Prevents a potential type errors when making use of the `gmt_offset` option by casting the value to a float prior to performing calculations with the value.
This mainly accounts for incorrect storage of values, such as an empty string or city name.
Follow up to [58923].
Props chaion07, hellofromtonya, kirasong, mhshohel, mukesh27, nicolefurlan, nihar007, nurielmeni, oglekler, peterwilsoncc, prionkor, rajinsharwar, rarst, rleeson, sabernhardt, SergeyBiryukov, swissspidy, toastercookie, verygoode.
Fixes#56358, #58986, #60629.
Built from https://develop.svn.wordpress.org/trunk@59064
git-svn-id: http://core.svn.wordpress.org/trunk@58460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.
Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
Fixes#62042.
Built from https://develop.svn.wordpress.org/trunk@59048
git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.
That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.
Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.
Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes#61837.
Built from https://develop.svn.wordpress.org/trunk@59036
git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `search_semantics` enum query parameter that can be passed alongside the `search` string parameter. At this point, it only supports "exact" as possible value, but an enum is used for forward compatibility with potential enhancements like "sentence" search support. If `search_semantics=exact` is passed, it will look for an exact match rather than do a full text search, which for some use-cases is more appropriate and more performant.
Props mehulkaklotar, timothyblynjacobs, jimmyh61, ironprogrammer, johnregan3, mukesh27, costdev.
Fixes#56350.
Built from https://develop.svn.wordpress.org/trunk@59034
git-svn-id: http://core.svn.wordpress.org/trunk@58430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API uses the "Allow" header to communicate what methods a user is authorized to perform on a resource. This works great when operating on a single item route, but can break down when needing to determine authorization over a collection of items.
This commit uses the "targetHints" property of JSON Hyper Schema to provide access to the "allow" header for "self" links. This alleviates needing to make a separate network request for each item in a collection.
Props mamaduka, noisysocks, peterwilsoncc, spacedmonkey, swissspidy, timothyblynjacobs, tyxla, youknowriad.
Fixes#61739.
Built from https://develop.svn.wordpress.org/trunk@59032
git-svn-id: http://core.svn.wordpress.org/trunk@58428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the introduction of Block Bindings, it became more common to see workflows where users need to see the custom fields that are available or connected. They were relying on the meta key, however it feelt too technical sometimes. The solution is adding a new label argument to include a human-readable name that can be used across the UI.
Props santosguillamot, mamaduka, gziolo, timothyblynjacobs, peterwilsoncc.
Fixes#61998.
Built from https://develop.svn.wordpress.org/trunk@59023
git-svn-id: http://core.svn.wordpress.org/trunk@58419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Automatically create a JPEG version of uploaded HEIC images if the server has
a version of Imagick that supports HEIC. Conversion is done silently through
the existing `WP_Image_Editor` infrastructure that creates multiple sizes of
uploaded images.
This allows users to view HEIC images in WP Admin and use them in their posts
and pages regardless of whether their browser supports HEIC. Browser support
for HEIC is relatively low (only Safari) while the occurrence of HEIC images is
relatively common. The original HEIC image can be downloaded via a link on
the attachment page.
Props adamsilverstein, noisysocks, swissspidy, spacedmonkey, peterwilsoncc.
Fixes#53645.
Built from https://develop.svn.wordpress.org/trunk@58849
git-svn-id: http://core.svn.wordpress.org/trunk@58245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch fixes an oversight from when default metadata values were introduced
in #43941 in WordPress 5.5: metadata updates should persist in the database
even if they match the registered default value (because the default values
can change over time).
Previously, the REST API code was comparing updated values against the value
returned by the default-aware `get_metadata()` method. This meant that if no
value existed in the database, and the default value was supplied to the update,
WordPress would think that the updated value was already persisted and skip
the database call.
Now, the `get_metadata_raw()` method is called for comparing whether or not
a database update is required, fixing the bug.
In this patch both issues are resolved.
Developed in https://github.com/wordpress/wordpress-develop/pull/6782
Discussed in https://core.trac.wordpress.org/ticket/55600
Follow-up to [48402].
Props: dmsnell, kraftner, ramon-fincken.
Fixes#55600.
Built from https://develop.svn.wordpress.org/trunk@58831
git-svn-id: http://core.svn.wordpress.org/trunk@58227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.
Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.
Props debarghyabanerjee, afragen, costdev.
See #61627.
Built from https://develop.svn.wordpress.org/trunk@58813
git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the /posts or /pages endpoints, for private posts or pages, you get the following title property: { raw: "Some title", rendered: "Private: Some title" }
this commit removes the prefix from rendered private posts titles (just like what we do for protected posts)
Props youknowriad, swissspidy, timothyblynjacobs, sergeybiryukov, ramonopoly.
Fixes#61639.
Built from https://develop.svn.wordpress.org/trunk@58783
git-svn-id: http://core.svn.wordpress.org/trunk@58185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a fail-safe to return an empty string should the `switch` ever fall through without returning.
Currently, `WP_REST_Templates_Controller::get_wp_templates_author_text_field()` is tightly coupled to `WP_REST_Templates_Controller::get_wp_templates_original_source_field()`. However, if the `$original_source` values change in either method, but not both, it is possible a `void` or `null` will be returned, rather than a `string`.
Follow-up to [57366].
Props antonvlasenko, hellofromTonya, debarghyabanerjee.
Fixes#61580.
Built from https://develop.svn.wordpress.org/trunk@58705
git-svn-id: http://core.svn.wordpress.org/trunk@58107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit:
* Removes various comments referencing PHP versions which are no longer supported.
* Removes various comments containing “hints” of things to do after a particular PHP version drop. These hints are incorrect/not actionable for various reasons, so have no value:
* Even though a function could be turned into a closure, removing the function would be a backward compatibility break which is not acceptable, so this suggestion is not actionable.
* Short ternaries are forbidden by the coding standard exactly to prevent the faulty code suggested in the comment from getting into the codebase.
Follow-up to [1243/tests], [6543], [11816], [29861], [29864], [34928], [35369], [36698], [38694], [50786], [58678].
Props jrf, ayeshrajans.
See #61574.
Built from https://develop.svn.wordpress.org/trunk@58682
git-svn-id: http://core.svn.wordpress.org/trunk@58084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of [58457], the width and height cropping values are cast to an integer before the comparison to see if the target width and height differ from the original width and height.
Since they are now integers, it exposes a bug where the `&&` of the `if` conditional meant that if you were only cropping in one dimension, the check wouldn't pass, and cropping would not occur.
In the block editor, the cropping tools are aspect ratio based, so one of the dimensions will always match that of the source image. Therefore, now that the values are cast as integers, the condition that allows a cropping to occur needs to be updated. If either width or height is different from the source image, then a crop should be allowed.
Follow-up to [50124], [58457].
Props andrewserong, jrf, kevin940726.
Fixes#61514. See #59782.
Built from https://develop.svn.wordpress.org/trunk@58612
git-svn-id: http://core.svn.wordpress.org/trunk@58045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These changes involve:
- Move shared variation definitions from styles.blocks.variations to styles.variations
- Remove blockTypes from styles.variations.
- Do not register shared variations from theme style variation or primary theme.json files.
- Move the merging of theme.json data into the WP_Theme_JSON_Resolver and WP_Theme_JSON classes.
These changes improve performance and are more future-proof API wise.
See conversation at https://github.com/WordPress/gutenberg/issues/62686
Props aaronrobertshaw, oandregal, andrewserong, joemcgill, talldanwp, andrewserong, ramonopoly, richtabor, youknowriad.
See #61312, #61451.
Built from https://develop.svn.wordpress.org/trunk@58466
git-svn-id: http://core.svn.wordpress.org/trunk@57915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Cast crop values to integers to prevent PHP error caused by implicit conversion from `float` to `int` values when cropping images using ImageMagick.
Props skithund, mai21, nicomollet, amanias1977, joedolson.
Fixes#59782.
Built from https://develop.svn.wordpress.org/trunk@58457
git-svn-id: http://core.svn.wordpress.org/trunk@57906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds template and template_lock property of the post type to post types REST API endpoint.
This change allows us to fix a bug where the template of a page is not respected when creating a new page on the site editor.
Props jorgefilipecosta, oandregal, timothyblynjacobs, mukesh27.
Fixes#61477.
Built from https://develop.svn.wordpress.org/trunk@58452
git-svn-id: http://core.svn.wordpress.org/trunk@57901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Match the naming behavior for uploaded media in the REST API to the way media is named when uploading in the media library. Fix an issue where dashes were replacing spaces unnecessarily.
Props abitofmind, kadamwhite, spacedmonkey, adamsilverstein, audrasjb, hellofromTonya.
Fixes#57957.
Built from https://develop.svn.wordpress.org/trunk@58447
git-svn-id: http://core.svn.wordpress.org/trunk@57896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Stores the font file sub-directory in the `wp_font_face` post meta. Similar to attachments, only the portion of the path relative to the base directory is stored.
This ensures the files can be deleted alongside their post on sites using a plugin to store font files in sub-directories. Previously running such a plugin would result in the files remaining on the file system post delete.
Props costdev, grantmkin, peterwilsoncc.
Fixes#61297.
Built from https://develop.svn.wordpress.org/trunk@58353
git-svn-id: http://core.svn.wordpress.org/trunk@57805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to render the block template in the locked template preview inside the post editor we need to be able to fetch the contents of any block templates/template parts for any user role that can edit a post.
Props fabiankaegy, youknowriad.
Fixes#61137.
Built from https://develop.svn.wordpress.org/trunk@58227
git-svn-id: http://core.svn.wordpress.org/trunk@57690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updated the global styles endpoints in the REST API to extend from existing posts and revisions controllers. This reduces duplicated code and inconsistencies. The revisions controller is now a subclass of the `WP_REST_Revisions_Controller`. Related redundant methods were removed and schema generation and collection parameters were adjusted to suit the global styles context. Updated permission checks, constructor, and collection parameters accordingly. This change allows for easy override of these classes using the `register_post_type_args` filter.
This reintroduces [57624] (reverted in [57628]) with improved backward compatibility and further enhancements.
Props ramonopoly, spacedmonkey, mukesh27, swissspidy.
Fixes#60131.
Built from https://develop.svn.wordpress.org/trunk@58225
git-svn-id: http://core.svn.wordpress.org/trunk@57688 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If organizing uploads into month- and year-based folders, uploading an attachment to an existing post should store the file in `wp-content/uploads/<year>/<month>` based on the post's publish date. This is in line with the behavior in classic editor / the media modal.
Props swissspidy, adamsilverstein, timothyblynjacobs, skithund, sergeybiryukov, patricia70.
Fixes#61189.
Built from https://develop.svn.wordpress.org/trunk@58130
git-svn-id: http://core.svn.wordpress.org/trunk@57595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This prevents a number of php notices that are surfaced due to the endpoint being called on load of the post editor even when there are no templates.
Props grantmkin, CookiesForDevo, britner, wildworks, jorbin.
Fixes#60909.
Built from https://develop.svn.wordpress.org/trunk@58079
git-svn-id: http://core.svn.wordpress.org/trunk@57544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This can be used by the excerpt block in the editor to change the excerpt length without filtering `excerpt_length` in a conflicting way. This enhancement still needs a corresponding change on the Gutenberg side.
Props swissspidy, antonvlasenko, mukesh27, azaozz, andraganescu, timothyblynjacobs.
Fixes#59043.
Built from https://develop.svn.wordpress.org/trunk@58065
git-svn-id: http://core.svn.wordpress.org/trunk@57530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$context` argument passed to filters such as `hooked_block_types`, `hooked_block`, and `hooked_block_{$hooked_block_type}` allows them to conditionally insert a hooked block. If the anchor block is contained in a template or template part, `$context` will be set to a `WP_Block_Template` object reflecting that template or part.
The aforementioned filters are applied when hooked block insertion is run upon reading a template (or part) from the DB (and before sending the template/part content with hooked blocks inserted over the REST API to the client), but also upon writing to the DB, as that's when the `ignoredHookedBlocks` metadata attribute is set.
Prior to this changeset, the `$context` passed to Block Hooks related filters in the latter case reflected the template/part that was already stored in the database (if any), which is a bug; instead, it needs to reflect the template/part that will result from the incoming `POST` network request that will trigger a database update.
Those incoming changes are encapsulated in the `$changes` argument passed to the `reset_pre_insert_template` and `reset_pre_insert_template_part` filters, respectively, and thus to the `inject_ignored_hooked_blocks_metadata_attributes` function that is hooked to them. `$changes` is of type `stdClass` and only contains the fields that need to be updated. That means that in order to create a `WP_Block_Template` object, a two-step process is needed:
- Emulate what the updated `wp_template` or `wp_template_part` post object in the database will look like by merging `$changes` on top of the existing `$post` object fetched from the DB, or from the theme's block template (part) file, if any.
- Create a `WP_Block_Template` from the resulting object.
To achieve the latter, a new helper method (`_build_block_template_object_from_post_object`) is extracted from the existing `_build_block_template_result_from_post` function. (The latter cannot be used directly as it includes a few database calls that will fail if no post object for the template has existed yet in the database.)
While somewhat complicated to implement, the overall change allows for better separation of concerns and isolation of entities. This is visible e.g. in the fact that `inject_ignored_hooked_blocks_metadata_attributes` no longer requires a `$request` argument, which is reflected by unit tests no longer needing to create a `$request` object to pass to it, thus decoupling the function from the templates endpoint controller.
Unit tests for `inject_ignored_hooked_blocks_metadata_attributes` have been moved to a new, separate file. Test coverage has been added such that now, all three relevant scenarios are covered:
- The template doesn't exist in the DB, nor is there a block theme template file for it.
- The template doesn't exist in the DB, but there is a block theme template file for it.
- The template already exists in the DB.
Those scenarios also correspond to the logical branching inside `WP_REST_Templates_Controller::prepare_item_for_database`, which is where `inject_ignored_hooked_blocks_metadata_attributes` gets its data from.
Props tomjcafferkey, bernhard-reiter, gziolo, swissspidy.
Fixes#60754.
Built from https://develop.svn.wordpress.org/trunk@57919
git-svn-id: http://core.svn.wordpress.org/trunk@57420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This modifies the font directory API to more closely reflect the upload directory API to help account for naive filtering when uploading fonts.
This moves the protection of infinite loops to the new function `_wp_filter_font_directory()` to allow developers extending and maintaining the font library to apply the filter without the need for a closure.
These changes also ensure both the `upload_dir` and `font_dir` filter are applied consistently when both creating and deleting fonts faces. Prior to this commit the `upload_dir` filter was only fired when creating fonts faces via the REST API.
Applying the font directory filter to the `upload_dir` filter is now done by adding the `_wp_filter_font_directory` function rather than `wp_get_font_dir()`. Developers who have previously modified the font upload directory using the `font_dir` filter will NOT need to upload their code.
Extenders wishing to upload files to the font directory can do so via the code:
{{{#!php
<?php
add_filter( 'upload_dir', '_wp_filter_font_directory' );
// Your code to upload or sideload a font file.
remove_filter( 'upload_dir', '_wp_filter_font_directory' );
}}}
Introduces:
* `wp_font_dir()`: Attempt to create and retrieve the font upload directory. The equivalent to `wp_upload_dir()`.
* `_wp_filter_font_directory()`: To run on the `upload_dir` filter, this sets the default destination of the fonts directory and fires the `font_dir` filter.
`wp_get_font_dir()` has been modified to be a lightweight getter for the font directory. It returns the location without attempting to create it. The equivalent to `wp_get_upload_dir()`.
Follow up to [57740].
Props peterwilsoncc, mukesh27, mikachan, costdev, mmaattiiaass, swissspidy, youknowriad, dd32, grantmkin.
Fixes#60652.
Built from https://develop.svn.wordpress.org/trunk@57868
git-svn-id: http://core.svn.wordpress.org/trunk@57369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `WP_REST_Search_Controller`, the `type` parameter is accessed via the sanitization callback for the `subtype` parameter, which is too early for `type` itself to be already sanitized. This change adds a type check in the `get_search_handler()` method to prevent errors when the type doesn’t match.
Props swissspidy, timothyblynjacobs, dd32.
Fixes#60771.
Built from https://develop.svn.wordpress.org/trunk@57839
git-svn-id: http://core.svn.wordpress.org/trunk@57340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes settings that are the default value or required for side-loading from the `WP_REST_Font_Faces_Controller::handle_font_file_upload()`.
This is to harden the endpoint and future proof against any changes to `wp_handle_upload()` and related functions/security checks.
Props peterwilsoncc, dd32.
Fixes#60741.
Built from https://develop.svn.wordpress.org/trunk@57804
git-svn-id: http://core.svn.wordpress.org/trunk@57305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new `rest_pre_insert_{$this->post_type}` filter in the `WP_REST_Templates_Controller`, where it is applied to the return value of the `prepare_item_for_database` method. (This is consistent with the `WP_REST_Post_Controller`, where that filter has existed before.)
The new filter is then used to inject hooked blocks into the template (or template part) content received via the endpoint, prior to persisting it to the database.
This supersedes the previous mechanism, which was using the `rest_after_insert_{$this->post_type}` ''action'', from which it performed an additional `wp_update_post` call to update the template (part) content with the hooked blocks injected. The new technique eschews that additional call and the resulting extra revision it created, as well as a problem with regard to duplicated escaping and sanitization, which had caused some special characters to be garbled.
Props tomjcafferkey, gziolo, swissspidy, karolmanijak.
Fixes#60671.
Built from https://develop.svn.wordpress.org/trunk@57790
git-svn-id: http://core.svn.wordpress.org/trunk@57291 1a063a9b-81f0-0310-95a4-ce76da25c4cd