The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.
That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.
Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.
Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes#61837.
Built from https://develop.svn.wordpress.org/trunk@59036
git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a Ctrl/Command + Enter keyboard shortcut to insert the currently selected single media or multiple media items when selecting in the Media Library modal.
Props poena, hirschferkel, antpb, joedolson, skobe, rcreators, plaidharper.
Fixes#60369.
Built from https://develop.svn.wordpress.org/trunk@59035
git-svn-id: http://core.svn.wordpress.org/trunk@58431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `search_semantics` enum query parameter that can be passed alongside the `search` string parameter. At this point, it only supports "exact" as possible value, but an enum is used for forward compatibility with potential enhancements like "sentence" search support. If `search_semantics=exact` is passed, it will look for an exact match rather than do a full text search, which for some use-cases is more appropriate and more performant.
Props mehulkaklotar, timothyblynjacobs, jimmyh61, ironprogrammer, johnregan3, mukesh27, costdev.
Fixes#56350.
Built from https://develop.svn.wordpress.org/trunk@59034
git-svn-id: http://core.svn.wordpress.org/trunk@58430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API uses the "Allow" header to communicate what methods a user is authorized to perform on a resource. This works great when operating on a single item route, but can break down when needing to determine authorization over a collection of items.
This commit uses the "targetHints" property of JSON Hyper Schema to provide access to the "allow" header for "self" links. This alleviates needing to make a separate network request for each item in a collection.
Props mamaduka, noisysocks, peterwilsoncc, spacedmonkey, swissspidy, timothyblynjacobs, tyxla, youknowriad.
Fixes#61739.
Built from https://develop.svn.wordpress.org/trunk@59032
git-svn-id: http://core.svn.wordpress.org/trunk@58428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the introduction of Block Bindings, it became more common to see workflows where users need to see the custom fields that are available or connected. They were relying on the meta key, however it feelt too technical sometimes. The solution is adding a new label argument to include a human-readable name that can be used across the UI.
Props santosguillamot, mamaduka, gziolo, timothyblynjacobs, peterwilsoncc.
Fixes#61998.
Built from https://develop.svn.wordpress.org/trunk@59023
git-svn-id: http://core.svn.wordpress.org/trunk@58419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Increases the frequency of heartbeat API requests from once every 15 seconds to once every 10 seconds.
The purpose of this change is to reduce the length of time before a post becomes unlocked as a user navigates around the WordPress Dashboard and ceases editing a post.
`wp.heartbeat.interval()` has been modified to allow theme and plugin authors to set the heartbeat interval to any value between one second and one hour rather than limiting them to a fixed set of values.
Props azaozz, annezazu, jorbin, kirasong.
Fixes#61960.
Built from https://develop.svn.wordpress.org/trunk@59016
git-svn-id: http://core.svn.wordpress.org/trunk@58412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part five in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the fifth of twelve groups, the `wp-mu-plugins` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/7305
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59011
git-svn-id: http://core.svn.wordpress.org/trunk@58407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part four in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the fourth of twelve groups, the `wp-server` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/7283
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, costdev, dmsnell, kebbet, mukesh27.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59002
git-svn-id: http://core.svn.wordpress.org/trunk@58398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are places in the HTML API code where some tools get confused and flag invalid types for the return of a function because they are unable to detect that the end of the function is unreachable.
Since PHP doesn't provide a way to encode total matching in the source code, this patch adds a few extra lines in those unreachable locations to satisfy any tooling which isn't able to fully analyze the code.
Additionally this serves as extra guarding in case someone changes these functions in a way which would break them and the existing test suite doesn't catch those breakages.
Developed in https://github.com/WordPress/wordpress-develop/pull/7315
Discussed in https://core.trac.wordpress.org/ticket/62018
Props dlh, dmsnell.
Fixes#62018.
Built from https://develop.svn.wordpress.org/trunk@59001
git-svn-id: http://core.svn.wordpress.org/trunk@58397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
About half of the file's code was a back-compat polyfill of base64 functions for IE9.
Since WordPress no longer supports IE9 as of version 4.8, and all modern browsers come with these functions, the polyfills can be removed.
Follow-up to [26072], [26131], [26601], [47771].
Props TobiasBg, sabernhardt.
Fixes#61995.
Built from https://develop.svn.wordpress.org/trunk@58997
git-svn-id: http://core.svn.wordpress.org/trunk@58393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
During a refactor to modularize the debug data class, it came up that the ordering of the sections inside of the returned debug info is relevant to existing UIs, as they iterate the array, which happens in insertion order.
This patch presets each section at the start to ensure that the ordering remains consistent even as code within the method is rearranged. As the mini-project progresses, this assignment will be the final place all the sections are referenced.
Developed in https://github.com/WordPress/wordpress-develop/pull/7289
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, dmsnell, sergeybiryukov.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58996
git-svn-id: http://core.svn.wordpress.org/trunk@58392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `pop_until( $tag_name )` method in the stack of open elements should only be examining HTML elements, but it has only been checking the tag name. This has led to closing the wrong tags when run from inside foreign content. A very specific situation where this may arise is when a `TEMPLATE` closer is found inside foreign content, inside another template.
{{{
HTML:template SVG:template HTML:/template
<template><svg><template><foreignObject><div></template><div>
╰──< this outer TEMPLATE is closed by this one >───╯
}}}
This patch constains the method to checking for elements matching the tag name which are in the HTML namespace so that the proper detection occurs.
Developed in https://github.com/WordPress/wordpress-develop/pull/7286
Discussed in https://core.trac.wordpress.org/ticket/61576
Follow-up to [58867].
Props dmsnell, jonsurrell.
See #61576.
Built from https://develop.svn.wordpress.org/trunk@58992
git-svn-id: http://core.svn.wordpress.org/trunk@58388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML API has been behaving as if CSS class name selectors matched class names in an ASCII case-insensitive manner. This is only true if the document in question is set to quirks mode. Unfortunately most documents processed will be set to no-quirks mode, meaning that some CSS behaviors have been matching incorrectly when provided with case variants of class names.
In this patch, the CSS methods have been audited and updated to adhere to the rules governing ASCII case sensitivity when matching classes. This includes `add_class()`, `remove_class()`, `has_class()`, and `class_list()`. Now, it is assumed that a document is in no-quirks mode unless a full HTML parser infers quirks mode, and these methods will treat class names in a byte-for-byte manner. Otherwise, when a document is in quirks mode, the methods will compare the provided class names against existing class names for the tag in an ASCII case insensitive way, while `class_list()` will return a lower-cased version of the existing class names.
The lower-casing in `class_list()` is performed for consistency, since it's possible that multiple case variants of the same comparable class name exists on a tag in the input HTML.
Developed in https://github.com/WordPress/wordpress-develop/pull/7169
Discussed in https://core.trac.wordpress.org/ticket/61531
Props dmsnell, jonsurrell.
See #61531.
Built from https://develop.svn.wordpress.org/trunk@58985
git-svn-id: http://core.svn.wordpress.org/trunk@58381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the `OPTIONS /wp/v2/pages` route to the list. The request is made via the `useBlockEditorSettings` hook at the top of the editor React tree. Preloading should improve the editor's loading time.
Avoid hardcoding paths for the 'attachment' post type; use the `rest_get_route_for_post_type_items` helper method instead.
Props mamaduka, noisysocks.
See #61884.
Built from https://develop.svn.wordpress.org/trunk@58984
git-svn-id: http://core.svn.wordpress.org/trunk@58380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a guard to verify the result of `get_post_type_object()` before retrieving the `all_items` label, as the function returns `null` if the post type does not exist.
Follow-up to [24527].
Props pcarvalho, akshat280, mukesh27, SergeyBiryukov.
Fixes#60947.
Built from https://develop.svn.wordpress.org/trunk@58983
git-svn-id: http://core.svn.wordpress.org/trunk@58379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Exclude links from activating the comment submission shortcut.
[45790] introduced a shortcut to submit comment forms using `Ctrl/Cmd + Enter`. This keyboard combination is also the combination for opening a link in a new tab, which resulted in submitting the form when using the Log Out or Edit Profile links.
Props greentreefrog, sabernhardt, narenin.
Fixes#61919.
Built from https://develop.svn.wordpress.org/trunk@58981
git-svn-id: http://core.svn.wordpress.org/trunk@58377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improves the `'admin_bar_menu'` docblock by adding recommendations for customizing / changing existing items.
It also improves the `wp_admin_bar_render()` function's docblock by removing the "most optimal point" sentence.
The [58748] changeset moved the user menu to a higher priority level (of `9991`) to achieve:
>so nodes added with higher priorities will still be shown visually before the user and recovery menu items, as they were prior to [58215].
When hooking into `'admin_bar_menu'` with a priority level less than 9991 and attempting to get the `'my-account'` node, `null` is returned. While the preferred approach is to hook into `'wp_before_admin_bar_render'`, the documentation of the `'admin_bar_menu'` action was previously misleading.
Follow-up to [58748], [58759].
Props michaelwp85, narenin, sabernhardt, joedolson, costdev, jorbin, hellofromTonya, mukesh27, pbiron.
Fixes#61738.
Built from https://develop.svn.wordpress.org/trunk@58978
git-svn-id: http://core.svn.wordpress.org/trunk@58374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [57715], headings on the About pages were given `text-wrap: balance`. This rule causes unexpected breaks in non-latin langauges, e.g., Japanese, Korean. This fix sets the text-wrap to `pretty` for browsers that support it, and uses `balance` for English-only.
Props akshat2802, wildworks, ryelle, sabernhardt, hellofromTonya.
Fixes#60892.
Built from https://develop.svn.wordpress.org/trunk@58976
git-svn-id: http://core.svn.wordpress.org/trunk@58372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is recommended that for every option it is explicitly set whether to autoload it or not. This changeset updates relevant `update_option()` and `add_option()` calls.
Note that the `$autoload` parameter is only needed for `update_option()` if the option is potentially not present yet, i.e. the call will pass through to `add_option()`. Since WordPress core adds the majority of its options to the database during installation, only `update_option()` calls for dynamically added options need to be modified, which is what this changeset does.
As part of revisiting the autoload values for dynamically added WordPress core options, this changeset modifies some options to no longer be autoloaded, since they are only accessed in a few specific places that are not relevant for a regular request. These options are:
* `recently_activated`
* `_wp_suggested_policy_text_has_changed`
* `{upgradeLock}.lock`
* `dashboard_widget_options`
* `ftp_credentials`
* `adminhash`
* `nav_menu_options`
* `wp_force_deactivated_plugins`
* `delete_blog_hash`
* `allowedthemes`
* `{sessionId}_paused_extensions`
* `recovery_keys`
* `https_detection_errors`
* `fresh_site`
An upgrade routine is present as well that sets those options to no longer autoload for existing sites.
Props pbearne, flixos90, mukesh27, swissspidy, SergeyBiryukov, joemcgill, adamsilverstein.
Fixes#61103.
Built from https://develop.svn.wordpress.org/trunk@58975
git-svn-id: http://core.svn.wordpress.org/trunk@58371 1a063a9b-81f0-0310-95a4-ce76da25c4cd