When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.
Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.
Props fullyint.
Fixes#40020.
Built from https://develop.svn.wordpress.org/trunk@44580
git-svn-id: http://core.svn.wordpress.org/trunk@44411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
From the `WordPress.NamingConventions.ValidVariableName` sniff, this commit fixes/whitelists all `NotSnakeCaseMemberVar`, `MemberNotSnakeCase`, and `StringNotSnakeCase` violations. It also fixes a handful of the `NotSnakeCase` violations.
See #45934.
Built from https://develop.svn.wordpress.org/trunk@44573
git-svn-id: http://core.svn.wordpress.org/trunk@44404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calling `register_rest_route()` too early in the loading process has the potential to cause some unintentional problems and pitfalls. Because `register_rest_route()` calls `rest_get_server()` (which creates the `WP_REST_Server` instance), calling the function directly and/or before `rest_api_init` should be discouraged.
For example, if `register_rest_route ()` is called on `init`, the REST API server instance is set up (and all functions added to `rest_api_init` and other related hooks are invoked), even though the current request may not be a REST request. Also, if `register_rest_route()` is called even earlier (say, in an `mu-plugin` file), required endpoints may be missing since normal plugins have not yet been loaded and have not had a chance to register their own action hooks.
This adds a `_doing_it_wrong()` notice the first time `register_rest_route()` is called before `rest_api_init` in a request to encourage best practices for registering REST API routes.
Props kraftbj, desrosj, timothyblynjacobs.
Fixes#45265.
Built from https://develop.svn.wordpress.org/trunk@44568
git-svn-id: http://core.svn.wordpress.org/trunk@44399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both `wp_encode_emoji()` and `wp_staticize_emoji()` perform a PHP version check when deciding how to apply their behaviour, but this check only needs to happen once, rather than every time in their internal looks.
Moving the check outside of the loop reduces processing time by 50%.
Props johnbillion.
Fixes#45930.
Built from https://develop.svn.wordpress.org/trunk@44554
git-svn-id: http://core.svn.wordpress.org/trunk@44385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
At the start of `render_block()`, the `pre_render_block` filter allows the function to be short-circuited, and the `render_block_data` filter is applied to the `$block` parameter before it's processed.
Props kkarpieszuk, pento.
Fixes#45451.
Built from https://develop.svn.wordpress.org/trunk@44553
git-svn-id: http://core.svn.wordpress.org/trunk@44384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
Built from https://develop.svn.wordpress.org/trunk@44546
git-svn-id: http://core.svn.wordpress.org/trunk@44377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces in core new focus styles dedicated to Windows High Contrast mode. The
new styles use a transparent CSS outline as already explored in the Block Editor.
This first part covers some of the main user interface controls like buttons, links,
and media views elements. Other parts will be addressed in the next future.
Fixes#41286.
Built from https://develop.svn.wordpress.org/trunk@44544
git-svn-id: http://core.svn.wordpress.org/trunk@44375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, Safari and VoiceOver read out the text hidden with `screen-reader-text`
in a wrong order. While there's no known, full, solution, it is possible to make
them respect the correct order reliably at least within buttons.
Fixes#42006.
Built from https://develop.svn.wordpress.org/trunk@44543
git-svn-id: http://core.svn.wordpress.org/trunk@44374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `keyup` event was used to provide support for IE8, where which doesn't support the `input` event. As we dropped IE8 support some time ago, this was simply adding unnecessary complexity and double-event triggers.
Props dlh, afercia.
Fixes#32882.
Built from https://develop.svn.wordpress.org/trunk@44539
git-svn-id: http://core.svn.wordpress.org/trunk@44370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Defining `WP_TESTS_SKIP_INSTALL=1` when running tests will skip the install step. While this shouldn't be used for full test runs, it's useful for saving time when running small groups of tests.
Props soulseekah.
Fixes#43432.
Built from https://develop.svn.wordpress.org/trunk@44536
git-svn-id: http://core.svn.wordpress.org/trunk@44367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [41746], `wp_get_media_creation_timestamp()` was introduced to read the created timestamp for videos from `getID3` in meta whenever possible. This information is useful separately from the dates on the file itself.
This adds the same support audio files by utilizing `wp_get_media_creation_timestamp()` in `wp_read_audio_metadata()`.
Props blob folio, desrosj.
Fixes#42017.
Built from https://develop.svn.wordpress.org/trunk@44528
git-svn-id: http://core.svn.wordpress.org/trunk@44359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.
Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.
The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.
Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#44458.
Built from https://develop.svn.wordpress.org/trunk@44524
git-svn-id: http://core.svn.wordpress.org/trunk@44355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of turning the return value of `stream_get_wrappers()` into a regex to match the scheme, we can instead extract the scheme and search the return value of `stream_get_wrappers()`.
Props schlessera, swissspidy.
Fixes#45553.
Built from https://develop.svn.wordpress.org/trunk@44506
git-svn-id: http://core.svn.wordpress.org/trunk@44337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This should make cron spawning faster by ensuring requests to wp-cron.php return immediately regardless of transport method. It is enabled only on recent PHP versions with fastcgi, due to historical bugs and availability of `fastcgi_finish_request()`. This needs testing on a range of platforms, to help determine if it's safe to use in other contexts also.
Props vnsavage, johnbillion, jnylen0.
See #18738, #41358
Built from https://develop.svn.wordpress.org/trunk@44488
git-svn-id: http://core.svn.wordpress.org/trunk@44319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As many WordPress sites use a static homepage rather than a blog, this link gives a natural next step for new sites owners wanting to configure their site in this manner.
Props professor44, joyously, nielslange, mukesh27, melchoyce.
Fixes#45019.
Built from https://develop.svn.wordpress.org/trunk@44485
git-svn-id: http://core.svn.wordpress.org/trunk@44316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the function `wp_get_ready_cron_jobs()` to return a modified version of the cron array limited to jobs ready to be run, ie with a timestamp of `time()` or earlier.
The new function includes the filter `pre_get_ready_cron_jobs` to allow for custom cron storage systems. This rounds out the functionality added in #32656.
Props Pento for code review.
Fixes#45797.
Built from https://develop.svn.wordpress.org/trunk@44483
git-svn-id: http://core.svn.wordpress.org/trunk@44314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:
* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.
Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.
Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#45686. See #41191.
Built from https://develop.svn.wordpress.org/trunk@44476
git-svn-id: http://core.svn.wordpress.org/trunk@44307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The order of the type and variable name in the `param` tags for the `wp_get_default_privacy_policy_content` filter is incorrectly reversed. This moves the two into the correct order.
Props ishitaka, mukesh27.
Fixes#45416.
Built from https://develop.svn.wordpress.org/trunk@44475
git-svn-id: http://core.svn.wordpress.org/trunk@44306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An integer comparison is performed against `control.currentErrorAnnotations`, but `control.currentErrorAnnotations` is actually an array. This fixes that comparison so the content saves correctly.
Props barryceelen.
Fixes#43657.
Built from https://develop.svn.wordpress.org/trunk@44474
git-svn-id: http://core.svn.wordpress.org/trunk@44305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By providing distinct files for the site and network APIs, a better overview is provided. Prior to this change, the `ms-blogs.php` file had grown too big, mixing site APIs, network APIs and related legacy APIs that need to be maintained. Since multisite is often used in unexpected ways, backward-compatibility is ensured by including the two new files from `ms-blogs.php`, which previously contained all functions that have been moved to the new files.
This changeset does not contain any functional changes.
Fixes#40647.
Built from https://develop.svn.wordpress.org/trunk@44472
git-svn-id: http://core.svn.wordpress.org/trunk@44303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of this commit, WordPress is no longer a simple blogging platform. It's now a comprehensive publishing solution.
This also replaces a couple of other "blog" references that were missed previously.
Props igmoweb, Valer1e, audrasjb, pento.
Fixes#41000.
Built from https://develop.svn.wordpress.org/trunk@44455
git-svn-id: http://core.svn.wordpress.org/trunk@44286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Returning a non-`null` value on this fillter will cause `wp_unique_post_slug()` to return early with that value, skipping potentially expensive database queries on some sites.
Props coffee2code, javorszky, iCaleb.
Fixes#21112.
Built from https://develop.svn.wordpress.org/trunk@44454
git-svn-id: http://core.svn.wordpress.org/trunk@44285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ordering by `post__in` was introduced in [21776], but the code assumed that
`post__in` would be a comma-separated string listing post IDs. When an array
of post IDs was passed to the `post__in` query var, 'orderby=post__in' was
not respected. This changeset changes this behavior by handling
'orderby=post__in' in the same way as most other values of 'orderby',
which ensures that arrays as well as strings can be properly parsed.
The same treatment is given to the similar `post_name__in` and
`post_parent__in` options of 'orderby', so that most query generation for
orderby clauses happens in the same place, instead of in special cases.
A slight change in the resulting SQL (related to the whitespace around
parentheses and commas) necessitates a change to an existing REST API test
that does a string comparison against the SQL query.
Props mgibbs189, kelvink.
Fixes#38034.
Built from https://develop.svn.wordpress.org/trunk@44452
git-svn-id: http://core.svn.wordpress.org/trunk@44283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Props Kloon, birgire, tellyworth, joemcgill.
See #45615.
Built from https://develop.svn.wordpress.org/trunk@44438
git-svn-id: http://core.svn.wordpress.org/trunk@44269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, when viewing the block editor with JavaScript disabled, the user sees a blank admin page with the admin menu sidebar. This adds an admin notice informing the user that JavaScript is required for the new block editor.
Props mkaz, pento, azaozz, ocean90, desrosj.
Fixes#45453.
Built from https://develop.svn.wordpress.org/trunk@44437
git-svn-id: http://core.svn.wordpress.org/trunk@44268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes `file_exist()` checks before calling `load_script_translations()` to let the determined paths be passed to `load_script_translations()` which provides its own file check and the possibility to filter the path.
Props swissspidy, johnbillion, ocean90.
See #45769.
Built from https://develop.svn.wordpress.org/trunk@44418
git-svn-id: http://core.svn.wordpress.org/trunk@44248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
See [42808] for `Walker_Nav_Menu`.
The `aria-current` attribute is a simple, effective way to help assistive
technologies users orientate themselves within a list of items. Continues the
introduction in core of `aria-current` after [42440], [41683], [41359], and [41371].
Props chetan200891, wpzinc.
Fixes#43522.
Built from https://develop.svn.wordpress.org/trunk@44416
git-svn-id: http://core.svn.wordpress.org/trunk@44246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Seventeen's original styles for the block editor custom colors had some issues: they weren't being applied to the button blocks due to lack of specificity, and when applied to paragraph blocks, there was no padding in the editor. This update makes sure the colors and related styles work as expected.
Fixes#45426.
Built from https://develop.svn.wordpress.org/trunk@44402
git-svn-id: http://core.svn.wordpress.org/trunk@44232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Classic Editor, the “Add Media” button was outside of the TinyMCE editor. In the Block Editor, the “Add Media” button was moved into the TinyMCE toolbar in the Classic block, but the tooltip was not added to the list of translatable strings. This adds “Add Media” to that list.
The corresponding keyboard shortcut is also specified for the “Add Media” button.
Props afercia.
Fixes#45788.
Built from https://develop.svn.wordpress.org/trunk@44398
git-svn-id: http://core.svn.wordpress.org/trunk@44228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When existing scripts or styles are updated in default themes, the version numbers in the enqueues should also be bumped to make sure the old files don't cache. This update bumps version numbers for changes since version 5.0, for themes Twenty Eleven through Twenty Nineteen.
Fixes#45679.
Built from https://develop.svn.wordpress.org/trunk@44382
git-svn-id: http://core.svn.wordpress.org/trunk@44212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the original block editor styles were added to the existing default themes, the button blocks were styled to match how each theme styled the `button` tag.
However, the styles should respect the block editor's default style, "Rounded", and allow switching to the other styles, like "Outlined" and "Square".
Fixes#45541.
Built from https://develop.svn.wordpress.org/trunk@44381
git-svn-id: http://core.svn.wordpress.org/trunk@44211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A change to the MediaElement.js caused Twenty Fourteen's custom video play button to display in the top corner, rather than centered. This update returns it to its correct position.
Props mmaumio, celloexpressions.
Fixes#44664.
Built from https://develop.svn.wordpress.org/trunk@44380
git-svn-id: http://core.svn.wordpress.org/trunk@44210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a new filter `users_pre_query` - filters the users array before the query takes place. Return a non-null value to bypass WordPress's default user queries. Similar to the `posts_pre_query` filter for WP_Query added in #36687. This filter lets you short circuit the WP_User_Query MySQL query to return your own results.
Developers should note that filtering functions that require pagination information are encouraged to set the `total_users` property of the WP_User_Query object, passed to the filter by reference. If WP_User_Query does not perform a database query, it will not have enough information to generate these values itself.
Props tlovett1, birgire, boonebgorges, spacedmonkey.
Fixes#44169.
Built from https://develop.svn.wordpress.org/trunk@44373
git-svn-id: http://core.svn.wordpress.org/trunk@44203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The "Continue Reading" link that's generated by the More block is styled to include an arrow next to the text; that arrow shouldn't inherit the text underline style. This update removes it.
Props littlebigthing, kjellr.
Fixes#45715.
Built from https://develop.svn.wordpress.org/trunk@44369
git-svn-id: http://core.svn.wordpress.org/trunk@44199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On pages and posts with featured images, the top level menu items have a slight transparency on hover, which was being inherited by their submenus. This update removes that inheritance, improving readability and consistency in the menu's appearance.
Props kjellr.
Fixes#45689.
Built from https://develop.svn.wordpress.org/trunk@44368
git-svn-id: http://core.svn.wordpress.org/trunk@44198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the entry for `wp-cli.local.yml` was added in r30057, it included a trailing whitespace. Presumably, that doesn't cause any problems with some combinations of OS/SVN client/EOL markers/etc, but in some cases it will prevent the entry from being ignored. After removing the whitespace, the file is ignored as expected.
See #30134.
Built from https://develop.svn.wordpress.org/trunk@44362
git-svn-id: http://core.svn.wordpress.org/trunk@44192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [44359] it is impossible to not use ES6 syntax for some logic in the `Gruntfile.js`, so adjust the `esversion` setting for the `Gruntfile.js` to 6. Because the previous setting in `.jshintrc` was not compatible with setting `esversion`, set the `esversion` in the `.jshintrc` explicitly.
See #44492.
Built from https://develop.svn.wordpress.org/trunk@44361
git-svn-id: http://core.svn.wordpress.org/trunk@44191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Re-add variable that was removed on accident by [44359]. Also run `grunt format:php` to adjust the code style.
.--This line, and those below, will be ignored--
M Gruntfile.js
M src/index.php
M src/wp-admin/index.php
M src/wp-includes/class-wp-block-parser.php
Built from https://develop.svn.wordpress.org/trunk@44360
git-svn-id: http://core.svn.wordpress.org/trunk@44190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After the JavaScript reorganization in [43309], it was no longer possible to test WordPress from the `src` folder. That meant a build step was required to test PHP modifications. That is suboptimal as even a simple copy is slower than a web server just serving the new file.
We achieve building to `src` by setting a `WORKING_DIR` constant in the Gruntfile that is `build` by default, but changes to `src` when the `--dev` flag is present on any Grunt command. We provide sensible defaults so some commands, such as copying `version.php`, always build to `build`.
Because testing from `build` is no longer required, we change the messages present in `index.php` and `wp-admin/index.php` to be more broadly about building WordPress.
We also change the webpack config to have more straightforward behavior based on the `buildTarget` argument. It only determines the build target now and has no implicit behavior anymore. `grunt build` still works as it worked before, to make sure that the build server produces the same `wordpress.zip` we are used to.
We do all this instead of a symlink setup because symlinks don't work on every platform.
Props omarreiss, netweb, flixos90, SergeyBiryukov.
Fixes#44492.
Built from https://develop.svn.wordpress.org/trunk@44359
git-svn-id: http://core.svn.wordpress.org/trunk@44189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The theme's original navigation JavaScript was making it so all links on a site were immediately followed on touchstart when using a touch-enabled device. This update makes sure links are followed at touchend, to improve usability and menu behavior.
Already committed to the 5.0 branch in [44357].
Props anevins, panchen, kjellr.
Fixes#45510.
Built from https://develop.svn.wordpress.org/trunk@44358
git-svn-id: http://core.svn.wordpress.org/trunk@44188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Version 4.2.2 of the zxcvbn password strength library has several bug fixes. A full list of changes can be seen here: https://github.com/dropbox/zxcvbn/compare/v4.4.1...v4.4.2.
This commit also adds the library as a project dependency, making it easier to update in the future. Because the dictionary within the library contains non-PG language, a `rot13:zxcvbn` task has been added to Grunt to perform a ROT-13 cipher on the library. This task has been added to `grunt build` and `grunt build:js`.
Props omarreiss, netweb, desrosj.
Fixes#43749.
Built from https://develop.svn.wordpress.org/trunk@44354
git-svn-id: http://core.svn.wordpress.org/trunk@44184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, when an SVG is used as a menu icon, the color is inconsistent with the other, default dashicons and the contrast ratio does not meet the minimum requirement for accessibility.
This updates the base color for the default `fresh` color scheme to ensure consistency and proper contrast.
Props swift, dschalk.
Fixes#44209.
Built from https://develop.svn.wordpress.org/trunk@44353
git-svn-id: http://core.svn.wordpress.org/trunk@44183 1a063a9b-81f0-0310-95a4-ce76da25c4cd