Removes the automatic addition of `rel="noopener noreferrer"` from links targeting a new tab or window, `target='_blank'`. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.
Deprecates:
* `wp_targeted_link_rel()`
* `wp_targeted_link_rel_callback()`
* `wp_init_targeted_link_rel_filters()`: converted to a noop function
* `wp_remove_targeted_link_rel_filters()`: converted to a noop function
The deprecated functions are retained in `formatting.php` as in `SHORTINIT` mode the file is included while `deprecated.php` is not.
This also removes the `noopener` from links hard coded within the WordPress dashboard linking to documentation and other resources.
Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes#53843.
Built from https://develop.svn.wordpress.org/trunk@59120
git-svn-id: http://core.svn.wordpress.org/trunk@58516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make it easier to enter digits in datetime text fields on mobile devices, instead of opening the full keyboard.
Follow-up to [43], [1506], [2998], [3648], [6078], [6989], [7285], [7338], [20168], [20217], [28730], [32945], [49283].
Props sabernhardt.
Fixes#62109.
Built from https://develop.svn.wordpress.org/trunk@59114
git-svn-id: http://core.svn.wordpress.org/trunk@58510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the seventh part in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the seventh of twelve groups, the `wp-dropins` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/pull/7418
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59100
git-svn-id: http://core.svn.wordpress.org/trunk@58496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the sixth part in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the sixth of twelve groups, the `wp-media` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/pull/7356
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59060
git-svn-id: http://core.svn.wordpress.org/trunk@58456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`set_time_limit` can cause unexpected behavior so it general should be avoided. There are instances though where they should be used so those instances should be properly documented.
Props Rcrayno, ryan, kurtpayne, jorbin.
Fixes#21521. See #19487.
Built from https://develop.svn.wordpress.org/trunk@59039
git-svn-id: http://core.svn.wordpress.org/trunk@58435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part five in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the fifth of twelve groups, the `wp-mu-plugins` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/7305
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59011
git-svn-id: http://core.svn.wordpress.org/trunk@58407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part four in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the fourth of twelve groups, the `wp-server` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/7283
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, costdev, dmsnell, kebbet, mukesh27.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@59002
git-svn-id: http://core.svn.wordpress.org/trunk@58398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
During a refactor to modularize the debug data class, it came up that the ordering of the sections inside of the returned debug info is relevant to existing UIs, as they iterate the array, which happens in insertion order.
This patch presets each section at the start to ensure that the ordering remains consistent even as code within the method is rearranged. As the mini-project progresses, this assignment will be the final place all the sections are referenced.
Developed in https://github.com/WordPress/wordpress-develop/pull/7289
Discussed in https://core.trac.wordpress.org/ticket/61648
Props apermo, dmsnell, sergeybiryukov.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58996
git-svn-id: http://core.svn.wordpress.org/trunk@58392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a guard to verify the result of `get_post_type_object()` before retrieving the `all_items` label, as the function returns `null` if the post type does not exist.
Follow-up to [24527].
Props pcarvalho, akshat280, mukesh27, SergeyBiryukov.
Fixes#60947.
Built from https://develop.svn.wordpress.org/trunk@58983
git-svn-id: http://core.svn.wordpress.org/trunk@58379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is recommended that for every option it is explicitly set whether to autoload it or not. This changeset updates relevant `update_option()` and `add_option()` calls.
Note that the `$autoload` parameter is only needed for `update_option()` if the option is potentially not present yet, i.e. the call will pass through to `add_option()`. Since WordPress core adds the majority of its options to the database during installation, only `update_option()` calls for dynamically added options need to be modified, which is what this changeset does.
As part of revisiting the autoload values for dynamically added WordPress core options, this changeset modifies some options to no longer be autoloaded, since they are only accessed in a few specific places that are not relevant for a regular request. These options are:
* `recently_activated`
* `_wp_suggested_policy_text_has_changed`
* `{upgradeLock}.lock`
* `dashboard_widget_options`
* `ftp_credentials`
* `adminhash`
* `nav_menu_options`
* `wp_force_deactivated_plugins`
* `delete_blog_hash`
* `allowedthemes`
* `{sessionId}_paused_extensions`
* `recovery_keys`
* `https_detection_errors`
* `fresh_site`
An upgrade routine is present as well that sets those options to no longer autoload for existing sites.
Props pbearne, flixos90, mukesh27, swissspidy, SergeyBiryukov, joemcgill, adamsilverstein.
Fixes#61103.
Built from https://develop.svn.wordpress.org/trunk@58975
git-svn-id: http://core.svn.wordpress.org/trunk@58371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part three in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.
This patch separates the third of twelve groups, the `wp-database` info, into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/7143
Discussed in https://core.trac.wordpress.org/ticket/61648
Props dmsnell, kebbet, apermo.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58964
git-svn-id: http://core.svn.wordpress.org/trunk@58360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change `browsePopup` to use `onkeydown`, pass the `event` parameter from the calling control, and adjust variable naming style.
The `browsePopup` method used for the image rotation menu used `onkeyup` to trigger events, which prevented capturing browser scroll actions with arrows occurring on `onkeydown`.
Props afercia, deepakvijayan, nirajgirixd, joedolson, antpb.
Fixes#60548.
Built from https://develop.svn.wordpress.org/trunk@58946
git-svn-id: http://core.svn.wordpress.org/trunk@58342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset does not modify any behavior, it only updates the code to use the recommended type for the `$autoload` parameter as of WordPress 6.6. The old values 'yes' and 'no' are only maintained in certain tests that are explicitly about these backward compatibility values.
Props flixos90, joemcgill, mukesh27.
Fixes#61939.
See #61103, #61929.
Built from https://develop.svn.wordpress.org/trunk@58945
git-svn-id: http://core.svn.wordpress.org/trunk@58341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to avoid a security warning in Chrome, which could previously be triggered even if the default value is not actually used as a password.
Follow-up to [208], [230], [233], [662], [1599], [1601]
Props adamkheckler, sabernhardt, peterwilsoncc, psykro, petitphp.
Fixes#61332.
Built from https://develop.svn.wordpress.org/trunk@58928
git-svn-id: http://core.svn.wordpress.org/trunk@58324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit reuses `WP_Automatic_Updater::is_allowed_dir()` in the Site Health test to avoid a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [44986], [55425].
Props Keffr3n, narenin.
Fixes#61834.
Built from https://develop.svn.wordpress.org/trunk@58921
git-svn-id: http://core.svn.wordpress.org/trunk@58317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The admin image editor crop function introduced rounding errors by using a scaled image to calculate values. Fix uses the image at 100% scale for calculations. Also avoid recalculating selection when the selection position is changed, and prevent incorrect values after scaling or restoration.
Previously committed in [58456] and reverted in [58571]. The revert was due to a misattributed test failure.
Props Jossnaz, johnillo, shailu25, rachelbaker, sudipatel007, joedolson, kevin940726 , andrewserong, hmbashar.
Fixes#32282.
Built from https://develop.svn.wordpress.org/trunk@58915
git-svn-id: http://core.svn.wordpress.org/trunk@58311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp-content/upgrade` directory does not exist initially after installation, so the Site Health check could not determine the available disk space until the directory was subsequently created during an update.
By testing `WP_CONTENT_DIR` instead, the check can complete successfully.
This also brings consistency with similar checks in `_unzip_file_ziparchive()` and `_unzip_file_pclzip()`.
Follow-up to [55720], [56401].
Props wbdv, khokansardar, mi5t4n, SergeyBiryukov.
Fixes#61602.
Built from https://develop.svn.wordpress.org/trunk@58913
git-svn-id: http://core.svn.wordpress.org/trunk@58309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes duplicate IDs on the post list admin pages affecting various list items, selects and checkboxes:
* JavaScript duplication of the inline editing HTML for bulk editing renames various IDs to include the prefix `bulk-edit-`,
* IDs in the Category Checkbox Walker make use of `wp_unique_prefixed_id()` to avoid duplicates, resulting in a numeric suffix, and,
* the post parent dropdown for the bulk editor is given a custom ID `bulk_edit_post_parent`.
Props peterwilsoncc, sergeybiryukov, azaozz, joedolson, siliconforks, zodiac1978, rcreators.
Fixes#61014.
Built from https://develop.svn.wordpress.org/trunk@58894
git-svn-id: http://core.svn.wordpress.org/trunk@58290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the part two in a larger modularization of the data in `WP_Debug_Data`.
Previously this was a single massive method drawing in debug data from various
groups of related data, where the groups were independent from each other.
This patch separates the second of twelve groups, the `wp-constants` info,
into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible
for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/pull/7106
Discussed in https://core.trac.wordpress.org/ticket/61648
Props: apermo, costdev, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58855
git-svn-id: http://core.svn.wordpress.org/trunk@58251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Automatically create a JPEG version of uploaded HEIC images if the server has
a version of Imagick that supports HEIC. Conversion is done silently through
the existing `WP_Image_Editor` infrastructure that creates multiple sizes of
uploaded images.
This allows users to view HEIC images in WP Admin and use them in their posts
and pages regardless of whether their browser supports HEIC. Browser support
for HEIC is relatively low (only Safari) while the occurrence of HEIC images is
relatively common. The original HEIC image can be downloaded via a link on
the attachment page.
Props adamsilverstein, noisysocks, swissspidy, spacedmonkey, peterwilsoncc.
Fixes#53645.
Built from https://develop.svn.wordpress.org/trunk@58849
git-svn-id: http://core.svn.wordpress.org/trunk@58245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a fatal error if `strict_types` PHP setting is enabled:
{{{
Argument #1 ($num) must be of type float, string given
}}}
Since the goal of the Site Health Info screen is to display raw values where possible, the `number_format()` call here does not seem to provide any benefit.
Props krishneup, sabernhardt, audrasjb, SergeyBiryukov.
Fixes#60364.
Built from https://develop.svn.wordpress.org/trunk@58847
git-svn-id: http://core.svn.wordpress.org/trunk@58243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the message more accurate by referring to the version of PHP currently recommended by WordPress, not the current version of PHP.
Follow-up to [44986], [46267], [47254].
Props swb1192, psykro, swissspidy, joemcgill, mukesh27, aristath.
See #61623.
Built from https://develop.svn.wordpress.org/trunk@58832
git-svn-id: http://core.svn.wordpress.org/trunk@58228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first part in a larger modularization of the data in `WP_Debug_Data`.
Previously this was a single massive method drawing in debug data from various
groups of related data, where the groups were independent from each other.
This patch separates the first of twelve groups, the `wp-filesystem` info,
into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible
for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/pull/7065
Discussed in https://core.trac.wordpress.org/ticket/61648
Props: afragen, apermo, costdev, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58830
git-svn-id: http://core.svn.wordpress.org/trunk@58226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.
Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.
Props debarghyabanerjee, afragen, costdev.
See #61627.
Built from https://develop.svn.wordpress.org/trunk@58813
git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace links to en.gravatar.com with links to gravatar.com as the english site now uses the base domain. This avoids an unnecessary redirect for english language sites.
The links remain translatable for non-english versions of WordPress.
Props narenin, knutsp.
Fixes#61424.
Built from https://develop.svn.wordpress.org/trunk@58810
git-svn-id: http://core.svn.wordpress.org/trunk@58206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit:
* Removes various comments referencing PHP versions which are no longer supported.
* Removes various comments containing “hints” of things to do after a particular PHP version drop. These hints are incorrect/not actionable for various reasons, so have no value:
* Even though a function could be turned into a closure, removing the function would be a backward compatibility break which is not acceptable, so this suggestion is not actionable.
* Short ternaries are forbidden by the coding standard exactly to prevent the faulty code suggested in the comment from getting into the codebase.
Follow-up to [1243/tests], [6543], [11816], [29861], [29864], [34928], [35369], [36698], [38694], [50786], [58678].
Props jrf, ayeshrajans.
See #61574.
Built from https://develop.svn.wordpress.org/trunk@58682
git-svn-id: http://core.svn.wordpress.org/trunk@58084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `WP_Plugins_List_Table::add_dependencies_to_dependent_plugin_row()`, a `sprintf()` call previously wrapped the `%2$s` placeholder in paragraph tags.
[57769] changed the placeholder's value to use `wp_get_admin_notice()`, which returns a paragraph-wrapped notice by default. As a result, the previous paragraph tags produced an extra, empty paragraph.
This removes the paragraph tags around the `%2$s` placeholder.
Follow-up to [57545], [57714], [57769].
Props mukesh27.
Fixes#61546.
Built from https://develop.svn.wordpress.org/trunk@58616
git-svn-id: http://core.svn.wordpress.org/trunk@58049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Cast crop values to integers to prevent PHP error caused by implicit conversion from `float` to `int` values when cropping images using ImageMagick.
Props skithund, mai21, nicomollet, amanias1977, joedolson.
Fixes#59782.
Built from https://develop.svn.wordpress.org/trunk@58457
git-svn-id: http://core.svn.wordpress.org/trunk@57906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The admin image editor crop function introduced rounding errors by using a scaled image to calculate values. Fix uses the image at 100% scale for calculations. Also avoid recalculating selection when the selection position is changed, and prevent incorrect values after scaling or restoration.
Props Jossnaz, johnillo, shailu25, rachelbaker, sudipatel007, joedolson.
Fixes#32282.
Built from https://develop.svn.wordpress.org/trunk@58456
git-svn-id: http://core.svn.wordpress.org/trunk@57905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [58128], additional maintenance mode calls were added to the automatic updates process. However, there is an early return if a 'core' automatic update fails.
Maintenance mode isn't disabled until later in the `WP_Automatic_Updater::update()` method. This means that maintenance mode may continue to be enabled despite the core update being treated as a skipped update.
This disables maintenance mode before the early return.
Follow-up to [58128].
Props costdev, hellofromTonya, peterwilsoncc.
Fixes#61459. See #58281.
Built from https://develop.svn.wordpress.org/trunk@58436
git-svn-id: http://core.svn.wordpress.org/trunk@57885 1a063a9b-81f0-0310-95a4-ce76da25c4cd