This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
Built from https://develop.svn.wordpress.org/trunk@55094
git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The [https://make.wordpress.org/core/2021/02/19/feature-plugin-rollback-update-failure/ Rollback Update Failure feature project] has been split into two plugins for testing:
* [https://github.com/afragen/faster-updates Faster Updates] speeds up plugin or theme updates by moving files rather than copying them, thus decreasing the memory usage and reducing the chance of timeouts or running out of disk space during updates.
* [https://wordpress.org/plugins/rollback-update-failure/ Rollback Update Failure] creates a temporary backup of plugins and themes before updating. This aims to make the update process more reliable and ensure that if a plugin or theme update fails, the previous version can be safely restored.
The current priority of the feature project is to test the new `move_dir()` function, which offers better performance than `copy_dir()`. Instead of copying a directory in a recursive manner file by file from one location to another, `move_dir()` uses the `rename()` PHP function to speed up the process, which is instrumental in updating large plugins without a delay. If the renaming failed, it falls back to the `copy_dir()` WP function.
The `move_dir()` function is self-contained in the Faster Updates plugin and does not require any special hooks in core, so the conditional previously added to `WP_Upgrader::install_package()` to facilitate testing is no longer needed and can be removed.
Follow-up to [53578], [54484], [54643].
Props afragen, costdev, peterwilsoncc.
See #56057, #57375, #57386.
Built from https://develop.svn.wordpress.org/trunk@55055
git-svn-id: http://core.svn.wordpress.org/trunk@54588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes a mention of the "Page" post type from the Discussion meta box as this is a generic meta box, used for multiple post types. It makes it more consistent with the other option available in the meta box ("Allow comments") and also with the corresponding option in the block editor.
Follow-up to [12323].
Props jeremyfelt, sabernhardt, audrasjb, virgar.
Fixes#57429.
See #11346.
Built from https://develop.svn.wordpress.org/trunk@55040
git-svn-id: http://core.svn.wordpress.org/trunk@54573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
This commit also resolves 2 blocking issues which previously caused the revert of [52244]:
* New Requests files are loaded into `wp-includes/Requests/src/`, matching the location of the library. In doing so, filesystems that are case-insensitive are not impacted (see #54582).
* Preload: During a Core update, the old Requests files are preloaded into memory before the update deletes the files. Preloading avoids fatal errors noted in #54562.
Follow-up to [50842], [51078], [52244], [52315], [52327], [52328].
Props jrf, schlessera, datagutten, wojsmol, dustinrue, soulseekah, szepeviktor. costdev, sergeybiryukov, peterwilsoncc, ironprogrammer, antonvlasenko, hellofromTonya, swissspidy, dd32, azaozz, TobiasBg, audrasjb.
Fixes#54504.
See #54582, #54562.
Built from https://develop.svn.wordpress.org/trunk@54997
git-svn-id: http://core.svn.wordpress.org/trunk@54530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When rendering a list of attachments in `WP_Media_List_Table` class, none image attachments, show a generic icon. However, attachment types like audio and video support adding a featured image. For attachments that have featured images, us this image instead of the icon. This featured image is a better preview than a generic icon.
Props spacedmonkey, samful, johnbillion, JavierCasares, seanchayes, antpb, cadic, JeffPaul.
Fixes#49852.
Built from https://develop.svn.wordpress.org/trunk@54941
git-svn-id: http://core.svn.wordpress.org/trunk@54493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
Built from https://develop.svn.wordpress.org/trunk@54872
git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because themes are updated independently of Core updates, any deleted files from bundled themes should not be included in the `$_old_files` list.
Any file included in this list is deleted on update, which could cause problems for sites with a given theme active if the removed files were required in earlier versions of that theme and that theme is not updated at the same time.
Props desrosj, costdev, SergeyBiryukov.
Fixes#56936.
Built from https://develop.svn.wordpress.org/trunk@54849
git-svn-id: http://core.svn.wordpress.org/trunk@54401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This properly deletes the now empty `src/wp-includes/blocks/comments-query-loop` directory and adds that directory to the `$_old_files` array.
The files in this directory were removed in [54257], but the directory was not marked as deleted in SVN.
Props azaozz, jorbin, SergeyBiryukov.
Fixes#57080.
Built from https://develop.svn.wordpress.org/trunk@54836
git-svn-id: http://core.svn.wordpress.org/trunk@54388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This partially reverts [53860] and [53862], which refactored the `exists()` method to rely on `ftp_rawlist()` instead of `ftp_nlist()`.
[53860] makes a similar attempt to the ones made in [33648] and [34733] (which were also reverted in [35944]). Being compliant with the specifications while continuing to work without issue for all FTP servers continues seem impossible. These little ghosts are the ones we’re scared of the most.
Props jsh4, afragen, costdev, pkolenbr, SergeyBiryukov, dd32, peterwilsoncc, gamecreature, desrosj.
Fixes#56966.
See #51170, #28013.
Built from https://develop.svn.wordpress.org/trunk@54815
git-svn-id: http://core.svn.wordpress.org/trunk@54367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.
Props ocean90, swissspidy, desrosj.
See #57060.
Built from https://develop.svn.wordpress.org/trunk@54797
git-svn-id: http://core.svn.wordpress.org/trunk@54349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Resolves a fatal error due to `get_template_hierarchy()` due to incompatible older Gutenberg versions.
[54269] introduced this new function for 6.1. The function was introduced in Gutenberg 13.9.0. However, it was not guarded to protect the plugin from when the function was loaded in Core. Gutenberg 14.1.0 added the `function_exists()` guard to protect the plugin from the fatal error.
Minimum compatible version:
This commit changes the Gutenberg minimum compatible version number to 14.1. For versions older than 14.1, the plugin will deactivate when upgrading Core to 6.1 or newer.
Function rename:
Past commits renamed the upgrade function by changing Core's version number. This commit renames the function to be generic, i.e. `_upgrade_core_deactivate_incompatible_plugins()` and adopts the `@since [reason]` strategy to track historical changes to the function.
Follow-up to [54269], [52199], [52166], [52165], [51180].
Props namithjawahar, hellofromTonya, azaozz, desrosj, ironprogrammer.
Fixes#56985.
Built from https://develop.svn.wordpress.org/trunk@54789
git-svn-id: http://core.svn.wordpress.org/trunk@54341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes `role="img"` attribute from two decorative images: despite being hidden to assistive technologies using `aria-hidden="true"`, automated tools still understand them as images and expect alternative texts.
Props viralsampat, sabernhardt, audrasjb, ryokuhi, elifvish.
Fixes#56824.
Built from https://develop.svn.wordpress.org/trunk@54739
git-svn-id: http://core.svn.wordpress.org/trunk@54291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The [https://make.wordpress.org/core/2021/02/19/feature-plugin-rollback-update-failure/ Rollback Update Failure feature project] creates a temporary backup of plugins and themes before updating. This aims to make the update process more reliable and ensure that if a plugin or theme update fails, the previous version can be safely restored.
If the [https://wordpress.org/plugins/rollback-update-failure/ Rollback Update Failure plugin] is installed, `WP_Upgrader::install_package()` will use the `move_dir()` function from there for better performance. Instead of copying a directory from one location to another, it uses the `rename()` PHP function to speed up the process, which is instrumental in creating a temporary backup without a delay. If the renaming failed, it falls back to `copy_dir()` WP function.
This conditional aims to facilitate broader testing of the feature. It is temporary, until the plugin is merged into core.
Follow-up to [53578], [54484].
Props afragen, pbiron, costdev, davidbaumwald, audrasjb, jrf, SergeyBiryukov.
See #56057.
Built from https://develop.svn.wordpress.org/trunk@54643
git-svn-id: http://core.svn.wordpress.org/trunk@54195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds better support for plural forms in update admin notices generated on the Themes and Plugins screens. This fixes issues when translating into languages that have more than one plural form, or more complicated rules for singular form usage.
Props ideag, SergeyBiryukov, daledupreez, audrasjb.
Fixes#37287.
Built from https://develop.svn.wordpress.org/trunk@54469
git-svn-id: http://core.svn.wordpress.org/trunk@54028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the directory path is provided in error messages when `_unzip_file_pclzip()` is unable to create a directory. This removes `substr()` which was returning an empty string in some use cases.
Props gunterer, SergeyBiryukov, n8finch, peterwilsoncc, audrasjb, rsiddharth, costdev , desrosj, mukesh27.
Fixes#54477.
Built from https://develop.svn.wordpress.org/trunk@54442
git-svn-id: http://core.svn.wordpress.org/trunk@54001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When initially defaulting the screen `$id` in `WP_Screen::get()`, if the `$hook_name` parameter is not supplied, an `else` fallback uses `$GLOBALS['hook_suffix']`. However, in some cases, `hook_suffix` doesn't exist in the global scope. This produces an "Undefined index" notice on < PHP 8, and a warning in >= PHP 8.
This change ensures `$GLOBALS['hook_suffix']` has a value before using it as a fallback for the screen ID.
Props splendorstudio, SergeyBiryukov, htdat, mukesh27, dd32, costdev.
Fixes#49089.
Built from https://develop.svn.wordpress.org/trunk@54414
git-svn-id: http://core.svn.wordpress.org/trunk@53973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the private delegation from the following classes and function:
* `WP_List_Table`
* `WP_Application_Passwords_List_Table`
* `WP_Comments_List_Table`
* `WP_Links_List_Table`
* `WP_Media_List_Table`
* `WP_MS_Sites_List_Table`
* `WP_MS_Themes_List_Table`
* `WP_MS_Users_List_Table`
* `WP_Plugin_Install_List_Table`
* `WP_Plugins_List_Table`
* `WP_Post_Comments_List_Table`
* `WP_Posts_List_Table`
* `WP_Terms_List_Table`
* `WP_Theme_Install_List_Table`
* `WP_Themes_List_Table`
* `WP_Users_List_Table`
* `_get_list_table()`
This change is to reflect the reality that list tables are very, very, very widely used by extenders and backward compatibility therefore needs to be maintained.
Introduces the filter `wp_list_table_class_name` within `_get_list_table()` to allow extenders to modify the list table returned for custom screens.
Props audrasjb, birgire, costdev, desrosj, faison, johnbillion, jrbeilke, kurtpayne, milana_cap, miqrogroove, nacin, peterwilsoncc, scribu, sergeybiryukov, sirzooro, westonruter, wonderboymusic.
Fixes#18449.
Built from https://develop.svn.wordpress.org/trunk@54378
git-svn-id: http://core.svn.wordpress.org/trunk@53937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Inside `WP_Community_Events::get_cached_events()`, `WP_Community_Events::get_events_transient_key()` is used to retrieve the transient key name, based on the user's location. However, the transient key can potentially return `false`, resulting in a call to `get_site_transient()` with the `$key` being `false`.
This change first attempts to evaluate and guard against a `false` return from `WP_Community_Events::get_events_transient_key()`. The result is an early `false` return from `WP_Community_Events::get_cached_events()`.
Props malthert, rafiahmedd, audrasjb, costdev.
Fixes#55888.
Built from https://develop.svn.wordpress.org/trunk@54338
git-svn-id: http://core.svn.wordpress.org/trunk@53897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the Site Health message said "The WP_AUTO_UPDATE_CORE constant is defined and enabled" when in fact the constant was defined and disabled using `define( 'WP_AUTO_UPDATE_CORE', false );`.
This changeset improves the message by providing the value of the constant. For example: "The WP_AUTO_UPDATE_CORE constant is defined as false".
Props johnbillion, chrisbudd1, robinwpdeveloper, audrasjb, Clorith.
Fixes#51041.
Built from https://develop.svn.wordpress.org/trunk@54325
git-svn-id: http://core.svn.wordpress.org/trunk@53884 1a063a9b-81f0-0310-95a4-ce76da25c4cd