the use of this class but we need to auto-disable
old plugins to avoid fatals.
Props hellofromtonya.
See #60315.
Built from https://develop.svn.wordpress.org/trunk@57384
git-svn-id: http://core.svn.wordpress.org/trunk@56890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch, somewhat small brings a lot to WordPress.
This includes features like:
- DataViews.
- Customization tools like box shadow, background size and repeat.
- UI improvements in the site editor.
- Preferences sharing between the post and site editors.
- Unified panels and editors between post and site editors.
- Improved template mode in the post editor.
- Iterations to multiple interactive blocks.
- Preparing the blocks and UI for pattern overrides.
- and a lot more.
Props luisherranz, gziolo, isabel_brison, costdev, jonsurrell, peterwilsoncc, get_dave, antonvlasenko, desrosj.
See #60315.
Built from https://develop.svn.wordpress.org/trunk@57377
git-svn-id: http://core.svn.wordpress.org/trunk@56883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is part of the sync from the Gutenberg plugin that introduces the registry for block binding sources required for the new Block Bindings API: WordPress/gutenberg#54536.
See #60282.
Follow-up [57373].
Props czapla, artemiosans, santosguillamot, sc0ttkclark, lgladdy, talldanwp, swissspidy, youknowriad, fabiankaegy, mukesh27.
Built from https://develop.svn.wordpress.org/trunk@57375
git-svn-id: http://core.svn.wordpress.org/trunk@56881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit removes unnecessary access and internal annotations from two functions that are private and as such don't require the annotation. It also adds the since annotation with the 6.5 release given that the annotation may be useful.
Props swissspidy.
See #60358.
Built from https://develop.svn.wordpress.org/trunk@57374
git-svn-id: http://core.svn.wordpress.org/trunk@56880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following third-party GitHub Actions to their latest versions:
- `actions/setup-node` from `3.8.1` to `4.0.1`
- `actions/upload-artifact` from `3.1.2` to `4.3.0`
- `shivammathur/setup-php` from `2.28.0` to `2.29.0`
- `actions/cache` from `3.3.2` to `4.0.0`
- `codecov/codecov-action` from `3.1.4` to `3.1.5`
Most notably, these updates silence newly encountered notices as a result of GitHub beginning to transition away from Node.js 16 to Node.js 20 (see https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/).
Props swissspidy.
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57362
git-svn-id: http://core.svn.wordpress.org/trunk@56868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure logged out users are redirected to the media file when attachment pages are inactive. This removes the read_post capability check from the canonical redirects as anonymous users lack the permission.
This was previously committed in [57310] before being reverted in [57318]. This update includes a fix to cover instances where revealing a URL could be considered a data leak and greatly expands the unit tests to ensure that this is covered along with many other instances.
Follow-up to [56657], [56658], [56711], [57310], [57318].
Props peterwilsoncc, jorbin, afercia, aristath, chesio, joppuyo, jorbin, lakshmananphp, poena, sergeybiryukov, swissspidy, johnbillion.
Fixes#59866.
See #57913.
Built from https://develop.svn.wordpress.org/trunk@57357
git-svn-id: http://core.svn.wordpress.org/trunk@56863 1a063a9b-81f0-0310-95a4-ce76da25c4cd