Remove the `action` attribute in the login language selector, privacy forms, and classic widget forms.
An empty `action` attribute is invalid HTML4 and unsupported HTML5. The `action` attribute is optional, but must have a valid URL when provided.
Props Malae, audrasjb, bartkleinreesink, nicolefurlan, shubhamsedani, costdev, peterwilsoncc, rajinsharwar, joedolson.
Fixes#58226.
Built from https://develop.svn.wordpress.org/trunk@57295
git-svn-id: http://core.svn.wordpress.org/trunk@56801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this changeset, WordPress core would use the original image size, which in the particular case of inline images would be severely off, as they are usually very small. This could lead to incorrect application of `fetchpriority="high"` and other performance optimizations.
Props westonruter, flixos90, joemcgill, mukesh27.
Fixes#59352.
Built from https://develop.svn.wordpress.org/trunk@57294
git-svn-id: http://core.svn.wordpress.org/trunk@56800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Loading a list of language file paths using `glob()` can be expensive if involving thousands of files.
Expands scope of `WP_Textdomain_Registry` to cache list of language file paths in object cache and provides a way to invalidate that cache upon translation updates. Plugins can clear the cache using calls such as `wp_cache_delete( 'cached_mo_files_' . md5( $path ), 'translations' );`
Props mreishus, swissspidy
Fixes#58919
Built from https://develop.svn.wordpress.org/trunk@57287
git-svn-id: http://core.svn.wordpress.org/trunk@56793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Blocks registration causes scripts to be initialized and localized very early, before the current locale has been properly set on the installation page.
This changes `determine_locale()` so that the locale chosen during installation is recognized and loaded earlier, ensuring proper script localization.
Props sabernhardt, NekoJonez, jornp, costdev.
Fixes#58696
Built from https://develop.svn.wordpress.org/trunk@57286
git-svn-id: http://core.svn.wordpress.org/trunk@56792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces the `new_admin_email_subject` hook which allow developers to filter the subject of the email sent when a change of site admin email address is attempted.
Props MadtownLems, johnbillion, alexanderkoledov, shooper, Marc_J, nikmeyer, xlthlx, devmuhib, nuhel, audrasjb.
Fixes#59250.
Built from https://develop.svn.wordpress.org/trunk@57283
git-svn-id: http://core.svn.wordpress.org/trunk@56789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds missing text domain to block patterns in Twenty Sixteen, Twenty Seventeen and Twenty Twenty-Four.
Follow-up to [49583] (Twenty Sixteen), [49584] (Twenty Seventeen) and [56716] (Twenty Twenty-Four.)
Props shailu25, sabernhardt.
Fixes#60245.
Built from https://develop.svn.wordpress.org/trunk@57281
git-svn-id: http://core.svn.wordpress.org/trunk@56787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the `maxlength` attribute on screen options number of items per page input. Previously kept due to input inconsistencies in IE 11 and Edge, this invalid usage is no longer needed. IE 11 is no longer supported, and Edge now behaves according to specifications.
Props Arena94, afercia, joedolson.
Fixes#40610.
Built from https://develop.svn.wordpress.org/trunk@57272
git-svn-id: http://core.svn.wordpress.org/trunk@56778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new API for WordPress, designed to work with native ES Modules and Import Maps. It introduces functions such as `wp_register_module`, and `wp_enqueue_module`.
The API aims to provide a familiar experience to the existing `WP_Scripts` class, offering similar functionality. However, **it's not intended to duplicate the exact functionality of `WP_Scripts`**; rather, it is carefully tailored to address the specific needs and capabilities of ES modules.
For this initial version, **the current proposal is intentionally simplistic**, covering only the essential features needed to work with ES modules. Other enhancements and optimizations can be added later as the community identifies additional requirements and use cases.
== Differences Between WP_Script_Modules and WP_Scripts
=== Dependency Specification
With `WP_Script_Modules`, the array of dependencies supports not only strings but also arrays that include the dependency import type (`static` or `dynamic`). This design choice allows for future extensions of dependency properties, such as adding a `version` property to support "scopes" within import maps.
=== Module Identifier
Instead of a handle, `WP_Script_Modules` utilizes the module identifier, aligning with the module identifiers used in JavaScript files and import maps.
=== Deregistration
There is no equivalent of `wp_deregister_script` at this stage.
== API
=== `wp_register_module( $module_identifier, $src, $deps, $version )`
Registers a module.
{{{
// Registers a module with dependencies and versioning.
wp_register_module(
'my-module',
'/path/to/my-module.js',
array( 'static-dependency-1', 'static-dependency-2' ),
'1.2.3'
);
}}}
{{{
// my-module.js
import { ... } from 'static-dependency-1';
import { ... } from 'static-dependency-2';
// ...
}}}
{{{
// Registers a module with a dynamic dependency.
wp_register_module(
'my-module',
'/path/to/my-module.js',
array(
'static-dependency',
array(
'id' => 'dynamic-dependency',
'import' => 'dynamic'
),
)
);
}}}
{{{
// my-module.js
import { ... } from 'static-dependency';
// ...
const dynamicModule = await import('dynamic-dependency');
}}}
=== `wp_enqueue_module( $module_identifier, $src, $deps, $version )`
Enqueues a module. If a source is provided, it will also register the module.
{{{
wp_enqueue_module( 'my-module' );
}}}
=== `wp_dequeue_module( $module_identifier )`
Dequeues a module.
{{{
wp_dequeue_module( 'my-module' );
}}}
== Output
- When modules are enqueued, they are printed within script tags containing `type="module"` attributes.
- Additionally, static dependencies of enqueued modules utilize `link` tags with `rel="modulepreload"` attributes.
- Lastly, an import map is generated and inserted using a `<script type="importmap">` tag.
{{{
<script type="module" src="/path/to/my-module.js" id="my-module"></script>
<link rel="modulepreload" href="/path/to/static-dependency.js" id="static-dependency" />
<script type="importmap">
{
"imports": {
"static-dependency": "/path/to/static-dependency.js",
"dynamic-dependency": "/path/to/dynamic-dependency.js"
}
}
</script>
}}}
== Import Map Polyfill Requirement
Even though all major browsers already support import maps, an import map polyfill is required until the percentage of users using old browser versions without import map support drops significantly.
This work is ongoing and will be added once it's ready. Progress is tracked in #60232.
Props luisherranz, idad5, costdev, neffff, joemcgill, jorbin, swissspidy, jonsurrell, flixos90, gziolo, westonruter.
Fixes#56313.
Built from https://develop.svn.wordpress.org/trunk@57269
git-svn-id: http://core.svn.wordpress.org/trunk@56775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exif standards expect the UserComment field to be used as a substitute for ImageDescription if multibyte characters are needed. WordPress media only mapped the ImageDescription field and did not correctly handle descriptions with multibyte characters.
Fix metadata saving to better handle media with multibyte characters in metadata and update unit tests.
Props fotodrachen, antpb, joedolson, mikinc860, azaozz, nicolefurlan.
Fixes#58082.
Built from https://develop.svn.wordpress.org/trunk@57267
git-svn-id: http://core.svn.wordpress.org/trunk@56773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following HTML elements to the HTML Processor:
- LI, OL, UL.
- DD, DL, DT.
Previously, these elements were not supported and the HTML Processor would bail when encountering them.
With this patch it will proceed to parse an HTML document when encountering those tags as long as other normal conditions don't cause it to bail (such as complicated format reconstruction).
Props audrasjb, jonsurrell, bernhard-reiter.
Fixes#60215.
Built from https://develop.svn.wordpress.org/trunk@57264
git-svn-id: http://core.svn.wordpress.org/trunk@56770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds happy (integer) and unhappy (non-integer) tests for validating the priority call order for:
* `do_action()`
* `WP_Hook::do_action()`
* `apply_filters()`
* `WP_Hook::apply_filters()`
As each of these functions have differing code, the tests are added to each to ensure expected results and protect against future regressions.
Follow-up to [53804], [52010], [25002], [25/tests], [62/tests].
Props hellofromTonya, mukesh27, dd32, valendesigns, drrobotnik.
Fixes#60193.
Built from https://develop.svn.wordpress.org/trunk@57257
git-svn-id: http://core.svn.wordpress.org/trunk@56763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, bulk upgrades did not verify that a theme package was compatible with the site's WordPress version or the server's PHP version.
This was previusly done for plugins in #59198, but themes were missed.
Follow-up to: [56525].
Props salcode, lakshmananphp.
Fixes#59758.
Built from https://develop.svn.wordpress.org/trunk@57252
git-svn-id: http://core.svn.wordpress.org/trunk@56758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When inserting a new term in the database, `wp_insert_term()` will check if the term is empty and return a corresponding error.
Afterwards the term is sanitized and inserted in the database. However, there is a chance the term is empty after the DB sanitization.
This commit adds a check for an empty term name after the term is sanitized, returning an error in that case.
Follow-up to [5726], [8393].
Props fgiannar, kraftbj.
Fixes#59995.
Built from https://develop.svn.wordpress.org/trunk@57251
git-svn-id: http://core.svn.wordpress.org/trunk@56757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML API HTML processor does not yet support all tags. Many tags (e.g. list elements) have some complicated rules in the [https://html.spec.whatwg.org/#parsing-main-inbody "in body" insertion mode].
Implementing these special rules is blocking the implementation for a catch-all rule for "any other tag" because we need to prevent special rules from being handled by the catch-all.
Any other start tag
Reconstruct the active formatting elements, if any.
Insert an HTML element for the token.
…
This change ensures the HTML Processor fails when handling special tags. This is the same as existing behavior, but will allow us to implement the catch-all "any other tag" handling without unintentionally handling special elements.
Additionally, we add tests that assert the special elements are unhandled. As these tags are implemented, this should help to ensure they're removed from the unsupported tag list.
Props jonsurrell, dmsnell.
Fixes#60092.
Built from https://develop.svn.wordpress.org/trunk@57248
git-svn-id: http://core.svn.wordpress.org/trunk@56754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [55859], [56380], [56802], [57115], [57129], [57185].
See #59655.
Built from https://develop.svn.wordpress.org/trunk@57244
git-svn-id: http://core.svn.wordpress.org/trunk@56750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The phrase "sanity check" unnecessarily references mental health. It's an old phrase used to denote an extra step in verifying code works as expected.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
While "sanity check" is a well-known phrase with a specific meaning, "confidence check" is a direct replacement that is more clear of its intent while being more inclusive.
Words matter.
Follow-up to [49216], [46271], [40583], [38832], [38637], [37409], [33359], [32162], [30346], [30345], [30238], [30055], [29902], [28763], [26141], [25002], [22227], [13428], [12148], [11025], [8927].
Props dartiss, hellofromTonya.
Fixes#60187.
Built from https://develop.svn.wordpress.org/trunk@57239
git-svn-id: http://core.svn.wordpress.org/trunk@56745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the correct number of arguments is passed to post trash hooks in `WP_Customize_Manager::trash_changeset_post()`, which bypasses `wp_trash_post()`.
Follow-up to [56043].
Props joelcj91, mukesh27.
Fixes#60183.
Built from https://develop.svn.wordpress.org/trunk@57238
git-svn-id: http://core.svn.wordpress.org/trunk@56744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update copyright year to 2024 in `license.txt` and bundled themes.
Follow-up to [18201], [23306], [28064], [36855], [36856], [39659], [40241], [42424], [46719], [46720], [47025], [47026], [49915], [52427], [55024].
Built from https://develop.svn.wordpress.org/trunk@57235
git-svn-id: http://core.svn.wordpress.org/trunk@56741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a PHP warning or error when viewing an author on the front end, while an array is passed as `$_GET['author']`.
Follow-up to [12034], [12040], [12202].
Props david.binda, antonvlasenko, azaozz, SergeyBiryukov.
Fixes#60059.
Built from https://develop.svn.wordpress.org/trunk@57232
git-svn-id: http://core.svn.wordpress.org/trunk@56738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`clipboard.js` used to suffer from a bug that triggered a focus loss when activating the Copy buttons. The bug was fixed a while ago with the `clipboard.js` 2.0.11 release so that the workaround implemented in WordPress is no longer necessary.
Props dhrumilk, paulkevan, afercia.
Fixes#60139.
Built from https://develop.svn.wordpress.org/trunk@57231
git-svn-id: http://core.svn.wordpress.org/trunk@56737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the JSON data files that supply the PHP/MySQL version support to the installation test workflow are changed, the workflow should be run to confirm the changes are correct. This updates the `path` filtering rules to ensure this happens.
Follow up to [57218], [57219].
See #58977.
Built from https://develop.svn.wordpress.org/trunk@57220
git-svn-id: http://core.svn.wordpress.org/trunk@56726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [56661], a new GitHub Actions workflow was introduced that focused on running some minimal installation tests for a version of WordPress for every PHP and MySQL combination.
This workflow has tested well, but lacks flexibility and possesses one flaw: tests are only ever performed with currently supported versions, even if the version being tested had a different support policy.
This updates the workflow to be more flexible, allowing all versions of WordPress currently receiving security fixes (back through 4.1) to be tested under the correct support policy.
Additionally, the workflow can now run against the `nightly` build of WordPress. This replaces `latest` as the new default. This allows the tests to be run at any point during a release cycle without the need for an officially tagged version.
Props jorbin, joemcgill, costdev.
See #58977.
Built from https://develop.svn.wordpress.org/trunk@57218
git-svn-id: http://core.svn.wordpress.org/trunk@56724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids redundant recursive lookups for block template paths in the same base directory by implementing a static cache. It also replaces an potentially expensive `file_exists` call in favor of doing recursive iteration of files inside a try/catch block.
Props thekt12, spacedmonkey, flixos90, mukesh27, joemcgill.
Fixes#58196.
Built from https://develop.svn.wordpress.org/trunk@57215
git-svn-id: http://core.svn.wordpress.org/trunk@56721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds the `engines` field to the `package.json` file for the three default themes with build processes in order to encourage consistent tooling for contributors.
Some minor dependency updates for these themes are also included in this change.
Props jorbin, joemcgill, swissspidy.
See #59663.
Built from https://develop.svn.wordpress.org/trunk@57213
git-svn-id: http://core.svn.wordpress.org/trunk@56719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This bumps the minimum required version of Node.js/npm from 16.19.1 and 8.19.3 to 20.10.0 and 10.2.3.
Since 20.10.0 is the latest 20.x version of Node.js, the `check-latest` option has been enabled for `actions/setup-node` in GitHub Actions workflows. This performs an additional external call to the Node.js API confirming the latest version is installed on the runner for use. In testing, it seems that 20.10.0 was not consistently deployed to all runner machines in use. This should be removed in the near future when the version of Node.js is reliably above the new minimum requirement.
The Gutenberg repository has also been updated to use the same values for `engines`.
Props jorbin, joemcgill, swissspidy, benharri, dhrupo, flootr, gziolo, noahtallen.
See #59663.
Built from https://develop.svn.wordpress.org/trunk@57212
git-svn-id: http://core.svn.wordpress.org/trunk@56718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently the Tag Processor assumes that an input document is a ''full'' HTML document. Because of this, if there's lingering content after the last tag match it will treat that content as plaintext and skip over it. This is fine for the Tag Processor because if there is lingering content that isn't a valid tag then there's nothing for `next_tag()` to match.
However, in order to support a number of feature expansions it is important to recognize that the remaining content ''may'' involve partial syntax elements, such as incomplete tags, attributes, or comments.
In this patch we're adding a mode inside the Tag Processor which will flip when we start parsing HTML syntax but the document finishes before the token does. This will provide the ability to:
- extend the input document,
- avoid misinterpreting syntax as text, and
- guess if we have a complete document, know if we have an incomplete document.
In the process of building this patch a few fixes were identified and fixed in the Tag Processor, namely in the handling of incomplete syntax elements.
Props dmsnell, jonsurrell.
Fixes#60122, #60108.
Built from https://develop.svn.wordpress.org/trunk@57211
git-svn-id: http://core.svn.wordpress.org/trunk@56717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a bit more context to the E2E workflow artifact names in order to avoid duplicates being uploaded.
With the update to v4 of `actions/upload-artifact` in [57197], artifacts are now uploaded on a per job basis. Multiple jobs cannot upload the same artifact.
Props johnbillion.
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57203
git-svn-id: http://core.svn.wordpress.org/trunk@56711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following GitHub Actions to their latest versions:
- `actions/checkout`
- `actions/setup-node`
- `actions/upload-artifact`
- `actions/cache`
- `actions/github-script`
- `shivammathur/setup-php`
See #59805.
Built from https://develop.svn.wordpress.org/trunk@57197
git-svn-id: http://core.svn.wordpress.org/trunk@56708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously these have been unsupported, but in this patch, support is added for the tags so that the HTML Processor can process documents containing them.
There was a design discussion about introducing a constant to communicate "any of the H1 - H6 elements" but this posed a number of challenges that don't need to be answered in this patch. For the time being, because the HTML specification treats H1 - H6 specially as a single kind of element, the HTML Processor uses an internal hard-coded string to indicate this. By using a hard-coded string it's possible to avoid introducing a class constant which cannot be made private due to PHP's class design. In the future, this will probably appear as a special constant in a new constant-containing class.
Props dmsnell, jonsurrell.
Fixes#60060.
Built from https://develop.svn.wordpress.org/trunk@57186
git-svn-id: http://core.svn.wordpress.org/trunk@56697 1a063a9b-81f0-0310-95a4-ce76da25c4cd