Commit Graph

8746 Commits

Author SHA1 Message Date
audrasjb f3ccbed586 Shortcodes: Restrict ajax handler for media shortcode.
Props tykoted, xknown, peterwilsoncc, antpb, jorbin.




Built from https://develop.svn.wordpress.org/trunk@56838


git-svn-id: http://core.svn.wordpress.org/trunk@56350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 12:47:21 +00:00
Aaron Jorbin bd5486577c Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Props tykoted, xknown, peterwilsoncc, jorbin, timothyblynjacobs, martinkrcho, paulkevan, dd32, ehtis.

Built from https://develop.svn.wordpress.org/trunk@56837


git-svn-id: http://core.svn.wordpress.org/trunk@56349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 12:41:18 +00:00
audrasjb 4f5be9b7de Comments: Prevent users who can not see a post from seeing comments on it.
Props peterwilsoncc, jorbin, audrasjb.




Built from https://develop.svn.wordpress.org/trunk@56836


git-svn-id: http://core.svn.wordpress.org/trunk@56348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 12:38:21 +00:00
costdev ecd4a277b7 Docs: Use US spelling and correct a typing mistake.
This changes two inline comments and a docblock so that they use US spelling as advised by the Core Handbook's Best Practices. A typing mistake is also corrected.

Reference:
- [https://make.wordpress.org/core/handbook/best-practices/spelling/ Core Handbook - Best Practices - Spelling].

Follow-up to [18632], [38120], [44954].

Props kebbet, mukesh27.
See #58833.
Built from https://develop.svn.wordpress.org/trunk@56825


git-svn-id: http://core.svn.wordpress.org/trunk@56337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-11 07:05:25 +00:00
costdev b8b4a92895 Plugins: Fix broken `sprintf()` call in plugins list table.
In [56599], a `sprintf()` call was modified which resulted in an insufficient number of arguments.
This caused a Fatal Error when an incompatible plugin notice was displayed.

This fixes the `sprintf()` call.

Follow-up to [56599].

Props petitphp, TobiasBg, sabernhardt, mukesh27.
Fixes #59590. See #57791.
Built from https://develop.svn.wordpress.org/trunk@56824


git-svn-id: http://core.svn.wordpress.org/trunk@56336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-11 04:33:32 +00:00
hellofromTonya 86dd8154df Update/Install: Deactivate Gutenberg plugin version older than 16.5.
This commit changes the Gutenberg minimum compatible version number from 14.1 (introduced in [54790]) to 16.5. For versions older than 16.5, the plugin will deactivate when upgrading WordPress to 6.4-beta3 or newer.

Changes are done within Core's `_upgrade_core_deactivate_incompatible_plugins()` which is invoked during WordPress' upgrade process.

Follow-up to [54790].

Props hellofromTonya, spacedmonkey.
Fixes #59584.
Built from https://develop.svn.wordpress.org/trunk@56820


git-svn-id: http://core.svn.wordpress.org/trunk@56332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-10 15:07:24 +00:00
joedolson 074d2adb95 Quick/Bulk Edit: Fix inability to quick edit draft post date.
Follow up to [56022] to fix inability to set a date/time in quick editing. Allow a user to set a quick/edit date while preventing accidental date assignments per the original intent.

Props tristanleboss, ivanzhuck, tibbsa, sabernhardt, sergeybiryukov, oandregal, khokansardar, joedolson, shailu25.
Fixes #59125. See #19907.
Built from https://develop.svn.wordpress.org/trunk@56802


git-svn-id: http://core.svn.wordpress.org/trunk@56314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-08 20:10:25 +00:00
Sergey Biryukov 5c4f902c20 Editor: Move `wp_navigation` schema updating to `WP_Navigation_Fallback` class.
This aims to better align the navigation fallback implementation with core architecture and best practices.

The function that updates the `wp_navigation` post response schema is now a public method of the `WP_Navigation_Fallback` class, so an extra file previously used for that specific function is no longer necessary.

Follow-up to [56052].

Props ramonopoly, scruffian, isabel_brison, mukesh27, swissspidy, rajinsharwar, afercia, audrasjb, mikeschroder, JeffPaul, johnjamesjacoby, TimothyBlynJacobs, oglekler, SergeyBiryukov.
Fixes #58910.
Built from https://develop.svn.wordpress.org/trunk@56793


git-svn-id: http://core.svn.wordpress.org/trunk@56305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-06 14:06:22 +00:00
spacedmonkey b0872b005d Editor: Improve performance of _register_theme_block_patterns function.
The `_register_theme_block_patterns` function imposed a significant resource overhead. This issue primarily stems from themes, such as TT4, that register a substantial number of block patterns. These patterns necessitate numerous file operations, including file lookups, file reading into memory, and related processes. To provide an overview, the _register_theme_block_patterns function performed the following file operations:

- is_dir
- is_readable
- file_exists
- glob
- file_get_contents (utilized via get_file_data)

To address these issues, caching using a transient has been added to a new function call `_wp_get_block_patterns`. If theme development mode is disabled and theme exists, the block patterns are saved in a transient cache. This cache is used all requests after that, saving file lookups and reading files into memory. Cache invalidation is done, when themes are switched, deleted or updated. Meaning that block patterns are not stored in the cache incorrectly. 

Props flixos90, joemcgill, peterwilsoncc, costdev, swissspidy, aristath, westonruter, spacedmonkey.
Fixes #59490
Built from https://develop.svn.wordpress.org/trunk@56765


git-svn-id: http://core.svn.wordpress.org/trunk@56277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-03 15:18:19 +00:00
Sergey Biryukov aaba77b577 Coding Standards: Remove redundant ignore annotations, take 4.
This removes ignore annotations related to sniffs which are not used by WP Core (like sniffs in the `WordPress-Extra` ruleset).

Follow-up to [48072], [51003], [55204], [56714].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56752


git-svn-id: http://core.svn.wordpress.org/trunk@56264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-01 00:22:27 +00:00
spacedmonkey 8aca3fdc68 Comments: Improve WP_Comment_Query count query performance by setting 'order by' to 'none'.
In cases where `WP_Comment_Query` or `get_comments` is employed with the 'count' parameter set to true, specify 'order by' as 'none'. Since these queries serve solely to determine the count of comments matching specific query parameters, the 'order by' clause becomes redundant and places unnecessary strain on the database server, resulting in slower query execution. Given that count queries are executed on every admin request to retrieve comment counts, this change enhances the performance of the wp-admin interface.

Props guss77, davidbaumwald, SergeyBiryukov, westonruter, peterwilsoncc, foliovision, hareesh-pillai, spacedmonkey.
Fixes #58368
Built from https://develop.svn.wordpress.org/trunk@56747


git-svn-id: http://core.svn.wordpress.org/trunk@56259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 17:13:24 +00:00
Sergey Biryukov 440b8c2aba Coding Standards: Remove redundant ignore annotations, take 2.
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.

Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56743


git-svn-id: http://core.svn.wordpress.org/trunk@56255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 12:21:24 +00:00
costdev 872ad9e0b8 Filesystem API: Free the archive in `_unzip_file_ziparchive()`.
There are several early returns in `_unzip_file_ziparchive()` which don't close the archive prior to returning.

As this function is used in installation and upgrade processes which are memory-intensive, this calls `ZipArchive::close()` to free the archive prior to each early return. This excludes the first return which is a result of a failure to open the archive, which is [https://github.com/nih-at/libzip/blob/main/lib/zip_open.c#L62-L73 freed internally] when the failure occurs.

References:
- PHP.net: [https://www.php.net/manual/en/ziparchive.open.php ZipArchive::open()] and [https://www.php.net/manual/en/ziparchive.close.php ZipArchive::close()]
- libzip: [https://libzip.org/documentation/zip_open.html zip_open()] and [https://libzip.org/documentation/zip_close.html zip_close()]

Follow-up to: [13005], [13006], [13015], [13221], [14346] [25779].

Props azaozz, afragen, joemcgill, costdev.
Fixes #59467
Built from https://develop.svn.wordpress.org/trunk@56735


git-svn-id: http://core.svn.wordpress.org/trunk@56247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-27 16:31:19 +00:00
Tammie Lister 7df8ec6846 Bundled Themes: Twenty Twenty-Four is now the default theme.
Follow up to [56716].
Props desrosj.

See #59447.

Built from https://develop.svn.wordpress.org/trunk@56727


git-svn-id: http://core.svn.wordpress.org/trunk@56239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:33:20 +00:00
Adam Silverstein 89a99dba2f Revisions: framework for storing post meta revisions.
Enable the storing of post meta in revisions including autosaves and previews:

Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.

Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.

Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.

Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.

Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.

Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes #20564, #20299.



Built from https://develop.svn.wordpress.org/trunk@56714


git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:32:19 +00:00
costdev 61cef87240 Quick/Bulk Edit: Pre-fill category fields with their status.
This pre-fills category fields in the Quick/Bulk Edit form with their current status.

When bulk editing, if only some of the selected items are in a given category, the category's checkbox will display a line to indicate an indeterminate status.

Props pavelevap, scribu, chasedsiedu, helen, joshcanhelp, ubernaut, Cyberchicken, laumindproductscomau, SergeyBiryukov, Marcoevich, tomybyte, thinkluke, virtality-marketing-solutions, Michalooki, dmsnell, itecrs, pannelars, WHSajid, samba45, Mte90, johnbillion, tomluckies, soulseekah, francina, oglekler, ajmcfadyen, mukesh27, costdev.
Fixes #11302.
Built from https://develop.svn.wordpress.org/trunk@56712


git-svn-id: http://core.svn.wordpress.org/trunk@56224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:05:21 +00:00
Peter Wilson 109f531fbf Administration: Add event type to Events and News widget.
Add the event type (WordCamp, Meetup, etc) to the nearby events listing within the Dashboard's Events and News widget.

Props renyot, audrasjb, ankit-k-gupta, oglekler, devmuhib, dhruvishah2203, JeffPaul, anveshika, sarahwilliams889, ajakaroth.
Fixes #58947.

Built from https://develop.svn.wordpress.org/trunk@56697


git-svn-id: http://core.svn.wordpress.org/trunk@56209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 03:54:20 +00:00
Sergey Biryukov 114a672cfa Coding Standards: Upgrade WPCS to version 3.0.0.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.

WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.

If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers] which lists the most important changes and contains a step by step guide for upgrading.

If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-Developers-of-external-standards Upgrade Guide to WordPressCS 3.0.0 for Developers].

In all cases, please read the complete changelog carefully before you upgrade.

This commit:
* Updates the Composer dependencies to use the new version, including updating the underlying PHP_CodeSniffer dependency to the new minimum supported version for WPCS.[[BR]] Note: the Composer PHPCS installer plugin is no longer explicitly required as it is now a dependency of WPCS, so the dependency is inherited automatically.
* Updates the ruleset for WPCS 3.0.0. This includes:
 * Raising the memory limit to be on the safe side as WPCS 3.0.0 contains a lot more sniffs.
 * Removing explicit inclusions of extra rules, which have now been added to the `WordPress-Core` ruleset..
 * Updating property names for select sniffs.
 * Updating one exclusion — the `WordPress.CodeAnalysis.AssignmentInCondition` sniff has been (partially) replaced by the `Generic.CodeAnalysis.AssignmentInCondition` sniff.
 * Adding one new exclusion.
* Downgrades one new error to a warning.[[BR]] The `Generic.Files.OneObjectStructurePerFile` sniff enforces that there is only one OO structure declaration per file. At this time, this sniff would yield 29 errors. By downgrading the sniff to a ''warning'', the build can pass and the issues can be fixed in due time. For now, the test directory will be excluded until the issues are fixed (as the test directory CS run does not allow for warnings).
* Updates ignore annotations for WPCS 3.0.0.

Reference: [https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 WPCS 3.0.0 release notes].

Follow-up to [43571], [44574], [45600], [47927].

Props jrf, jorbin, desrosj.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56695


git-svn-id: http://core.svn.wordpress.org/trunk@56207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:27:12 +00:00
costdev 36e754b5c3 Filesystem API: Introduce filters for before/after unzipping archives.
This introduces the following new filters which wrap the process of unzipping an archive:
- `pre_unzip_file` - Filters archive unzipping to allow an override with a custom process.
- `unzip_file` - Filters the result of unzipping an archive.

Both filters pass the following:
- `string $file` - Full path and filename of ZIP archive.
- `string $to` - Full path on the filesystem to extract archive to.
- `string[] $needed_dirs` - A full list of required folders that need to be created.
- `float|false $required_space` - The space required to unzip the file and copy its contents, with a 10% buffer.

Props dfavor, azaozz, oglekler, afragen, costdev.
Fixes #37719.
Built from https://develop.svn.wordpress.org/trunk@56689


git-svn-id: http://core.svn.wordpress.org/trunk@56201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 22:16:17 +00:00
spacedmonkey 72f19abd94 Script Loader: Replace hardcoded output of style tags with calls to `wp_add_inline_style`.
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.

To ensure backward compatibility, the following functions have been deprecated and replaced:

- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb

Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.

However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:

- custom-background
- wp-custom

These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.

Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes #58775.
Built from https://develop.svn.wordpress.org/trunk@56682


git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 17:06:34 +00:00
joedolson 5d6106539e Administration: Switch order of label/checkbox in `WP_List_Table`.
Move the label after the checkbox in `WP_List_Table` instances. Resolve a false positive that will be presented by automated accessibility testing tools. Follow up to [55954].

Props dimitrism, joedolson, sabernhardt, oglekler, marybaum, tobiasbg.
Fixes #58703.
Built from https://develop.svn.wordpress.org/trunk@56665


git-svn-id: http://core.svn.wordpress.org/trunk@56177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:58:16 +00:00
Adam Silverstein 77582c4be9 Security: remove the cron event that checked for https support.
Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter  which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.


Built from https://develop.svn.wordpress.org/trunk@56664


git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:08:19 +00:00
Sergey Biryukov 2d7e5afa3e Media: Use correct option name for attachment pages in `upgrade_640()`.
Follow-up to [56657].

See #57913.
Built from https://develop.svn.wordpress.org/trunk@56658


git-svn-id: http://core.svn.wordpress.org/trunk@56170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 01:18:18 +00:00
Sergey Biryukov 229d32f6d7 Media: Disable attachment pages for new installations.
WordPress creates attachment pages by default for every attachment uploaded. On the vast majority of sites, these attachment pages don't contain any meaningful information. They do however exist, get indexed by search engines, and sometimes even rank in search results, leading to bad results for users and site owners.

This commit introduces a `wp_attachment_pages_enabled` database option to control the attachment pages behavior:

* On existing sites, the option is set to `1` on upgrade, so that attachment pages continue to work as is.
* For new sites, the option is set to to `0` by default, which means attachment pages are redirected to the attachment URL.
* Sites that want to enable or disable the attachment pages can set the option to `1` or `0`, respectively.

Follow-up to [2958], [3303], [7149], [34690].

Props aristath, poena, afercia, joostdevalk, jonoaldersonwp, azaozz, johnbillion, joedolson, basiliskan, audrasjb, davelo, rilwis, manfcarlo, tyxla, garrett-eclipse, seedsca, eatingrules, matveb, antpb, zodiac1978, oglekler, zunaid321, costdev, SergeyBiryukov.
Fixes #57913.
Built from https://develop.svn.wordpress.org/trunk@56657


git-svn-id: http://core.svn.wordpress.org/trunk@56169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 00:04:41 +00:00
joedolson 491a21da64 Login and Registration: Improve HTML for errors and notices.
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group. 

Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes #30685.
Built from https://develop.svn.wordpress.org/trunk@56654


git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:24:15 +00:00
joedolson 198543cf2f Coding Standards: Remove unused variable `el` in monitorPopup.
Remove an unused variable to resolves coding standards failure. Follow up to [56651].

Props joedolson.
See #58756.
Built from https://develop.svn.wordpress.org/trunk@56653


git-svn-id: http://core.svn.wordpress.org/trunk@56165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:04:16 +00:00
joedolson 665928659b Media: Close image rotation menu when not focused.
Implement a focus monitor so that if user focus moves away from the image rotation menu, it closes and doesn't block the image editing canvas. Follow up to [56239], [55919].

Props nithi22, deepakvijayan, dharm1025, faisal03.
Fixes #58756.
Built from https://develop.svn.wordpress.org/trunk@56652


git-svn-id: http://core.svn.wordpress.org/trunk@56164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 17:49:18 +00:00
Felix Arntz 091e385f8d Themes: Fix fatal error in `load-styles.php`.
Following [56635], a fatal error occurred in `load-styles.php` leading to admin styles not working, because of a `has_filter()` call being added to `get_stylesheet_director()` and `get_template_directory()`.

This changeset adds `has_filter()` to `wp-admin/includes/noop.php` to prevent such errors. The lack of loading the function does not cause any unintended side effects itself.

Props iandunn, adamsilverstein.
Fixes #59417.
See #18298.

Built from https://develop.svn.wordpress.org/trunk@56641


git-svn-id: http://core.svn.wordpress.org/trunk@56153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 01:27:26 +00:00
joedolson 48dfebac74 Administration: Improve control proximity in theme details modal.
Make the theme details modals in the Customizer and at Appearance > Themes consistent. Change the order of controls so both modals are in the same sequence, center all controls in both desktop and mobile views, and change delete link color to meet color contrast requirements.

Props trishasalas, afercia, melchoyce, karmatosed, cathibosco1, michaelarestad, joedolson, petitphp, mikinc860.
Fixes #59372. See #59371, #40822.
Built from https://develop.svn.wordpress.org/trunk@56639


git-svn-id: http://core.svn.wordpress.org/trunk@56151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 21:03:20 +00:00
Felix Arntz 59e8596941 Themes: Deprecate usage of `TEMPLATEPATH` and `STYLESHEETPATH` constants.
While generally the functions `get_template_directory()` and `get_stylesheet_directory()` were long recommended to use to get the parent or child theme directory, the `TEMPLATEPATH` and `STYLESHEETPATH` constants were still used in a few places in core, most importantly in template related logic.

The remaining usage was problematic as it prevented testability of certain key components of WordPress core.

This changeset replaces all remaining usage with the corresponding functions and effectively marks these constants as deprecated. It also adds test coverage accordingly and even unlocks some existing, previously commented out test coverage to work as expected.

Performance of the new approach has been benchmarked and shows no notable differences. Yet, given that the current theme directories are not expected to change within a regular WordPress page load, the `get_template_directory()` and `get_stylesheet_directory()` functions were amended with in-memory caching of the result, unless one of the defining values is being filtered.

Props thekt12, spacedmonkey, mukesh27, aaroncampbell, scribu, lloydbudd, cais, chipbennett, toscho, omarabid, CrazyJaco, DrewAPicture, obenland, wonderboymusic, nacin, helen, dd32, chriscct7, SergeyBiryukov, swissspidy, joemcgill, flixos90.
Fixes #18298.

Built from https://develop.svn.wordpress.org/trunk@56635


git-svn-id: http://core.svn.wordpress.org/trunk@56147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 17:27:23 +00:00
audrasjb 25b109a0e5 Taxonomy: Restrict term edit link generation in `WP_Terms_List_Table::handle_row_actions()`.
This changeset restricts edit term link generation if the user lacks the `edit_term` cap in order to prevent PHP 8.1+ deprecations shown when a user lacks this 
capability and `get_edit_term_link()` returns null.

Props thelovekesh, jrf.
Fixes #59336.




Built from https://develop.svn.wordpress.org/trunk@56631


git-svn-id: http://core.svn.wordpress.org/trunk@56143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 08:10:16 +00:00
Sergey Biryukov 1b5fc476f8 Quick Edit: Allow Quick Edit to be disabled for custom post types or taxonomies.
Some custom post types or taxonomies may not need the Quick Edit functionality, in which case adding hidden fields and rendering the form with the data to edit would be redundant.

This commit introduces two filters for more granular control:

* `quick_edit_enabled_for_post_type`
* `quick_edit_enabled_for_taxonomy`

Follow-up to [8857], [9083], [9098].

Props garyc40, sabernhardt, mukesh27, costdev, oglekler, wyrfel, peterwilsoncc, faguni22, robinwpdeveloper, webcommsat, johnbillion, azaozz, hellofromTonya, GunGeekATX, Jick, mikeschinkel, jane, nacin, helen, wonderboymusic, DrewAPicture, SergeyBiryukov.
Fixes #16502, #19343, #57596.
Built from https://develop.svn.wordpress.org/trunk@56611


git-svn-id: http://core.svn.wordpress.org/trunk@56123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-18 13:19:19 +00:00
joedolson a73260baf4 Administration: Add support for attributes in `wp_admin_notice()`.
Allow admin notices to be created with additional attributes. Test attributes include `hidden`, `data-*`, and `role="*"` values, which are all in use in various admin notices across core. 

This commit adds `aria-live` and `hidden` to the KSES global attributes array to support core usages.

Follow up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597], [56599], [56600], [56601], [56602].

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56603


git-svn-id: http://core.svn.wordpress.org/trunk@56115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-18 00:30:18 +00:00
joedolson 9922dfd54c Administration: Move `tabindex="-1"` from notice to JS.
In a handful of admin notices, a `tabindex` attribute is set so that JS can move focus to the notice `div`. Rather than adding `tabindex` to globally accepted attributes for `wp_kses_post()`, move the assignment of `tabindex` into the JS handlers that display those notices. The attribute is only relevant if JS is running, so there is no reason to add it in the original HTML notice.

Follow up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597], [56599], [56600], [56601].

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56602


git-svn-id: http://core.svn.wordpress.org/trunk@56114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-17 22:51:24 +00:00
costdev 6cdd74585d Administration: Use `wp_admin_notice()` more in `/wp-admin/includes/`.
Adds further usages of `wp_admin_notice()` in `/wp-admin/includes/` on `.notice-error`, `.notice-warning`, `.error`, and `.updated`.

Ongoing task to implement new function across core.

Follow-up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597].

Props joedolson, mukesh27, costdev.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56599


git-svn-id: http://core.svn.wordpress.org/trunk@56111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-17 15:23:22 +00:00
Bernhard Reiter 0b79362805 General: Add `block_hooks` field to block type registration, REST API.
In order to implement Block Hooks, we need to add a new `block_hooks` field to the `WP_Block_Type` class, as well as to block registration related functions, the block types REST API controller, etc.

Props gziolo.
Fixes #59346. See #59313.
Built from https://develop.svn.wordpress.org/trunk@56587


git-svn-id: http://core.svn.wordpress.org/trunk@56099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 13:25:18 +00:00
Sergey Biryukov 1aca5e48e5 Coding Standards: Restore more descriptive variable names in a few class methods.
When various methods parameters in child classes were renamed to `$item` to match the parent class for PHP 8 named parameter support, most of the methods restored the more descriptive, specific name at the beginning for better readability, with several exceptions for methods consisting only of a few lines.

To avoid confusion about why some methods do that and some don't, this commit aims to bring more consistency to the code, specifically in list tables' `::column_default()` methods.

Follow-up to [51728], [51737], [51786].

See #58831.
Built from https://develop.svn.wordpress.org/trunk@56586


git-svn-id: http://core.svn.wordpress.org/trunk@56098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 12:46:20 +00:00
joedolson 008a32110f Administration: Use `wp_admin_notice()` in `/wp-admin/includes`.
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.notice-[type]` in the root level of `/wp-admin/includes`. Ongoing task to implement new function across core.

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56571


git-svn-id: http://core.svn.wordpress.org/trunk@56083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 01:13:20 +00:00
Sergey Biryukov e5490118af Coding Standards: Include one space after `function` keyword for closures.
Note: This is enforced by WPCS 3.0.0.

Reference: [https://github.com/WordPress/WordPress-Coding-Standards/pull/2328 WPCS: PR #2328 Core: properly check formatting of function declaration statements].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56559


git-svn-id: http://core.svn.wordpress.org/trunk@56071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-12 15:23:18 +00:00
Sergey Biryukov c41829ea95 Code Modernization: Use `dirname()` with the `$levels` parameter.
PHP 7.0 introduced the `$levels` parameter to the `dirname()` function, which means nested calls to `dirname()` are no longer needed.

Note: This is enforced by WPCS 3.0.0.

Reference: [https://www.php.net/manual/en/function.dirname.php PHP Manual: dirname()].

Follow-up to [56141].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56552


git-svn-id: http://core.svn.wordpress.org/trunk@56064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-11 04:53:22 +00:00
costdev c170fd62f4 Upgrade/Install: Fix broken `sprintf()` call when deleting a backup.
In `WP_Upgrader::delete_temp_backup()`, a malformed `sprintf()` call did not pass the value, triggering a Warning in PHP 7 and a Fatal Error in PHP 8.

This fixes the malformed `sprintf()` call by correctly passing the value.

Follow-up to [55720].

Props akihiroharai, afragen.
Fixes #59320.
Built from https://develop.svn.wordpress.org/trunk@56550


git-svn-id: http://core.svn.wordpress.org/trunk@56062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-10 07:33:22 +00:00
Sergey Biryukov b80ce60f70 Coding Standards: Use pre-increment/decrement for stand-alone statements.
Note: This is enforced by WPCS 3.0.0:

1. There should be no space between an increment/decrement operator and the variable it applies to.
2. Pre-increment/decrement should be favoured over post-increment/decrement for stand-alone statements. “Pre” will in/decrement and then return, “post” will return and then in/decrement. Using the “pre” version is slightly more performant and can prevent future bugs when code gets moved around.

References:
* [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#increment-decrement-operators WordPress PHP Coding Standards: Increment/decrement operators]
* [https://github.com/WordPress/WordPress-Coding-Standards/pull/2130 WPCS: PR #2130 Core: add sniffs to check formatting of increment/decrement operators]

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56549


git-svn-id: http://core.svn.wordpress.org/trunk@56061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-09 09:28:26 +00:00
Sergey Biryukov d8936a9fe7 Coding Standards: Remove superfluous blank lines at the end of various functions.
Note: This is enforced by WPCS 3.0.0.

Follow-up to [56536], [56547].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56548


git-svn-id: http://core.svn.wordpress.org/trunk@56060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-08 10:03:21 +00:00
Sergey Biryukov 9a49b70239 Coding Standards: Remove superfluous blank lines at the end of various classes.
Note: This is enforced by WPCS 3.0.0.

Follow-up to [56536].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56547


git-svn-id: http://core.svn.wordpress.org/trunk@56059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-08 09:32:23 +00:00
hellofromTonya 3356628935 Code Modernization: Use wp_trigger_error() in WP_List_Table magic methods.
Replaces `trigger_error()` with `wp_trigger_error()` in each of the `WP_List_Table` magic methods.

[56349] added the dynamic properties deprecation messages to the `__get()`, `__set()`, `__isset()`, `__unset()` magic methods. Since that commit, `wp_trigger_error()` was introduced (see [56530]) as a wrapper for `trigger_error()`.

Follow-up to [56349], [56356], [56530].

See #58896, #57686.
Built from https://develop.svn.wordpress.org/trunk@56542


git-svn-id: http://core.svn.wordpress.org/trunk@56054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-07 20:41:11 +00:00
costdev 9ebcbfae5c Upgrade/Install: Check plugin compatibility during bulk upgrades.
Previously, bulk upgrades did not verify that a plugin package was compatible with the site's WordPress version or the server's PHP version. This could lead to incompatible updates being installed, causing various compatibility issues and errors.

This change implements the following checks:
- If available, the API response's `requires` and `requires_php` values are checked for compatibility. This saves time, diskspace, memory and file operations by failing the upgrade before the package is downloaded and unpacked.
- If the API check passes, the downloaded and unpacked package is verified using `Plugin_Upgrader::check_package()` to ensure a plugin file is present, and the plugin's "RequiresWP" and "RequiresPHP" headers are compatible, if present. This ensures that a mismatch between the API response and the plugin file's headers does not cause an incompatible plugin to be installed.

Props salcode, afragen, mukesh27, iammehedi1, zunaid321, johnbillion, SergeyBiryukov, costdev.
Fixes #59198.
Built from https://develop.svn.wordpress.org/trunk@56525


git-svn-id: http://core.svn.wordpress.org/trunk@56037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 18:30:19 +00:00
Sergey Biryukov 541fdbceb2 Coding Standards: Correct equals sign alignment in various files.
This resolves a few WPCS warnings:
{{{
Equals sign not aligned with surrounding statements
}}}
so that the output of `composer format` is clean.

Follow-up to [56276], [56302].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56521


git-svn-id: http://core.svn.wordpress.org/trunk@56033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 09:33:21 +00:00
joedolson 1141b9fee2 Administration: Use admin notice functions in nav menu admin.
Use `wp_get_admin_notice` and `wp_admin_notice` to handle settings notices on the nav menu admin screens.

Props joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56518


git-svn-id: http://core.svn.wordpress.org/trunk@56030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-05 20:50:24 +00:00
joedolson 0aa0c763e2 Administration: Add improved context for `add new` links.
Consistently expand `Add New` links to include the type of content to add. Improve consistency of text casing to use initial caps throughout.

Props afercia, gonzomir, alexstine, swissspidy, joedolson.
Fixes #47125.
Built from https://develop.svn.wordpress.org/trunk@56515


git-svn-id: http://core.svn.wordpress.org/trunk@56027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-05 19:26:26 +00:00
Sergey Biryukov c5a0103fb5 Site Health: Show correct debug value for file uploads.
Follow-up to [48535].

Props Michi91, Presskopp.
Fixes #58737.
Built from https://develop.svn.wordpress.org/trunk@56509


git-svn-id: http://core.svn.wordpress.org/trunk@56021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-02 18:36:24 +00:00