Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the PHP_AUTH_USER field.
This brings the changes from [49919] to the 5.6 branch.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed, TimothyBlynJacobs.
Fixes#52003.
Built from https://develop.svn.wordpress.org/branches/5.6@50045
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, wp_is_site_protected_by_basic_auth(), which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a WWW-Authenticate header to make this detection more robust out of the box.
This brings the changes from [50006] to the 5.6 branch.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/branches/5.6@50044
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49084] (for #50679), wp_get_attachment_metadata() was changed to improve performance, but it had the side effect of eliminating the ability to call it with no arguments and have it default to using the global $post.
This change restores that ability, while keeping the performance improvements from the original change.
This changeset brings [50039] to the 5.6 branch.
Fixes#52196.
Props cfinke, hellofromTonya, mukesh27, dilipbheda, Mista-Flo, audrasjb, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.6@50040
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When App Passwords was introduced, the `wp_authorize_application_password_form` and `wp_application_passwords_approve_app_request_success` hooks were mistakenly duplicated and incorrectly documented. This commit corrects the hook names and ensures the correct parameters are passed.
Props johnbillion, engahmeds3ed.
Merges [49920] to the 5.6 branch.
Fixes#52013.
Built from https://develop.svn.wordpress.org/branches/5.6@49998
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.
This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.
Props Clorith.
Merges [49917] to the 5.6 branch.
Fixes#52097.
See #48105.
Built from https://develop.svn.wordpress.org/branches/5.6@49997
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Otherwise TinyMCE may initialize earlier and handlers attached on DOM ready may not get triggered. Fixes making the editor menu "sticky" and setting/resetting some screen options on the old Edit Post screen.
Props azaozz, majhajob, sabernhardt.
Merges [49911] to the 5.6 branch.
Fixes#52046, #51995.
Built from https://develop.svn.wordpress.org/branches/5.6@49996
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, attachments without an author could cause a PHP fatal error due to calling the `::exists()` method on a `false` value.
Follow-up to [49207].
Props antpb, carloscastilloadhoc, hellofromTonya, garrett-eclipse.
Merges [49979] to the 5.6 branch.
Fixes#52030.
Built from https://develop.svn.wordpress.org/branches/5.6@49995
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49162], GitHub Action workflow configuration files were introduced to run all of Core’s automated testing with the intent to fully transition after some time was allowed for testing.
After two full months of testing, the time to finish this transition has come.
We thank TravisCI for testing the codebase through nearly 20 major and many more minor releases.
Merges [49876] to the 5.6 branch.
See #52161. See #50401.
Built from https://develop.svn.wordpress.org/branches/5.6@49877
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `twenty-twenty-one-ie11-polyfills` script now has a `null` source, and the new `twenty-twenty-one-ie11-polyfills-asset` (which points to the actual `polyfills.js` source) will be loaded only if IE is detected by through the use of `wp_get_script_polyfill()`.
Because the original script name remains the same, this change is backwards compatible with any code registering `twenty-twenty-one-id11-polyfills` as a script dependency.
Props poena, ismail.elkorchi, peterwilsoncc.
Merges [49865] to the 5.6 branch.
Fixes#52098.
Built from https://develop.svn.wordpress.org/branches/5.6@49868
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While `loading=“eager”` is a supported alternative to omitting the attribute entirely, browsers follow the value of this attribute explicitly when specified.
Specifying `eager` would prevent the user from receiving any additional potential benefits implemented at the browser level, such as further mechanisms to automatically decide which elements to lazy-load.
Props flixos90, ryelle, poena.
Merges [49860] to the 5.6 branch.
Fixes#52139.
Built from https://develop.svn.wordpress.org/branches/5.6@49861
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `1.0.0` was used for the version. This is inconsistent with the versioning used in the other default themes, which use use X.X and not X.X.X.
This change corrects all `1.0.0` occurrences to `1.0`, and adds the additional context of `Twenty Twenty-One` to avoid confusion with `WordPress 1.0`.
Props SergeyBiryukov, poena.
Merges [49826] to the 5.6 branch.
Fixes#51958.
Built from https://develop.svn.wordpress.org/branches/5.6@49829
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-One uses PostCSS to convert the custom properties for Internet Explorer. Without a config file, the postcss command does nothing, causing issues in IE. This brings back the config from GitHub, which replaces all custom properties with the default values.
Props t-p, poena, ryelle.
Merges [49800] to the 5.6 branch.
Fixes#52040.
Built from https://develop.svn.wordpress.org/branches/5.6@49824
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Appveyor was added to Core in [44594] to ensure that NPM and the WordPress build tools continue to work correctly on Windows systems as changes are made. Using an additional service for this was required at the time, TravisCI did not support testing on Windows.
[49162] introduced a GitHub Action workflow that performed the same testing. Since all automated testing is moving to GitHub Actions, using Appveyor is no longer necessary, and it’s preferable to have all automated testing in one location as much as possible.
Props ayeshrajans.
Merges [49779] to the 5.6 branch.
See #51968.
Built from https://develop.svn.wordpress.org/branches/5.6@49809
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When SimplePie parses HTTP headers, it combines multiple values for the same header into a comma-separated string. `WP_SimplePie_File` overrides the parsing, but was leaving them as an array instead.
That lead to a fatal error in PHP 8, because other parts of the codebase ended up passing an array to a function that expected a string.
Props david.binda, litemotiv, inc2734, NicolasKulka, hellofromTonya, mbabker, skithund, SergeyBiryukov, desrosj, timothyblynjacobs.
Reviewed by SergeyBiryukov, iandunn.
Merges [49803] and [49805] to the 5.6 branch.
Fixes#51056. See #51956.
Built from https://develop.svn.wordpress.org/branches/5.6@49806
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
