- Remove plugins icons from the plugin list table, as there were performance issues loading the icons when the site had lots of plugins.
- Depending on which icons the plugin has uploaded, prefer them in this order: `svg`, `128x128`, `256x256`.
- Improve the style of the fallback icon for plugins that don't have an icon defined.
Props Travel_girl, danieltj, afercia, karmatosed,hugobaeta, empireoflight, brentjett, melchoyce, pento.
Fixes#30186.
Built from https://develop.svn.wordpress.org/trunk@41755
git-svn-id: http://core.svn.wordpress.org/trunk@41589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow passing settings in keyed object (e.g. `settings: { default: 'id' } ), or as an array (e.g. `settings: [ 'id' ]`) with first being default; again, `Setting`/`Value` objects may be supplied instead of IDs.
* Allow a single setting to be supplied with just a single `setting` param, either a string or a `Setting`/`Value` object.
* Update `changeset_status` and `scheduled_changeset_date` to be added dynamically with JS and simply passing of `api.state()` instances as `setting`.
* Introduce a `data-customize-setting-key-link` attribute which, unlike `data-customize-setting-link`, allows passing the setting key (e.g. `default`) as opposed to the setting ID.
* Allow `WP_Customize_Control::get_link()` to return `data-customize-setting-key-link` when setting is not registered.
* Eliminate `default_value` from `WP_Customize_Date_Time_Control` since now comes from supplied `Value`.
* Export status choices as `wp.customize.settings.changeset.statusChoices`.
* Export date and time formats as `wp.customize.settings.dateFormat` and `wp.customize.settings.timeFormat` respectively.
Props westonruter, sayedwp.
See #39896, #30738, #30741, #42083.
Fixes#37964, #36167.
Built from https://develop.svn.wordpress.org/trunk@41750
git-svn-id: http://core.svn.wordpress.org/trunk@41584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When able to be parsed, store the created date for a video file from meta,
since this is useful separately from the dates on the file itself.
Introduces `wp_get_media_creation_timestamp()` to read the timestamp from
getID3 and a `wp_read_video_metadata` filter analogous to
`wp_read_image_metadata`.
Fixes#35218.
Props stevegrunwell, joemcgill, desrosj, blobfolio, mikeschroder.
Built from https://develop.svn.wordpress.org/trunk@41746
git-svn-id: http://core.svn.wordpress.org/trunk@41580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allows REST API consumers to specify the specific fields needed in their application code, whitelisting those fields and omitting all others from the returned JSON response object.
This permits applications that only need for example the ID and title of posts to avoid having to transfer the entire rendered post content over the wire alongside the desired fields.
While this whitelisting has no affect on the queries run when preparing the response, it can yield significant reductions in the bandwidth required to transfer a response payload for simple applications.
Props adamsilverstein, TimothyBlynJacobs, svrooij.
Fixes#38131.
Built from https://develop.svn.wordpress.org/trunk@41744
git-svn-id: http://core.svn.wordpress.org/trunk@41578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.
This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.
Props joostdevalk
Fixes#42036
Built from https://develop.svn.wordpress.org/trunk@41741
git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_sites()` queries for a maximum of 100 records by default. In `domain_exists()`, we only use one.
A previous commit, [41736], has this same commit message but applies to `get_blog_id_from_url()` and #42073 instead.
Props danieltj, spacedmonkey.
Fixes#42072.
Built from https://develop.svn.wordpress.org/trunk@41738
git-svn-id: http://core.svn.wordpress.org/trunk@41572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes an issue where submitting a well-formed request to create a term inappropriately returns a 500 error status if that term already exists.
HTTP 5xx error codes should be reserved for unexpected server errors, so "409 Conflict" is a more appropriate response.
Props alibasheer, guzzilar, shooper.
Fixes#41370.
Built from https://develop.svn.wordpress.org/trunk@41737
git-svn-id: http://core.svn.wordpress.org/trunk@41571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds `Custom_Image_Header::get_previous_crop()`, which finds any
previously cropped headers created from the same base image and replaces
that attachment rather than creating a new attachment.
After updating a crop, the replaced images is also removed from the list
of previous header images in the Customizer.
See #21819.
Built from https://develop.svn.wordpress.org/trunk@41732
git-svn-id: http://core.svn.wordpress.org/trunk@41566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Move the `create_function()` code into a file that's only loaded, and into a test that's only run, on PHP <= 7.2 to avoid deprecated warnings in 7.2+.
* Convert the test skipping into a failure if the GlotPress locale file cannot be downloaded.
* Ensure `test_exceptions` fails if an exception is not thrown.
* Docs improvements
See #41562, #40109
Built from https://develop.svn.wordpress.org/trunk@41730
git-svn-id: http://core.svn.wordpress.org/trunk@41564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.
See #38583.
Props TimothyBlynJacobs5.
Built from https://develop.svn.wordpress.org/trunk@41727
git-svn-id: http://core.svn.wordpress.org/trunk@41561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminate need to pass both ID and instance in calls to `Values#add()` for panels, sections, controls, settings, partials, and notifications.
* Eliminate need to supply `content` param when constructing a `Control`.
* Unwrap the `options.params` object passed in constructors to just pass a flat `options`. (Back-compat is maintained.)
* Add support for `templateId` param for `Control` to override which template is used for the content.
* Remove unused `previewer` being supplied in `Control` instances.
* Rename `classes` to `containerClasses` on `Notification`.
* Automatically supply `instanceNumber` to improve stable sorting.
* Use `api.Notifications` for notifications in settings instead of `api.Value`.
See #30741.
Fixes#42083.
Built from https://develop.svn.wordpress.org/trunk@41726
git-svn-id: http://core.svn.wordpress.org/trunk@41560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`test_cache` used PHPUnit's object mocking to test some internal behaviour in `Plural_Forms`, but made use of the `willReturn()` method, which was introduced in PHPUnit 4.0 as shorthand for `will($this->returnValue())`. Fixed by switching to the longer form.
Several tests used the `@expectedException` directive to catch generic `Exception` exceptions, which was added in PHPUnit 3.7. Fixed by changing to an explicit `try` / `catch` test.
See #41562.
Built from https://develop.svn.wordpress.org/trunk@41725
git-svn-id: http://core.svn.wordpress.org/trunk@41559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, we've evaluated the plural forms for each language using `create_function()`. This is being deprecated in PHP 7.2, so needs to be replaced.
The `Plural_Forms` class parses the `Plural-Forms` header from the PO file, and internally caches the result of all subsequent plural form tests, allowing it to match the performance of the existing code.
Props rmccue.
Fixes#41562.
Built from https://develop.svn.wordpress.org/trunk@41722
git-svn-id: http://core.svn.wordpress.org/trunk@41556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.
Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes#21622, #41887.
Built from https://develop.svn.wordpress.org/trunk@41721
git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_site_by()` is now the preferred way to retrieve a site object by lookup for identifying data. By using a coherent structure and `get_sites()` internally, it has several advantages over the direct database queries and complex code in `get_blog_details()`. Therefore `get_blog_details()` is now a wrapper for `get_site_by()`, providing backward compatibility fixes where necessary.
Unit tests have been adjusted to account for the `blog-details` and `blog-lookup` cache groups, which are no longer needed.
Props spacedmonkey, jeremyfelt, flixos90.
Fixes#40228.
Built from https://develop.svn.wordpress.org/trunk@41719
git-svn-id: http://core.svn.wordpress.org/trunk@41553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Going forward, `clean_blog_cache()` is recommended to be used instead of `refresh_blog_details()`. It has been adjusted to match the functionality of the latter, with the exception that it always requires a site ID or object to be passed. The `refresh_blog_details` action has been deprecated in favor of the `clean_site_cache` action. The function itself is not formally deprecated at this point, but will likely be in the near future.
Props spacedmonkey.
Fixes#40201.
Built from https://develop.svn.wordpress.org/trunk@41716
git-svn-id: http://core.svn.wordpress.org/trunk@41550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These tests no longer test anything that WordPress core has control over. YouTube now serves everything
over HTTPS by default, so the tests for #23149 will always pass, and the tests for #32714 aren't testing
anything that core has control over.
Tests for the responses from oEmbed providers has been attempted and reverted in #32360.
See #42076, #32714, #23149
Built from https://develop.svn.wordpress.org/trunk@41712
git-svn-id: http://core.svn.wordpress.org/trunk@41546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- fixes invalid HTML and duplicate IDs
- as per the Accessibility coding standards, all new code must use explicitly associated form labels
- properly escapes a few HTML attributes
Props celloexpressions, afercia.
Fixes#42054.
Built from https://develop.svn.wordpress.org/trunk@41709
git-svn-id: http://core.svn.wordpress.org/trunk@41543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was previously attempted in [41043], which unfortunately had severe performance issues, the regex it used was fatally slow on long posts.
This version now uses an array of all emoji that Twemoji supports, which maintains the accuracy of [41043], while being the same speed or only a few ms slower than the code prior to [41043].
As with [41043], the `grunt precommit:emoji` task detects when `twemoji.js` has changed, and regenerates the array.
Props jmdodd for feedback, suggestions, and insults where appropriate.
Fixes#35293. 🤞🏻
Built from https://develop.svn.wordpress.org/trunk@41701
git-svn-id: http://core.svn.wordpress.org/trunk@41535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [25548], the `archived` column in `wp_blogs` was changed from `ENUM` to `TINYINT` to match other status fields. When `WP_Site_Query` was written later, it used `%d` as a placeholder when formatting the archived status.
It is possible that this query will fail for any installations that did not update the schema for `wp_blogs` as only single quoted values are accepted for the `ENUM` type. In this case, `'0'` or `'1'` rather than `0` or `1`.
We can work around this and support both `ENUM` and `TINYINT` in the query by using the `%s` placeholder and casting the value with `absint()`.
Props stephdau.
Fixes#38856. See #27832.
Built from https://develop.svn.wordpress.org/trunk@41700
git-svn-id: http://core.svn.wordpress.org/trunk@41534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To mirror theme list table behaviour, the plugin icon now appears next to plugins in the plugin list tables. For plugins that don't have an icon, or non-W.org plugins, a fallback dashicon is shown.
Props melchoyce, afercia, paulwilde, pento, obenland.
Fixes#30186.
Built from https://develop.svn.wordpress.org/trunk@41695
git-svn-id: http://core.svn.wordpress.org/trunk@41529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows users who are using the admin area in a language other than the site language to read the notice on the login screen
(which explains that they need to log in again) in their chosen language.
Props Nikschavan, swissspidy
Fixes#40205
Built from https://develop.svn.wordpress.org/trunk@41692
git-svn-id: http://core.svn.wordpress.org/trunk@41526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `aria-current` attribute is a simple, effective way to help assistive
technologies users orientate themselves within a list of items. Continues the
introduction in core of the `aria-current` attribute after [41359] and [41371].
Props joedolson, flixos90, afercia.
Fixes#32399.
Built from https://develop.svn.wordpress.org/trunk@41683
git-svn-id: http://core.svn.wordpress.org/trunk@41517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add/fix `getMeta`, `getMetas`, `setMeta` and `setMetas` helpers for models that support meta.
* Add tests for new helpers, verify meta support for `Posts`, `Comments`, `Tags` and `Users`.
* Include meta data in fixture generation and fixture file driving tests.
Fixes#41055.
Built from https://develop.svn.wordpress.org/trunk@41678
git-svn-id: http://core.svn.wordpress.org/trunk@41512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Let date `legend` be screen reader text when time is not included.
* Skip rendering containers for label (title) and description when not supplied in registered control.
* Fix margins and padding.
Amends [41670].
Props westonruter, afercia, sayedwp.
Fixes#42022.
Built from https://develop.svn.wordpress.org/trunk@41672
git-svn-id: http://core.svn.wordpress.org/trunk@41506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow time fields to be omitted by constructing with `timeIncluded` as `false`.
* Ensure `reportValidity` is only called on a control when it is in an expanded section.
* Rename "ampm" to "meridian".
* Improve accessibility and fix HTML validation and style issues for both the date/time control and the preview link control.
* Fix styling of dropdowns and clean CSS.
* Improve accessibility of nav menus component.
Props westonruter, afercia, sayedwp, melchoyce.
Amends [41626].
See #39896.
Fixes#42022.
Built from https://develop.svn.wordpress.org/trunk@41670
git-svn-id: http://core.svn.wordpress.org/trunk@41504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the repeated code in the emoji browser support test to a function to reduced the potential for errors and follow DRY principles.
Renames the "emoji4" test "emoji" as unicode version specific tests were removed in [38869].
Props peterwilsoncc, pento for code review.
Fixes#41156.
Built from https://develop.svn.wordpress.org/trunk@41669
git-svn-id: http://core.svn.wordpress.org/trunk@41503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`is_user_option_local()` was added during MU development and used for a handful of changesets before the code using it was removed again. It has not been used by MU or core since nor is it widely used elsewhere.
Fixes#41697.
Props bnap00, jeremyfelt.
Built from https://develop.svn.wordpress.org/trunk@41668
git-svn-id: http://core.svn.wordpress.org/trunk@41502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce a new `wp.customize.previewer.trash()` JS API to trash the current changeset, along with logic to `WP_Customize_Manager` to handle deleting changeset drafts.
* Add `trashing` to `wp.customize.state` which is then used to update the UI.
* UI for trashing is pending design feedback. One possibility is to add a new trash button to Publish Settings section that invokes `wp.customize.previewer.trash()`.
* Improve logic for managing the visibility and disabled states for publish buttons.
* Prevent attempting `requestChangesetUpdate` while processing and bump processing while doing `save`.
* Update `changeset_date` state only if sent in save response.
* Merge `ThemesSection#loadThemePreview()` into `ThemesPanel#loadThemePreview()`.
* Remove unused `autosaved` state.
* Start autosaving and prompting at beforeunload after a change first happens. This is key for theme previews since even if a user did not make any changes, there were still dirty settings which would get stored in an auto-draft unexpectedly.
* Allow `Notification` to accept additional `classes` to be added to `container`.
* Introduce `OverlayNotification` and use for theme installing, previewing, and trashing. Such overlay notifications take over the entire window.
Props westonruter, celloexpressions.
See #37661, #39896, #21666, #35210.
Built from https://develop.svn.wordpress.org/trunk@41667
git-svn-id: http://core.svn.wordpress.org/trunk@41501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wpdb::prepare()` currently gives no information if the number of arguments passed doesn't match the number of placeholders in the query. This change gives an explicit notice that the call was incorrect.
Also fixes an enrelated term meta test that was triggering this new notice.
Props thekt12 for the initial patch.
Fixes#42040.
Built from https://develop.svn.wordpress.org/trunk@41662
git-svn-id: http://core.svn.wordpress.org/trunk@41496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_current_blog_id()` is more appropriate for determining the ID of the current site in most cases. This eliminates the need for the global `$wpdb` in several functions and is better than the implicit global used in admin pages.
Props bnap00, spacedmonkey.
Fixes#41684.
Built from https://develop.svn.wordpress.org/trunk@41661
git-svn-id: http://core.svn.wordpress.org/trunk@41495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- sets the modal content to `role="document"` to make screen readers switch back to browse mode
- standardizes the Themes screen and Customizer modals interaction
- Themes screen modal: sets initial focus on the modal overlay instead of the primary button, avoiding to "skip" content for keyboard and screen reader users
Fixes#42055.
Built from https://develop.svn.wordpress.org/trunk@41658
git-svn-id: http://core.svn.wordpress.org/trunk@41492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update the way and location the JavaScript client determines which models/endpoints require the `force=true` parameter when being deleted to avoid a `rest_trash_not_supported` error. Identify models with endpoints that support DELETE, excluding those that support the trash (posts and pages by default). Also, move the check into the default `wp.api.WPApiBaseModel.initialize()` function.
Props caercam, euthelup.
Fixes#40672.
Built from https://develop.svn.wordpress.org/trunk@41657
git-svn-id: http://core.svn.wordpress.org/trunk@41491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sergey Biryukov
Gary Pendergast
John Blackbourn
Adam Silverstein
Weston Ruter
Mike Schroder
K. Adam White
Jeremy Felt
Joe McGill
Joe Hoyle
Felix Arntz
Andrea Fercia
Andrew Ozz
Konstantin Obenland
Peter Wilson