This aims to avoid a security warning in Chrome, which could previously be triggered even if the default value is not actually used as a password.
Follow-up to [208], [230], [233], [662], [1599], [1601]
Props adamkheckler, sabernhardt, peterwilsoncc, psykro, petitphp.
Fixes#61332.
Built from https://develop.svn.wordpress.org/trunk@58928
git-svn-id: http://core.svn.wordpress.org/trunk@58324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure new multisite installs are up to date with the current mime types supported in core.
Note that this will only affect newly created networks, since this is only used to populate the schema for new networks, not change the allowed mime types for existing networks
Props spacedmonkey, costdev, pavanpatil1, joemcgill, rajinsharwar, tb1909.
Fixes#53167.
Built from https://develop.svn.wordpress.org/trunk@58400
git-svn-id: http://core.svn.wordpress.org/trunk@57849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving AVIF images when supported by the server.
Add 'image/avif' to supported mime types. Correctly identify AVIF images and sizes even when PHP doesn't support AVIF. Resize uploaded AVIF files (when supported) and use for front end markup.
Props adamsilverstein, lukefiretoss, ayeshrajans, navjotjsingh, Tyrannous, jb510, gregbenz, nickpagz, JavierCasares, mukesh27, yguyon, swissspidy.
Fixes#51228.
Built from https://develop.svn.wordpress.org/trunk@57524
git-svn-id: http://core.svn.wordpress.org/trunk@57025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress creates attachment pages by default for every attachment uploaded. On the vast majority of sites, these attachment pages don't contain any meaningful information. They do however exist, get indexed by search engines, and sometimes even rank in search results, leading to bad results for users and site owners.
This commit introduces a `wp_attachment_pages_enabled` database option to control the attachment pages behavior:
* On existing sites, the option is set to `1` on upgrade, so that attachment pages continue to work as is.
* For new sites, the option is set to to `0` by default, which means attachment pages are redirected to the attachment URL.
* Sites that want to enable or disable the attachment pages can set the option to `1` or `0`, respectively.
Follow-up to [2958], [3303], [7149], [34690].
Props aristath, poena, afercia, joostdevalk, jonoaldersonwp, azaozz, johnbillion, joedolson, basiliskan, audrasjb, davelo, rilwis, manfcarlo, tyxla, garrett-eclipse, seedsca, eatingrules, matveb, antpb, zodiac1978, oglekler, zunaid321, costdev, SergeyBiryukov.
Fixes#57913.
Built from https://develop.svn.wordpress.org/trunk@56657
git-svn-id: http://core.svn.wordpress.org/trunk@56169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This moves the query for user ID of the new network's administrator closer to where the value is actually used.
Includes removing unnecessary `get_userdata()` call, as user ID is the only data needed here.
Follow-up to [12756], [35575], [43628].
Props nihar007, sakibmd, mukesh27, costdev, SergeyBiryukov.
Fixes#58423.
Built from https://develop.svn.wordpress.org/trunk@55869
git-svn-id: http://core.svn.wordpress.org/trunk@55381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of caching main site id an object cache, store main site id on a network options. This results in less database queries on sites without persistent object caching.
Props spacedmonkey, johnjamesjacoby, peterwilsoncc, desrosj.
Fixes#55802.
Built from https://develop.svn.wordpress.org/trunk@54256
git-svn-id: http://core.svn.wordpress.org/trunk@53815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Global terms was a feature from the WordPress MU days where multisite and single site installs used different code bases.
In WordPress 3.0, WordPress MU was merged into one location and the UI [14854] and “on” switch [14880] for global terms were completely removed.
Even before this merge, global terms was bug infested and unreliable. After [14854]/[14880], the feature was no longer maintained and became increasingly broken as taxonomies progressed without it (term splitting and term meta do not work at all). At this point, the feature has not worked in 12+ years and there’s no hope for saving it.
This deprecates the remaining global terms related code and no-ops the functions.
Global terms, you don’t have to go home, but you can’t stay here.
Props scribu, wonderboymusic, SergeyBiryukov, nacin, pento, desrosj, johnjamesjacoby, johnbillion, dd32.
Fixes#21734.
Built from https://develop.svn.wordpress.org/trunk@54240
git-svn-id: http://core.svn.wordpress.org/trunk@53799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a bug where if the default `timezone_string` is set to a deprecated timezone name due to a localization providing an outdated timezone name string, this localized timezone string would be discarded and an empty string would be set as the timezone value instead.
By passing the `DateTimeZone::ALL_WITH_BC` constant as the `$timezoneGroup` parameter to the PHP native `timezone_identifiers_list()` function, a timezone name list is retrieved containing both current and deprecated timezone names, preventing the invalidation of the option value.
See the extensive write-up about this in ticket #56468.
Also see: [https://www.php.net/manual/en/datetimezone.listidentifiers.php PHP Manual: timezone_identifiers_list()].
Includes:
* Expanding the translators comment to encourage translators to use “old” names over “new” names.
* Adding a dedicated test to the `Tests_Admin_IncludesSchema` test class.
Follow-up to [54207], [54217], [54227], [54229], [54230].
Props jrf, costdev.
See #56468.
Built from https://develop.svn.wordpress.org/trunk@54232
git-svn-id: http://core.svn.wordpress.org/trunk@53791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces the default "Just another WordPress site" tagline with an empty string for new installations. The reasoning is:
1. Not all themes display the tagline;
2. Not everyone changes the default tagline;
3. When people don't see the tagline in their theme, they may not realize it is still visible in some places, like feeds.
The string "Just another WordPress site" and the related multisite string: "Just another {NETWORK} site" are now only used as a placeholder for the tagline admin option.
Props markjaquith, Denis-de-Bernardy, westi, RyanMurphy, kovshenin, SergeyBiryukov, chriscct7, tyxla, hyperbrand, karmatosed, lukecavanagh, melchoyce, boemedia, khag7, sabernhardt, audrasjb, peterwilsoncc, costdev, martinkrcho, rafiahmedd.
Fixes#6479.
Built from https://develop.svn.wordpress.org/trunk@53815
git-svn-id: http://core.svn.wordpress.org/trunk@53374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently in WordPress multisite there is a concept of large networks. The function `wp_is_large_network` is used to determine if a network has a large number of sites or users. If a network is marked as large, then
expensive queries to calculate user counts are not run on page load but deferred to scheduled events. However there are a number of places in a single site installation where this functionality would also be useful, as
expensive calls to count users and roles can make screens in the admin extremely slow.
In this change, the `get_user_count` function and related functionality around it is ported to be available in a single site context. This means that expensive calls to the `count_users` function are replaced with
calls to `get_user_count`. This change also includes a new function called `wp_is_large_user_count` and a filter of the same name, to mark if a site is large.
Props johnbillion, Spacedmonkey, Mista-Flo, lumpysimon, tharsheblows, obenland, miss_jwo, jrchamp, flixos90, macbookandrew, pento, desrosj, johnjamesjacoby, jb510, davidbaumwald, costdev.
Fixes#38741.
Built from https://develop.svn.wordpress.org/trunk@53011
git-svn-id: http://core.svn.wordpress.org/trunk@52600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a one-off notice to the dashboard in the event WordPress has automatically deactivated a plugin due to incompatibility with the new version of WordPress.
Introduces the new private function `deactivated_plugins_notice()` to display the notice in the dashboard. Introduces the new auto-loaded option `wp_force_deactivated_plugins` to store a list of automatically deactivated plugins; the option is used on both a site and network level.
Follow up to [51180].
Props desrosj, jorbin, azaozz, SergeyBiryukov, peterwilsoncc.
See #53432.
Built from https://develop.svn.wordpress.org/trunk@51266
git-svn-id: http://core.svn.wordpress.org/trunk@50875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
Built from https://develop.svn.wordpress.org/trunk@50810
git-svn-id: http://core.svn.wordpress.org/trunk@50419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a throttle mechanism to plugin and theme auto-update failure emails using similar logic to the email sent for a Core auto-update.
The first time a plugin or theme auto-update fails, the package and `new_version` will be tracked in the `auto_plugin_theme_update_emails` option. An email for this specific update attempt will not be resent.
However, if this update fails again and non-repeat failures or successful updates are also present, then the failure information will be included in that email (an email needs to be sent for the new events regardless).
Props johnbillion, arpitgshah, desrosj, audrasjb, pbiron, earnjam.
Fixes#50448.
Built from https://develop.svn.wordpress.org/trunk@48397
git-svn-id: http://core.svn.wordpress.org/trunk@48166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of the continued effort to improve PHP compatibility, the following improvments are being made:
- Removing deprecated PHP `safe_mode` checks not found in bundled external libraries.
- Change the remaining `while` loops using `each()` to `foreach` loops.
- Prevent false positives from being flagged for the `sodium_compat` library being caused by loading this in a non-standard way.
- Add inline comments to not flag deprecated PHP directives in the getID3 library.
Props desrosj, earnjam, dryanpress.
See #49922.
Built from https://develop.svn.wordpress.org/trunk@47735
git-svn-id: http://core.svn.wordpress.org/trunk@47511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first step to bring support for custom comment types into WordPress.
Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.
Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes#49236.
Built from https://develop.svn.wordpress.org/trunk@47597
git-svn-id: http://core.svn.wordpress.org/trunk@47372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `erase_others_personal_data`
* `export_others_personal_data`
* `manage_privacy_options`
Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately.
Additionally, `manage_privacy_options` is added to the Editor role.
Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins.
Fixes#44176.
Built from https://develop.svn.wordpress.org/trunk@47269
git-svn-id: http://core.svn.wordpress.org/trunk@47069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of the Multisite installation process, a `blog_versions` table is created. This table is never read from (except immediately prior to updating it), it's only ever inserted into or updated. It is not used to determine which blogs need to be upgraded.
This table was introduced in 3.0 when the WPMU schema was merged #11644 and it appears the table has never been used in core and is therefore redundant and may as well be removed.
Props johnbillion, nacin, ryan, johnjamesjacoby, whyisjake.
Fixes#19755. See #41685.
Built from https://develop.svn.wordpress.org/trunk@46194
git-svn-id: http://core.svn.wordpress.org/trunk@46006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With this change, the result of a site or network lookup by ID will be cached even if the ID does not exist. When a new site or network is created, the cache for the respective new ID is cleared.
Props mnelson4, nielsdeblaauw.
Fixes#42251.
Built from https://develop.svn.wordpress.org/trunk@45910
git-svn-id: http://core.svn.wordpress.org/trunk@45721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Most sites will be unaffected by this change, but those with a large number of rows in `wp_options`, only a small number of which have `autoload` set, will see a significant performance improvement.
Sites with a large number of rows in `wp_options`, with many of them having `autoload` set will unfortunately see a performance penalty on top of the already very slow queries they're running, but this should be the minority of cases.
Props DanBUK.
Fixes#24044.
Built from https://develop.svn.wordpress.org/trunk@45805
git-svn-id: http://core.svn.wordpress.org/trunk@45616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Add the `admin_email_lifespan` option when installing. Fixes a bug where the verification screen is shown right after installation.
- Reset the same option when upgrading and the user doing the DB upgrade is not an admin. This will ensure the email verification is shown next time an admin logs in.
- Use `site_url()` instead of `network_site_url()` for the form action. The latter seems needed only for password reset.
See #46349.
Built from https://develop.svn.wordpress.org/trunk@45788
git-svn-id: http://core.svn.wordpress.org/trunk@45599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `populate_site_meta` filter can be used to modify the site meta added during the creation of a new site. This filter mirrors the approach used for networks in `populate_network_meta`.
Props spacedmonkey, davidbaumwald.
Fixes#46437.
Built from https://develop.svn.wordpress.org/trunk@44912
git-svn-id: http://core.svn.wordpress.org/trunk@44743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of this commit, WordPress is no longer a simple blogging platform. It's now a comprehensive publishing solution.
This also replaces a couple of other "blog" references that were missed previously.
Props igmoweb, Valer1e, audrasjb, pento.
Fixes#41000.
Built from https://develop.svn.wordpress.org/trunk@44455
git-svn-id: http://core.svn.wordpress.org/trunk@44286 1a063a9b-81f0-0310-95a4-ce76da25c4cd