`ZipArchive` can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to `PclZip` to check validity of files if `ZipArchive` fails them.
This introduces the new function `wp_zip_file_is_valid()` to validate archives.
Follow up to [57388].
Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes#60398.
Built from https://develop.svn.wordpress.org/trunk@57537
git-svn-id: http://core.svn.wordpress.org/trunk@57038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `codecov/codecov-action` from version `3.1.5` to `4.0.1`.
Version 4 switches to using the Codecov CLI to upload test report date, and changes the version of Node.js used for the action to 20.x. This fixes the notices currently shown for the test coverage workflow.
Props: mukesh27.
See #59658.
Built from https://develop.svn.wordpress.org/trunk@57534
git-svn-id: http://core.svn.wordpress.org/trunk@57035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This private method was introduced in [56033] / #12009 but it's not actually used.
It was part of the inline script implementation which was later reverted before final merge.
The method can be safely removed because it’s private and cannot be used by extenders.
Props joemcgill.
Fixes#60438.
Built from https://develop.svn.wordpress.org/trunk@57533
git-svn-id: http://core.svn.wordpress.org/trunk@57034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Avoid false test failures due to network conditions in the `WP_REST_Plugins_Controller_Test` class. This mocks HTTP responses from the plugin information endpoint for the link-manager plugin.
Props: peterwilsoncc, costdev.
See #59647.
Built from https://develop.svn.wordpress.org/trunk@57531
git-svn-id: http://core.svn.wordpress.org/trunk@57032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML Processor tracks whether a token was found with the self-closing flag.
Depending on the context, this flag may or may not indicate that the element is
self closing. Unfortunately it's been tracking the wrong flag: it's been tracking
the end-tag flag, which indicates that a token is an end tag.
In this patch the right flag is set in the HTML Processor. This hasn't been an
issue because the HTML Processor doesn't yet read that stored flag, but it's an
important fix to make before adding support for foreign content (SVG and MathML)
since that behavior depends on reading the correct flag.
Follow-up to [56274].
Props dmsnell.
Built from https://develop.svn.wordpress.org/trunk@57528
git-svn-id: http://core.svn.wordpress.org/trunk@57029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It fixes the coding style issues reported. It goes further and improves the code quality it other places where the logic for block bindings was added.
Follow-up for [57514].
Props: gziolo, mukesh27, youknowriad, santosguillamot.
See #60282.
Built from https://develop.svn.wordpress.org/trunk@57526
git-svn-id: http://core.svn.wordpress.org/trunk@57027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving AVIF images when supported by the server.
Add 'image/avif' to supported mime types. Correctly identify AVIF images and sizes even when PHP doesn't support AVIF. Resize uploaded AVIF files (when supported) and use for front end markup.
Props adamsilverstein, lukefiretoss, ayeshrajans, navjotjsingh, Tyrannous, jb510, gregbenz, nickpagz, JavierCasares, mukesh27, yguyon, swissspidy.
Fixes#51228.
Built from https://develop.svn.wordpress.org/trunk@57524
git-svn-id: http://core.svn.wordpress.org/trunk@57025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes a few improvements made to the Props Bot workflow:
- The bot will no longer run on draft PRs.
- The bot will no longer run on closed PRs.
- The bot will no longer run when a comment is deleted (this should almost never happen).
Props mamaduka, gziolo.
See #60417.
Built from https://develop.svn.wordpress.org/trunk@57523
git-svn-id: http://core.svn.wordpress.org/trunk@57024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The native cursor style for labels and form controls is `default`, which is the platform-dependent default cursor. Typically an arrow. Historically, WordPress always used the `pointer` style for all form controls and labels. While this isn't standard, there is some value in using the `pointer` style for form controls. However, labels should use the default style especially when the associated controls are disabled.
Additionally, makes sure the disabled styling works for form controls with an `aria-disabled="true"` attribute.
Props joedolson, afercia.
Fixes#59733.
Built from https://develop.svn.wordpress.org/trunk@57520
git-svn-id: http://core.svn.wordpress.org/trunk@57021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Props Bot is a new GitHub Action that will compile a list of contributors for a given pull request. The bot will leave a comment with a list of contributors formatted for use in both Trac SVN and GitHub.
Props dharm1025, desrosj, jorbin, jeffpaul, dd32, pento, gziolo, swissspidy, talldanwp, noisysocks, youknowriad, peterwilsoncc, joemcgill, chrisdavidmiles, wpscholar, annezazu, chanthaboune, desrosjbot.
See #60417.
Built from https://develop.svn.wordpress.org/trunk@57517
git-svn-id: http://core.svn.wordpress.org/trunk@57018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjusts the translation file lookup in `WP_Textdomain_Registry` so that just-in-time translation loading
works even if there is only a `.l10n.php` translation file without a corresponding `.mo` file.
While language packs continue to contain both file types, this makes it easier to use translations in a project
without having to deal with `.mo` or `.po` files.
Props Chrystl.
See #59656.
Built from https://develop.svn.wordpress.org/trunk@57516
git-svn-id: http://core.svn.wordpress.org/trunk@57017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent `options.allowLocalEdits` from toggling to true during the upload cycle. Otherwise, media meta fields can be edited, but the data will be lost as soon as the upload process is completed.
Props codepo8, oglekler, nicolefurlan, antpb, syamraj24, joedolson.
Fixes#58783, #23374.
Built from https://develop.svn.wordpress.org/trunk@57515
git-svn-id: http://core.svn.wordpress.org/trunk@57016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces the Block Bindings API for WordPress.
The API allows developers to connects block attributes to different sources. In this PR, two such sources are included: "post meta" and "pattern". Attributes connected to sources can have their HTML replaced by values coming from the source in a way defined by the binding.
Props czapla, lgladdy, gziolo, sc0ttkclark, swissspidy, artemiosans, kevin940726, fabiankaegy, santosguillamot, talldanwp, wildworks.
Fixes#60282.
Built from https://develop.svn.wordpress.org/trunk@57514
git-svn-id: http://core.svn.wordpress.org/trunk@57015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that string lookup in MO files only uses the singular string.
This matches expected behavior with gettext files and improves compatibility for cases where for example both `__( 'Product' )` and `_n( 'Product', 'Products’, num )` are used in a project, where both will use the same translation for the singular version. Maintains backward compatibility and feature parity with the pomo library and the PHP translation file format.
Replaces [57386], which was reverted in [57505], with a more accurate and performant solution.
See #59656.
Built from https://develop.svn.wordpress.org/trunk@57513
git-svn-id: http://core.svn.wordpress.org/trunk@57014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 6.5 we are removing a couple of functions in Core blocks that were enqueuing the files needed to add that interactivity. Interactivity is handled with modules, so those functions are not needed anymore and are deprecated.
Props swissspidy, cbravobernal.
Fixes#60380.
Built from https://develop.svn.wordpress.org/trunk@57511
git-svn-id: http://core.svn.wordpress.org/trunk@57012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Rename `$p` variable to `$processor` in tests for clarity.
Use static data providers. A mix of static and non-static data providers were
used in HTML API tests. Data providers are required to be static in the next
PHPUnit version and there's no harm in using them consistently now.
Follow-up to [57507]
Props jonsurrell
See #59647
Built from https://develop.svn.wordpress.org/trunk@57508
git-svn-id: http://core.svn.wordpress.org/trunk@57009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `next_token()` was introduced, it introduced a regression in the HTML
Processor whereby void tags remain on the stack of open elements when they
shouldn't. This led to invalid values returned from `get_breadcrumbs()`.
The reason was that calling `next_token()` works through a different code path
than the HTML Processor runs everything else. To solve this, its sub-classed
`next_token()` called `step( self::REPROCESS_CURRENT_TOKEN )` so that the proper
HTML accounting takes place.
Unfortunately that same reprocessing code path skipped the step whereby void
and self-closing elements are popped from the stack of open elements.
In this patch, that step is run with a third mode for `step()`, which is the
new `self::PROCESS_CURRENT_TOKEN`. This mode acts as if `self::PROCESS_NEXT_NODE`
were called, except it doesn't advance the parser.
Developed in https://github.com/WordPress/wordpress-develop/pull/5975
Discussed in https://core.trac.wordpress.org/ticket/60382
Follow-up to [57348]
Props dmsnell, jonsurrell
Fixes#60382
Built from https://develop.svn.wordpress.org/trunk@57507
git-svn-id: http://core.svn.wordpress.org/trunk@57008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `next_token()` was introduced to the HTML Tag Processor, it started
classifying comments that look like they were intended to be CDATA sections.
In one of the changes made during development, however, a typo slipped
through code review that treated comments as CDATA even if they only
ended in `]>` and not the required `]]>`.
The consequences of this defect were minor because in all cases these are
treated as HTML comments from invalid syntax, but this patch adds the
missing check to ensure the proper reporting of CDATA-lookalikes.
Follow-up to [57348]
Props jonsurrell
Fixes#60406
Built from https://develop.svn.wordpress.org/trunk@57506
git-svn-id: http://core.svn.wordpress.org/trunk@57007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WP_Theme_JSON sanitization is now able to sanitize data contained on indexed arrays.
So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array will be sanitized.
Props mmaattiiaass, mukesh27.
Fixes#60360.
Built from https://develop.svn.wordpress.org/trunk@57496
git-svn-id: http://core.svn.wordpress.org/trunk@56997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `next_token()` was introduced, it brought a subtle bug. When encountering a `<` in the HTML stream which did not lead to a tag or comment or other token, it was treating the full text span to that point as one text node, and the following span another text node.
The entire span should be one text node.
In this patch the Tag Processor properly detects this scenario and combines the spans into one text node.
Follow-up to [57348]
Props jonsurrell
Fixes#60385
Built from https://develop.svn.wordpress.org/trunk@57489
git-svn-id: http://core.svn.wordpress.org/trunk@56990 1a063a9b-81f0-0310-95a4-ce76da25c4cd