Whether App Passwords are being used is a global featurel, not a per-network feature. This fixes issues on Multi Network installs if App Passwords are used on a different network from where they were created.
Props spacedmonkey.
Fixes#51939.
See [49752].
Built from https://develop.svn.wordpress.org/trunk@49764
git-svn-id: http://core.svn.wordpress.org/trunk@49487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
Built from https://develop.svn.wordpress.org/trunk@49752
git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `date_i18n` function is now used when formatting the dates in PHP instead of `gmdate` which doesn't handle localization properly.
Additionally, we now use a translation to get the date format to use instead of pulling from the `date_format` option which is only supposed to affect the front-end.
Lastly, when passing the date format to the Backbone JS template, we now use `wp_json_encode()` to format the value for JavaScript. This ensures that backslashes are properly preserved which are used by some locales to escape date formatting control characters.
Props pedromendonca, TimothyBlynJacobs, ocean90, hellofromtonya, SergeyBiryukov, antpb.
Fixes#51918.
See [35811].
Built from https://develop.svn.wordpress.org/trunk@49746
git-svn-id: http://core.svn.wordpress.org/trunk@49469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r49212 greatly improved the performance of `get_dirsize()`, but also changed the structure of the data stored in the `dirsize_cache` transient. It stored relative paths instead of absolute ones, and also removed the unnecessary `size` array.
That difference in data structures led to a fatal error in the following environment:
* PHP 8
* Multisite
* A custom `WP_CONTENT_DIR` which is not a child of WP's `ABSPATH` folder (e.g., [https://roots.io/bedrock/ Bedrock])
* The `upload_space_check_disabled` option set to `0`
After upgrading to WP 5.6, the `dirsize_cache` transient still had data in the old format. When `wp-admin.php/index.php` was visited, `get_space_used()` received an `array` instead of an `int`, and tried to divide it by another `int`. PHP 7 would silently cast the arguments to match data types, but [https://wiki.php.net/rfc/arithmetic_operator_type_checks PHP 8 throws a fatal error]:
`Uncaught TypeError: Unsupported operand types: array / int`
`recurse_dirsize()` was using `ABSPATH` to convert the absolute paths to relative ones, but some upload locations are not located under `ABSPATH`. In those cases, `$directory` and `$cache_path` were identical, and that triggered the early return of the old `array`, instead of the expected `int`.
In order to avoid that, this commit restores the absolute paths, but without the `size` array. It also adds a type check when returning cached values. Using absolute paths without `size` has the result of overwriting the old data, so that it matches the new format. The type check and upgrade routine are additional safety measures.
Props peterwilsoncc, janthiel, helen, hellofromtonya, francina, pbiron.
Fixes#51913. See #19879.
Built from https://develop.svn.wordpress.org/trunk@49744
git-svn-id: http://core.svn.wordpress.org/trunk@49467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with the same check in `core_upgrade_preamble()` and avoids a PHP warning if `$cur->version` is not set.
Additionally, remove the check for `$cur->url` property, unused since [8595].
Follow-up to [49708], [49709].
Props pbiron, afragen, audrasjb.
Fixes#51892.
Built from https://develop.svn.wordpress.org/trunk@49736
git-svn-id: http://core.svn.wordpress.org/trunk@49459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
Props Collizo4sky, peterwilsoncc, hellofromTonya, TimothyBlynJacobs, SergeyBiryukov
Fixes#45114
Built from https://develop.svn.wordpress.org/trunk@49731
git-svn-id: http://core.svn.wordpress.org/trunk@49454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords introduced a new Rewrite Rule to handle the Authorization header on certain systems.
This bumps the database version and updates the file so the change is applied to sites upon upgrading to 5.6.
Follow-up to [49534].
Props pbiron, TimothyBlynJacobs, SergeyBiryukov.
Fixes#51723.
Built from https://develop.svn.wordpress.org/trunk@49632
git-svn-id: http://core.svn.wordpress.org/trunk@49370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds clearer messages about what your current settings mean for updates, uses a more compact link-based action instead of a checkbox to change the setting, and respects constants and filters.
Props audrasjb, karmatosed, helen, azaozz, hedgefield, marybaum.
Fixes#51742.
Built from https://develop.svn.wordpress.org/trunk@49587
git-svn-id: http://core.svn.wordpress.org/trunk@49325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Its presence may conflict with `WP_Post::__get()`, which should generally fill the non-existent `post_category` property, but is not triggered if the column exists in the database.
Follow-up to [10895].
Props leogermani, davidbaumwald, hellofromTonya.
Fixes#51288.
Built from https://develop.svn.wordpress.org/trunk@49572
git-svn-id: http://core.svn.wordpress.org/trunk@49310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Deleting all visible items on the last page of the media library previously left a blank page with no media items available. Using `wp_count_attachements` instead of `found_posts` solves the problem.
Props donsony, karmatosed, desrosj, mista-flo, justinahinon.
Fixes#39968.
Built from https://develop.svn.wordpress.org/trunk@49567
git-svn-id: http://core.svn.wordpress.org/trunk@49305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.
Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes#51580.
Built from https://develop.svn.wordpress.org/trunk@49549
git-svn-id: http://core.svn.wordpress.org/trunk@49287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This switches to using `wp_parse_args()` instead of a combination of `array_merge()` and `array_intersect_key()` when ensuring that all expected default keys are present in the update information for a plugin.
This prevents non-default data returned by 3rd-party plugins from being unintentionally stripped out.
Props peterwilsoncc, chriscct7.
Fixes#51609.
Built from https://develop.svn.wordpress.org/trunk@49477
git-svn-id: http://core.svn.wordpress.org/trunk@49236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value.
This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.
Props Clorith, marybaum, TimothyBlynJacobs.
Fixes#51638.
Built from https://develop.svn.wordpress.org/trunk@49334
git-svn-id: http://core.svn.wordpress.org/trunk@49095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.
Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes#51580.
Built from https://develop.svn.wordpress.org/trunk@49294
git-svn-id: http://core.svn.wordpress.org/trunk@49056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates `core_auto_updates_settings()` to account for the new `beta` and `rc` values for the `WP_AUTO_UPDATE_CORE` constant.
Additionally, recognize these new values as acceptable in Site Health tests.
Follow-up to [48804], [49245], [49254].
Fixes#51319. See #50907.
Built from https://develop.svn.wordpress.org/trunk@49292
git-svn-id: http://core.svn.wordpress.org/trunk@49054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, any `input` or `select` inside of a `.form-invalid` wrapper would get the red border highlighting, including submit buttons which was not visually correct. This now only applies to form elements with a class of `.form-required` inside of the `.form-invalid` wrapper. It also continues to apply the border to elements with both classes (`.form-invalid.form-required`) as that is how some of the admin markup is structured.
Plugin authors may need to do the same sort of class application seen in this commit, i.e. add `.form-required` to certain form elements.
Props sabernhardt, dilipbheda, helen.
Fixes#50686.
Built from https://develop.svn.wordpress.org/trunk@49283
git-svn-id: http://core.svn.wordpress.org/trunk@49045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.
Props TimothyBlynJacobs, georgestephanis.
Fixes#51583.
Built from https://develop.svn.wordpress.org/trunk@49276
git-svn-id: http://core.svn.wordpress.org/trunk@49038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_AUTO_UPDATE_CORE` constant now supports `beta` and `rc` values.
This makes it possible for sites to opt-in to updating to RC (or beta) releases without having to install a plugin, or run on a development version.
Props dd32, knutsp.
Fixes#51319.
Built from https://develop.svn.wordpress.org/trunk@49245
git-svn-id: http://core.svn.wordpress.org/trunk@49007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows for customizing the arguments used to generate the Quick Edit authors drop-down.
Additionally, pass the `$bulk` argument to the `quick_edit_dropdown_pages_args` filter, for consistency.
Props Mista-Flo, garrett-eclipse, hellofromTonya.
Fixes#47685.
Built from https://develop.svn.wordpress.org/trunk@49238
git-svn-id: http://core.svn.wordpress.org/trunk@49000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows Site Health tests to check if the current environment type is set to `development` or `local`.
Use the new method:
* In HTTPS tests, instead of a hardcoded check for `localhost`.
* In `WP_DEBUG` and `WP_DEBUG_DISPLAY` tests, to set the status to `recommended` instead of `critical`.
Props dkotter, Clorith, DavidAnderson, joyously, knutsp, afragen, SergeyBiryukov.
Fixes#47058.
Built from https://develop.svn.wordpress.org/trunk@49237
git-svn-id: http://core.svn.wordpress.org/trunk@48999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds additional logic to catch HTTP failures that do not return a `WP_Error` object (for example, a wp-json REST API error error).
This also fixes instances where REST API callbacks performed from cron do not work due to a lack of authentication by introducing a direct callback route that asynchronous tests can register.
Props dd32, clorith, timothyblynjacobs.
Fixes#51547.
Built from https://develop.svn.wordpress.org/trunk@49232
git-svn-id: http://core.svn.wordpress.org/trunk@48994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
Built from https://develop.svn.wordpress.org/trunk@49215
git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of one cache entry for all upload folders for a site on multisite, this now caches for each folder and invalidates that cache based on context. In multisite, this should speed up `get_dirsize` calls since older directories that are much less likely to change will no longer have the size recalculated.
Props janthiel, A5hleyRich, batmoo.
Fixes#19879.
Built from https://develop.svn.wordpress.org/trunk@49212
git-svn-id: http://core.svn.wordpress.org/trunk@48974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `WP_List_Table::get_default_primary_column_name()` is a protected method, so calling it statically with the class name is bad practice.
* Similarly, this applies when calling a private constructor in `WP_Screen::get()`.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49192
git-svn-id: http://core.svn.wordpress.org/trunk@48954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The allowed format for bulk actions is now an associative array where each element represents either a top level option value and label, or an array representing an optgroup and its options.
For a standard option, the array element key is the field value and the array element value is the field label.
For an optgroup, the array element key is the label and the array element value is an associative array of options as above.
Props goldenapples, mattkeys, valentinbora, davidbaumwald
Fixes#19278
Built from https://develop.svn.wordpress.org/trunk@49190
git-svn-id: http://core.svn.wordpress.org/trunk@48952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Enable arranging only when the Screen Options tab is open.
- Prevent accidental/unintended dragging. Seen it happen mostly on laptops when using the mousepad/trackpad.
- Improve discoverability and usefulness by always showing the "drop zones" outline when postboxes are draggable/arrangeable.
- Add some (brief) explanation to the Screen Options tab helping the user understand what options are available and how to change them. This is especially helpful for screen reader users to give an idea how to use the screen options and what to expect.
- Fix/enhance some of the code in `postbox.js` and make it coding standards compliant.
See #50699.
Built from https://develop.svn.wordpress.org/trunk@49179
git-svn-id: http://core.svn.wordpress.org/trunk@48941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the action `wp_after_insert_post` inside a wrapper function of the same name. This hook allows plugin developers to access a posts full data (including its terms and meta data) regardless of the workflow used to save it.
A new parameter is introduced to `wp_insert_post()` to indicate whether the hook should be fired within the function call or will be fired afterward.
Props aristath, Collizo4sky, danielbachhuber, joyously, kadamwhite, kraftbj, markparnell, mikeschroder, noisysocks, peterwilsoncc, SergeyBiryukov, talldanwp, thewebprincess, TimothyBlynJacobs.
Fixes#45114.
Built from https://develop.svn.wordpress.org/trunk@49172
git-svn-id: http://core.svn.wordpress.org/trunk@48934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.
Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.
The existing ajax actions have been maintained for backward compatibility.
Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes#48105.
Built from https://develop.svn.wordpress.org/trunk@49154
git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `date` and `end_date` fields are ''WP'' timestamps representing the venue's local time. As of meta:changeset:10270 (#meta4480), new `start_unix_timestamp` and `end_unix_timestamp` values are available, providing a proper ''Unix'' timestamp in the UTC timezone. Using those is more precise, and removes the time window where the event has expired but still appears in the Events Widget.
To simplify the function, it now only accepts and returns the events themselves, rather than the entire response body.
See #51130
See #meta4480
Related: https://make.wordpress.org/core/2019/09/23/date-time-improvements-wp-5-3/
Built from https://develop.svn.wordpress.org/trunk@49145
git-svn-id: http://core.svn.wordpress.org/trunk@48907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where users could save a password with only spaces, or spaces at the beginning or end of their password, preventing them from logging in.
Props ronakganatra, 1naveengiri, ajensen, oolleegg55, bookdude13, nrqsnchz, aristath.
Fixes#42766.
Built from https://develop.svn.wordpress.org/trunk@49118
git-svn-id: http://core.svn.wordpress.org/trunk@48880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These days there are often 2 posts published close to each other, like a release announcement and a Month In WordPress post. When that happens, the earlier post is often pushed out of the widget before many people have had a chance to see it.
Ideally, the number of total items would remain at `4`, to reduce visual clutter. Implementing a conditional item would require a significant refactor, though. Increasing the total number of items to `5` is a practical compromise.
Props hlashbrooke, tellyworth.
Fixes#43441.
Built from https://develop.svn.wordpress.org/trunk@49114
git-svn-id: http://core.svn.wordpress.org/trunk@48876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If any admin functions are used within the filter, their existence should be checked with `function_exists()` before being used.
Follow-up to [47763], [48620].
Props audrasjb, garrett-eclipse, Howdy_McGee, dlh, khag7, SergeyBiryukov.
Fixes#51081.
Built from https://develop.svn.wordpress.org/trunk@48910
git-svn-id: http://core.svn.wordpress.org/trunk@48672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds an additional parameter to the `auto_plugin_update_send_email` and `auto_theme_update_send_email` filters to provide the additional context of which updates were attempted and their outcome. This will help plugin and theme auto-update emails to be better tailored to a site owner’s liking.
Props audrasjb, Paddy Landau, desrosj.
Fixes#50988.
Built from https://develop.svn.wordpress.org/trunk@48888
git-svn-id: http://core.svn.wordpress.org/trunk@48650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings `wp_count_terms()` in line with other taxonomy functions such as `get_terms()` which technically no longer require a taxonomy. Similar to the previously modified functions, no deprecation warning is triggered when using the legacy signature.
Fixes#36399.
Built from https://develop.svn.wordpress.org/trunk@48840
git-svn-id: http://core.svn.wordpress.org/trunk@48602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the warning was displayed even if the value was higher than `upload_max_filesize`, which made the report inaccurate, as these values don't necessarily have to match.
Props oakesjosh, jeroenrotty, desrosj, Clorith.
Fixes#50945.
Built from https://develop.svn.wordpress.org/trunk@48800
git-svn-id: http://core.svn.wordpress.org/trunk@48562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 8, the GD extension uses `GdImage` objects instead of resources for its underlying data structures.
This updates the existing `is_resource()` calls for image resources in core to accomodate for `GdImage` instances as well.
Props ayeshrajans, jrf.
Fixes#50833.
Built from https://develop.svn.wordpress.org/trunk@48798
git-svn-id: http://core.svn.wordpress.org/trunk@48560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was only incidentally recognized as valid due to a loose comparison with `true`.
With the strict comparison added to `WP_Site_Health_Auto_Updates::test_constants()`, this was no longer the case.
Follow-up to [47841].
Props sterndata, mukesh27, avixansa, desrosj, SergeyBiryukov.
Fixes#50912.
Built from https://develop.svn.wordpress.org/trunk@48792
git-svn-id: http://core.svn.wordpress.org/trunk@48554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As certain plugins may not support updates, this count needs to accurately reflect that in the navbar.
Fixes 50808.
Props knutsp, audrasjb, pbiron, dd32, apedog, afragen, chriscct7, garyc40, whyisjake, SergeyBiryukov.
Built from https://develop.svn.wordpress.org/trunk@48703
git-svn-id: http://core.svn.wordpress.org/trunk@48465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.
Fixes#50824.
Props dd32, whyisjake, SergeyBiryukov.
Built from https://develop.svn.wordpress.org/trunk@48701
git-svn-id: http://core.svn.wordpress.org/trunk@48463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes the toggle UI when updates aren't available. When plugins use the filter, the UI is updated to show that they are being controlled via code. And then removed entirely when not available.
See #50798.
Fixes#50280.
Props elrae, pbiron, SergeyBiryukov, audrasjb, azaozz, StephenCronin, whyisjake, dd32, TimothyBlynJacobs, desrosj.
Built from https://develop.svn.wordpress.org/trunk@48669
git-svn-id: http://core.svn.wordpress.org/trunk@48431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows special pages to be denoted as such when editing a menu in the Customizer.
This applies to the Front Page, Posts Page, and Privacy Policy Page.
Follow-up to [47211], [47213], [47763].
Props dlh, whyisjake, SergeyBiryukov.
Fixes#46829. See #49374.
Built from https://develop.svn.wordpress.org/trunk@48619
git-svn-id: http://core.svn.wordpress.org/trunk@48381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Several new checks:
* `max_file_uploads`
* `file_uploads`
* `post_max_size`
* `upload_max_filesize`
* `upload_max`
* `max_file_uploads`
In addition, new function `parse_ini_size()` that converts shorthand byte strings to bytes. Useful for size comparisons.
Fixes#50038.
Props dd32, donmhico, JavierCasares, SergeyBiryukov, ayeshrajans, Clorith, ipstenu, sabernhardt, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48535
git-svn-id: http://core.svn.wordpress.org/trunk@48297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It doesn't make sense to be able to filter the comments list table when there are are no (trashed/spam) comments available.
Fixes#40188.
Props swissspidy, Jim_Panse, menakas, akbarhusen429, dinhtungdu, birgire, SergeyBiryukov, davidbaumwald, rebasaurus, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48521
git-svn-id: http://core.svn.wordpress.org/trunk@48283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change renames `$new_whitelist_options` to `$new_allowed_options`. This makes the variable’s purpose more clear, and promotes using more inclusive language.
For backwards compatibility, the new variable is passed by reference to the old one.
Follow up to [48121].
Props ayeshrajans, desrosj, jorbin, SergeyBiryukov.
See #50413.
Fixes#50434.
Built from https://develop.svn.wordpress.org/trunk@48477
git-svn-id: http://core.svn.wordpress.org/trunk@48246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Remove duplicate variables and DocBlocks.
* Add missing description for the `$mode` global.
* Use sentence case for "Compact view" and "Extended view" labels.
Follow-up to [48398], [48423].
Props afercia, Offereins, SergeyBiryukov.
See #49715.
Built from https://develop.svn.wordpress.org/trunk@48424
git-svn-id: http://core.svn.wordpress.org/trunk@48193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Restore the `$mode` global for backward compatibility.
* Remove redundant check, as `$mode` is already set at this point, and already defaults to `list` via `get_user_setting()`'s second argument.
* Use sentence case for "View mode" and "Extended view" labels.
Follow-up to [48398].
See #49715.
Built from https://develop.svn.wordpress.org/trunk@48423
git-svn-id: http://core.svn.wordpress.org/trunk@48192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improve speed and reduce the memory footprint when loading posts with many revisions.
* Use a direct query in `wp_get_post_autosave` to avoid loading all revisions.
* Query for IDs vs full objects in `register_and_do_post_meta_boxes`.
Props pdfernhout, johnnyb, miqrogroove, ocean90, senatorman, DBrumbaugh10Up, martijn-van-der-kooij, pavelevap, mackensen, mikeyarce, whyisjake.
Fixes#34560.
Built from https://develop.svn.wordpress.org/trunk@48422
git-svn-id: http://core.svn.wordpress.org/trunk@48191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In addition, add the `wp_admin_viewport_meta()` function, paired to the `admin_viewport_meta` filter to control attributes of the meta tag.
Fixes#47369.
Props BettyJJ, mukesh27, SergeyBiryukov, ajayghaghretiya1, msaggiorato, talldanwp, davidbaumwald, donmhico, audrasjb.
Built from https://develop.svn.wordpress.org/trunk@48412
git-svn-id: http://core.svn.wordpress.org/trunk@48181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because of changes to how PHP handles arrays used in `foreach()` loops in PHP >= 7.0, [48397] resulted in a failing test for PHP 5.6.
This calls `reset()` after using the `$results` array in the `foreach()` to ensure the array is treated the same and as expected.
Props azaozz, desrosj, SergeyBiryukov, xknown.
See #50448.
Built from https://develop.svn.wordpress.org/trunk@48401
git-svn-id: http://core.svn.wordpress.org/trunk@48170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This will prevent the options renamed for 5.5.0 from being converted twice. If a new update routine is added before 5.5 is released, the option values would be erased for anyone running `trunk` or nightlies without this change.
Props azaozz, desrosj, SergeyBiryukov, whyisjake.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48400
git-svn-id: http://core.svn.wordpress.org/trunk@48169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides additional context to code running on this hook, including which plugin or theme update will be downloaded. It also brings consistency to this filter with others throughout the upgrade process.
Props obliviousharmony, desrosj.
Fixes#49686.
Built from https://develop.svn.wordpress.org/trunk@48399
git-svn-id: http://core.svn.wordpress.org/trunk@48168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a throttle mechanism to plugin and theme auto-update failure emails using similar logic to the email sent for a Core auto-update.
The first time a plugin or theme auto-update fails, the package and `new_version` will be tracked in the `auto_plugin_theme_update_emails` option. An email for this specific update attempt will not be resent.
However, if this update fails again and non-repeat failures or successful updates are also present, then the failure information will be included in that email (an email needs to be sent for the new events regardless).
Props johnbillion, arpitgshah, desrosj, audrasjb, pbiron, earnjam.
Fixes#50448.
Built from https://develop.svn.wordpress.org/trunk@48397
git-svn-id: http://core.svn.wordpress.org/trunk@48166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- improves focus management by moving focus to the notices, if any, or to the first "tabbable" element
- this avoids a focus loss and helps Braille-only and screen magnification users to be aware of the messages
- adds an ARIA role `alert` to all the notices
- uses `wp.a11y.speak()` to announce messages to assistive technology
- this way, all visual users will see the messages while assistive technology users will get an audible message
- uses `wp.i18n` for translatable strings in `wp-admin/js/image-edit.js`
Props anevins, ryanshoover, antpb, SergeyBiryukov, afercia.
See #20491.
Fixes#47147.
Built from https://develop.svn.wordpress.org/trunk@48375
git-svn-id: http://core.svn.wordpress.org/trunk@48144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
So far, it has been possible to rearrange into a new order the post boxes (also known as "widgets" on the Dashboard and "meta boxes" on the Edit post page) only by using a pointing device, for example a mouse.
This change adds new controls and functionality to allow the boxes to be rearranged also with the keyboard. Additionally, audible messages are sent to the admin ARIA live region to notify screen reader users of the reorder action result.
Props joedolson, anevins, antpb, audrasjb, xkon, MarcoZ, karmatosed, afercia.
Fixes#39074.
Built from https://develop.svn.wordpress.org/trunk@48373
git-svn-id: http://core.svn.wordpress.org/trunk@48142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- improves checkboxes alignment on the "Plugins" page table in the responsive view
- improves spacing between form controls on the "Add Plugins" page in the responsive view
- the layout of the "filter bar" on the "Add Plugins" page is now based on CSS Flexbox
- removes italic type from a paragraph in the "Favorites" page
Props passoniate, garethgillman, maxpertici, audrasjb, sabernhardt, afercia.
See #47327.
Fixes#49231.
Built from https://develop.svn.wordpress.org/trunk@48281
git-svn-id: http://core.svn.wordpress.org/trunk@48050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This PR adds a new color scheme option, which uses a high luminosity blue spot color, almost-black menu, and pure white for menu items.
This helps increase contrast, and bring more consistency with some of the higher contrast colors used in the block editor.
Props joen, ibdz, shaunandrews.
Fixes#50504.
Built from https://develop.svn.wordpress.org/trunk@48277
git-svn-id: http://core.svn.wordpress.org/trunk@48046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Swaps the DOM order of the two main columns within the admin Image Editor.
When the sequence in which content is presented affects its meaning and the navigation sequences affect meaning or operation, visual order and DOM order must match. See WCAG 2.1 Success Criterion 1.3.2 Meaningful Sequence and Success Criterion 2.4.3 Focus Order.
Props sabernhardt, anevins, audrasjb, afercia.
Fixes#47136.
Built from https://develop.svn.wordpress.org/trunk@48265
git-svn-id: http://core.svn.wordpress.org/trunk@48034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These endpoints facilitate the Block Directory Inserter feature in Gutenberg. Users can now install, activate, deactivate, and delete plugins over the REST API. The block directoryendpoint allows searching for available blocks from the WordPress.org block directory.
Props cklee, talldanwp, noisysocks, joen, soean, youknowriad, dufresnesteven, gziolo, dd32, tellyworth, ryelle, spacedmonkey, TimothyBlynJacobs.
Fixes#50321.
Built from https://develop.svn.wordpress.org/trunk@48242
git-svn-id: http://core.svn.wordpress.org/trunk@48011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the filters were hidden for single posts or attachments, which could only be achieved by editing the URL manually.
The `is_singular()` check was added long before the list tables were introduced, and appears to no longer serve any purpose in the current code.
As a side effect, this resolves an issue where a non-existing attachment ID in the URL would block further search in Media Library.
Props afercia, tomdude, audrasjb, bencroskery, desrosj, SergeyBiryukov.
Fixes#38221.
Built from https://develop.svn.wordpress.org/trunk@48240
git-svn-id: http://core.svn.wordpress.org/trunk@48009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improves accessibility of the "Copy this section" button and "Return to Top" link:
- uses `setTimeout()` and `clearTimeout()` to properly handle the "Copied!" text
- simplifies the button text by removing the redundant visually hidden text
- fixes the mismatching visual and DOM order of the Copy button and the "Return to Top" link
- improves the "Return to Top" links by providing real page fragment identifiers, when possible
- hides the "Return to Top" up arrow from assistive technologies
- minor coding standards
Props afercia, garrett-eclipse.
See #48463, #50322.
Fixes#50335.
Built from https://develop.svn.wordpress.org/trunk@48234
git-svn-id: http://core.svn.wordpress.org/trunk@48003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, various screens in the WordPress admin provided users with a readonly input field to copy the attachment file URL. Manually copying from a readonly field is an annoying task at best even for mouser users. It's a usability and accessibility issue at the same time.
These fields now have a new "Copy URL" button that is easy to use and accessible to everyone.
Props theolg, markdubois, vabrashev, sajjad67, xkon, nrqsnchz, melchoyce, audrasjb, afercia.
See #41612, #50322, #50335.
Fixes#48463.
Built from https://develop.svn.wordpress.org/trunk@48232
git-svn-id: http://core.svn.wordpress.org/trunk@48001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds some extra details to the message:
* The current PHP or WordPress version.
* The plugin's minimum required PHP or WordPress version.
* A link to the support documentation on how to update PHP.
Props stuffradio, johnbillion, garrett-eclipse, sabernhardt, williampatton, SergeyBiryukov.
Fixes#48245.
Built from https://develop.svn.wordpress.org/trunk@48172
git-svn-id: http://core.svn.wordpress.org/trunk@47941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When files are copied into place, check whether opcode invalidation is available and attempt to invalidate to avoid unintended behavior or fatal errors from themes, plugins, or core.
Introduces `wp_opcache_invalidate()` to allow safe invalidation of PHP files from opcode cache, and a filter, `wp_opcache_invalidate_file` to override the behavior.
Replaces the existing calls to `opcache_invalidate()` in the plugin and theme editors to use the new function.
Thanks to jnylen0 for porting over a patch from ClassicPress that provided much of the approach for what is being committed.
Props nigro.simone, dd32, JasWSInc, szepe.viktor, swissspidy, JanR, asalce, Garavani, pavelevap, pputzer, GregLone, benoitchantre, jadonn, doc987, kraftbj, Krstarica, jnylen0, nextendweb, williampatton, ayeshrajans, joostdevalk, stevenkussmaul, boogah, jorbin, mikeschroder.
Fixes#36455, #50354.
Built from https://develop.svn.wordpress.org/trunk@48160
git-svn-id: http://core.svn.wordpress.org/trunk@47929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_update_comment_data` filter introduced in 4.7 allows comment data to be filtered before it is updated in the database.
The patch aims to handle `WP_Error` as the filter above return value in a similar manner as is done for `wp_new_comment()`.
Fixes#39732.
Props: enricosorcinelli, swissspidy, gkloveweb, jnylen0, jbpaul17, afercia, SergeyBiryukov, audrasjb, imath, davidbaumwald.
Built from https://develop.svn.wordpress.org/trunk@48154
git-svn-id: http://core.svn.wordpress.org/trunk@47923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes the API a little more clear, whereas setting `false` used to mean `asc` and `true` meant `desc`, you can now use those directly, while maintaining back-compat.
Fixes#45089.
Props Tkama, SergeyBiryukov, shital-patel, desrosj, birgire, davidbaumwald.
Built from https://develop.svn.wordpress.org/trunk@48151
git-svn-id: http://core.svn.wordpress.org/trunk@47920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the link still makes sense when read out of context by assistive technologies.
Additionally, underline the link per the accessibility coding standards.
Props samful, afercia, williampatton, audrasjb.
Fixes#50338.
Built from https://develop.svn.wordpress.org/trunk@48146
git-svn-id: http://core.svn.wordpress.org/trunk@47915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per WCAG 2.0 guidelines, big chunks of italic text should be avoided for better accessibility.
Additionally, replace the legacy `.error` class for "You deactivated this plugin and may no longer need this policy" message with `.notice-info`.
Follow-up to [47147], [48116].
Props afercia, audrasjb.
See #47327, #44621.
Built from https://develop.svn.wordpress.org/trunk@48145
git-svn-id: http://core.svn.wordpress.org/trunk@47914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new names make the purpose more clear. It also adds consistency with the `$allowed_options` global variable.
Also in this change, the `wp-deprecated` dependency has been removed from the password strength meter in favor of a `window.console.log()` call to avoid adding 3 dependencies for one deprecated notice.
Props SergeyBiryukov, ocean90, desrosj
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48142
git-svn-id: http://core.svn.wordpress.org/trunk@47911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a user selects the top option, then chooses a different option, the top selection takes precedence. This update gives a new name to the bottom action, ensuring the proper update is carried out.
Fixes 46872.
Props clayray, garrett-eclipse, subrataemfluence.
Built from https://develop.svn.wordpress.org/trunk@48134
git-svn-id: http://core.svn.wordpress.org/trunk@47903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes several improvements to the emails sent to site admins when plugin and theme auto-updates are attempted.
- Emails are now specifically tailored to the three results (success, failed, or mixed).
- Subject lines and body copy for mixed and failed results now correctly convey the importance of double checking the site in question.
- The site’s URL is now included in all emails.
- When failures occur, links to the Plugins and/or Themes pages in the admin are now included so that site owners can easily take action.
Props audrasjb, desrosj, azaozz, garrett-eclipse, paaljoachim, johnbillion, marybaum, pbiron.
Follow up to [47835].
See #50052.
Fixes#50268.
Built from https://develop.svn.wordpress.org/trunk@48123
git-svn-id: http://core.svn.wordpress.org/trunk@47892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a post is in the trash, the comments bubble won't link to the comments list.
Fixes: #37826.
Props: swissspidy, helen, FolioVision, DrewAPicture, stevenlinx, donmhico, birgire, garrett-eclipse, andraganescu, johnbillion.
Built from https://develop.svn.wordpress.org/trunk@48050
git-svn-id: http://core.svn.wordpress.org/trunk@47817 1a063a9b-81f0-0310-95a4-ce76da25c4cd