If the current server configuration doesn't allow WordPress to edit permalink settings, the textarea with new rules to use was not labeled. Add labels and aria-describedby pointing to the field description.
Props sabernhardt
Fixes#53142.
Built from https://develop.svn.wordpress.org/trunk@50830
git-svn-id: http://core.svn.wordpress.org/trunk@50439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace infinitely autoloading behavior on scroll with a user-controlled load more button. Fix a long standing accessibility issue in the media library. Infinite scroll poses a wide range of problems for accessibility, usability, and performance.
This change modifies the library to load 40 items in the initial view, with a load more button to load the next 40 items and a button to move focus from the load more region to the first of the most recently added items.
The text for communicating the jump target was broadly discussed, agreeing that the text incorporated here would most concisely and clearly convey the purpose of the button, and any further detail is learnable from use.
Props afercia, adamsilverstein, joedolson, audrasjb, francina
Fixes#50105. See #40330.
Built from https://develop.svn.wordpress.org/trunk@50829
git-svn-id: http://core.svn.wordpress.org/trunk@50438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the `delete_theme` and `deleted_theme` action hooks, which fire immediately before and after an attempt to delete a theme, respectively.
Props scottconnerly, ptahdunbar, pbiron, vetyst, desrosj.
Fixes#16401.
Built from https://develop.svn.wordpress.org/trunk@50826
git-svn-id: http://core.svn.wordpress.org/trunk@50435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds additional information to the Media Handling section of the Site Health Info page. When ImageMagick is used as the site’s image editor, a full list of file formats supported will now be shown. This will help site owners debug any issues they encounter as support for newer, more modern image formats is added (such as WebP in [50810]).
Additionally, the version of Imagick installed. This will help site owners debug issues with generating images on the PHP side.
Some variables have also been renamed to more accurately represent what is being stored.
Props Clorith, desrosj.
Fixes#53022.
Built from https://develop.svn.wordpress.org/trunk@50817
git-svn-id: http://core.svn.wordpress.org/trunk@50426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Themes displayed in this tab were actually random, and have not been selected to be featured to new WordPress users.
The tab had already been removed from the Theme Directory, and with this change, the options in the admin area and in the directory will match again.
The "Popular" tab is now displayed instead as the default view.
Props poena, kjellr, celloexpressions.
Fixes#49487. See #meta5044.
Built from https://develop.svn.wordpress.org/trunk@50813
git-svn-id: http://core.svn.wordpress.org/trunk@50422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
Built from https://develop.svn.wordpress.org/trunk@50810
git-svn-id: http://core.svn.wordpress.org/trunk@50419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids accidentally overriding some variables in the scope of `activate_plugin()`, e.g. `$silent` or `$network_wide`.
Plugins expecting to have access to `$network_wide` directly on inclusion should receive it as an argument of the activation hook callback instead, on any of these actions:
* `activate_plugin`
* `activate_{$plugin}`
* `activated_plugin`
Follow-up to [28644].
Props Mike_Cowobo, dd32, DrewAPicture, mensmaximus, SergeyBiryukov.
Fixes#31104.
Built from https://develop.svn.wordpress.org/trunk@50787
git-svn-id: http://core.svn.wordpress.org/trunk@50396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This officially removes support for Internet Explorer 11 in the CSS files run through the build process in Core.
Individual tickets should be opened for removing each manually maintained area of the code base targeting IE11.
The resulting changes to CSS files are included in this commit.
Fixes#53077.
Built from https://develop.svn.wordpress.org/trunk@50784
git-svn-id: http://core.svn.wordpress.org/trunk@50393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `caniuse-lite` database to the most recent version (`1.0.30001214`) by running `npx browserslist@latest --update-db`.
The resulting changes after running `grunt precommit:css` are also included in this commit.
See #52624.
Built from https://develop.svn.wordpress.org/trunk@50782
git-svn-id: http://core.svn.wordpress.org/trunk@50391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are several WordPress hooks defined on the server that depend on $post object that isn’t present on the new screens like edit site, edit widgets, or edit navigation. This patch deprecates existing filters and introduces replacements that are context-aware.
Props azaozz, andraganescu, jeremyfelt, nosolosw, youknowriad.
See #52920.
Built from https://develop.svn.wordpress.org/trunk@50776
git-svn-id: http://core.svn.wordpress.org/trunk@50385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent a `TypeError` from occurring during installation if `wp-config.php` is not writable. In PHP 8.0 this can cause a fatal error, in earlier versions of PHP a warning would be thrown.
Account for a change in type returned by `fopen()` coming in a future version of PHP. Minor coding standards fixes in the `/wp-admin/setup-config.php` file.
Props xknown, hellofromTonya, jrf, peterwilsoncc.
See #51423.
Built from https://develop.svn.wordpress.org/trunk@50775
git-svn-id: http://core.svn.wordpress.org/trunk@50384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `illegal_names`
* `limited_email_domains`
* `banned_email_domains`
If any of these options have a falsey value, treat it as an empty string. This addresses a PHP 8.1+ deprecation notice when passing a `null` value to `str_replace()`.
Additionally, avoid unnecessary type casting for better performance.
Props hellofromTonya, jrf, SergeyBiryukov.
See #51423.
Built from https://develop.svn.wordpress.org/trunk@50772
git-svn-id: http://core.svn.wordpress.org/trunk@50381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Site Health dashboard widget uses the same JavaScript file as the Site Health pages to generate its progress indicator.
This file was also set up to store the current Site Health check results if the current tab being shown isn't the debug information one, this had the side effect of the dashboard being seen as not the debug screen as well.
This now has a conditional making sure it's the status screen it self being displayed, before trying to do any Ajax requests.
Props arena.
Fixes#49814.
Built from https://develop.svn.wordpress.org/trunk@50766
git-svn-id: http://core.svn.wordpress.org/trunk@50375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `reset` to get the label from the first tab entry as the default if no tab is defined.
This ensures even if the tab order is changed, or tabs are removed, no warnings will be thrown.
Follow-up to [50764].
See #47225.
Built from https://develop.svn.wordpress.org/trunk@50765
git-svn-id: http://core.svn.wordpress.org/trunk@50374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow developers to extend the Site Health screen with their own custom navigation tabs and pages.
This implements a new filter, `site_health_navigation_tabs`, which takes an associated array of tab identifiers/slugs, and tab labels, allowing developers to add their own subpage to the Site Health interface as new tabs.
To output a custom page, or add to an existing page, the `site_health_tab_content` action is triggered whenever the `tab` query argument is present and not empty. This action includes the current tab as its argument, which a developer would match against to only output content when relevant.
Props ramiy for initial patch.
Fixes#47225.
Built from https://develop.svn.wordpress.org/trunk@50764
git-svn-id: http://core.svn.wordpress.org/trunk@50373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when exporting personal data, if the JSON encoding of the data failed, the invalid JSON was still written to `export.json`. This change captures the JSON encoding failure and adds a notice to the UI.
Props hellofromTonya, jrf, SergeyBiryukov.
Fixes#52892.
Built from https://develop.svn.wordpress.org/trunk@50713
git-svn-id: http://core.svn.wordpress.org/trunk@50322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [48390], plugins and themes can be updated with an uploaded ZIP file. Strings were added for comparing the "current" and "uploaded" versions of a plugin or theme, but lacked context for each as to the object being referenced. This change adds a `plugin` or `theme` context to each of these strings for disambiguation.
Props dimadin, SergeyBiryukov.
Fixes#53017.
Built from https://develop.svn.wordpress.org/trunk@50705
git-svn-id: http://core.svn.wordpress.org/trunk@50314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the "Reading Settings" page, the post excerpt was referred to as a "Summary". For consistency with the rest of Core, this change updates "summary" to "excerpt" both in the setting and the relevant help tab.
Props SergeyBiryukov, ravipatel, mukesh27.
Fixes#52987.
Built from https://develop.svn.wordpress.org/trunk@50702
git-svn-id: http://core.svn.wordpress.org/trunk@50311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Variables created within the scope of a function are discarded automatically when PHP leaves the scope of the function, i.e. on `return`, so doing a call to `unset()` straight before a `return` statement is redundant.
Props jrf, ravipatel, rachelbaker, mukesh27.
Fixes#52996.
Built from https://develop.svn.wordpress.org/trunk@50692
git-svn-id: http://core.svn.wordpress.org/trunk@50301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that contrast between text color and background meets the WCAG 2.0 AA recommended value. The following locations were changed:
- Network List Tables: Use lighter background colors for site status indicator.
- Nav Menus: Use a lighter background color for invalid menu items.
- Pointers: Use a darker background for pointer header.
- Themes: Use darker background on filter button hover.
- Customizer: Use darker background for selected widget.
Follow-up to [50025], [50571].
Props kebbet, melchoyce, peterwilsoncc.
Fixes#52760.
Built from https://develop.svn.wordpress.org/trunk@50687
git-svn-id: http://core.svn.wordpress.org/trunk@50296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.
Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Fixes#52783.
Built from https://develop.svn.wordpress.org/trunk@50659
git-svn-id: http://core.svn.wordpress.org/trunk@50271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [47198], parentheses were removed from `include` and `require` statements, as they are language constructs, not function calls. However, [50161] introduced a new `require_once` instance in `wp-admin/options-privacy.php`. This change removes the unnecessary parentheses.
See #53627.
Built from https://develop.svn.wordpress.org/trunk@50631
git-svn-id: http://core.svn.wordpress.org/trunk@50243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that `wp-format-library` assets are always loaded for the block editor. Otherwise, they have to be loaded individually for every screen that needs it. It's similar to how `wp-block-directory` assets are handled.
Props ellatrix.
See #52920.
Built from https://develop.svn.wordpress.org/trunk@50620
git-svn-id: http://core.svn.wordpress.org/trunk@50233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 in `wp_privacy_generate_personal_data_export_file()` if the `_export_data_grouped` post meta exists but is not an array.
Additionally, refactor unit tests for the function to:
* Reduce redundant code
* Switch to data provider
* Test on the full HTML output instead of select pieces of the output
* Expand unhappy path coverage
Follow-up to [43012], [44786], [47146], [47278].
Props hellofromTonya, jrf, xknown.
See #51423.
Built from https://develop.svn.wordpress.org/trunk@50613
git-svn-id: http://core.svn.wordpress.org/trunk@50226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change switches out `sprintf` for `printf` on the "Copy suggested policy text from..." button screen reader text. Also, wrap the actual button text in a `<span aria-hidden="true">` to prevent both the button text and the screen reader text from being spoken.
Props mukesh27, SergeyBiryukov, sabernhardt.
Fixes#52891.
Built from https://develop.svn.wordpress.org/trunk@50585
git-svn-id: http://core.svn.wordpress.org/trunk@50198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49178], self-closing `br` tags were switched to non-self-closing `div` elements for "clearing" purposes, but the self-closing "/" remained in place. This fix removes the unnecessary slash.
Props pavelvisualcomposer, audrasjb, sabernhardt, akabarikalpesh, SergeyBiryukov.
Fixes#52878.
Built from https://develop.svn.wordpress.org/trunk@50582
git-svn-id: http://core.svn.wordpress.org/trunk@50195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent misalignment of "generate password" and "save password" buttons on the password reset screen on narrow screens and in languages requiring longer text than English.
Props audrasjb, grapplerulrich, ryelle.
Fixes#52834.
Built from https://develop.svn.wordpress.org/trunk@50569
git-svn-id: http://core.svn.wordpress.org/trunk@50182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On narrow screens allow the text to wrap in the copy buttons on the privacy policy guide screen to avoid horizontal overflow of the parent container.
Props audrasjb, davidbaumwald, jaymanpandya, paaljoachim, palmiak, sabernhardt, SergeyBiryukov, sumitsingh.
Fixes#52751.
Built from https://develop.svn.wordpress.org/trunk@50568
git-svn-id: http://core.svn.wordpress.org/trunk@50181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When collapsed or on a small screen, these styles would override the color schemes, causing a dark background to appear regardless of the color scheme's settings. This change also uses `focus-within` to show or hide the menu item's arrow, consistent with how the arrow behaves on hover.
Props afercia, Bueltge.
Fixes#32579.
Built from https://develop.svn.wordpress.org/trunk@50549
git-svn-id: http://core.svn.wordpress.org/trunk@50162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the callback is called before the images are loaded, the comparison doesn't work. `wp.domReady` uses `DOMContentLoaded`, which does not guarantee that the images are loaded. This switches to use the `load` event, which waits for all resources to load.
Props vladytimy, joyously, sergeybiryukov.
Fixes#52758.
Built from https://develop.svn.wordpress.org/trunk@50535
git-svn-id: http://core.svn.wordpress.org/trunk@50148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, adjust the "Update to latest nightly" button to include the major version number of the nightly build.
This makes the button labels more accurate and provides more clear understanding of what the update will be.
Follow-up to [49984].
Props afragen, pbiron, SergeyBiryukov.
Fixes#52513.
Built from https://develop.svn.wordpress.org/trunk@50506
git-svn-id: http://core.svn.wordpress.org/trunk@50119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a more obviously interactive comparison for viewing the color scheme differences. Improvements on RTL and IE11. Update strings to be more clear and consistent. Switch to the CDN for loading images.
Props sarahricker, desrosj, melchoyce, SergeyBiryukov, tikifez, clorith, marybaum, audrasjb, francina, hellofromTonya.
Fixes#52693. See #52347.
Built from https://develop.svn.wordpress.org/trunk@50478
git-svn-id: http://core.svn.wordpress.org/trunk@50089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This includes many minor adjustments to a wide array of core files to replace shorthands with full declarations.
Follow-up to [50001], [50270], [50367].
Props Clorith, hellofromTonya, peterwilsoncc, adamsilverstein, aristath.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50420
git-svn-id: http://core.svn.wordpress.org/trunk@50031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.
A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.
Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes#52547.
Built from https://develop.svn.wordpress.org/trunk@50399
git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #50547, the admin color schemes were added to the customizer UI, but at some point specificity changed and the colors were overridden by the defaults. This brings the color schemes back into the customizer, using the button color as a highlight, with the link color for text to keep things readable.
Follow up to [48371].
Props audrasjb, peterwilsoncc.
Fixes#52230.
Built from https://develop.svn.wordpress.org/trunk@50386
git-svn-id: http://core.svn.wordpress.org/trunk@49997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The color palette changes in #49999 introduced some contrast issues on buttons, input elements, and links. This change ensures that all interactive elements have an appropriate contrast ratio.
Follow-up to [50025].
Props audrasjb, joedolson.
Fixes#52402.
Built from https://develop.svn.wordpress.org/trunk@50278
git-svn-id: http://core.svn.wordpress.org/trunk@49923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.
In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.
See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.
Props Clorith, pixolin, helen, ratneshk.
Fixes#51466.
Built from https://develop.svn.wordpress.org/trunk@50263
git-svn-id: http://core.svn.wordpress.org/trunk@49908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, date information was unable to be changed when using `media_handle_sideload()`.
Now you can override the date for a media item using `$post_data['post_date']` before using the function.
Props jamesgol, mukesh27, SergeyBiryukov, hellofromTonya, Mista-Flo.
Fixes#50972.
Built from https://develop.svn.wordpress.org/trunk@50258
git-svn-id: http://core.svn.wordpress.org/trunk@49903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the color change was done, the background of plugins with updates had to be manually changed. This section was missed, which caused a visual bug. This fix also removes some redundant CSS for the same element.
Follow-up to [50025].
Props afragen.
Fixes#52452.
Built from https://develop.svn.wordpress.org/trunk@50237
git-svn-id: http://core.svn.wordpress.org/trunk@49898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.
We are now using `WP_RUN_CORE_TESTS` instead for consistency.
Props hellofromTonya, SergeyBiryukov.
See #49889.
Built from https://develop.svn.wordpress.org/trunk@50170
git-svn-id: http://core.svn.wordpress.org/trunk@49849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed.
Fixes#51660.
Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@50163
git-svn-id: http://core.svn.wordpress.org/trunk@49842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.
Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes#49264.
Built from https://develop.svn.wordpress.org/trunk@50161
git-svn-id: http://core.svn.wordpress.org/trunk@49840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
Built from https://develop.svn.wordpress.org/trunk@50159
git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
Built from https://develop.svn.wordpress.org/trunk@50153
git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
Built from https://develop.svn.wordpress.org/trunk@50146
git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.
Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes#44354.
Built from https://develop.svn.wordpress.org/trunk@50145
git-svn-id: http://core.svn.wordpress.org/trunk@49824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
Built from https://develop.svn.wordpress.org/trunk@50133
git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
Built from https://develop.svn.wordpress.org/trunk@50131
git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
Built from https://develop.svn.wordpress.org/trunk@50129
git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
Built from https://develop.svn.wordpress.org/trunk@50128
git-svn-id: http://core.svn.wordpress.org/trunk@49807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
Built from https://develop.svn.wordpress.org/trunk@50121
git-svn-id: http://core.svn.wordpress.org/trunk@49800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make the navigation menu footer sticky so a Save Menu button is always available in the viewport. Improves usability and effectiveness of the interface when in a responsive view.
Props garrett-eclipse, audrasjb, maxpertici, sabernhardt, kburgoine, poena
Fixes#51631
Built from https://develop.svn.wordpress.org/trunk@50115
git-svn-id: http://core.svn.wordpress.org/trunk@49794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
Built from https://develop.svn.wordpress.org/trunk@50082
git-svn-id: http://core.svn.wordpress.org/trunk@49782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50072
git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `defaultEditorStyles` setting was missing from the default block
editor settings. This causes the "Use theme styles" setting which was
added in WordPress 5.6 to not function properly.
Also, the RTL version of editor styles were not being loaded. This
change has not yet been ported over from Gutenberg.
Fixes#52394.
Built from https://develop.svn.wordpress.org/trunk@50069
git-svn-id: http://core.svn.wordpress.org/trunk@49770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function `wp_text_diff` generated an invalid table structure if the $args parameter contained any values. This patch corrects the structure generated by `wp_text_diff` and related usages so that the column count matches the data generated. Additionally, this patch passes arguments to the Revisions screen so that the screen has column headings that reflect the content in each column. Improves the accessibility and usability of the Revisions table.
Props joedolson, mehulkaklotar, afercia, adamsilverstein, zodiac1978, jeremyfelt
Fixes#25473
Built from https://develop.svn.wordpress.org/trunk@50034
git-svn-id: http://core.svn.wordpress.org/trunk@49735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.
Props afercia, xkon, audrasjb
Fixes#47327
Built from https://develop.svn.wordpress.org/trunk@50032
git-svn-id: http://core.svn.wordpress.org/trunk@49733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.
Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes#51941.
Built from https://develop.svn.wordpress.org/trunk@50030
git-svn-id: http://core.svn.wordpress.org/trunk@49731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The update icon rotation should not occur when the user has opted to reduce motion, for example by selecting the "Reduce motion" option in macOS' preferences or unselecting "Show animations in Windows" in Windows' preferences.
Follow-up to [47813], [50027].
Props xkon, audrasjb, johnbillion.
Fixes#52263. See #51476.
Built from https://develop.svn.wordpress.org/trunk@50028
git-svn-id: http://core.svn.wordpress.org/trunk@49729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides better indication within the viewport about ongoing processes on the page when updating several plugins at the same time, but without using the bulk updater.
Props ravipatel, audrasjb, johnjamesjacoby, paaljoachim, hellofromTonya, sabernhardt, mdwolinski, karmatosed, SergeyBiryukov.
Fixes#51476.
Built from https://develop.svn.wordpress.org/trunk@50027
git-svn-id: http://core.svn.wordpress.org/trunk@49728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is part of a larger project in cleaning up core's admin CSS. This collapses all colors used in the CSS to one of 12 blues, greens, reds, and yellows, 13 grays, pure black, and pure white. The colors are perceptually uniform from light to dark, half of each range has a 4.5 or higher contrast against white, the other half has a 4.5 or higher contrast against black.
Standardizing on this set of colors will help contributors make consistent, accessible design decisions. The full color palette can be seen here: https://codepen.io/ryelle/full/WNGVEjw
Props notlaura, danfarrow, kburgoine, drw158, audrasjb, Joen, hedgefield, ibdz, melchoyce.
See #49999.
Built from https://develop.svn.wordpress.org/trunk@50025
git-svn-id: http://core.svn.wordpress.org/trunk@49726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since WordPress 2.5 and 2.6, `post_content` and `post_excerpt` have both had export-specific filters: `the_content_export`, and `the_excerpt_export`, respectively. `post_title`, however, has used `the_title_rss`, which behaves differently in two important ways:
- It strips HTML tags from the string.
- It HTML-encodes the title string.
These behaviours are not ideal for exports, since it changes the post title, resulting in data loss in export files, and incorrect post duplicate matching on import. This changes replaces the usage of `the_title_rss` with a new filter, `the_title_export`. The new filter is intended to be used in the same as `the_content_export` and `the_excerpt_export`.
Props jmdodd, audrasjb.
Fixes#52250.
Built from https://develop.svn.wordpress.org/trunk@50011
git-svn-id: http://core.svn.wordpress.org/trunk@49712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/trunk@50006
git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To be able to disable jQuery Migrate as step 3 of updating the jQuery version shipped with WordPress, all `JQMIGRATE` warnings in the browser console will have to be addressed.
This includes many minor adjustments to a wide array of core files.
Follow-up to:
* Step 1: Disabling jQuery Migrate 1.4.1 in WordPress 5.5: [48323], [48324]
* Step 2: Updating jQuery to 3.5.1 and adding jQuery Migrate 3.3.x in WordPress 5.6: [49101], [49338], [49615], [49649]
Props Clorith, azaozz.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50001
git-svn-id: http://core.svn.wordpress.org/trunk@49702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
TinyMCE was not implemented on the accessibility mode for widgets, disabling text editing fields. Change ensures that TinyMCE is initialized when accessibility mode is set up. Prior implementation hid the text widget fields if they were empty, which they always were for new widgets.
Props MadtownLems, alexstine, hareesh-pillai, dariak
Built from https://develop.svn.wordpress.org/trunk@49973
git-svn-id: http://core.svn.wordpress.org/trunk@49674 1a063a9b-81f0-0310-95a4-ce76da25c4cd