This changeset ensures the `user_activation_key` is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.
Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes#58901.
See #32429
Built from https://develop.svn.wordpress.org/trunk@58333
git-svn-id: http://core.svn.wordpress.org/trunk@57789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new Site Health check that will alert site owners if they are autoloading a large amount of data from the options table, as it could result in poor performance. The issue will be shown if the size of autoloaded options is greater than 800 KB, which can be adjusted using the new `site_status_autoloaded_options_size_limit` filter.
Props mukesh27, joemcgill, rajinsharwar, costdev, audrasjb, krupajnanda, pooja1210, Ankit K Gupta, johnbillion, oglekler.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58332
git-svn-id: http://core.svn.wordpress.org/trunk@57788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows a calling workflow to configure the PHPUnit workflow to `continue-on-error` when one occurs. This is useful for older branches where support for a specific version of PHP was not at 100% within the test suite.
Follow up to [58165], [58269], [58270], [58329].
See #61213.
Built from https://develop.svn.wordpress.org/trunk@58331
git-svn-id: http://core.svn.wordpress.org/trunk@57787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Interactivity API has a concept of "derived state" but it only worked on the client (JavaScript). This is the implementation that mirrors it, so derived state has good server-side solution.
Props jonsurrell, darerodz, gziolo, luisherranz, cbravobernal.
Fixes#61037.
Built from https://develop.svn.wordpress.org/trunk@58327
git-svn-id: http://core.svn.wordpress.org/trunk@57784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset deactivates the download authenticity message by disabling package signature verification, at least until software signing is fully implemented on wordpress.org. The provided message had no actionability and only led to more support.
Props jipmoors, afercia, bridgetwillard, s0what, rajinsharwar, audrasjb, johnbillion, peterwilsoncc.
Fixes#47315.
Built from https://develop.svn.wordpress.org/trunk@58319
git-svn-id: http://core.svn.wordpress.org/trunk@57776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[58139] introduced debugging flags to ensure debugging output would only be shown when both the `WP_DEBUG` and `WP_DEBUG_LOG` constants are defined as true. However, some of the flags incorrectly use `WP_DEBUG_DISPLAY` rather than `WP_DEBUG_LOG`.
This fixes the flags to consistently use `WP_DEBUG` and `WP_DEBUG_LOG` as intended.
Follow-up to [58128], [58139].
Props rogermedia, afragen, swissspidy, costdev.
Fixes#58281.
Built from https://develop.svn.wordpress.org/trunk@58309
git-svn-id: http://core.svn.wordpress.org/trunk@57766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Rollback Auto-Update feature introduced additional maintenance mode toggling.
After installing WordPress in a non-English (US) language, translation updates are performed automatically. As there may be a large number of updates for Core and bundled themes, users will be presented with a maintenance notice upon visiting the newly installed website.
To avoid concerning users that the website has failed to install correctly, this excludes translation updates from triggering the additional maintenance mode toggling.
Follow-up to [58128].
Props benniledl, afragen, rajinsharwar, costdev.
Fixes#61260. See #58281.
Built from https://develop.svn.wordpress.org/trunk@58308
git-svn-id: http://core.svn.wordpress.org/trunk@57765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change the edit menu item toggle to communicate more context about the item to be edited. Make edit text consistent between Customizer menu editor and admin menu editor.
The menu position is conveyed only visually, using indentation, because there are no organizational semantics in either editor. This change helps provide screen reader users with consistent contextual information about the order, position, and parent of the current item.
Props joedolson, rcreators, afercia, mohonchandra.
Fixes#60673, See #60672.
Built from https://develop.svn.wordpress.org/trunk@58306
git-svn-id: http://core.svn.wordpress.org/trunk@57763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where the GD image library falsely reports supporting the AVIF format, when support is actually missing. Add an additional function check to ensure AVIF support is really available.
Props niktat, adamsilverstein.
Fixes#60910
Built from https://develop.svn.wordpress.org/trunk@58305
git-svn-id: http://core.svn.wordpress.org/trunk@57762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
HTML is a kind of short-hand for a DOM structure. This means that there are
many cases in HTML where an element's opening tag or closing tag is missing (or
both). This is because many of the parsing rules imply creating elements in the
DOM which may not exist in the text of the HTML.
The HTML Processor, being the higher-level counterpart to the Tag Processor, is
already aware of these nodes, but since it's inception has not paused on them
when scanning through a document. Instead, these are visible when pausing on a
child of such an element, but otherwise not seen.
In this patch the HTML Processor starts exposing those implicitly-created nodes,
including opening tags, and closing tags, that aren't foudn in the text content
of the HTML input document.
Previously, the sequence of matched tokens when scanning with
`WP_HTML_Processor::next_token()` would depend on how the HTML document was written,
but with this patch, all semantically equal HTML documents will parse and scan in
the same exact manner, presenting an idealized or "perfect" view of the document
the same way as would occur when traversing a DOM in a browser.
Developed in https://github.com/WordPress/wordpress-develop/pull/6348
Discussed in https://core.trac.wordpress.org/ticket/61348
Props audrasjb, dmsnell, gziolo, jonsurrell.
Fixes#61348.
Built from https://develop.svn.wordpress.org/trunk@58304
git-svn-id: http://core.svn.wordpress.org/trunk@57761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Just like Site Health lists the paths to the plugins/themes/uploads directories, this changeset adds the path to the fonts directory (and its size).
Props swissspidy, andr3ribeiro, krupajnanda, ironprogrammer, iamfarhan09, naeemhaque, imasikur22, tofajjal02, sarkarripon, prottoysarkar, zunaid321, imranhasanraaz, rajinsharwar, nazmul111, audrasjb, peterwilsoncc.
Fixes#60719.
Built from https://develop.svn.wordpress.org/trunk@58299
git-svn-id: http://core.svn.wordpress.org/trunk@57759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies the block bindings HTML replacement logic to use a hardcoded list of selectors based on the block and a regex to substitute the inner content. The previous logic was too complex because the HTML API does not support CSS selectors yet and it does not have an official way to modify the inner HTML. This made it difficult to understand, iterate on it and add new functionalities.
As it will be solved in the future once the HTML API is ready, it is better for now to keep a simple hardcoded version that is easier to understand and iterate on.
Props santosguillamot, gziolo, petitphp.
Fixes#61351.
Built from https://develop.svn.wordpress.org/trunk@58298
git-svn-id: http://core.svn.wordpress.org/trunk@57758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset restores "Edit site" on the block editor link and replaces the multisite link with "Manage Site".
Follow-up to [58035].
Props annezazu, johnbillion, Joen, audrasjb, johnjamesjacoby, oglekler, nilovelez, tobifjellner, sabernhardt, pavanpatil1, hitendra-chopda.
Fixes#60977.
Built from https://develop.svn.wordpress.org/trunk@58296
git-svn-id: http://core.svn.wordpress.org/trunk@57756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures cached Theme JSON data is cleared between all test classes that extend `WP_Theme_UnitTestCase` and fixes a few tests that would fail in isolation, even though they full test suite would pass.
Props isabel_brison, thekt12, joemcgill.
Fixes#61337.
Built from https://develop.svn.wordpress.org/trunk@58295
git-svn-id: http://core.svn.wordpress.org/trunk@57755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double `-` characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through `kses`.
For example, the Interactivity API frequently relies on custom data attributes
such as `data-wp-on--click="..."`. The change in [43981] would strip these out
of the processed HTML, however.
Developed in https://github.com/WordPress/wordpress-develop/pull/6598
Discussed in https://core.trac.wordpress.org/ticket/61052
Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes#61052.
Built from https://develop.svn.wordpress.org/trunk@58294
git-svn-id: http://core.svn.wordpress.org/trunk@57754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In a similar vein as [58291], this changeset introduces a new `insert_hooked_blocks_into_rest_response` function and hooks it to the `rest_prepare_wp_navigation` filter.
This is part of an ongoing effort to move Block Hooks related code out of the Navigation block. Specifically, `insert_hooked_blocks_into_rest_response` is based on `block_core_navigation_insert_hooked_blocks_into_rest_response`. Eventually, it will be possible to deprecate the latter.
Follow-up to [58291].
See #60759.
Built from https://develop.svn.wordpress.org/trunk@58292
git-svn-id: http://core.svn.wordpress.org/trunk@57752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of [57790], the Templates endpoint uses the `rest_pre_insert_*` filter to inject the `ignoredHookedBlocks` metadata attribute into anchor blocks, prior to persisting a template or template part to the database. The same principle was implemented for the Navigation endpoint (where additionally, first and last child blocks added at the top level are store in the `wp_navigation` post object's post meta). The required logic was added to the Navigation block's code, i.e. inside the Gutenberg code repository, and then synchronized to Core.
In order to harmonize the code between the two endpoints, this changeset introduces a new `update_ignored_hooked_blocks_postmeta` function, which is based on the Navigation block's `block_core_navigation_update_ignore_hooked_blocks_meta`, alongside a few helper functions, and hooks it to the `rest_pre_insert_wp_navigation` filter hook. (The Navigation block has been prepared in [58275] to add an additional conditional to check for the new `update_ignored_hooked_blocks_postmeta` filter so there won't be any collisions.)
Eventually, this will allow to deprecate `block_core_navigation_update_ignore_hooked_blocks_meta` (and some related functions), and remove the relevant code from the Navigation block. It also paves the way for some other future changes, such as inserting a hooked block as a Template Part block's first or last child (#60854).
Props tomjcafferkey, bernhard-reiter.
Fixes#60759.
Built from https://develop.svn.wordpress.org/trunk@58291
git-svn-id: http://core.svn.wordpress.org/trunk@57751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds handling for a `__default` block binding attribute for pattern overrides that dynamically adds support for all supported block binding attributes.
Props talldanwp, petitphp, mukesh27, isabel_brison, kevin940726.
Fixes#61333.
Built from https://develop.svn.wordpress.org/trunk@58289
git-svn-id: http://core.svn.wordpress.org/trunk@57749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #50824 support was added for a package to include a disable_autoupdate flag to indicate that the plugin/theme should not be auto-updated even if a user had opted-in via the WP-Admin UI. However, the logic implementing the flag was inverted.
This commit repairs the logic. If a package has disable_autoupdate set, then it should not be auto-updated.
Props amisiewicz.
Fixes#52796.
Built from https://develop.svn.wordpress.org/trunk@58285
git-svn-id: http://core.svn.wordpress.org/trunk@57745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Provides a custom decoder for strings coming from HTML attributes and
markup. This custom decoder is necessary because of deficiencies in
PHP's `html_entity_decode()` function:
- It isn't aware of 720 of the possible named character references in
HTML, leaving many out that should be translated.
- It isn't aware of the ambiguous ampersand rule, which allows
conversion of character references in certain contexts when they
are missing their closing `;`.
- It doesn't draw a distinction for the ambiguous ampersand rule
when decoding attribute values instead of markup values.
- Use of `html_entity_decode()` requires manually passing non-default
paramter values to ensure it decodes properly.
This decoder also provides some conveniences, such as making a
single-pass and interruptable decode operation possible. This will
provide a number of opportunities to optimize detection and decoding
of things like value prefixes, and whether a value contains a given
substring.
Developed in https://github.com/WordPress/wordpress-develop/pull/6387
Discussed in https://core.trac.wordpress.org/ticket/61072
Props dmsnell, gziolo, jonsurrell, jorbin, westonruter, zieladam.
Fixes#61072.
Built from https://develop.svn.wordpress.org/trunk@58281
git-svn-id: http://core.svn.wordpress.org/trunk@57741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the profile edit screen in ``wp-admin, the username was previously displayed using an input field with the `disabled` attribute. This field was skipped by screen readers, which leads to a loss of information for visually impaired users. This changeset switches it to a `readonly` attribute, which is exactly the purpose of this field.
Props roytanck, audrasjb, rajinsharwar, joedolson.
Fixes#60774.
Built from https://develop.svn.wordpress.org/trunk@58280
git-svn-id: http://core.svn.wordpress.org/trunk@57740 1a063a9b-81f0-0310-95a4-ce76da25c4cd