These attributes are needed to indicate that both fields are required. This changeset doesn't add the attribute by default but allows extenders to enable it by passing `true` to the `$required_username` and `$required_password` to `wp_login_form()` arguments array.
Props alesflex, sabernhardt, joedolson, rcreators, rajinsharwar.
Fixes#60062.
Built from https://develop.svn.wordpress.org/trunk@58382
git-svn-id: http://core.svn.wordpress.org/trunk@57831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The logo block does not use theme mods, and instead saves a site-wide option `site_logo` to use as the site logo.
Add handling for cases where the logo image does not exist and delete the `site_logo` option when the attachment configured as site logo is deleted.
Props afercia, joedolson, khokansardar, SergeyBiryukov.
Fixes#60922.
Built from https://develop.svn.wordpress.org/trunk@58213
git-svn-id: http://core.svn.wordpress.org/trunk@57676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add `fetchpriority` to the attributes accepted by the `wp_preload_resources` filter. Developers can now use this filter to set fetchpriority for resources being preloaded.
Props nihar007, luboslives, tabrisrp.
Fixes#58510.
Built from https://develop.svn.wordpress.org/trunk@57789
git-svn-id: http://core.svn.wordpress.org/trunk@57290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a very minor, yet simple performance optimization in a commonly called function, avoiding unnecessary initialization of the `$url` variable when it may not be needed. The conditional is simple enough to not use a variable altogether.
Props Cybr, swissspidy.
Fixes#59450.
Built from https://develop.svn.wordpress.org/trunk@57170
git-svn-id: http://core.svn.wordpress.org/trunk@56681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031
git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The XML manifest was originally added in WordPress 2.3.1 to turn on tagging support in Windows Live Writer.
Given that the last major release of the software came out in 2012, and it was completely discontinued in January 2017, including this file in core no longer provides any benefit.
Follow-up to [6192], [49904].
Props joostdevalk, ayeshrajans, flixos90, jhabdas, frank-klein, wtranch, SergeyBiryukov.
Fixes#41404.
Built from https://develop.svn.wordpress.org/trunk@55620
git-svn-id: http://core.svn.wordpress.org/trunk@55132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Give developers more control over how query caches are handled within an object caches. Now all caches that cache the result of a query, are cached in a group that is suffixed with -queries. Developers can use these groups, to add custom cache invalidation rules or to make them none persistent.
Props spacedmonkey, owi, tillkruess, skithund, peterwilsoncc, flixos90, sergeybiryukov, mukesh27.
Fixes#57625.
Built from https://develop.svn.wordpress.org/trunk@55526
git-svn-id: http://core.svn.wordpress.org/trunk@55048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
Built from https://develop.svn.wordpress.org/trunk@55210
git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
Built from https://develop.svn.wordpress.org/trunk@55094
git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$echo` parameter to `$display` in:
* `wp_loginout()`
* `wp_register()`
* `get_calendar()`
* `the_date()`
* `the_modified_date()`
* `checked()`
* `selected()`
* `disabled()`
* `wp_readonly()`
* `__checked_selected_helper()`
* Renames the `$readonly` parameter to `$readonly_value` in `wp_readonly()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54932
git-svn-id: http://core.svn.wordpress.org/trunk@54484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This affects:
* The `wp_lostpassword_url()` function.
* The `lost_password_html_link` filter.
The filter description was copied from the function, which appears to be not quite accurate, as the lost password can only be reset, not retrieved.
Follow-up to [11448], [54206].
See #55646.
Built from https://develop.svn.wordpress.org/trunk@54224
git-svn-id: http://core.svn.wordpress.org/trunk@53783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previously available set of filters in the `feed_links()` function to enable or disable display of various feed links was quite limited:
* `feed_links_show_posts_feed` to control the main feed
* `feed_links_show_comments_feed` to control both the global comments feed and the comment feed for singular posts.
In order to disable the other feeds (post type archive, category, tag, custom taxonomy, author archive, search results), one would have to unhook `feed_links_extra()` from `wp_head`, but that would completely remove all of those feeds, as well as the single post comments feed.
To allow for more flexibility, this commit introduces a full set of filters in the `feed_links_extra()` function to control each one of the feeds independently, including a way to enable/disable the single post comments feed when the global comments feed is disabled/enabled:
* `feed_links_extra_show_post_comments_feed`
* `feed_links_extra_show_post_type_archive_feed`
* `feed_links_extra_show_category_feed`
* `feed_links_extra_show_tag_feed`
* `feed_links_extra_show_tax_feed`
* `feed_links_extra_show_author_feed`
* `feed_links_extra_show_search_feed`
All of them default to `true`, except for `feed_links_extra_show_post_comments_feed` which defaults to the result of `feed_links_show_comments_feed` to ensure backward compatibility.
Follow-up to [33838], [33839], [53125].
Props lopo, mukesh27, audrasjb, SergeyBiryukov.
Fixes#55904.
Built from https://develop.svn.wordpress.org/trunk@54161
git-svn-id: http://core.svn.wordpress.org/trunk@53720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two new hooks:
- `wp_required_field_indicator` allows developers to filter the HTML output of the `wp_required_field_indicator()` function.
- `wp_required_field_message` does the same for the `wp_required_field_message()` function.
The changeset also adds new phpunit tests for these filters.
Follow-up to [53888], [54136].
Props kebbet, audrasjb, sabernhardt, costdev, mukesh27.
Fixes#56389.
See #54394.
Built from https://develop.svn.wordpress.org/trunk@54137
git-svn-id: http://core.svn.wordpress.org/trunk@53696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes `aria-hidden="true"` attribute used for required fields in comments template, for better accessibility. It removes the attribute from both `wp_required_field_indicator()` and `wp_required_field_message()` patterns.
Follow-up to [53888].
Props juliemoynat, audrasjb, joedolson, sabernhardt, afercia, costdev.
Fixes#55717.
Built from https://develop.svn.wordpress.org/trunk@54136
git-svn-id: http://core.svn.wordpress.org/trunk@53695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A default DNS prefetch entry for s.w.org was previously included to save a few ms in case an emoji is used that is not supported by the browser. It appears this use case doesn't justify a prefetch to s.w.org on every WordPress website.
This changesets removes `emoji_svg_url` prefetch from `wp_resource_hints()`. It also updates unit tests in `Tests_General_wpResourceHints` by removing `test_should_have_defaults_on_frontend()` entirely and removing s.w.org prefetch from expected output of ten other test functions.
Plugin authors can use the `wp_resource_hints` filter if they need to re-add the DNS prefetch entry for s.w.org.
Follow-up to [37920], [38122].
Props joelhardi, superpoincare, jhabdas, garrett-eclipse, sabernhardt, SergeyBiryukov.
Fixes#40426.
See #37387.
Built from https://develop.svn.wordpress.org/trunk@53904
git-svn-id: http://core.svn.wordpress.org/trunk@53463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces new `wp_required_field_indicator()` and `wp_required_field_message()` helper functions to generate reusable and consistent required field indicator and message. It also implements these functions in various admin screens.
Props sabernhardt, ryokuhi, joedolson, audrasjb, SergeyBiryukov.
Fixes#54394.
Built from https://develop.svn.wordpress.org/trunk@53888
git-svn-id: http://core.svn.wordpress.org/trunk@53447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a `wp_preload_resources` filter that developers can use to add resource preloading.
Preloading helps the browser discover and prioritize important resources earlier during the page load. This ensures that they are available earlier and are less likely to block the page's render.
Props nico23, swissspidy, igrigorik, westonruter, azaozz, furi3r, aristath, spacedmonkey, peterwilsoncc, mihai2u, gziolo.
Fixes#42438.
Built from https://develop.svn.wordpress.org/trunk@53846
git-svn-id: http://core.svn.wordpress.org/trunk@53405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was used in core and older bundled themes to display the list of allowed tags in the comment form.
Follow-up to [709], [2009], [2012], [2032], [2040], [13030], [14365], [32858], [34316], [34351].
See #55646.
Built from https://develop.svn.wordpress.org/trunk@53703
git-svn-id: http://core.svn.wordpress.org/trunk@53262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
Built from https://develop.svn.wordpress.org/trunk@53455
git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the `link[rel=alternate]` element from the HTML header when the comment feeds are disabled. Previously the HTML element was output with an empty `href` attribute.
The element is removed if `get_post_comments_feed_link()` returns an empty string or the feed is disabled via the `feed_links_show_comments_feed` filter.
Props barryceelen, audrasjb, costdev, rachelbaker, Boniu91.
Fixes#54703.
Built from https://develop.svn.wordpress.org/trunk@53125
git-svn-id: http://core.svn.wordpress.org/trunk@52714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Set valid autocomplete attributes for registration and login fields for username, email, and current password. Autocomplete values are required in WCAG 2.1 at level AA for login forms.
Props johnjamesjacoby, dhanendran, rianrietveld, joedolson, peterwilsoncc.
Fixes#41136.
Built from https://develop.svn.wordpress.org/trunk@53041
git-svn-id: http://core.svn.wordpress.org/trunk@52630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[52232] relocated the Theme Editor menu item from Appearance to Tools for block themes. This commit relocates the Plugin Editor menu item from Plugins to Tools for block themes for a consistent workflow.
Both the Theme Editor and Plugin Editor menu items are renamed to "Theme File Editor" and "Plugin File Editor" respectively. Why? To better identify their purpose, i.e. to directly edit the code in the theme or plugin files. The rename is not limited to only block themes.
Follow-up to [52232].
Props poena, annezazu, audrasjb, clorith, courane01, costdev, dryanpress, desrosj, hellofromTonya, ipstenu, jameskoster, joen, johnbillion, joyously, manfcarlo, marybaum, pbiron, SergeyBiryukov, walbo, youknowriad.
Fixes#54382.
Built from https://develop.svn.wordpress.org/trunk@52406
git-svn-id: http://core.svn.wordpress.org/trunk@51998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `m` query_tag has a valid year, i.e. `?m=2021`, and there are posts for that year, `substr()` returns a `false` on PHP 5.6 and an empty string on PHP 7.0+. Passing either of those values to `$wp_locale->get_month()` results in a PHP notice on PHP 5.6 to PHP 7.4 and a PHP Warning on PHP 8.0+.
Why? The `$month` lookup table has zeroized keys from '01' to '12'. A empty value is passed to `zeroise()` returns `'00'` which is directly passed as a key in the month property. That key does not exist.
While `$wp_locale->get_month()` would benefit from guarding/validation, this fix ensures a falsey value is not passed as a month.
Tests are added including a test that fails with this fix not applied.
Follow-up to [801], [35294], [35624].
Props antpb, audrasjb, costdev, davidmosterd, drewapicture, herregroen, hellofromTonya, michelwppi, sergeybiryukov.
Fixes#31521.
Built from https://develop.svn.wordpress.org/trunk@52136
git-svn-id: http://core.svn.wordpress.org/trunk@51728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value.
* Escape the form `name` and `id` attributes.
Follow-up to [12696], [18444], [19033].
Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov.
Fixes#54279.
Built from https://develop.svn.wordpress.org/trunk@51926
git-svn-id: http://core.svn.wordpress.org/trunk@51519 1a063a9b-81f0-0310-95a4-ce76da25c4cd