This adds additional hardening to the Autoload options Health Check to avoid potential bugs when extenders return unserialzed values from `wp_load_alloptions()`.
Follow-up to [58332].
Props mukesh27, joemcgill, westonruter.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58338
git-svn-id: http://core.svn.wordpress.org/trunk@57794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new Site Health check that will alert site owners if they are autoloading a large amount of data from the options table, as it could result in poor performance. The issue will be shown if the size of autoloaded options is greater than 800 KB, which can be adjusted using the new `site_status_autoloaded_options_size_limit` filter.
Props mukesh27, joemcgill, rajinsharwar, costdev, audrasjb, krupajnanda, pooja1210, Ankit K Gupta, johnbillion, oglekler.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58332
git-svn-id: http://core.svn.wordpress.org/trunk@57788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset deactivates the download authenticity message by disabling package signature verification, at least until software signing is fully implemented on wordpress.org. The provided message had no actionability and only led to more support.
Props jipmoors, afercia, bridgetwillard, s0what, rajinsharwar, audrasjb, johnbillion, peterwilsoncc.
Fixes#47315.
Built from https://develop.svn.wordpress.org/trunk@58319
git-svn-id: http://core.svn.wordpress.org/trunk@57776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[58139] introduced debugging flags to ensure debugging output would only be shown when both the `WP_DEBUG` and `WP_DEBUG_LOG` constants are defined as true. However, some of the flags incorrectly use `WP_DEBUG_DISPLAY` rather than `WP_DEBUG_LOG`.
This fixes the flags to consistently use `WP_DEBUG` and `WP_DEBUG_LOG` as intended.
Follow-up to [58128], [58139].
Props rogermedia, afragen, swissspidy, costdev.
Fixes#58281.
Built from https://develop.svn.wordpress.org/trunk@58309
git-svn-id: http://core.svn.wordpress.org/trunk@57766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Rollback Auto-Update feature introduced additional maintenance mode toggling.
After installing WordPress in a non-English (US) language, translation updates are performed automatically. As there may be a large number of updates for Core and bundled themes, users will be presented with a maintenance notice upon visiting the newly installed website.
To avoid concerning users that the website has failed to install correctly, this excludes translation updates from triggering the additional maintenance mode toggling.
Follow-up to [58128].
Props benniledl, afragen, rajinsharwar, costdev.
Fixes#61260. See #58281.
Built from https://develop.svn.wordpress.org/trunk@58308
git-svn-id: http://core.svn.wordpress.org/trunk@57765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Just like Site Health lists the paths to the plugins/themes/uploads directories, this changeset adds the path to the fonts directory (and its size).
Props swissspidy, andr3ribeiro, krupajnanda, ironprogrammer, iamfarhan09, naeemhaque, imasikur22, tofajjal02, sarkarripon, prottoysarkar, zunaid321, imranhasanraaz, rajinsharwar, nazmul111, audrasjb, peterwilsoncc.
Fixes#60719.
Built from https://develop.svn.wordpress.org/trunk@58299
git-svn-id: http://core.svn.wordpress.org/trunk@57759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #50824 support was added for a package to include a disable_autoupdate flag to indicate that the plugin/theme should not be auto-updated even if a user had opted-in via the WP-Admin UI. However, the logic implementing the flag was inverted.
This commit repairs the logic. If a package has disable_autoupdate set, then it should not be auto-updated.
Props amisiewicz.
Fixes#52796.
Built from https://develop.svn.wordpress.org/trunk@58285
git-svn-id: http://core.svn.wordpress.org/trunk@57745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow translators to replace the W3C WAI decision tree link used to provide information about writing alt text. Improves accessibility for non-English speaking content authors.
Props tmatsuur, joedolson, oglekler, SergeyBiryukov, myhro, sabernhardt.
Fixes#60975.
Built from https://develop.svn.wordpress.org/trunk@58240
git-svn-id: http://core.svn.wordpress.org/trunk@57703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The post editor uses the permalink_template property from the posts REST API to render the post slug input or not. For auto-drafts or newly created posts, this property was not set properly. This PR solves by fixing the get_sample_permalink function used to compute this property.
Props youknowriad, mcsf, antonvlasenko, azaozz, peterwilsoncc, andrewserong, hellofromTonya, spacedmonkey.
Fixes#59283.
Built from https://develop.svn.wordpress.org/trunk@58174
git-svn-id: http://core.svn.wordpress.org/trunk@57637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Clicking on these links initiates an action, so they are more semantically a button rather than a link. Keeping them as an anchor in html allows any existing JS that is targeted to these items to continue to function. The addition of the role helps assistive technology to know that they should treat this as a button.
Props stevejonesdev, sabernhardt, vipulgupta003, rcreators, joedolson.
Fixes#61011.
Built from https://develop.svn.wordpress.org/trunk@58161
git-svn-id: http://core.svn.wordpress.org/trunk@57624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add visible labels to inputs that are using placeholder attributes as a substitute for visible labeling.
Labels added or made visible on the customizer theme search, customizer widget search, customizer menu item search, customizer new page UI, the search plugins screens, the media search screens, and the classic editor link inserter.
Props afercia, joedolson, rcreators, sabernhardt.
See #40331.
Built from https://develop.svn.wordpress.org/trunk@58146
git-svn-id: http://core.svn.wordpress.org/trunk@57611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If organizing uploads into month- and year-based folders, uploading an attachment to an existing post should store the file in `wp-content/uploads/<year>/<month>` based on the post's publish date. This is in line with the behavior in classic editor / the media modal.
Props swissspidy, adamsilverstein, timothyblynjacobs, skithund, sergeybiryukov, patricia70.
Fixes#61189.
Built from https://develop.svn.wordpress.org/trunk@58130
git-svn-id: http://core.svn.wordpress.org/trunk@57595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This builds on the temporary backup system introduced in 6.3 to allow automatic updates to benefit from fatal error protection. A loopback request is performed to the home page of the site and the plugin is rolled back to its backed up version if a fatal error is observed.
For debugging and observability during beta, this change includes several calls to `error_log()` during the upgrade and rollback stages. These calls can be removed or placed behind a flag once we're ready for RC1.
Props costdev, johnbillion, mukesh27, afragen, audrasjb, justlevine, kirasong, peterwilsoncc
Fixes#58281
Built from https://develop.svn.wordpress.org/trunk@58128
git-svn-id: http://core.svn.wordpress.org/trunk@57593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This results in the prevention of an installation running on a port on localhost (for example `localhost:8889`) being converted to a subdomain Multisite installation, whereas previously it was incorrectly allowed.
Props spacedmonkey
See #21077
Built from https://develop.svn.wordpress.org/trunk@58125
git-svn-id: http://core.svn.wordpress.org/trunk@57590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows a Multisite network to use an address that includes a port name, such as `example.com:1234`, and adds support for this to the local development environment too. You can now run a Multisite installation on the local development environment, for example at `localhost:8889`.
This also fixes some bugs with running a single site installation on a port, and updates the testing infrastructure so that the whole test suite runs both with and without a port number.
Props djzone, scribu, nacin, ipstenu, F J Kaiser, jeremyfelt, johnjamesjacoby, spacedmonkey, PerS, Clorith, Blackbam, enrico.sorcinelli, Jules Colle, obliviousharmony, desrosj, johnbillion
Fixes#21077, #52088
Built from https://develop.svn.wordpress.org/trunk@58097
git-svn-id: http://core.svn.wordpress.org/trunk@57562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.
This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input.
Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes#38073.
Built from https://develop.svn.wordpress.org/trunk@58069
git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the translatable strings from the JS template defined in PHP to the `updates.js` script, where `_n()` can be used as recommended.
Props ideag, SergeyBiryukov, daledupreez, audrasjb, ocean90, swissspidy.
Fixes#37287.
Built from https://develop.svn.wordpress.org/trunk@58064
git-svn-id: http://core.svn.wordpress.org/trunk@57529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improve support for using only PHP translation files.
This builds on top of the PHP translation file support added in WordPress 6.5, improving the behavior for projects using solely `.l10n.php` translation files and no `.mo.` and `.po` files.
Updates `wp_get_installed_translations()`, which is used when updating language packs and when uninstalling plugins/themes (to remove the translations again), to look for PHP translation files and read metadata from them. Additionally, the file lookup is now cached thanks to using `WP_Textdomain_Registry`.
Updates `Language_Pack_Upgrader::check_package()` to allow language packs that only contain PHP translation files. While WordPress.org continues to serve `.mo` and `.po` files, third-party services might want to only use the PHP file format.
See #60554.
Built from https://develop.svn.wordpress.org/trunk@58062
git-svn-id: http://core.svn.wordpress.org/trunk@57527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 8.4, declaring function or method parameters with a default value of `null` is deprecated if the type is not nullable.
PHP applications are recommended to ''explicitly'' declare the type as nullable. All type declarations that have a default value of `null`, but without declaring `null` in the type declaration, will emit a deprecation notice:
{{{
function test( array $value = null ) {}
}}}
`Deprecated: Implicitly marking parameter $value as nullable is deprecated, the explicit nullable type must be used instead`
**Recommended Changes**
Change the implicit nullable type declaration to a nullable type declaration, available since PHP 7.1:
{{{#!diff
- function test( string $test = null ) {}
+ function test( ?string $test = null ) {}
}}}
This commit updates the affected instances in core to use a nullable type declaration.
References:
* [https://wiki.php.net/rfc/deprecate-implicitly-nullable-types PHP RFC: Deprecate implicitly nullable parameter types]
* [https://php.watch/versions/8.4/implicitly-marking-parameter-type-nullable-deprecated PHP.Watch: PHP 8.4: Implicitly nullable parameter declarations deprecated]
Follow-up to [28731], [50552], [57337], [57985].
Props ayeshrajans, jrf, audrasjb, jorbin.
Fixes#60786.
Built from https://develop.svn.wordpress.org/trunk@58009
git-svn-id: http://core.svn.wordpress.org/trunk@57480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since WordPress 6.5, the minimum supported version of MySQL and MariaDB is 5.5.5. This means all supported database servers now support the `utf8mb4` character set and therefore the conditional logic for this is no longer necessary.
Props l1nuxjedi, craigfrancis, OllieJones, johnbillion
Fixes#60096
Built from https://develop.svn.wordpress.org/trunk@57926
git-svn-id: http://core.svn.wordpress.org/trunk@57427 1a063a9b-81f0-0310-95a4-ce76da25c4cd