Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a new media view: `wp.media.view.Heading` designed to add accessibility friendly headers in the media library/modal.
* Add an initial "Attachments list" heading above the attachments list.
Props afercia.
Fixes#36925.
Built from https://develop.svn.wordpress.org/trunk@44969
git-svn-id: http://core.svn.wordpress.org/trunk@44800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `WP_Fatal_Error_Handler` class that detects fatal errors and displays a more user-friendly message about the site experiencing technical difficulties.
Websites that have custom requirements in that regard can implement their own fatal error handler by adding a `fatal-error-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Fatal_Error_Handler`. That handler will then be used in place of the default one. Alternatively, the fatal error handler feature can be completely disable through a constant `WP_DISABLE_FATAL_ERROR_HANDLER`.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in. For more granular customization, the fatal error handler also includes new filters `wp_should_handle_php_error`, `wp_php_error_message` and `wp_php_error_args`.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey, timothyblynjacobs.
See #46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44962
git-svn-id: http://core.svn.wordpress.org/trunk@44793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows screen readers to properly announce each search landmark region independently.
Introduce `search_form_args` filter for the arguments used when generating the search form.
Props afercia, williampatton.
Fixes#42057.
Built from https://develop.svn.wordpress.org/trunk@44956
git-svn-id: http://core.svn.wordpress.org/trunk@44787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.
This code relies on the new sodium_compat library for PHP versions prior to 7.2.
Props dd32, paragoninitiativeenterprises.
See #39309, #45806.
Built from https://develop.svn.wordpress.org/trunk@44954
git-svn-id: http://core.svn.wordpress.org/trunk@44785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a pure PHP implementation of the cryptographic functions supported in PHP 7.2+. It provides the necessary backwards compatibility required to support signature verification and other security features going forward across all supported PHP versions.
Props paragoninitiativeenterprises
Fixes#45806. See #39309.
Built from https://develop.svn.wordpress.org/trunk@44953
git-svn-id: http://core.svn.wordpress.org/trunk@44784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`.
See https://github.com/WordPress/gutenberg/pull/13451
See #45113
Props adamsilverstein, nerrad .
Fixes#46107 .
Built from https://develop.svn.wordpress.org/trunk@44949
git-svn-id: http://core.svn.wordpress.org/trunk@44780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Displaying the correct build date in feeds is as important today as it was twelve years ago when this ticket was opened.
Fix an issue where all feeds in WordPress showed the same date for their last build date (the datapoint is `lastBuildDate`, `updated` or `dc:date` depending on the feed type).
Introduce a new `get_last_build_date` filter to adjust the date used for `lastBuildDate`. Developers who previously filtered `get_lastcommentmodified` to alter feed dates should use this filter instead.
* `get_last_build_date` extracts the latest post (or comment) in the current WP_Query object.
* In all feed templates, use `get_last_build_date` vs `get_lastpostmodified( 'GMT' );`.
Props stevenkword, spacedmonkey, ryanshoover, mauteri, nacin, jorbin, MikeNGarrett, Denis-de-Bernardy, peaceablewhale.
Fixes#4575.
Built from https://develop.svn.wordpress.org/trunk@44948
git-svn-id: http://core.svn.wordpress.org/trunk@44779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [29630], this admin notice informs administrators (or network administrators on multisite installs) that the `WPLANG` constant is no longer needed when the locale returned by `get_locale()` does not match. After 5 years, the notice is being removed to avoid causing confusion for non-technical users.
The `_deprecated_argument()` call will persist to inform developers of the issue within log files.
Props flixos90, iworks, ocean90.
Fixes#39675.
Built from https://develop.svn.wordpress.org/trunk@44946
git-svn-id: http://core.svn.wordpress.org/trunk@44777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change ensures that the values of time and date fields for comments and posts (both Classic Editor and quick edit) are consistently aligned in the center of the input fields. The block editor already enforces this alignment separately.
Props birgire, jainnidhi, melchoyce.
Fixes#43675.
Built from https://develop.svn.wordpress.org/trunk@44945
git-svn-id: http://core.svn.wordpress.org/trunk@44776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).
- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe
Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes#40245.
Built from https://develop.svn.wordpress.org/trunk@44942
git-svn-id: http://core.svn.wordpress.org/trunk@44773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.
The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.
Props spacedmonkey, kraftbj, Shital Patel.
Fixes#42814.
Built from https://develop.svn.wordpress.org/trunk@44941
git-svn-id: http://core.svn.wordpress.org/trunk@44772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the following new icons to the Dashicon font:
- `.dashicons-admin-site-alt (f11d)`
- `.dashicons-admin-site-alt2 (f11e)`
- `.dashicons-admin-site-alt3 (f11f)`
- `.dashicons-buddicons-activity (f452)`
- `.dashicons-buddicons-bbpress-logo (f12b)`
- `.dashicons-buddicons-buddypress-logo (f448)`
- `.dashicons-buddicons-community (f453)`
- `.dashicons-buddicons-forums (f449)`
- `.dashicons-buddicons-friends (f454)`
- `.dashicons-buddicons-groups (f456)`
- `.dashicons-buddicons-pm (f457)`
- `.dashicons-buddicons-replies (f451)`
- `.dashicons-buddicons-topics (f450)`
- `.dashicons-buddicons-tracking (f455)`
- `.dashicons-businessperson (f12e)`
- `.dashicons-businesswoman (f12f)`
- `.dashicons-color-picker (f131)`
- `.dashicons-editor-ltr (f129)`
- `.dashicons-editor-ol-rtl (f12c)`
- `.dashicons-email-alt2 (f10a)`
- `.dashicons-instagram (f12d)`
- `.dashicons-menu-alt (f10b)`
- `.dashicons-rest-api (f124)`
- `.dashicons-yes-alt (f12a)`
- `.dashicons-tide (f10d)`
These icons were added to the `.ttf, ` and `.eot` font files, as well as the SVG sprite. However, they were not added to the `.woff` font file. The new `dashicons.woff2` file should be utilized instead.
For instances where IE<11 needs to be supported, the `.woff` file will remain for backwards compatibility. However, if the new icons are needed in those scenarios, the WOFF format is now included as embedded within the `dashicons.css`.
Props EmpireOfLight, liljimmi, jaymanpandya, netweb, melchoyce, joen, folletto, nateallen, bahia0019, JeffPaul, desrosj, cathibosco1.
Fixes#41074.
Built from https://develop.svn.wordpress.org/trunk@44940
git-svn-id: http://core.svn.wordpress.org/trunk@44771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the changes in [44937] to the WordPress Updates page in the admin. Now, when a site does not meet the minimum PHP version requirements for a plugin update, the user will not be able to update. Instead, they will be presented with educational information to guide them through the process of updating PHP.
Props afragen, miyauchi, TimothyBlynJacobs, desrosj.
Fixes#44350.
Built from https://develop.svn.wordpress.org/trunk@44939
git-svn-id: http://core.svn.wordpress.org/trunk@44770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a case where saving in the block editor fails if there are two `_wpnonce` arguments in the request, one overriding the other so that `use_block_editor_for_post()` wasn't able to check the nonce properly.
Props Chouby.
See #45253.
Built from https://develop.svn.wordpress.org/trunk@44938
git-svn-id: http://core.svn.wordpress.org/trunk@44769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin states it requires a specific minimum PHP version (as defined in the `requires_php` field included in the plugin update API response), a user should not be allowed to update that plugin when the server does not satisfy the minimum PHP version.
When this scenario is encountered, the update buttons and links are disabled and links to educational resources about PHP are displayed to the user with a notice.
Props afragen, schlessera, desrosj.
Fixes#43987.
Built from https://develop.svn.wordpress.org/trunk@44937
git-svn-id: http://core.svn.wordpress.org/trunk@44768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the `wp_get_update_php_annotation()` function, which returns the message displayed when a host filters the direct PHP update or PHP update education URLs to indicate the information is site specific and provided by the host, not WordPress core.
It also updates `wp_update_php_annotation()` to accept a `$before` and `$after` parameter, which makes this notice more flexible for displaying in multiple locations within the admin area. Previously, the markup output in `wp_update_php_annotation()` was hardcoded, which was making it difficult to display it properly in multiple locations.
Props afragen, aaroncampbell, flixos90, TimothyBlynJacobs, desrosj.
Fixes#46044.
Built from https://develop.svn.wordpress.org/trunk@44935
git-svn-id: http://core.svn.wordpress.org/trunk@44766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures `$request->set_url_params()` is called while fulfilling OPTIONS requests, where previously it was skipped because OPTIONS requests short-circuit the logic in `dispatch` which handles this setup for other request methods. Omitting the URL parameters prevented the Allow header from being set.
Props killua99, noisysocks.
Fixes#45753.
Built from https://develop.svn.wordpress.org/trunk@44933
git-svn-id: http://core.svn.wordpress.org/trunk@44764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code.
Props garrett-eclipse, birgire.
Fixes#44901.
Built from https://develop.svn.wordpress.org/trunk@44931
git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- adds a visually hidden text to give context to the lyrics
- the text is `Quote from Hello Dolly song, by Jerry Herman:`
- adds a `lang` HTML attribute (when the admin language is not English) to better support assistive technologies
- adds a `dir` HTML attribute to better support the LTR English lyrics with RTL languages
- CSS adjustments
Props audrasjb, SergeyBiryukov, danieltj, birgire, karmatosed, desrosj, afercia.
Fixes#43632.
Built from https://develop.svn.wordpress.org/trunk@44929
git-svn-id: http://core.svn.wordpress.org/trunk@44760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, querying sites early in the bootstrap process could potentially cause a fatal error, since at that stage the filter to bail on updating site meta cache if the respective database table has not been installed yet is not hooked in yet. This changeset forces the filter to be added if that is not already the case.
Props spacedmonkey.
Fixes#46167.
Built from https://develop.svn.wordpress.org/trunk@44925
git-svn-id: http://core.svn.wordpress.org/trunk@44756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- standardizes the Comment count string to `%s Comment in moderation', '%s Comments in moderation` so it can be bulk-updated
- adds the string as visually hidden text in the admin menu
- introduces an `updateInModerationText` JS simple function, responsible to correctly update all the related text using the data from the AJAX response
- adds a visually hidden text "1 Privacy Policy update" to the Privacy menu items count
- adds/improves translators comments
Changes that apply to all the count bubbles (Updates, plugins, etc.)
- makes the bubbles and their text slightly bigger
- improves the active menu item bubble contrast by changing the background color to red (option 2 in the screenshot attached in a previous comment)
Props adamsoucie, afercia.
Fixes#33030.
Built from https://develop.svn.wordpress.org/trunk@44924
git-svn-id: http://core.svn.wordpress.org/trunk@44755 1a063a9b-81f0-0310-95a4-ce76da25c4cd