Commit Graph

519 Commits

Author SHA1 Message Date
Felix Arntz dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Felix Arntz 3716c8c20f Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.

* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
    * `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
    * `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
    * `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.

Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.

Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.

Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.

Built from https://develop.svn.wordpress.org/trunk@49992


git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 01:37:00 +00:00
Felix Arntz c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00
Dominik Schilling abc9d961d5 I18N: Revert [49236] for now to investigate alternative implementations.
See #39210, #51678, #26511.
Built from https://develop.svn.wordpress.org/trunk@49566


git-svn-id: http://core.svn.wordpress.org/trunk@49304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-12 14:43:09 +00:00
Dominik Schilling 173b9aa122 I18N: Introduce `WP_Textdomain_Registry` to store text domains and their language directory paths.
Previously, when using `switch_to_locale()` all current loaded text domains were unloaded and added to the `$l10n_unloaded` global. This prevented the just-in-time loading for text domains after a switch. The just-in-time loading was also only possible if the translations were stored in `WP_LANG_DIR`. Both issues have been fixed.

* Adds `WP_Textdomain_Registry` to keep track of the language directory paths for all plugins and themes.
* Updates all `load_*_textdomain()`  functions to store the path in `WP_Textdomain_Registry`.
* Adds `$reloadable` parameter to `unload_textdomain()` to define whether a text domain can be loaded just-in-time again. This is used by `WP_Locale_Switcher::load_translations()`.
* Extends `_load_textdomain_just_in_time()` to also support text domains of plugins and themes with custom language directories.
* Fixes the incorrect `test_plugin_translation_after_switching_locale_twice()` test which should have catch this issue earlier.
* Adds a new test plugin/theme to test the loading of translations with a custom language directory.
* Deprecates the now unused and private `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()` functions.

Props yoavf, swissspidy, dd32, ocean90.
See #26511.
Fixes #39210.
Built from https://develop.svn.wordpress.org/trunk@49236


git-svn-id: http://core.svn.wordpress.org/trunk@48998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 16:05:07 +00:00
youknowriad d6cff7965a Block Editor: Update the WordPress Packages to the latest version.
This includes the packages that match the Gutenberg 9.2 Release.
It is going to be the last block-editor features update for WordPress 5.6.
It also updates the block-supports code base to the latest APIs.

Props isabel_brison, noisysocks, desrosj.
Fixes #51570.

Built from https://develop.svn.wordpress.org/trunk@49226


git-svn-id: http://core.svn.wordpress.org/trunk@48988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 13:36:16 +00:00
TimothyBlynJacobs 039ce3f16f Site Health, REST API: Move async tests to REST API endpoints.
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.

Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.

The existing ajax actions have been maintained for backward compatibility.

Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes #48105.

Built from https://develop.svn.wordpress.org/trunk@49154


git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-15 02:00:08 +00:00
Sergey Biryukov 620c069fe8 General: Move `wp_array_get()` from a separate file to `wp-includes/functions.php`, for consistency.
Add missing `@since` tag, adjust the DocBlock per the documentation standards.

Follow-up to [49135].

Props isabel_brison, ocean90.
Fixes #51461.
Built from https://develop.svn.wordpress.org/trunk@49143


git-svn-id: http://core.svn.wordpress.org/trunk@48905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-14 02:10:04 +00:00
jorgefilipecosta b667105f60 Editor: update packages; Port block supports to WordPress core.
The following package versions were changed:
@wordpress/a11y: 2.11.0 -> 2.13.0
@wordpress/annotations: 1.20.4 -> 1.22.0
@wordpress/api-fetch: 3.18.0 -> 3.20.0
@wordpress/autop: 2.9.0 -> 2.10.0
@wordpress/blob: 2.9.0 -> 2.10.0
@wordpress/block-directory: 1.13.7 -> 1.16.0
@wordpress/block-editor: 4.3.7 -> 5.0.0
@wordpress/block-library: 2.22.7 -> 2.25.0
@wordpress/block-serialization-default-parser: 3.7.0 -> 3.8.0
@wordpress/blocks: 6.20.3 -> 6.23.0
@wordpress/components: 10.0.6 -> 11.0.0
@wordpress/compose: 3.19.3 -> 3.21.0
@wordpress/core-data: 2.20.3 -> 2.23.0
@wordpress/data: 4.22.3 -> 4.24.0
@wordpress/data-controls: 1.16.3 -> 1.18.0
@wordpress/date: 3.10.0 -> 3.12.0
@wordpress/deprecated: 2.9.0 -> 2.10.0
@wordpress/dom: 2.13.1 -> 2.15.0
@wordpress/dom-ready: 2.10.0 -> 2.11.0
@wordpress/e2e-test-utils: 4.11.2 -> 4.14.0
@wordpress/edit-post: 3.21.7 -> 3.24.0
@wordpress/editor: 9.20.7 -> 9.23.0
@wordpress/element: 2.16.0 -> 2.18.0
@wordpress/escape-html: 1.9.0 -> 1.10.0
@wordpress/format-library: 1.22.7 -> 1.24.0
@wordpress/hooks: 2.9.0 -> 2.10.0
@wordpress/html-entities: 2.8.0 -> 2.9.0
@wordpress/i18n: 3.14.0 -> 3.16.0
@wordpress/icons: 2.4.0 -> 2.7.0
@wordpress/is-shallow-equal: 2.1.0 -> 2.3.0
@wordpress/keyboard-shortcuts: 1.9.3 -> 1.11.0
@wordpress/keycodes: 2.14.0 -> 2.16.0
@wordpress/library-export-default-webpack-plugin: 1.7.0 -> 1.9.0
@wordpress/list-reusable-blocks: 1.21.6 -> 1.23.0
@wordpress/media-utils: 1.15.0 -> 1.17.0
@wordpress/notices: 2.8.3 -> 2.10.0
@wordpress/nux: 3.20.6 -> 3.22.0
@wordpress/plugins: 2.20.3 -> 2.22.0
@wordpress/primitives: 1.7.0 -> 1.9.0
@wordpress/priority-queue: 1.7.0 -> 1.9.0
@wordpress/redux-routine: 3.10.0 -> 3.12.0
@wordpress/rich-text: 3.20.4 -> 3.22.0
@wordpress/scripts: 12.1.1 -> 12.3.0
@wordpress/server-side-render: 1.16.6 -> 1.18.0
@wordpress/shortcode: 2.9.0 -> 2.11.0
@wordpress/token-list: 1.11.0 -> 1.13.0
@wordpress/url: 2.17.0 -> 2.19.0
@wordpress/viewport: 2.21.3 -> 2.23.0
@wordpress/warning: 1.2.0 -> 1.3.0
@wordpress/wordcount: 2.10.0 -> 2.12.0

Props isabel_brison, youknowriad, mcsf.
Fixes #51461.
Built from https://develop.svn.wordpress.org/trunk@49135


git-svn-id: http://core.svn.wordpress.org/trunk@48897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-13 13:10:30 +00:00
TimothyBlynJacobs 49a399db05 REST API: Introduce search post format handler.
This allows for clients to search the used post formats via the /wp/v2/search endpoint by using a type=post-format query parameter.
Fixes #51459.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49132


git-svn-id: http://core.svn.wordpress.org/trunk@48894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-12 19:54:05 +00:00
TimothyBlynJacobs d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
TimothyBlynJacobs f5c67c386f REST API: Introduce search term handler.
This allows for clients to search the available terms via the `/wp/v2/search` endpoint by using a `type=term` query parameter.

Fixes #51458.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49103


git-svn-id: http://core.svn.wordpress.org/trunk@48865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 01:32:05 +00:00
youknowriad 777872bdb1 Block Editor: Add the initial set of block patterns.
Included patterns:

text-two-columns
two-buttons
two-images
text-two-columns-with-images
text-three-columns-buttons
large-header
large-header-paragraph
three-buttons
quote
testimonials

Props mcsf, nrqsnchz.
See #50550.

Built from https://develop.svn.wordpress.org/trunk@48334


git-svn-id: http://core.svn.wordpress.org/trunk@48103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-06 10:50:02 +00:00
gziolo eafcf52d18 Editor: Register core blocks on the server
Exposes all core blocks (excluding embeds) on the server to be used with the REST API block types endpoint.

Props spacedmonkey, timothyblynjacobs.
Fixes #50263.


Built from https://develop.svn.wordpress.org/trunk@48262


git-svn-id: http://core.svn.wordpress.org/trunk@48031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 12:29:03 +00:00
TimothyBlynJacobs 083134f694 REST API: Introduce plugin management and block directory endpoints.
These endpoints facilitate the Block Directory Inserter feature in Gutenberg. Users can now install, activate, deactivate, and delete plugins over the REST API. The block directoryendpoint allows searching for available blocks from the WordPress.org block directory.

Props cklee, talldanwp, noisysocks, joen, soean, youknowriad, dufresnesteven, gziolo, dd32, tellyworth, ryelle, spacedmonkey, TimothyBlynJacobs.
Fixes #50321.


Built from https://develop.svn.wordpress.org/trunk@48242


git-svn-id: http://core.svn.wordpress.org/trunk@48011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 04:24:03 +00:00
TimothyBlynJacobs 9f14967ff0 REST API: Introduce Block Types endpoint.
This endpoint allows a user to retrieve the block type definition for all server-side registered block types.

Props spacedmonkey, aduth, gziolo, ocean90, TimothyBlynJacobs.
Fixes #47620.

Built from https://develop.svn.wordpress.org/trunk@48173


git-svn-id: http://core.svn.wordpress.org/trunk@47942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-26 00:46:07 +00:00
gziolo 3f2e7804c4 Editor: Introduce WP_Block and WP_Block_List classes
Backports functionality added in Gutenberg in the following PRs:
- https://github.com/WordPress/gutenberg/pull/21467
- https://github.com/WordPress/gutenberg/pull/21925
It's a few ideas related to block rendering and the provided block value, which is particularly impactful for work around block context.

Props aduth, TimothyBJacobs, noisysocks, epiqueras, youknowriad, talldanwp, zebulan.
Fixes #49926.


Built from https://develop.svn.wordpress.org/trunk@48159


git-svn-id: http://core.svn.wordpress.org/trunk@47928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-25 05:16:11 +00:00
youknowriad 6d927e494c Block Editor: Add the Block Patterns API.
Backport WP_Block_Pattern_Categories_Registry, WP_Block_Patterns_Registry
and block patterns registration functions from the Gutenberg repository.

Props ocean90, ellatrix
Fixes #50445.

Built from https://develop.svn.wordpress.org/trunk@48156


git-svn-id: http://core.svn.wordpress.org/trunk@47925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-24 12:59:11 +00:00
Pascal Birchler 609dd1d14f Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

Built from https://develop.svn.wordpress.org/trunk@48072


git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 15:24:07 +00:00
desrosj a753e44d4e Bootstrap/Load: Deprecate `wp_unregister_GLOBALS()`.
The `register_globals` directive in PHP was deprecated in version 5.3 and removed entirely in 5.4.

Now that WordPress only supports PHP 5.6.20 and newer, the `wp_unregister_GLOBALS()` function can be deprecated.

Props ayeshrajans, desrosj, SergeyBiryukov.
Fixes #49938.
Built from https://develop.svn.wordpress.org/trunk@47612


git-svn-id: http://core.svn.wordpress.org/trunk@47387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-22 15:42:09 +00:00
whyisjake 92636d716a Site Health instantiation prevents use of some hooks by plugins.
As the WP_Site_Health class is instantiated prior to plugins being required and the `plugins_loaded` hook being fired, it prevents plugins from using the following hooks in the functions called by `maybe_create_scheduled_event()`.

Fixes #49824.
Props peterwilsoncc, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@47568


git-svn-id: http://core.svn.wordpress.org/trunk@47343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-10 03:57:08 +00:00
Sergey Biryukov 78e62aa3e4 Coding Standards: Whitelist `date_default_timezone_set()` usage in `wp-settings.php`.
See #49542.
Built from https://develop.svn.wordpress.org/trunk@47552


git-svn-id: http://core.svn.wordpress.org/trunk@47327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-06 09:06:12 +00:00
jorgefilipecosta 56906bcf59 Block Editor: Update WordPress Packages; Remove navigation block; Add social links block
The following package versions were changed:
@wordpress/annotations: 1.11.0 -> 1.12.0
@wordpress/api-fetch: 3.10.0 -> 3.11.0
@wordpress/block-directory: 1.4.0 -> 1.5.0
@wordpress/block-editor: 3.6.0 -> 3.7.0
@wordpress/block-library: 2.13.0 -> 2.14.0
@wordpress/blocks: 6.11.0 -> 6.12.0
@wordpress/components: 9.1.0 -> 9.2.0
@wordpress/core-data: 2.11.0 -> 2.12.0
@wordpress/data: 4.13.0 -> 4.14.0
@wordpress/data-controls: 1.7.0 -> 1.8.0
@wordpress/e2e-test-utils: 4.2.0 -> 4.3.0
@wordpress/edit-post: 3.12.0 -> 3.13.0
@wordpress/editor: 9.11.0 -> 9.12.0
@wordpress/format-library: 1.13.0 -> 1.14.0
@wordpress/icons: 1.0.0 -> 1.1.0
@wordpress/keyboard-shortcuts: 1.0.0 -> 1.1.0
@wordpress/list-reusable-blocks: 1.12.0 -> 1.13.0
@wordpress/media-utils: 1.6.0 -> 1.7.0
@wordpress/notices: 1.12.0 -> 2.0.0
@wordpress/nux: 3.11.0 -> 3.12.0
@wordpress/plugins: 2.11.0 -> 2.12.0
@wordpress/primitives: 1.0.0 -> 1.1.0
@wordpress/rich-text: 3.11.0 -> 3.12.0
@wordpress/server-side-render: 1.7.0 -> 1.8.0
@wordpress/url: 2.10.0 -> 2.11.0
@wordpress/viewport: 2.12.0 -> 2.13.0
The navigation block inclusion was reverted.
The social links block was included.

Props gziolo, youknowriad, mcsf, noisysocks.
Fixes #49397.
Built from https://develop.svn.wordpress.org/trunk@47250


git-svn-id: http://core.svn.wordpress.org/trunk@47050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-10 22:33:27 +00:00
Sergey Biryukov c1fb007ff3 Docs: Add documentation for globals in `wp-settings.php`.
Props chinteshprajapati.
Fixes #46253.
Built from https://develop.svn.wordpress.org/trunk@47231


git-svn-id: http://core.svn.wordpress.org/trunk@47031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-10 03:34:05 +00:00
Sergey Biryukov 47ed56f38f Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
jorgefilipecosta d7e321c7c7 Block Editor: Include navigation block server logic.
Core did not include the navigation block PHP files.
This commit fixes the issue referred, and now the navigation block is executed on the frontend. The block still does not work as expected and throws an error during frontend execution. That problem is going to be fixed on the next WordPress package update.
This commit adds the file as it is on the npm package used.

Props gziolo.
Fixes #49348.
Built from https://develop.svn.wordpress.org/trunk@47176


git-svn-id: http://core.svn.wordpress.org/trunk@46976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-04 20:16:04 +00:00
Sergey Biryukov 0aff1cf6bd Site Health: Rename `WP_Site_Health::initialize()` introduced in [47063] to `::get_instance()`, for clarity and consistency with other core classes.
Use `WP_Site_Health::get_instance()` where it's needed, instead of creating multiple instances of the class.

Props afercia, xkon, Clorith, SergeyBiryukov.
See #47606.
Built from https://develop.svn.wordpress.org/trunk@47149


git-svn-id: http://core.svn.wordpress.org/trunk@46949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-01 00:39:09 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov 2c4480958b Site Health: Introduce Site Health Status dashboard widget.
The widget informs administrators of any potential issues that should be addressed to improve the performance or security of their website, and directs them to the Site Health screen for more details.

Props Clorith, hedgefield, guddu1315.
See #47606.
Built from https://develop.svn.wordpress.org/trunk@47063


git-svn-id: http://core.svn.wordpress.org/trunk@46863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-12 13:33:05 +00:00
Sergey Biryukov d858656023 Bootstrap/Load: Make handling the `/favicon.ico` requests more flexible.
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.

While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.

This changeset implements the following logic (only applied if WordPress is installed in the root directory):

* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.

Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.

New functions and hooks:

* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.

Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes #47398.
Built from https://develop.svn.wordpress.org/trunk@47018


git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-28 21:20:04 +00:00
gziolo aca0d9968f Block Editor: Remove experimental Social Links blocks
We decided to mark Social Links block as an experimental feature in Gutenberg. In effect, we are moving all related code from WordPress 5.3 release.

Props youknowriad.

Fixes #48263.


Built from https://develop.svn.wordpress.org/trunk@46543


git-svn-id: http://core.svn.wordpress.org/trunk@46340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 15:37:08 +00:00
gziolo 03390f00c5 Block Editor: Update the WordPress Packages to the ones used in the Gutenberg 6.5 release
Updated Packages:

In version 6.2:

@wordpress/a11y@2.5.0
@wordpress/annotations@1.5.0
@wordpress/api-fetch@3.4.0
@wordpress/autop@2.4.0
@wordpress/babel-plugin-import-jsx-pragma@2.3.0
@wordpress/babel-plugin-makepot@3.2.0
@wordpress/babel-preset-default@4.4.0
@wordpress/blob@2.5.0
@wordpress/block-editor@3.0.0
@wordpress/block-library@2.7.0
@wordpress/block-serialization-default-parser@3.3.0
@wordpress/block-serialization-spec-parser@3.2.0
@wordpress/blocks@6.5.0
@wordpress/browserslist-config@2.6.0
@wordpress/components@8.1.0
@wordpress/compose@3.5.0
@wordpress/core-data@2.5.0
@wordpress/custom-templated-path-webpack-plugin@1.5.0
@wordpress/data-controls@1.1.0
@wordpress/data@4.7.0
@wordpress/date@3.4.0
@wordpress/dependency-extraction-webpack-plugin@1.1.0
@wordpress/deprecated@2.5.0
@wordpress/docgen@1.3.0
@wordpress/dom-ready@2.5.0
@wordpress/dom@2.4.0
@wordpress/e2e-test-utils@2.2.0
@wordpress/e2e-tests@1.4.0
@wordpress/edit-post@3.6.0
@wordpress/editor@9.5.0
@wordpress/element@2.6.0
@wordpress/escape-html@1.5.0
@wordpress/eslint-plugin@2.4.0
@wordpress/format-library@1.7.0
@wordpress/hooks@2.5.0
@wordpress/html-entities@2.5.0
@wordpress/i18n@3.6.0
@wordpress/is-shallow-equal@1.5.0
@wordpress/jest-console@3.2.0
@wordpress/jest-preset-default@4.3.0
@wordpress/jest-puppeteer-axe@1.2.0
@wordpress/keycodes@2.5.0
@wordpress/library-export-default-webpack-plugin@1.4.0
@wordpress/list-reusable-blocks@1.6.0
@wordpress/media-utils@1.0.0
@wordpress/notices@1.6.0
@wordpress/npm-package-json-lint-config@2.1.0
@wordpress/nux@3.5.0
@wordpress/plugins@2.5.0
@wordpress/postcss-themes@2.2.0
@wordpress/priority-queue@1.3.0
@wordpress/redux-routine@3.5.0
@wordpress/rich-text@3.5.0
@wordpress/scripts@3.4.0
@wordpress/server-side-render@1.1.0
@wordpress/shortcode@2.4.0
@wordpress/token-list@1.5.0
@wordpress/url@2.7.0
@wordpress/viewport@2.6.0
@wordpress/wordcount@2.5.0

In version 6.4:
@wordpress/annotations@1.6.0
@wordpress/api-fetch@3.5.0
@wordpress/autop@2.5.0
@wordpress/babel-preset-default@4.5.0
@wordpress/block-editor@3.1.0
@wordpress/block-library@2.8.0
@wordpress/block-serialization-default-parser@3.4.0
@wordpress/block-serialization-spec-parser@3.3.0
@wordpress/blocks@6.6.0
@wordpress/components@8.2.0
@wordpress/compose@3.6.0
@wordpress/core-data@2.6.0
@wordpress/data-controls@1.2.0
@wordpress/data@4.8.0
@wordpress/date@3.5.0
@wordpress/dependency-extraction-webpack-plugin@1.2.0
@wordpress/deprecated@2.6.0
@wordpress/docgen@1.4.0
@wordpress/dom@2.5.0
@wordpress/e2e-test-utils@2.3.0
@wordpress/e2e-tests@1.5.0
@wordpress/edit-post@3.7.0
@wordpress/editor@9.6.0
@wordpress/element@2.7.0
@wordpress/eslint-plugin@3.0.0
@wordpress/format-library@1.8.0
@wordpress/hooks@2.6.0
@wordpress/is-shallow-equal@1.6.0
@wordpress/jest-console@3.3.0
@wordpress/jest-preset-default@5.0.0
@wordpress/jest-puppeteer-axe@1.3.0
@wordpress/keycodes@2.6.0
@wordpress/list-reusable-blocks@1.7.0
@wordpress/media-utils@1.1.0
@wordpress/notices@1.7.0
@wordpress/nux@3.6.0
@wordpress/plugins@2.6.0
@wordpress/project-management-automation@1.0.0
@wordpress/redux-routine@3.6.0
@wordpress/rich-text@3.6.0
@wordpress/scripts@4.0.0
@wordpress/server-side-render@1.2.0
@wordpress/token-list@1.6.0
@wordpress/viewport@2.7.0
@wordpress/wordcount@2.6.0

In version 6.5:
@wordpress/annotations@1.7.0
@wordpress/api-fetch@3.6.0
@wordpress/babel-preset-default@4.6.0
@wordpress/block-directory@1.0.0
@wordpress/block-editor@3.2.0
@wordpress/block-library@2.9.0
@wordpress/blocks@6.7.0
@wordpress/components@8.3.0
@wordpress/compose@3.7.0
@wordpress/core-data@2.7.0
@wordpress/data-controls@1.3.0
@wordpress/data@4.9.0
@wordpress/dependency-extraction-webpack-plugin@2.0.0
@wordpress/e2e-test-utils@2.4.0
@wordpress/e2e-tests@1.7.0
@wordpress/edit-post@3.8.0
@wordpress/editor@9.7.0
@wordpress/element@2.8.0
@wordpress/eslint-plugin@3.1.0
@wordpress/format-library@1.9.0
@wordpress/list-reusable-blocks@1.8.0
@wordpress/media-utils@1.2.0
@wordpress/notices@1.8.0
@wordpress/nux@3.7.0
@wordpress/plugins@2.7.0
@wordpress/rich-text@3.7.0
@wordpress/scripts@5.0.0
@wordpress/server-side-render@1.3.0
@wordpress/url@2.8.0
@wordpress/viewport@2.8.0

Props youknowriad desrosj noisysocks pento jorgefilipecosta iseulde

Fixes: #47843


Built from https://develop.svn.wordpress.org/trunk@46189


git-svn-id: http://core.svn.wordpress.org/trunk@46001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-19 15:19:18 +00:00
Sergey Biryukov 7c9d4950b7 Bootstrap/Load: Reorganize the initialization flow so that the check for PHP and MySQL requirements could run as early as possible.
This allows us to use PHP 5.6+ syntax in more files, and display a proper error message on older PHP versions, instead of causing a parse error.

Fixes #48059.
Built from https://develop.svn.wordpress.org/trunk@46183


git-svn-id: http://core.svn.wordpress.org/trunk@45995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-19 12:02:58 +00:00
jorgefilipecosta b7fbf7d373 Block Editor: Backport block styles server functions from block editor.
This commit backports the block styles functionality added to the block editor in https://github.com/WordPress/gutenberg/pull/16356.

Props: youknowriad, aduth, swissspidy.
Fixes #48039.
Built from https://develop.svn.wordpress.org/trunk@46111


git-svn-id: http://core.svn.wordpress.org/trunk@45923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 18:21:54 +00:00
Sergey Biryukov 7f7480cb2a Docs: Add missing description for `$wp_query` and `$wp_the_query` globals.
Props mukesh27.
See #45604, #47110.
Built from https://develop.svn.wordpress.org/trunk@45739


git-svn-id: http://core.svn.wordpress.org/trunk@45550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:59:56 +00:00
Sergey Biryukov e0311b76c7 Docs: Add missing description for `$wp_locale` global.
Props mukesh27.
See #45604, #47110.
Built from https://develop.svn.wordpress.org/trunk@45737


git-svn-id: http://core.svn.wordpress.org/trunk@45548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:46:55 +00:00
Sergey Biryukov ea606165a5 Docs: Add missing description for `$wp` global.
See #45604, #47110.
Built from https://develop.svn.wordpress.org/trunk@45736


git-svn-id: http://core.svn.wordpress.org/trunk@45547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:28:55 +00:00
Sergey Biryukov b1e34ccc1f Docs: Add missing description for `$wp_rewrite` global.
See #45604, #47110.
Built from https://develop.svn.wordpress.org/trunk@45735


git-svn-id: http://core.svn.wordpress.org/trunk@45546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:19:56 +00:00
Sergey Biryukov 29b072e706 Docs: Add missing description for `$wpdb`, `$wp_db_version`, and `$wp_current_db_version` globals.
Props mukesh27, utsav72640, immeet94, SergeyBiryukov.
See #45604.
Built from https://develop.svn.wordpress.org/trunk@45734


git-svn-id: http://core.svn.wordpress.org/trunk@45545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:12:56 +00:00
Sergey Biryukov cff445d55f Coding Standards: Move `wp-includes/date.php` to `wp-includes/class-wp-date-query.php`.
This renames the file containing the `WP_Date_Query` class to conform to the coding standards.

This commit also includes:

- A new `date.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.

Fixes #47775. See #47632.
Built from https://develop.svn.wordpress.org/trunk@45678


git-svn-id: http://core.svn.wordpress.org/trunk@45489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-25 23:31:56 +00:00
Gary Pendergast af0a914d14 Coding Standards: Move `wp-includes/class-oembed.php` to `wp-includes/class-wp-oembed.php`.
This renames the file containing the `WP_oEmbed` class to conform to the coding standards.

This commit also includes:

- A new `class-oembed.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.

See #47632.


Built from https://develop.svn.wordpress.org/trunk@45663


git-svn-id: http://core.svn.wordpress.org/trunk@45474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-19 04:32:57 +00:00
Gary Pendergast abcbee954f Coding Standards: Fix instances of `WordPress.PHP.NoSilencedErrors.Discouraged`.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Gary Pendergast b2d5a4216c Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in the base directory.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45582


git-svn-id: http://core.svn.wordpress.org/trunk@45393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-01 08:27:58 +00:00
Andrew Ozz d0c1b77cda Privacy tools:
- Move the (remaining) privacy tools related functions from `wp-admin/includes/file.php` to `wp-admin/includes/privacy-tools.php`.
- Move the `WP_User_Request` class to a separate file.

See #43895.
Built from https://develop.svn.wordpress.org/trunk@45519


git-svn-id: http://core.svn.wordpress.org/trunk@45330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 23:54:53 +00:00
Sergey Biryukov 4e4e8fa110 Bootstrap/Load: Ensure the fatal error handler is registered after `WP_CONTENT_DIR` is defined, so the custom error handler drop-in could be properly loaded.
Props sebastian.pisula, diddledan.
Fixes #46069.
Built from https://develop.svn.wordpress.org/trunk@45056


git-svn-id: http://core.svn.wordpress.org/trunk@44865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-28 19:04:51 +00:00
Sergey Biryukov 3f6a9eb0e3 Bootstrap/Load: Always run the fatal error handler at shutdown, but don't display the PHP error template once headers are sent.
If a fatal error occurs midway through a page load, or in a REST API request, it still needs to be handled internally for the recovery mode, but the custom message may conflict with already rendered output, e.g. by displaying HTML markup in an XML or JSON request.

Props spacedmonkey, flixos90, TimothyBlynJacobs.
Fixes #45989. See #44458.
Built from https://develop.svn.wordpress.org/trunk@45014


git-svn-id: http://core.svn.wordpress.org/trunk@44823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-26 20:30:53 +00:00
Felix Arntz 3a77265148 Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44973


git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 21:53:51 +00:00
Felix Arntz dcb9d7cc7b Bootstrap/Load: Introduce fatal error handler.
This changeset introduces a `WP_Fatal_Error_Handler` class that detects fatal errors and displays a more user-friendly message about the site experiencing technical difficulties.

Websites that have custom requirements in that regard can implement their own fatal error handler by adding a `fatal-error-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Fatal_Error_Handler`. That handler will then be used in place of the default one. Alternatively, the fatal error handler feature can be completely disable through a constant `WP_DISABLE_FATAL_ERROR_HANDLER`.

Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in. For more granular customization, the fatal error handler also includes new filters `wp_should_handle_php_error`, `wp_php_error_message` and `wp_php_error_args`.

Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey, timothyblynjacobs.
See #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44962


git-svn-id: http://core.svn.wordpress.org/trunk@44793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 16:03:51 +00:00
youknowriad 2d58d57e38 Block Editor: Update the WordPress Packages from Gutenberg 5.2.
Updated Packages:

 - @wordpress/a11y@2.1.0
 - @wordpress/annotations@1.1.0
 - @wordpress/api-fetch@3.0.0
 - @wordpress/autop@2.1.0
 - @wordpress/babel-plugin-import-jsx-pragma@2.0.0
 - @wordpress/babel-plugin-makepot@3.0.0
 - @wordpress/babel-preset-default@4.0.0
 - @wordpress/blob@2.2.0
 - @wordpress/block-editor@1.0.0
 - @wordpress/block-library@2.3.0
 - @wordpress/block-serialization-default-parser@3.0.0
 - @wordpress/block-serialization-spec-parser@3.0.0
 - @wordpress/blocks@6.1.0
 - @wordpress/browserslist-config@2.3.0
 - @wordpress/components@7.1.0
 - @wordpress/compose@3.1.0
 - @wordpress/core-data@2.1.0
 - @wordpress/custom-templated-path-webpack-plugin@1.2.0
 - @wordpress/data@4.3.0
 - @wordpress/date@3.1.0
 - @wordpress/deprecated@2.1.0
 - @wordpress/docgen@1.0.0
 - @wordpress/dom-ready@2.1.0
 - @wordpress/dom@2.1.0
 - @wordpress/e2e-test-utils@1.0.0
 - @wordpress/e2e-tests@1.0.0
 - @wordpress/edit-post@3.2.0
 - @wordpress/editor@9.1.0
 - @wordpress/element@2.2.0
 - @wordpress/escape-html@1.1.0
 - @wordpress/eslint-plugin@2.0.0
 - @wordpress/format-library@1.3.0
 - @wordpress/hooks@2.1.0
 - @wordpress/html-entities@2.1.0
 - @wordpress/i18n@3.2.0
 - @wordpress/is-shallow-equal@1.2.0
 - @wordpress/jest-console@3.0.0
 - @wordpress/jest-preset-default@4.0.0
 - @wordpress/jest-puppeteer-axe@1.0.0
 - @wordpress/keycodes@2.1.0
 - @wordpress/library-export-default-webpack-plugin@1.1.0
 - @wordpress/list-reusable-blocks@1.2.0
 - @wordpress/notices@1.2.0
 - @wordpress/npm-package-json-lint-config@1.2.0
 - @wordpress/nux@3.1.0
 - @wordpress/plugins@2.1.0
 - @wordpress/postcss-themes@2.0.0
 - @wordpress/priority-queue@1.0.0
 - @wordpress/redux-routine@3.1.0
 - @wordpress/rich-text@3.1.0
 - @wordpress/scripts@3.0.0
 - @wordpress/shortcode@2.1.0
 - @wordpress/token-list@1.2.0
 - @wordpress/url@2.4.0
 - @wordpress/viewport@2.2.0
 - @wordpress/wordcount@2.1.0

This also includes the update to the scripts dependencies and the new widgets php files.

Props iseulde.
Fixes #46429.

Built from https://develop.svn.wordpress.org/trunk@44808


git-svn-id: http://core.svn.wordpress.org/trunk@44640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-07 09:09:59 +00:00
Felix Arntz 92c3c46abe Bootstrap/Load: Revert fatal error recovery mechanism from 5.1 to polish for 5.2.
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.

Fixes #46141. See #44458, #45932, #45940, #46038, #46047, #46068.

Built from https://develop.svn.wordpress.org/trunk@44717


git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-30 11:01:52 +00:00