Commit Graph

44700 Commits

Author SHA1 Message Date
johnjamesjacoby 88e9e36233 Help/About: add WordPress version to contextual "Help" sidebar area.
This change adds a new way for users to quickly identify what version of WordPress they are looking at, directly from the "Help" sidebar on the main "Dashboard" page.

* Stable versions will link to their respective support documents.
* Development versions (alpha/beta/RC) will not link anywhere.

Props audrasjb, costdev, donmhico, hellofromtonya, ipstenu, justinahinon, karmatosed, knutsp, marybaum, sergeybiryukov, webcommsat.

Fixes #47848.
Built from https://develop.svn.wordpress.org/trunk@51985


git-svn-id: http://core.svn.wordpress.org/trunk@51574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 19:09:03 +00:00
johnjamesjacoby 43644069ea Permalinks: Sanitize non-visible characters inside `sanitize_title_with_dashes()`.
This change prevents non-visible characters in titles from creating encoded values in permalinks, opting instead for the following replacement strategy:

* Non-visible non-zero-width characters are replaced with hyphens
* Non-visible zero-width characters are removed entirely

Included with this change are 64 additional PHPUnit assertions to confirm that only the targeted non-visible characters are sanitized as intended.

Before this change, URLs would unintentionally contain encoded values where these non-visible characters were. After this change, URLs intentionally strip out or hyphenate these non-visible characters.

Props costdev, dhanendran, hellofromtonya, paaljoachim, peterwilsoncc, poena, sergeybiryukov.

Fixes #47912.
Built from https://develop.svn.wordpress.org/trunk@51984


git-svn-id: http://core.svn.wordpress.org/trunk@51573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 18:47:57 +00:00
Sergey Biryukov 3ab8d52d78 Media: Use `WP_Query::get()` method to retrieve the `posts_per_page` value in `wp_ajax_query_attachments()`.
This avoids a PHP notice and ensures that a default value is always provided if none is set by the user.

Follow-up to [51145], [51485].

Props davidwebca, mukesh27.
Fixes #54129.
Built from https://develop.svn.wordpress.org/trunk@51982


git-svn-id: http://core.svn.wordpress.org/trunk@51571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 18:30:02 +00:00
johnjamesjacoby fae48afc92 Application Passwords: display guiding text & link in `user-edit.php` when unavailable.
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.

It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.

Props ashfame, audrasjb, iluy, johnbillion.

Fixes  #53658.
Built from https://develop.svn.wordpress.org/trunk@51980


git-svn-id: http://core.svn.wordpress.org/trunk@51569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:57:03 +00:00
johnjamesjacoby 6d451fb64b Admin/UI-Copy: reword some "we" usages.
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:

> the word “we” should be avoided (...) unless its made very clear which group is speaking

(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)

Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.

Fixes  #46057.
Built from https://develop.svn.wordpress.org/trunk@51979


git-svn-id: http://core.svn.wordpress.org/trunk@51568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:37:57 +00:00
johnjamesjacoby f5991aed63 Themes: Introduce `get_header_image_tag_attributes` hook.
This change adds a filter inside of the `get_header_image_tag()` function allowing developers to filter the attributes of the header image HTML tag before they are escaped, concatenated, and returned.

Before this change, it was not possible to externally and preemptively intercept this array of attributes. After this change, these attributes can now be easily filtered, matching it nicely to the `wp_get_attachment_image_attributes` hook.

Props audrasjb, chaion07, junaidbhura, sabernhardt.

Fixes #38942.
Built from https://develop.svn.wordpress.org/trunk@51978


git-svn-id: http://core.svn.wordpress.org/trunk@51567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:21:58 +00:00
johnjamesjacoby f60dae0731 Admin/Menu: include `960` exact pixel width in collapse measurements.
This change removes a 1 pixel gap in the measurement of the viewport width when clicking the "Collapse menu" button (at the bottom of the admin menu UI) when already collapsed, causing the menu not to open as intended when exactly 960 pixels wide.

Before this change, the menu would be stuck in the collapsed position. After this change, the menu opens as expected.

Props abesell132, ankit-k-gupta, audrasjb, boniu91, mai21, sabernhardt, webaxones.

Fixes #54210.
Built from https://develop.svn.wordpress.org/trunk@51977


git-svn-id: http://core.svn.wordpress.org/trunk@51566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:07:57 +00:00
johnjamesjacoby dd7cb532a1 Admin/Discussion Settings: attempt to clarify intent of "Default post settings" section.
This changes the descriptive text underneath 3 settings that are frequently overridden by individual posts & pages, and are also often misunderstood to work differently than they do.

"(These settings may be overridden for individual posts.)"

...becomes...

"Individual posts may override these settings. Changes here will only be applied to new posts."

* Parenthesis were removed to improve text layout and flow for RTL languages.
* Original statement was reworded to emphasize "individual posts".
* New statement provides clarity to users about settings changes not being retroactive.

Props audrasjb, johnjamesjacoby, sabbirshouvo, sabernhardt, tobifjellner.

Fixes #54300.
Built from https://develop.svn.wordpress.org/trunk@51976


git-svn-id: http://core.svn.wordpress.org/trunk@51565 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 16:42:59 +00:00
johnjamesjacoby 791998fb7c Admin/Comments: remove bespoke truncation from search string HTML.
This change removes a call to `wp_html_excerpt()` used on the HTML output of the search string, supplied by the current user in the previous page request via the named `s` input in the search-box UI.

If the search string is extremely long, it wraps around the available empty space in a way that is not visually displeasing, confirming that truncation is not a requirement here.

This also addresses a small accessibility concern as the non-truncated string was not alternatively presented, and helps normalize the output of `$_REQUEST['s']` for more broad improvements in the future.

Props hareesh-pillai, jakubtyrcha, johnjamesjacoby, lukecavanagh, sabernhardt.

Fixes #17636.
Built from https://develop.svn.wordpress.org/trunk@51975


git-svn-id: http://core.svn.wordpress.org/trunk@51564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 15:57:59 +00:00
joedolson a5293aa581 Build/Test Tools: Restore changes to package.json.
Reverts changes to package.json and package-lock.json accidentally committed in [51967].

Props tobiasbg.
Fixes #54054.
Built from https://develop.svn.wordpress.org/trunk@51974


git-svn-id: http://core.svn.wordpress.org/trunk@51563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 14:26:14 +00:00
hellofromTonya cf0274e1ca REST API: Add URL Details endpoint.
Adds a new REST API endpoint (`/wp-block-editor/v1/url-details`) for retrieving information from an external URL.

Information retrieved:

* Title: content of the `<title>` element
* Icon: favicon image link
* Description: content of the `description` or `og:description` meta element
* Image: OG image link

This endpoint is used by the block editor for link previews.

Props get_dave, aduth, andraganescu, beaulebens, hellofromTonya, kevin940726, mamaduka, marekhrabe, mnelson4, noisysocks, obenland, ocean90, retrofox, shaunandrews, spacedmonkey, swissspidy, timothyblynjacobs, xknown, youknowriad.
Fixes #54358.
Built from https://develop.svn.wordpress.org/trunk@51973


git-svn-id: http://core.svn.wordpress.org/trunk@51562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 12:48:00 +00:00
joedolson c90e2fe4f2 Widgets: Remove unused CSS breaking wp_text_diff layout.
Remove CSS used in version of `wp_text_diff` prior to [50034]. Orphaned CSS breaks default layout of function output, but is overridden in the revisions screen.

Props mt8.biz, hareesh-pillai, mukesh27.
Fixes #54140.
Built from https://develop.svn.wordpress.org/trunk@51972


git-svn-id: http://core.svn.wordpress.org/trunk@51561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 23:14:00 +00:00
joedolson 67779da49f Widgets: Use a text-based button to select location.
The WordPress Events and News widget used an icon-only button to select a location. The Pencil icon alone provided insufficient context and labeling for accessibility. Add text to clearly describe button action and change icon to represent a location marker. 

Props AmethystAnswers, sabernhardt.
Fixes #53311.
Built from https://develop.svn.wordpress.org/trunk@51971


git-svn-id: http://core.svn.wordpress.org/trunk@51560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 22:54:57 +00:00
hellofromTonya 69dc72d0b9 Site Health: Internationalizes count in the info section headings.
If a site health info section includes the `show_count` parameter, this commit internationalizes the count.

Follow-up to [45176].

Props johnbillion, swissspidy.
Fixes #54341.
Built from https://develop.svn.wordpress.org/trunk@51970


git-svn-id: http://core.svn.wordpress.org/trunk@51559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 22:36:59 +00:00
joedolson a841368a3e Editor: Include post's title in editor `title` element.
Include the current post title in the `title` element when editing a post. Improve accessibility by distinguishing between different edit screens in the browser tab list. 

Props skierpage, alexstine, audrasjb, sabernhardt.
Fixes #52314.
Built from https://develop.svn.wordpress.org/trunk@51969


git-svn-id: http://core.svn.wordpress.org/trunk@51558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 22:32:58 +00:00
hellofromTonya 1c73f953c3 Build/Test Tools: Ignore "null to nullable" deprecations for select tests.
Adds an expectation for PHP 8.1 "passing null to non-nullable" deprecation notice to select tests where the deprecation is generated by one of the functions in the `wp-includes/formatting.php` file, either via a filter hook callback or by a direct call.

Instead of haphazardly fixing these issues exposed by the tests, a more structural and all-encompassing solution for input validation should be architected and implemented as otherwise, we'll keep running into similar issues time and again with each new PHP version.

To discourage people from "fixing" these issues now anyway, this commit "hides" nearly all of these issues from the test runs.

Once a more structural solution is designed, these tests and the underlying functions causing the deprecation notices should be revisited and the structural solution put in place.

Includes a few minor other tweaks to select tests:
* Removing a stray `return` (twice) from assertion statements.
* Removing calls to `ob_*()` functions in favour of letting PHPUnit manage the output catching. This prevents warnings along the lines of `Test code or tested code did not (only) close its own output buffers`.

Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51968


git-svn-id: http://core.svn.wordpress.org/trunk@51557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 22:24:00 +00:00
joedolson a3a61c5a3e General: Remove role="navigation" from nav elements.
Role="navigation" was required for assistive technology to recognize HTML5 element's native ARIA roles while HTML5 and ARIA were being introduced. With the deprecation of IE11, the role attribute is only required when mapping elements that don't have native role.

Props costdev, mukesh27.
Fixes #54054.
Built from https://develop.svn.wordpress.org/trunk@51967


git-svn-id: http://core.svn.wordpress.org/trunk@51556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 21:47:13 +00:00
hellofromTonya 78e5b8481c Application Passwords: Add end-to-end (e2e) tests.
Adds end-to-end (e2e) tests for the following test scenarios:
* Create a new application password.
* Create an application password with an existing name.
* Revoke a single application password.
* Bulk revoke applications passwords.

Follow-up to [49109], [49276], [49562], [50001], [50367], [51463].

Props justinahinon, swissspidy, juhise, kevin940726, isabel_brison.
Fixes #54241.
Built from https://develop.svn.wordpress.org/trunk@51966


git-svn-id: http://core.svn.wordpress.org/trunk@51555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 21:42:00 +00:00
Sergey Biryukov b855ffec3f Docs: Add a `@since` note for the `rest_namespace` argument of `register_post_type()` and `register_taxonomy()`.
Use 3-digit, x.x.x-style semantic versioning for `@since` tags of the `$rest_namespace` property in `WP_Post_Type` and `WP_Taxonomy`.

Add a `@since` note to `WP_REST_Taxonomies_Controller::get_item_schema()` for the `visibility` and `rest_namespace` properties.

The `rest_base` property was also added after the method was initially introduced, but that happened during the same release cycle, so it doesn't need a separate `@since` note.

Follow-up to [38832], [39191], [42729], [51959], [51961], [51962], [51964].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51965


git-svn-id: http://core.svn.wordpress.org/trunk@51554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 14:31:00 +00:00
TimothyBlynJacobs c0995319f4 REST API: Support custom namespaces for taxonomies.
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.

A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.

For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.

Props spacedmonkey.
Fixes #54267.
See [51962].

Built from https://develop.svn.wordpress.org/trunk@51964


git-svn-id: http://core.svn.wordpress.org/trunk@51553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 03:27:55 +00:00
Gary Pendergast 2c3205bb84 KSES: Add options for restricting tags based upon their attributes.
This change adds two now attribute-related config options to KSES:
- An array of allowed values can be defined for attributes. If the attribute value doesn't fall into the list, the attribute will be removed from the tag.
- Attributes can be marked as required. If a required attribute is not present, KSES will remove all attributes from the tag. As KSES doesn't match opening and closing tags, it's not possible to safely remove the tag itself, the safest fallback is to strip all attributes from the tag, instead.

Included with this change is an implementation of these options, allowing the `<object>` tag to be stored in posts, but only when it has a `type` attribute set to `application/pdf`.

Props pento, swissspidy, peterwilsoncc, dd32, jorbin.
Fixes #54261.


Built from https://develop.svn.wordpress.org/trunk@51963


git-svn-id: http://core.svn.wordpress.org/trunk@51552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 02:13:56 +00:00
TimothyBlynJacobs bac6e41c85 REST API: Support custom namespaces for custom post types.
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument. 

A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.

While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.

Props spacedmonkey, swissspidy.
Fixes #53656.

Built from https://develop.svn.wordpress.org/trunk@51962


git-svn-id: http://core.svn.wordpress.org/trunk@51551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 23:16:58 +00:00
Sergey Biryukov c60a9d92e2 Docs: Add a `@since` note to `WP_REST_Post_Types_Controller::get_item_schema()` for the `supports` and `visibility` properties.
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.

Follow-up to [38832], [39097], [39191], [39647], [51959].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51961


git-svn-id: http://core.svn.wordpress.org/trunk@51550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 20:28:01 +00:00
TimothyBlynJacobs af212ad9b3 REST API: Send a 500 status code when JSON encoding fails.
Previously, a 200 status code would be sent despite the 500 status code present in the response body.

Props hermpheus, lalitjalandhar.
Fixes #53056.

Built from https://develop.svn.wordpress.org/trunk@51960


git-svn-id: http://core.svn.wordpress.org/trunk@51549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 06:07:56 +00:00
TimothyBlynJacobs f76071026b REST API: Add visibility information to the Post Types controller.
Props spacedmonkey, peterwilsoncc.
Fixes #54055.

Built from https://develop.svn.wordpress.org/trunk@51959


git-svn-id: http://core.svn.wordpress.org/trunk@51548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 05:19:01 +00:00
John Blackbourn 3d86f8af55 Application Passwords: Various docblock improvements.
See #53399, #42790

Built from https://develop.svn.wordpress.org/trunk@51958


git-svn-id: http://core.svn.wordpress.org/trunk@51547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 20:26:59 +00:00
John Blackbourn c274d3c520 Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51957


git-svn-id: http://core.svn.wordpress.org/trunk@51546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 20:17:01 +00:00
Sergey Biryukov 4459eaf392 Docs: Further update the `debug_information` filter description per the documentation standards.
Specifically, this ensures that the DocBlock follows the line wrapping recommendations.

Follow-up to [44986], [45156], [45259], [51949].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51956


git-svn-id: http://core.svn.wordpress.org/trunk@51545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 13:41:02 +00:00
John Blackbourn 6babc3833b Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51955


git-svn-id: http://core.svn.wordpress.org/trunk@51544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 23:13:05 +00:00
desrosj 4a0480a67d Build/Test Tools: Use correct URL for a GitHub Action workflow run.
Follow up to [51921], [51937], [51953].
Unprops desrosj.
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51954


git-svn-id: http://core.svn.wordpress.org/trunk@51543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 20:34:58 +00:00
desrosj ab1786d059 Build/Test Tools: Adjust Slack notifications for `scheduled` and `workflow_dispatch` events.
This makes the needed adjustments to fix Slack notifications for `scheduled` and `workflow_dispatch` events. The data needed to send notifications for these events are stored in different locations, or need to be accessed through API requests.

Follow up to [51921], [51937].
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51953


git-svn-id: http://core.svn.wordpress.org/trunk@51542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 20:00:58 +00:00
desrosj deb3eca81a Build/Test Tools: Escape `$` within commit messages for `$variables.
This ensures the variables are preserved in the Slack message.

Props ocean90, desrosj.
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51952


git-svn-id: http://core.svn.wordpress.org/trunk@51541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 19:41:56 +00:00
Sergey Biryukov 0e2f9ad5b6 Coding Standards: Correct alignment in `WP_Site_Health::get_test_update_temp_backup_writable()`.
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.

Follow-up to [51815].

See #51857, #53359.
Built from https://develop.svn.wordpress.org/trunk@51951


git-svn-id: http://core.svn.wordpress.org/trunk@51540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:52:57 +00:00
John Blackbourn 0775153e27 Date/Time: Improve the docblocks for various date and time related functions.
See #53399, #28992, #40653

Built from https://develop.svn.wordpress.org/trunk@51950


git-svn-id: http://core.svn.wordpress.org/trunk@51539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:51:56 +00:00
John Blackbourn a0d8a60547 Site Health: Correct and improve the documentation for the `debug_information` hook.
This corrects the structure of the documentation so it accurately reflects the array elements contained within.

See #53399.

Built from https://develop.svn.wordpress.org/trunk@51949


git-svn-id: http://core.svn.wordpress.org/trunk@51538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 15:35:00 +00:00
joedolson 2f3b779563 Media: Remove deprecated click function in media uploader.
Replace the call to jQuery's deprecated click handler.

Props kapilpaul.
Fixes #53261.
Built from https://develop.svn.wordpress.org/trunk@51947


git-svn-id: http://core.svn.wordpress.org/trunk@51536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 17:50:58 +00:00
joedolson d71ae9a7e3 Administration: Hide mobile menu on focusout.
Closes the admin menu on mobile devices when keyboard focus moves outside of the menu or menu toggle elements. Improves the usability of the menu on mobile by allowing closure anywhere outside the menu rather than only on the toggle. 

Props kaneva, costdev, sabernhardt
Fixes #53587.
Built from https://develop.svn.wordpress.org/trunk@51946


git-svn-id: http://core.svn.wordpress.org/trunk@51535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 17:28:56 +00:00
joedolson acabcf82ff Media: Close attachment details modal with esc key.
The event that fired closing the attachment details modal also removed the keydown event listener, so subsequent modals could not be closed with the escape key.

Props vondelphia, sourovroy, sabernhardt
Fixes #53924.
Built from https://develop.svn.wordpress.org/trunk@51945


git-svn-id: http://core.svn.wordpress.org/trunk@51534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 16:07:59 +00:00
Sergey Biryukov a5926f8ece Coding Standards: Correct alignment in `wp_enqueue_global_styles()`.
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.

Follow-up to [50973], [51819].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51944


git-svn-id: http://core.svn.wordpress.org/trunk@51533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 14:10:59 +00:00
Pascal Birchler a225165010 Role/Capability: Add support for capability queries in `WP_User_Query`.
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:

* `capability` 
* `capability__in`
* `capability__not_in`

These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.

Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:

* all users with a role that has this capability
* all users with the capability being assigned directly

Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.

The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.

Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.

This updates any usage of `'who' => 'authors'` in core to use capability queries instead.

Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.

Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.

Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.

Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes #16841.

Built from https://develop.svn.wordpress.org/trunk@51943


git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 18:43:57 +00:00
Sergey Biryukov 311cf99866 Docs: Document the usage of some globals in `wp-includes/script-loader.php`.
Follow-up to [44114], [44262], [49080], [50761], [51471].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51942


git-svn-id: http://core.svn.wordpress.org/trunk@51531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 18:21:58 +00:00
Sergey Biryukov 6a5a0062ff Script Loader: Correct the number of arguments passed to the closure in `enqueue_block_styles_assets()`.
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.

Follow-up to [51471].

Props aristath, shimon246, jrf, gziolo.
Fixes #54323.
Built from https://develop.svn.wordpress.org/trunk@51941


git-svn-id: http://core.svn.wordpress.org/trunk@51530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 17:10:01 +00:00
Sergey Biryukov 156a453ed9 Coding Standards: Rename the `$process` variable to `$processed_response` for clarity in `WP_Http_Streams::request()`.
Includes minor code layout fixes for better readability.

Follow-up to [8516], [51826], [51929], [51931].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51940


git-svn-id: http://core.svn.wordpress.org/trunk@51529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:03:58 +00:00
johnjamesjacoby 7a0a07d691 Admin/HTTP API: add suggested filename support to `download_url()`.
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.

If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.

If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.

Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.

Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.

Fixes #38231.
Built from https://develop.svn.wordpress.org/trunk@51939


git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:00:01 +00:00
Sergey Biryukov b8e6a3c334 Tests: Some test improvements for `clean_dirsize_cache()` tests:
* Move the directory being tested to the `data` directory, for consistency with other test data.
* Set the `svn:eol-style` property to `native`, for consistency with other files.
* Correct the test class name in `dummy.txt`.

Follow-up to [51246], [51910], [51911].

See #52241, #53363.
Built from https://develop.svn.wordpress.org/trunk@51938


git-svn-id: http://core.svn.wordpress.org/trunk@51527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-26 02:03:58 +00:00
desrosj 3867e66520 Build/Test Tools: Use the correct workflow name in notifications on `workflow_run`.
When a workflow is triggered through a `workflow_run` event, the context is not the original workflow. The details about the original workflow are passed through the `github.event` context.

This also moves the conditional check controlling whether the Slack workflow is run into the calling workflows to prevent them from running for pull requests.

Follow up to [51921-51922,51924-51925,51934].

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51937


git-svn-id: http://core.svn.wordpress.org/trunk@51526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 20:27:56 +00:00
desrosj fc06dda73e Build/Test Tools: Restore Slack notifications for older branches.
In [51921], the GitHub Actions workflows were updated to utilize the Slack notifications workflow as a callable one instead of on the `workflow_run` event.

This eliminated the need for an additional “Slack Notifications” workflow run for every completed workflow, but only when other workflows are updated as well. This resulted in notifications from older branches breaking, as the changes in [51921] were not backported.

Instead of backporting the needed changes now (the Slack workflow is still being polished), this commit partially restores the `workflow_run` event for older branches so that notifications will resume.

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51934


git-svn-id: http://core.svn.wordpress.org/trunk@51525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 19:30:00 +00:00
Sergey Biryukov d31f31c579 Coding Standards: Rename `$theHeaders` variable to `$processed_headers` in `WP_Http_Curl::request()`.
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.

Follow-up to [8516], [8520], [51826], [51929].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51931


git-svn-id: http://core.svn.wordpress.org/trunk@51524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 16:20:00 +00:00
Peter Wilson cdf1000cbb Docs: Use sign-up & signup consistently in `wp-signup.php`.
In the docblocks throughout `wp-signup.php` use sign up for verbs and sign-up for nouns.

Props audrasjb, jeffpaul.
Fixes #54041. See #53399.


Built from https://develop.svn.wordpress.org/trunk@51930


git-svn-id: http://core.svn.wordpress.org/trunk@51523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 00:23:57 +00:00
Sergey Biryukov f8f74e7aa5 Coding Standards: Rename the `$arrHeaders` variable to `$processed_headers` in `WP_Http_Streams::request()`.
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.

Follow-up to [8516], [51826].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51929


git-svn-id: http://core.svn.wordpress.org/trunk@51522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-24 19:23:00 +00:00