Commit Graph

48301 Commits

Author SHA1 Message Date
Adam Silverstein 77582c4be9 Security: remove the cron event that checked for https support.
Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter  which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.


Built from https://develop.svn.wordpress.org/trunk@56664


git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:08:19 +00:00
joedolson 61ed1cb48e Administration: Remove duplicate `wp_admin_notice()` call.
Remove duplicate success message displayed in `wp-admin/upload.php`. Follow up to [56573].

Props davidbinda.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56663


git-svn-id: http://core.svn.wordpress.org/trunk@56175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:19:19 +00:00
joedolson 4b17383d2c Code Modernization: Rename reserved keyword used as variable.
Change the `$echo` parameter added to `wp_update_php_annnotation()` to `$display` to avoid using reserved PHP keywords as parameters. Follow up to [56570].

Props kebbet, mukesh27.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56662


git-svn-id: http://core.svn.wordpress.org/trunk@56174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:14:16 +00:00
desrosj da9f594a55 Build/Test Tools: Introduce install and upgrade testing workflows.
This introduces GitHub Action workflows for testing the installation and upgrade process to ensure there are no unexpected issues. The goal of these workflows is to replicate some of the manual testing that happens during the release process. This does not replace that testing which is a fantastic, low barrier way for someone newer to contributing to get involved. Instead, it should serve as an additional sanity check to ensure no combinations are missed.

The installation workflow tests installing the latest or specified version of WordPress on all PHP and MySQL version combinations for both single and multisite.

The upgrade testing will test upgrading from each branch that still receives security updates to the latest or specified version on all PHP and MySQL version combinations for both single and multisite.

Both workflows confirm that no errors are encountered when using WP-CLI to install or upgrade WordPress. No test assertions of any type are currently performed, but adding some will be explored.

Props costdev, azaozz, ironprogrammer, desrosj.
See #58977.
Built from https://develop.svn.wordpress.org/trunk@56661


git-svn-id: http://core.svn.wordpress.org/trunk@56173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 17:43:21 +00:00
desrosj e3954daefa Build/Test Tools: Simplify some logic in GitHub Action workflows.
This simplifies the logic within the `slack-notifications` and `failed-workflow` steps in GitHub Action workflows to use the `contains()` function and object filtering.

This makes it simpler to perform the needed checks by removing the need to list out every single dependent job defined in `needs`.

See #58867.
Built from https://develop.svn.wordpress.org/trunk@56660


git-svn-id: http://core.svn.wordpress.org/trunk@56172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 14:29:17 +00:00
desrosj ecf275f1c3 Build/Test Tools: Update the environment variable for skipping browser binaries.
This changes the environment variable used in GitHub Action workflows to skip downloading the browser binary that’s a peer dependency when it’s not needed.

In [56647], the version of `puppeteer` peer-dependency was bumped to `>= 20.0.0`. Starting in version `20.0.0`, puppeteer switched to using Chrome for testing instead of Chromium. With this release, the `PUPPETEER_SKIP_CHROMIUM_DOWNLOAD` environment variable was removed in favor of the more generic `PUPPETEER_SKIP_DOWNLOAD`.

All workflows that do not need a browser binary now contain the correct `PUPPETEER_SKIP_CHROMIUM_DOWNLOAD` variable.

Follow up to [56647].

See #58863.
Built from https://develop.svn.wordpress.org/trunk@56659


git-svn-id: http://core.svn.wordpress.org/trunk@56171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 13:57:18 +00:00
Sergey Biryukov 2d7e5afa3e Media: Use correct option name for attachment pages in `upgrade_640()`.
Follow-up to [56657].

See #57913.
Built from https://develop.svn.wordpress.org/trunk@56658


git-svn-id: http://core.svn.wordpress.org/trunk@56170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 01:18:18 +00:00
Sergey Biryukov 229d32f6d7 Media: Disable attachment pages for new installations.
WordPress creates attachment pages by default for every attachment uploaded. On the vast majority of sites, these attachment pages don't contain any meaningful information. They do however exist, get indexed by search engines, and sometimes even rank in search results, leading to bad results for users and site owners.

This commit introduces a `wp_attachment_pages_enabled` database option to control the attachment pages behavior:

* On existing sites, the option is set to `1` on upgrade, so that attachment pages continue to work as is.
* For new sites, the option is set to to `0` by default, which means attachment pages are redirected to the attachment URL.
* Sites that want to enable or disable the attachment pages can set the option to `1` or `0`, respectively.

Follow-up to [2958], [3303], [7149], [34690].

Props aristath, poena, afercia, joostdevalk, jonoaldersonwp, azaozz, johnbillion, joedolson, basiliskan, audrasjb, davelo, rilwis, manfcarlo, tyxla, garrett-eclipse, seedsca, eatingrules, matveb, antpb, zodiac1978, oglekler, zunaid321, costdev, SergeyBiryukov.
Fixes #57913.
Built from https://develop.svn.wordpress.org/trunk@56657


git-svn-id: http://core.svn.wordpress.org/trunk@56169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 00:04:41 +00:00
spacedmonkey d211ad45b1 Query: Improved handling of filtered queries in WP_Query.
The `WP_Query` class enables developers to customize queries using filters like `posts_fields_request`, `posts_request`, and `the_posts`, which can modify both the queried fields and retrieved post objects. In some cases with these filters, incomplete or invalid post objects lacking essential data may arise. To address this, if any of these filters are active during a query, the `get_posts` method now avoids caching post objects with the usual `update_post_caches` function call, opting for a call to `_prime_post_caches` instead. This may occasionally trigger new database queries to prime the post data cache. While this enhancement may result in rare additional database queries, it ensures that invalid post objects aren't cached, prioritizing data consistency and integrity in filtered query scenarios.

Props saulirajala, spacedmonkey, flixos90, mukesh27, peterwilsoncc.
Fixes #58599.
Built from https://develop.svn.wordpress.org/trunk@56656


git-svn-id: http://core.svn.wordpress.org/trunk@56168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 19:34:18 +00:00
desrosj ced31b7c58 HTTP API: Deprecate `WP_Http_Curl` and `WP_Http_Streams` classes.
These classes have not been used in WordPress Core since the Requests library was introduced in [37428]. These classes are now deprecated in favor of `WP_Http`.

There are two remaining spots in Core that reference these classes:
- The `WP_Http::_dispatch_request()` method, which was marked as deprecated in favor of `WP_Http::request()` in [42766]/[44346].
- The `WP_Http::_get_first_available_transport()`.

That latter is now also marked as deprecated in favor of `\WpOrg\Requests\Requests::get_transport_class()`.

Props SergeyBiryukov, rajinsharwar, hellofromTonya.
Fixes #58705.
Built from https://develop.svn.wordpress.org/trunk@56655


git-svn-id: http://core.svn.wordpress.org/trunk@56167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:29:12 +00:00
joedolson 491a21da64 Login and Registration: Improve HTML for errors and notices.
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group. 

Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes #30685.
Built from https://develop.svn.wordpress.org/trunk@56654


git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:24:15 +00:00
joedolson 198543cf2f Coding Standards: Remove unused variable `el` in monitorPopup.
Remove an unused variable to resolves coding standards failure. Follow up to [56651].

Props joedolson.
See #58756.
Built from https://develop.svn.wordpress.org/trunk@56653


git-svn-id: http://core.svn.wordpress.org/trunk@56165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:04:16 +00:00
joedolson 665928659b Media: Close image rotation menu when not focused.
Implement a focus monitor so that if user focus moves away from the image rotation menu, it closes and doesn't block the image editing canvas. Follow up to [56239], [55919].

Props nithi22, deepakvijayan, dharm1025, faisal03.
Fixes #58756.
Built from https://develop.svn.wordpress.org/trunk@56652


git-svn-id: http://core.svn.wordpress.org/trunk@56164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 17:49:18 +00:00
Felix Arntz cd11ddbac1 Media: Introduce filters to customize the results from `wp_get_loading_optimization_attributes()`.
This changeset introduces two filters that allow customizing the loading optimization attributes array returned from `wp_get_loading_optimization_attributes()` for individual HTML tags:
* The `wp_get_loading_optimization_attributes` filter can be used to modify the results from the WordPress core logic.
* The `pre_wp_get_loading_optimization_attributes` filter can be used to use entirely custom logic and effectively short-circuit the core function.

Props pereirinha, mukesh27, spacedmonkey, joemcgill.
Fixes #58893.

Built from https://develop.svn.wordpress.org/trunk@56651


git-svn-id: http://core.svn.wordpress.org/trunk@56163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:38:15 +00:00
spacedmonkey c4c54f035c Taxonomy: Stop double sanitization in get_term function.
In the `get_term` function, the filter method is invoked on the `WP_Term` object, which subsequently triggers the execution of `sanitize_term`. The filter method is also executed within `WP_Term::get_instance`.

A common scenario when calling the `get_term` function is to invoke the function with an integer ID for the term and a filter set to "raw." This results in a call to `WP_Term::get_instance`. However, since both `get_term` and `WP_Term::get_instance` invoke the filter method, it leads to double sanitization of the term.

Considering that `get_term` may be called thousands of times on a page, especially when priming a large number of terms into memory, this redundancy can result in thousands of unnecessary calls to `sanitize_term`. Performing the same sanitization operation twice with the same parameters is wasteful and detrimental to performance.

To address this issue, the code has been updated to execute the filter method only when the filter parameter does not match or when changes have been made to the term object within the get_term hook. This optimization ensures that the filter is applied selectively, mitigating performance concerns and avoiding unnecessary sanitization calls.

Props spacedmonkey, flixos90, costdev, mukesh27, joemcgill, oglekler, peterwilsoncc.
Fixes #58329.
Built from https://develop.svn.wordpress.org/trunk@56650


git-svn-id: http://core.svn.wordpress.org/trunk@56162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:36:20 +00:00
Bernhard Reiter 6bf6244dc7 Blocks: Implement automatic block insertion into Block Hooks.
Block Hooks allow a third-party block to specify a position relative to a given block into which it will then be automatically inserted (e.g. a "Like" button block can ask to be inserted after the Post Content block, or an eCommerce shopping cart block can ask to be inserted after the Navigation block).

The underlying idea is to provide an extensibility mechanism for Block Themes, in analogy to WordPress' [https://developer.wordpress.org/plugins/hooks/ Hooks] concept that has allowed extending Classic Themes through filters and actions.

The two core tenets for Block Hooks are:

1. Insertion into the frontend should happen right after a plugin containing a hooked block is activated (i.e. the user isn't required to insert the block manually in the editor first); similarly, disabling the plugin should remove the hooked block from the frontend.
2. The user has the ultimate power to customize that automatic insertion: The hooked block is also visible in the editor, and the user's decision to persist, dismiss (i.e. remove), customize, or move it will be respected (and reflected on the frontend).

To account for both tenets, the **tradeoff** was made to limit automatic block insertion to unmodified templates (and template parts, respectively). The reason for this is that the simplest way of storing the information whether a block has been persisted to (or dismissed from) a given template (or part) is right in the template markup.

To accommodate for that tradeoff, [https://github.com/WordPress/gutenberg/pull/52969 UI controls (toggles)] are being added to increase visibility of hooked blocks, and to allow for their later insertion into templates (or parts) that already have been modified by the user.

For hooked blocks to appear both in the frontend and in the editor (see tenet number 2), they need to be inserted into both the frontend markup and the REST API (templates and patterns endpoints) equally. As a consequence, this means that automatic insertion couldn't (only) be implemented at block ''render'' stage, as for the editor, the ''serialized'' (but ''unrendered'') markup needs to be modified.

Furthermore, hooked blocks also have to be inserted into block patterns. Since practically no filters exist for the patterns registry, this has to be done in the registry's `get_registered` and `get_all_registered` methods.

Props gziolo.
Fixes #59313.
Built from https://develop.svn.wordpress.org/trunk@56649


git-svn-id: http://core.svn.wordpress.org/trunk@56161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:18:17 +00:00
Felix Arntz b2a2411fcd Options, Meta APIs: Add further test coverage for comparison between old and new option value.
This ensures potential future changes to the logic are covered by existing tests that should pass before and after.

Props joemcgill.
See #22192.

Built from https://develop.svn.wordpress.org/trunk@56648


git-svn-id: http://core.svn.wordpress.org/trunk@56160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 15:23:16 +00:00
desrosj 3c8457e747 Build/Test Tools: Update build related dependencies to their latest versions.
This updates the following npm dependencies:
- `autoprefixer` to version `10.4.16`.
- `grunt-contrib-qunit` to version `8.0.1`.
- `postcss` to version `8.4.30`.
- `react-refresh` to version `0.14.0`.
- `sass` to version `1.68.0`.
- `sinon` to version `16.0.0`.
- `uuid` to version `9.0.1`.
- `tslib` to version `2.6.2`.

This change accompanies a similar one in the Gutenberg repository: https://github.com/WordPress/gutenberg/pull/54657.

Props gziolo, desrosj.
Fixes #58863.
Built from https://develop.svn.wordpress.org/trunk@56647


git-svn-id: http://core.svn.wordpress.org/trunk@56159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 13:26:32 +00:00
desrosj 1df2b50c43 External Libraries: Update the `polyfill-library` package.
This updates the `wp-polyfill-node-contains` and `'wp-polyfill-dom-rect` scripts to the latest version, `4.8.0`.

These scripts are no longer used by WordPress Core, but are kept up to date as a courtesy.

Props rajinsharwar, hrshahin, oglekler.
Fixes #59077.
Built from https://develop.svn.wordpress.org/trunk@56646


git-svn-id: http://core.svn.wordpress.org/trunk@56158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 12:28:33 +00:00
Sergey Biryukov ae8ddcf935 REST API: Remove unused variable in `WP_REST_Server::match_request_to_handler()`.
Previously initialized in `WP_REST_Server::dispatch()`, the `$response` variable became unused when the logic was split into two new methods, `::match_request_to_handler()` and `::respond_to_request()`.

Follow-up to [34928], [48947].

Props upadalavipul, mukesh27.
Fixes #59420.
Built from https://develop.svn.wordpress.org/trunk@56645


git-svn-id: http://core.svn.wordpress.org/trunk@56157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 12:19:17 +00:00
Bernhard Reiter f6307ff5fc Blocks: Change `traverse_and_serialize_block(s)`'s callback signature.
During work on #59399, it was discovered that ''sibling'' block insertion wasn't likely going to work the way it was planned, which required devising an alternative solution. This new solution requires some changes to `traverse_and_serialize_block(s)`:

- Change the signature of the existing callback such that:
  - the return value is a string that will be prepended to the result of the inner block traversal and serialization;
  - the function arguments are: a ''reference'' to the current block (so it can be modified inline, which is important e.g. for `theme` attribute insertion), the parent block, and the previous block (instead of the block index and chunk index).
- Add a second callback argument to `traverse_and_serialize_block(s)`, which is called ''after'' the block is traversed and serialized.
  - Its function arguments are a reference to the current block, the parent block, and the next block.

Props gziolo.
Fixes #59412. See #59313.
Built from https://develop.svn.wordpress.org/trunk@56644


git-svn-id: http://core.svn.wordpress.org/trunk@56156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 08:34:18 +00:00
isabel_brison 2f5d2da8f8 Editor: add lightbox setting.
Adds lightbox as a valid setting to `WP_Theme_JSON` class and as an image block setting in theme.json.

Props czapla, costdev, desrosj.
Fixes #59393.

Built from https://develop.svn.wordpress.org/trunk@56643


git-svn-id: http://core.svn.wordpress.org/trunk@56155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 06:35:20 +00:00
isabel_brison 9ba50bb623 Taxonomy: add taxonomy for user pattern categories.
Adds a `wp_pattern_category` taxonomy linked to the `wp-block` object.

Props glendaviesnz, kebbet, desrosj, mamaduka.
Fixes #59379.

Built from https://develop.svn.wordpress.org/trunk@56642


git-svn-id: http://core.svn.wordpress.org/trunk@56154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 04:25:22 +00:00
Felix Arntz 091e385f8d Themes: Fix fatal error in `load-styles.php`.
Following [56635], a fatal error occurred in `load-styles.php` leading to admin styles not working, because of a `has_filter()` call being added to `get_stylesheet_director()` and `get_template_directory()`.

This changeset adds `has_filter()` to `wp-admin/includes/noop.php` to prevent such errors. The lack of loading the function does not cause any unintended side effects itself.

Props iandunn, adamsilverstein.
Fixes #59417.
See #18298.

Built from https://develop.svn.wordpress.org/trunk@56641


git-svn-id: http://core.svn.wordpress.org/trunk@56153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 01:27:26 +00:00
isabel_brison 3c22144a0d Editor: fix typo in `css_var` doc update.
Fixes a type in the doc update in [56630].

Props ramonopoly, audrasjb, costdev.
Fixes #59401.

Built from https://develop.svn.wordpress.org/trunk@56640


git-svn-id: http://core.svn.wordpress.org/trunk@56152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 00:18:23 +00:00
joedolson 48dfebac74 Administration: Improve control proximity in theme details modal.
Make the theme details modals in the Customizer and at Appearance > Themes consistent. Change the order of controls so both modals are in the same sequence, center all controls in both desktop and mobile views, and change delete link color to meet color contrast requirements.

Props trishasalas, afercia, melchoyce, karmatosed, cathibosco1, michaelarestad, joedolson, petitphp, mikinc860.
Fixes #59372. See #59371, #40822.
Built from https://develop.svn.wordpress.org/trunk@56639


git-svn-id: http://core.svn.wordpress.org/trunk@56151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 21:03:20 +00:00
Weston Ruter 09d8bc184b General: Account for `Sec-CH-UA-Mobile` client hint request header in `wp_is_mobile()`.
Add missing test coverage for `wp_is_mobile()`.

Fixes #59370.
Props westonruter, flixos90.

Built from https://develop.svn.wordpress.org/trunk@56638


git-svn-id: http://core.svn.wordpress.org/trunk@56150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 20:51:19 +00:00
joedolson ebfa9be225 XML-RPC: Add `alt` attribute value to media item API.
Add alt text to the `wp.getMediaItem` method in the XML-RPC API. Allows users to fetch alt text as a first-class member of a media object.

Props thomashorta, joedolson, jivygraphics, stephenerdelyi, mukesh27, whyisjake.
Fixes #58582.
Built from https://develop.svn.wordpress.org/trunk@56637


git-svn-id: http://core.svn.wordpress.org/trunk@56149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 19:31:20 +00:00
joedolson 453fb650d6 Users: Improve vertical spacing consistency in labels.
Adjust display of user profile labels on small screens so they are consistent with the layout used elsewhere.

Props nandhuraj, costdev, sabernhardt, sarathar, vivekawsm.
Fixes #58493.
Built from https://develop.svn.wordpress.org/trunk@56636


git-svn-id: http://core.svn.wordpress.org/trunk@56148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 17:55:17 +00:00
Felix Arntz 59e8596941 Themes: Deprecate usage of `TEMPLATEPATH` and `STYLESHEETPATH` constants.
While generally the functions `get_template_directory()` and `get_stylesheet_directory()` were long recommended to use to get the parent or child theme directory, the `TEMPLATEPATH` and `STYLESHEETPATH` constants were still used in a few places in core, most importantly in template related logic.

The remaining usage was problematic as it prevented testability of certain key components of WordPress core.

This changeset replaces all remaining usage with the corresponding functions and effectively marks these constants as deprecated. It also adds test coverage accordingly and even unlocks some existing, previously commented out test coverage to work as expected.

Performance of the new approach has been benchmarked and shows no notable differences. Yet, given that the current theme directories are not expected to change within a regular WordPress page load, the `get_template_directory()` and `get_stylesheet_directory()` functions were amended with in-memory caching of the result, unless one of the defining values is being filtered.

Props thekt12, spacedmonkey, mukesh27, aaroncampbell, scribu, lloydbudd, cais, chipbennett, toscho, omarabid, CrazyJaco, DrewAPicture, obenland, wonderboymusic, nacin, helen, dd32, chriscct7, SergeyBiryukov, swissspidy, joemcgill, flixos90.
Fixes #18298.

Built from https://develop.svn.wordpress.org/trunk@56635


git-svn-id: http://core.svn.wordpress.org/trunk@56147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 17:27:23 +00:00
Bernhard Reiter 68be796e1d Blocks: Revert implementation of block insertion functions.
In [56618], three functions (`insert_inner_block`, `prepend_inner_block`, and `append_inner_block`) were introduced. They were meant to be used for insertion of hooked blocks; however, it was discovered that the original idea wouldn't work for sibling insertion. Instead, a different approach will be taken (see #59412), and these functions are no longer needed and can thus be removed.

Reverts [56618].
See #59412, #59385, #59313.
Built from https://develop.svn.wordpress.org/trunk@56634


git-svn-id: http://core.svn.wordpress.org/trunk@56146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 16:49:18 +00:00
Sergey Biryukov b57af57210 Coding Standards: Escape the whole attribute in `wp-admin/export.php`.
It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.

While the hardcoded hyphen in this case don't necessarily create that risk, it may change to a value which could be problematic, so making it a habit to escape the value in one go is best practice.

Escaping the complete value also means that a single `esc_attr()` call can be used instead of two.

Follow-up to [14444], [16652], [55616], [56632].

See #58831.
Built from https://develop.svn.wordpress.org/trunk@56633


git-svn-id: http://core.svn.wordpress.org/trunk@56145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 09:47:18 +00:00
audrasjb 5cce7674ca Coding Standards: Add missing escaping functions in `wp-admin/export.php`
Props viralsampat.
See #58831.




Built from https://develop.svn.wordpress.org/trunk@56632


git-svn-id: http://core.svn.wordpress.org/trunk@56144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 08:44:20 +00:00
audrasjb 25b109a0e5 Taxonomy: Restrict term edit link generation in `WP_Terms_List_Table::handle_row_actions()`.
This changeset restricts edit term link generation if the user lacks the `edit_term` cap in order to prevent PHP 8.1+ deprecations shown when a user lacks this 
capability and `get_edit_term_link()` returns null.

Props thelovekesh, jrf.
Fixes #59336.




Built from https://develop.svn.wordpress.org/trunk@56631


git-svn-id: http://core.svn.wordpress.org/trunk@56143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 08:10:16 +00:00
isabel_brison d761ed56ca Editor: update docs for `css_var`.
Updates inline doc for the `css_var` key value pair in WP_Style_Engine.

Props ramonopoly.
Fixes #59401.

Built from https://develop.svn.wordpress.org/trunk@56630


git-svn-id: http://core.svn.wordpress.org/trunk@56142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 07:06:20 +00:00
isabel_brison 9699ef2e41 Editor: Fix post editor layout when Post Content has no attributes.
Changes output of `wp_get_post_content_block_attributes` to return null if Post Content block doesn’t exist or empty array if it has no attributes.

Props flixos90, mukesh27.
Fixes #59358.

Built from https://develop.svn.wordpress.org/trunk@56629


git-svn-id: http://core.svn.wordpress.org/trunk@56141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 01:26:19 +00:00
costdev f388dc8e38 Login and Registration: Introduce classes `wp-login.php` footer links.
This introduces classes for the "Log in", "Register" and "Lost your password?" links in the footer of `wp-login.php` forms so that they may be easily targeted for individual styling.

The new classes are:
- `.wp-login-log-in`
- `.wp-login-register`
- `.wp-login-lost-password`

Props wparslan, thomasplevy, rajinsharwar, audrasjb, joedolson, costdev.
Fixes #57590.
Built from https://develop.svn.wordpress.org/trunk@56628


git-svn-id: http://core.svn.wordpress.org/trunk@56140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 22:45:19 +00:00
desrosj 081e87f702 External Libraries: Update the `regenerator-runtime` version.
Adds the required change to the `script-loader.php` file for [56626] that was missed.

See #59078.
Built from https://develop.svn.wordpress.org/trunk@56627


git-svn-id: http://core.svn.wordpress.org/trunk@56139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 19:32:12 +00:00
desrosj da0c2396bb External Libraries: Update the `regenerator-runtime` library.
This updates the `regenerator-runtime` library to version `0.14.0`.

Props rajinsharwar, oglekler.
Fixes #59078.
Built from https://develop.svn.wordpress.org/trunk@56626


git-svn-id: http://core.svn.wordpress.org/trunk@56138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 19:30:24 +00:00
Joe McGill 0475a61f8a Media: Edit new hook name in `get_available_post_mime_types()`.
This is a follow-up to [56452] in which a new filter hook was added to `get_available_post_mime_types()` to override a potentially slow query. This renames the previous hook from `get_available_post_mime_types` to `pre_get_available_post_mime_types` for clarity.

Props rcorrales, emrikol, johnbillion, joemcgill, mukesh27.
Fixes #52759.

Built from https://develop.svn.wordpress.org/trunk@56623


git-svn-id: http://core.svn.wordpress.org/trunk@56135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 17:05:21 +00:00
costdev e1e541a1b3 Build/Test Tools: Add `sys_get_temp_dir()` to `open_basedir` tests.
In PHPUnit 10.3.5, 9.6.13 and 8.5.34, the child processes used for process isolation now use temporary files to communicate their result to the parent process.

This caused a failure in some tests that set the `open_basedir` PHP directive to a value that did not include `sys_get_temp_dir()`.

This adds `sys_get_temp_dir()` to the `open_basedir` value set by the tests to ensure that permission is still granted for the temporary directory.

PHPUnit uses `sys_get_temp_dir()`. To ensure the result is the same, Core's `get_temp_dir()` function is not used.

References:
- https://github.com/sebastianbergmann/phpunit/issues/5356

Props desrosj, mukesh27, SergeyBiryukov, costdev.
Fixes #59394.
Built from https://develop.svn.wordpress.org/trunk@56622


git-svn-id: http://core.svn.wordpress.org/trunk@56134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 16:43:19 +00:00
spacedmonkey 8fdddd7b6d Themes: Improve performance of get_block_theme_folders function
This commit enhances the performance of the get_block_theme_folders function by introducing a new method called get_block_template_folders within the WP_Theme class. Previously, this function suffered from poor performance due to repeated file lookups using file_exists. The new method implements basic caching, storing the result in the theme's cache, similar to how block themes are cached in the block_theme property (see [55236]).

Additionally, this change improves error handling by checking if a theme exists before attempting to look up the file. It also enhances test coverage. 

Props spacedmonkey, thekt12, swissspidy, flixos90, costdev, mukesh27.
Fixes #58319.
Built from https://develop.svn.wordpress.org/trunk@56621


git-svn-id: http://core.svn.wordpress.org/trunk@56133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 16:17:22 +00:00
gziolo d3a8869891 Blocks: Introduce a variation of serialize blocks helper with traversing
Introduces two new functions `traverse_and_serialize_blocks` and `traverse_and_serialize_block` with the additional `$callback` argument. It is possible to pass parent block, block index, chunk index to the callback argument.

Reverts changes applied to `serialize_blocks` and `serialize_block` in #59327 with [56557].

Props ockham, mukesh27.
See #59313.



Built from https://develop.svn.wordpress.org/trunk@56620


git-svn-id: http://core.svn.wordpress.org/trunk@56132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 12:50:19 +00:00
costdev 8fbd793f33 Editor: Fix parameter reference in block editor settings tests.
In [50776], the `filter_set_block_editor_settings_post()` callback was introduced for use in block editor settings tests.

This contained a reference to an `$allowed_block_types` parameter, which doesn't exist.

This changes the reference to `$editor_settings`.

Follow-up to [50776].

Props david.binda, mukesh27, SergeyBiryukov.
Fixes #59391.
Built from https://develop.svn.wordpress.org/trunk@56619


git-svn-id: http://core.svn.wordpress.org/trunk@56131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 12:38:23 +00:00
Bernhard Reiter 43b728aec5 Blocks: Implement block insertion functions.
For #59313, we need to implement functions to insert a given parsed block into another parsed block's inner blocks, and to prepend and append to that array, respectively.

We will use those functions in combination with `traverse_and_serialize_blocks` (see #59327) to implement automatic insertion of hooked blocks into block templates and patterns.

Props gziolo.
Fixes #59385.
Built from https://develop.svn.wordpress.org/trunk@56618


git-svn-id: http://core.svn.wordpress.org/trunk@56130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 12:36:20 +00:00
Sergey Biryukov 8b18bab4e6 KSES: Add `writing-mode` to the list of safe CSS properties.
Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/54581 #54581 Gutenberg Plugin: Add hook to allow `writing-mode` as a safe CSS property]

Reference: [https://developer.mozilla.org/en-US/docs/Web/CSS/writing-mode MDN Web Docs: writing-mode].

Follow-up to [56605].

Props wildworks, mukesh27, poena, andrewserong.
Fixes #59387.
Built from https://develop.svn.wordpress.org/trunk@56617


git-svn-id: http://core.svn.wordpress.org/trunk@56129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 12:30:14 +00:00
costdev 1ef9332fb0 Coding Standards: Replace PHP alias `join()` with `implode()`.
In [52190], some new instances of the `join()` alias were introduced in the test suite.

Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.

This replaces the new `join()` uses with the canonical `implode()` function name.

Follow-up to [46182], [49193], [49805], [52190].

Props david.binda, mukesh27.
Fixes #59389.
Built from https://develop.svn.wordpress.org/trunk@56616


git-svn-id: http://core.svn.wordpress.org/trunk@56128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 12:25:21 +00:00
isabel_brison 9c827704be Editor: fix pattern alignment in editor view.
Adjusts root padding for synced patterns in the editor to avoid discrepancies with the front end view.

Props aaronrobertshaw, mukesh27.
Fixes  #59359.

Built from https://develop.svn.wordpress.org/trunk@56615


git-svn-id: http://core.svn.wordpress.org/trunk@56127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 01:45:21 +00:00
isabel_brison 82f6ce639b Editor: add background image support.
Adds a new background block support with the ability to set a background image on blocks that opt into it.

Props andrewserong, mukesh27.
Fixes #59357.

Built from https://develop.svn.wordpress.org/trunk@56614


git-svn-id: http://core.svn.wordpress.org/trunk@56126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 01:29:23 +00:00
Felix Arntz 90a29fbc46 Bundled Theme: Add missing dimension attributes to images in Twenty Twenty-Two patterns.
The dimension attributes `width` and `height` should be present on every image in order to avoid layout shifts and be able to leverage WordPress core's image loading optimization functionality.

This changeset adds dimension attributes to the `core/image` blocks used in block patterns in Twenty Twenty-Two, where this is particularly critical as WordPress core cannot backfill the attributes for those images, as their sources are not part of the Media Library.

Props spacedmonkey, thekt12, mukesh27, flixos90.
Fixes #59256.

Built from https://develop.svn.wordpress.org/trunk@56613


git-svn-id: http://core.svn.wordpress.org/trunk@56125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-18 17:38:19 +00:00