On multisite, when checking if a user has a certain capability WordPress makes an additional check to see if the user is a super admin. The `is_super_admin()` function contained a call to `wp_get_current_user()` so as the global current user object could be used if it matched the queried user id.
This would cause an infinite loop if a hook attached to the `determine_current_user` filter was itself making a permission check. For example when limiting who can use the Application Passwords feature based on their capabilities.
Since [50790] the `WP_User` instance for the current user is shared between `wp_get_current_user()` and `get_userdata()`. This means we can remove the `wp_get_current_user` call from `is_super_admin()` while still retaining the same behavior.
Props chrisvanpatten, peterwilsoncc.
Fixes#53386.
Built from https://develop.svn.wordpress.org/trunk@52157
git-svn-id: http://core.svn.wordpress.org/trunk@51749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the way that the `blockquote` and `iframe` are being parsed with a regular expression in `wp_filter_oembed_result()`, if there is any content at all before the `blockquote` start tag then it will fail to be included in the first matching group. By appending the `wp-embed` script instead of prepending it in `get_post_embed_html()`, then the parsing issue is avoided.
Also use non-greedy match `wp_maybe_enqueue_oembed_host_js()`.
Amends [52132].
Fixes#44632.
Built from https://develop.svn.wordpress.org/trunk@52153
git-svn-id: http://core.svn.wordpress.org/trunk@51745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, with absolute positioning, the star character to signify required comment form fields could overlap the text in some languages. The star's styling was also inconsistent between the input labels and the comment notes paragraph.
This commit makes the star's styling more consistent and ensures it does not overlap with the text.
Follow-up to [52029].
Props sabernhardt, hellofromTonya.
Fixes#54408.
Built from https://develop.svn.wordpress.org/trunk@52152
git-svn-id: http://core.svn.wordpress.org/trunk@51744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Refactors the mock logic to a helper function for reuse in multiple tests.
* Mocks the remote request in `WP_REST_Block_Directory_Controller_Test:: test_get_items_no_results()` using the mock helper.
Follow-up to [48242], [52137].
Props hellofromTonya, sergeybiryukov.
See #54420.
Built from https://develop.svn.wordpress.org/trunk@52146
git-svn-id: http://core.svn.wordpress.org/trunk@51738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Copies Navigation Area infrastrucutre from lib/navigation.php in Gutenberg. This
allows a Navigation block to be associated with a particular area which persists
when switching theme.
Props antonvlasenko, mamaduka, spacedmonkey.
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52145
git-svn-id: http://core.svn.wordpress.org/trunk@51737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If `SCRIPT_NAME'` does not exist (which can happen in cron jobs), the following happens:
* PHP 8.1+:
* `Warning: Undefined array key "SCRIPT_NAME"`
* `Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated`
* PHP 8.0: `Warning: Undefined array key "SCRIPT_NAME"`
* PHP 5.6-7.4: No warning or notice
This commit checks if the key exists before passing it to `strpos()`. This resolves the warning, notice, and future error.
Follow-up to [3034], [3069], [12732].
Props audrasjb, costdev, hellofromTonya, karpstrucking, mcjambi, sergeybiryukov.
Fixes#54142.
Built from https://develop.svn.wordpress.org/trunk@52144
git-svn-id: http://core.svn.wordpress.org/trunk@51736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, the theme centers images on the front end when no alignment is selected. In the editor, however, images were aligned to the left side of the block.
This commit ensures that the alignment in the editor matches the one on the front end.
Props sabernhardt, ashfame, poena, annezazu.
Fixes#53809.
Built from https://develop.svn.wordpress.org/trunk@52142
git-svn-id: http://core.svn.wordpress.org/trunk@51734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When posts are edited in bulk, the `_edit_last` meta was not updated for each post. This change adds a call to update the `_edit_last` meta to the current user ID for each post the is updated.
Props calebwoodbridge, peterwilsoncc, guillaumeturpin, audrasjb.
Fixes#42446.
Built from https://develop.svn.wordpress.org/trunk@52141
git-svn-id: http://core.svn.wordpress.org/trunk@51733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `add_{$meta_type}_meta`, `added_{$meta_type}_meta`, `update_{$meta_type}_meta`, `updated_{$meta_type}_meta`, `delete_{$meta_type}_meta`, and `deleted_{$meta_type}_meta` hooks, the `$_meta_value` parameter was documented as "Serialized if non-scalar". However, `$_meta_value` is a copy of the raw meta value before `maybe_serialize` is run and is not serialized. This change updates each of the above hooks' docblocks to remove "Serialized if non-scalar" from the `$_meta_value` parameter description.
Props pputzer, hasanuzzamanshamim.
Fixes#53102.
Built from https://develop.svn.wordpress.org/trunk@52140
git-svn-id: http://core.svn.wordpress.org/trunk@51732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of hitting the live API, this commit mocks the remote request when testing creating an item that's an unknown plugin.
Follow-up to [48242].
Props hellofromTonya, noisysocks, sergeybiryukov, TimothyBlynJacobs.
See #54420.
Built from https://develop.svn.wordpress.org/trunk@52138
git-svn-id: http://core.svn.wordpress.org/trunk@51730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `m` query_tag has a valid year, i.e. `?m=2021`, and there are posts for that year, `substr()` returns a `false` on PHP 5.6 and an empty string on PHP 7.0+. Passing either of those values to `$wp_locale->get_month()` results in a PHP notice on PHP 5.6 to PHP 7.4 and a PHP Warning on PHP 8.0+.
Why? The `$month` lookup table has zeroized keys from '01' to '12'. A empty value is passed to `zeroise()` returns `'00'` which is directly passed as a key in the month property. That key does not exist.
While `$wp_locale->get_month()` would benefit from guarding/validation, this fix ensures a falsey value is not passed as a month.
Tests are added including a test that fails with this fix not applied.
Follow-up to [801], [35294], [35624].
Props antpb, audrasjb, costdev, davidmosterd, drewapicture, herregroen, hellofromTonya, michelwppi, sergeybiryukov.
Fixes#31521.
Built from https://develop.svn.wordpress.org/trunk@52136
git-svn-id: http://core.svn.wordpress.org/trunk@51728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update packages to include these bug fixes from Gutenberg:
- Group - Fix inner container regexes using fixed div tag
- Image block: Make sure the Image block border radius is inherited if the image is linked
- Navigation: Small fixes
- FSE: Add template_type guards
- Template Part Block: Add some guards
- Fix getEntityRecords to ensure resolution on REST API failure
- Ensure menus before map operation in Nav block
- Link editing: Account for link anchor no longer being present when generating unique link instance key
- Navigation: Hide post attributes meta box
- Fix failing tests and compatibility with 5.9.
- Fix missing <MainDashboardButton> slot fill in site editor
- Move WP_REST_Block_Navigation_Areas_Controller from Gutenberg to Core.
- Fix site editor reset styles in WP 5.9
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52135
git-svn-id: http://core.svn.wordpress.org/trunk@51727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so.
* Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads.
* Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled.
* For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`.
Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes#44632, #44306.
Built from https://develop.svn.wordpress.org/trunk@52132
git-svn-id: http://core.svn.wordpress.org/trunk@51724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_terms` filter currently documents that the filter passes an array as both the first and second parameters, which is normally true, except that the second can be `null` when not specified. This change updates the filter's docblock to indicate that the second parameter can also be of a `null` type.
Props dd32, audrasjb, mukesh27.
Fixes#54222.
Built from https://develop.svn.wordpress.org/trunk@52131
git-svn-id: http://core.svn.wordpress.org/trunk@51723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update packages to include these bug fixes from Gutenberg:
- Force remount LinkControl when moving between links within same richtext block
- Site Editor: Change ToolsMoreMenuGroup slot-fill name
- Respect fields param for global styles REST API requests.
- Try ensuring the item after post content clears floats
- Fix submenus not opening on click
- Apply i18n functions to Nav block menu drops when selecting existing Menu
- Gallery: Make sure the mobile warning notice only runs when images are added to a new block
- Prepare navigation php code for core patch
- Address deprecation issues from Buttons flex layout PR.
- Block Library: Fix incorrect attributes definitions
- Fix Navigation accessibility issues
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52103
git-svn-id: http://core.svn.wordpress.org/trunk@51695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-One contained a filter on `the_title` to change the default post title to “Untitled”.
Whenever possible, the default behavior of Core without theme modifications should be confirmed in tests. The default behavior here is for a post title to be “(no title)” when one is not entered.
This change also makes an adjustment to be more specific when retrieving the text to verify results to prevent dates and post statuses from being pulled in.
Props davidbaumwald, desrosj, peterwilsoncc, hellofromTonya.
Fixes#54409.
Built from https://develop.svn.wordpress.org/trunk@52096
git-svn-id: http://core.svn.wordpress.org/trunk@51688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There's now a way to get a link to a given post's revisions. Introducing `wp_get_post_revisions_url()` and its unit tests.
Props adamsilverstein, audrasjb, costdev, davidbaumwald, garrett-eclipse, georgestephanis, hellofromTonya, iaaxpage.
Fixes#39062.
Built from https://develop.svn.wordpress.org/trunk@52095
git-svn-id: http://core.svn.wordpress.org/trunk@51687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add additional label options to `register_taxonomy()` to allow developers further flexibility for customizing the edit taxonomy screen.
Props mclaurent, swissspidy, johnbillion, jeremyescott, theMikeD, jeremyfelt, dontgo2sleep, SergeyBiryukov, audrasjb, Boniu91.
Fixes#43060.
Built from https://develop.svn.wordpress.org/trunk@52094
git-svn-id: http://core.svn.wordpress.org/trunk@51686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Disable auto-correct for the slug field on the quick/bulk edit interface. As slugs may consist of a number of words combined in to a single string, they are unlikely to pass spell checkers.
Props swb1192, SergeyBiryukov, afragen, Clorith, desrosj, JeffPaul, sabernhardt, Boniu91, costdev, hellofromTonya.
Fixes#50499.
Built from https://develop.svn.wordpress.org/trunk@52092
git-svn-id: http://core.svn.wordpress.org/trunk@51684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On user registration, the `$errors` variable is the result of `register_new_user` which contains either the newly registered user's ID on success or a `WP_Error` object on failure. This change passes that context to the `registration_redirect` filter.
Props Collizo4sky, aadilali, mukesh27, audrasjb.
Fixes#53992.
Built from https://develop.svn.wordpress.org/trunk@52091
git-svn-id: http://core.svn.wordpress.org/trunk@51683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Clarify messaging of when `wp_nonce_ays('log-out')` is called due to an invalid log out nonce. The HTML title now describes the action being taken rather than using the generic text "something went wrong".
Props davidkryzaniak, hellofromTonya, peterwilsoncc.
Fixes#52600.
Built from https://develop.svn.wordpress.org/trunk@52088
git-svn-id: http://core.svn.wordpress.org/trunk@51680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of November 2021, the `HTTP/3` protocol is still officially an Internet Draft, but is already supported by 74% of running web browsers and, according to W3Techs, 23% of the top 10 million websites. It has been supported by Google Chrome (including Chrome for Android, and Microsoft Edge, which is based on it) since April 2020 and by Mozilla Firefox since May 2021. Safari 14 (on macOS Big Sur and iOS 14) has also implemented the protocol but support is hidden behind a feature flag.
Based on the wide support, this change adds `HTTP/3` as a valid HTTP protocol.
Props malthert.
Fixes#54404.
Built from https://develop.svn.wordpress.org/trunk@52087
git-svn-id: http://core.svn.wordpress.org/trunk@51679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an `is_array()` check before the `in_array()`. Why? `in_array()` requires a array for the haystack. Any other data type will cause a fatal error on PHP 8.0 or higher:
{{{
Fatal error: Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array
}}}
As this is a new filter, this type check properly guards to avoid the fatal error.
Follow-up to [52084].
See #54331.
Built from https://develop.svn.wordpress.org/trunk@52085
git-svn-id: http://core.svn.wordpress.org/trunk@51677 1a063a9b-81f0-0310-95a4-ce76da25c4cd