When the Tag Processor (or HTML Processor) attempts to parse certain
incomplete script tags, the parser enters an infinite loop and will
hang indefinitely. The conditions to reach this situation are:
- Input HTML ends with an open script tag.
- The final character of input is `-` or `<`.
The infinite loop was caused by the parser-advancing increment not being
called when two `||` OR conditions short-circuited. If the first
condition was true, the `$at++` code was never reached.
This path resolves the issue.
Developed in https://github.com/wordpress/wordpress-develop/pull/7128
Discussed in https://core.trac.wordpress.org/ticket/61810
Follow-up to [55203].
Props: dmsnell, jonsurrell.
Fixes#61810.
Built from https://develop.svn.wordpress.org/trunk@58845
git-svn-id: http://core.svn.wordpress.org/trunk@58241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When setting an an attribute value in the HTML API, WordPress may reject
an update based on rules in `kses`. In these cases, the return value from
an escaping function will be an empty string, and the HTML API should
reject the update. Unfortunately, it currently reports that it updates the
attribute but sets an empty string value, which is misleading.
In this patch, the HTML API will refuse the attribute update and return
false to indicate as much when WordPress rejects the updates.
Developed in https://github.com/wordpress/wordpress-develop/pull/7114
Discussed in https://core.trac.wordpress.org/ticket/61719
Follow-up to [58472].
Props: amitraj2203, dmsnell, mukesh27.
Fixes#61719.
Built from https://develop.svn.wordpress.org/trunk@58844
git-svn-id: http://core.svn.wordpress.org/trunk@58240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update `is_wp_version_compatible()` to use `wp_get_wp_version()` introduced in [58813] to ensure the value of `$wp_version` has not been modified by a theme or plugin.
Props costdev, mukesh27, Cybr, sergeybiryukov.
Fixes#61781.
Built from https://develop.svn.wordpress.org/trunk@58843
git-svn-id: http://core.svn.wordpress.org/trunk@58239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For salts generated and stored in the database, use `wp_prime_site_option_caches()` within `wp_salt()` to prime the options in a single database query, down from up to nine database queries.
The options are primed when the corresponding constant is either undefined or uses the default string `put your unique phrase here`.
Props joemcgill, spacedmonkey, peterwilsoncc.
Fixes#59871.
Built from https://develop.svn.wordpress.org/trunk@58837
git-svn-id: http://core.svn.wordpress.org/trunk@58233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The HTML Processor has only supported a specific kind of parsing mode
called _the fragment parsing mode_, where it behaves in the same way
that `node.innerHTML = html` does in the DOM. This mode assumes a
context node and doesn't support parsing an entire document.
As part of work to add more spec support to the HTML API, this patch
introduces a full parsing mode, which can parse a full HTML document
from start to end, including the doctype declaration and head tags.
Developed in https://github.com/wordpress/wordpress-develop/pull/6977
Discussed in https://core.trac.wordpress.org/ticket/61576
Props: dmsnell, jonsurrell.
See #61576.
Built from https://develop.svn.wordpress.org/trunk@58836
git-svn-id: http://core.svn.wordpress.org/trunk@58232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the ability to specify a value for `background.backgroundAttachment` in theme.json styles.
The theme.json value determines the CSS value for the `background-attachment` property.
This feature was introduced into the Gutenberg plugin in version 18.9.
Props andrewserong, mukesh27, noisysocks, ramonopoly.
Fixes#61720
Built from https://develop.svn.wordpress.org/trunk@58834
git-svn-id: http://core.svn.wordpress.org/trunk@58230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the message more accurate by referring to the version of PHP currently recommended by WordPress, not the current version of PHP.
Follow-up to [44986], [46267], [47254].
Props swb1192, psykro, swissspidy, joemcgill, mukesh27, aristath.
See #61623.
Built from https://develop.svn.wordpress.org/trunk@58832
git-svn-id: http://core.svn.wordpress.org/trunk@58228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch fixes an oversight from when default metadata values were introduced
in #43941 in WordPress 5.5: metadata updates should persist in the database
even if they match the registered default value (because the default values
can change over time).
Previously, the REST API code was comparing updated values against the value
returned by the default-aware `get_metadata()` method. This meant that if no
value existed in the database, and the default value was supplied to the update,
WordPress would think that the updated value was already persisted and skip
the database call.
Now, the `get_metadata_raw()` method is called for comparing whether or not
a database update is required, fixing the bug.
In this patch both issues are resolved.
Developed in https://github.com/wordpress/wordpress-develop/pull/6782
Discussed in https://core.trac.wordpress.org/ticket/55600
Follow-up to [48402].
Props: dmsnell, kraftner, ramon-fincken.
Fixes#55600.
Built from https://develop.svn.wordpress.org/trunk@58831
git-svn-id: http://core.svn.wordpress.org/trunk@58227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first part in a larger modularization of the data in `WP_Debug_Data`.
Previously this was a single massive method drawing in debug data from various
groups of related data, where the groups were independent from each other.
This patch separates the first of twelve groups, the `wp-filesystem` info,
into a separate method focused on that data.
This work precedes changes to make the `WP_Debug_Data` class more extensible
for better use by plugin and theme code.
Developed in https://github.com/wordpress/wordpress-develop/pull/7065
Discussed in https://core.trac.wordpress.org/ticket/61648
Props: afragen, apermo, costdev, dmsnell.
See #61648.
Built from https://develop.svn.wordpress.org/trunk@58830
git-svn-id: http://core.svn.wordpress.org/trunk@58226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to optimize performance by saving the return value to a static variable, so that the `version.php` file is not unnecessarily required on each function call.
Follow-up to [58813].
Props Cybr, debarghyabanerjee, mukesh27.
Fixes#61782. See #61627.
Built from https://develop.svn.wordpress.org/trunk@58827
git-svn-id: http://core.svn.wordpress.org/trunk@58223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In some cases, derived state returns an associative array. Directives may wish to continue to access properties of the associative array, when using the syntax `state.arrayReturnedByClosure.property`. This patch continues evaluating the path after the associative array has been returned by the Closure.
Props jonsurrell, luisherranz.
Fixes#61741.
Built from https://develop.svn.wordpress.org/trunk@58825
git-svn-id: http://core.svn.wordpress.org/trunk@58221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Table block was not reflecting the custom font size on the front. This solution now brings custom font sizes in for front the same as back in the editor.
Props umesh84, SergeyBiryukov, sabernhardt, shailu25.
Fixes#56157.
Built from https://develop.svn.wordpress.org/trunk@58824
git-svn-id: http://core.svn.wordpress.org/trunk@58220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies gravatar image URLs to always use the HTTPS version from secure.gravatar.com.
Gravatar now redirects HTTP image requests to their HTTPS equivalent, resulting in redirects for sites running over an HTTP connection (`is_ssl() === false`). Since the introduction of HTTP/2 the use of sub-domains for different hashes ([1-3].gravatar.com) now represents a performance hinderance rather than improvement.
The scheme passed to `get_avatar_data()` is now ignored for the generation of Gravatar URLs but the setting retained to avoid introducing bugs for sites using either local avatars or third party providers.
Props neoxx, SergeyBiryukov, sippis, peterwilsoncc, mukesh27, costdev, dd32.
Fixes#37454.
Built from https://develop.svn.wordpress.org/trunk@58822
git-svn-id: http://core.svn.wordpress.org/trunk@58218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows for more flexibility in modifying how feed links are displayed by the `feed_links()` and `feed_links_extra()` functions, including, for example, a way to change the `»` separator to something else.
Follow-up to [10377], [33838], [33839], [53125], [54161].
Props topdownjimmy, tw2113, williampatton.
Fixes#43225.
Built from https://develop.svn.wordpress.org/trunk@58821
git-svn-id: http://core.svn.wordpress.org/trunk@58217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes adding a custom font size to a Calendar and Table block. This was only an issue for custom font size entering.
Props nidhidhandhukiya, yurajsinj2211, ankit-k-gupta, anveshika, sabernhardt, darshitrajyaguru97, shailu25, umesh84, SergeyBiryukov.
Fixes#59996, #56157.
Built from https://develop.svn.wordpress.org/trunk@58819
git-svn-id: http://core.svn.wordpress.org/trunk@58215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves the Code block not changing when the font sizes are switched in Twenty Eleven and Twenty Twelve. The solution is the same as used for other code block adjustments for font sizes.
Props viralsampat, sabernhardt.
Fixes#61753.
Built from https://develop.svn.wordpress.org/trunk@58816
git-svn-id: http://core.svn.wordpress.org/trunk@58212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.
Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.
Props debarghyabanerjee, afragen, costdev.
See #61627.
Built from https://develop.svn.wordpress.org/trunk@58813
git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the arguments are correctly interpreted when passed as a query string, i.e. when `wp_parse_args()` is involved. For example, `wp_list_pages( 'depth=0' )` should display a list of all pages to the maximum depth.
Follow-up to [57848].
Props freibergergarcia, peterwilsoncc, ahortin.
Fixes#61749.
Built from https://develop.svn.wordpress.org/trunk@58812
git-svn-id: http://core.svn.wordpress.org/trunk@58208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies the caching of `notoptions` in `delete_network_option()` to ensure that the network cache is bypassed on single site installs.
On single site installs the incorrect caching was causing the `notoptions` cache to remain populated once a deleted option was subsequently added or updated.
Follow up to [58782].
Props bjorsch, pbearne.
Fixes#61730.
See #61484.
Built from https://develop.svn.wordpress.org/trunk@58811
git-svn-id: http://core.svn.wordpress.org/trunk@58207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace links to en.gravatar.com with links to gravatar.com as the english site now uses the base domain. This avoids an unnecessary redirect for english language sites.
The links remain translatable for non-english versions of WordPress.
Props narenin, knutsp.
Fixes#61424.
Built from https://develop.svn.wordpress.org/trunk@58810
git-svn-id: http://core.svn.wordpress.org/trunk@58206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to resolve a fatal error when the incoming `$comment_id` is an instance of `WP_Comment` (or any object) without a `comment_ID` property defined, or if it's empty:
{{{
Object of class WP_Comment could not be converted to string
}}}
This commit mirrors the changes previously made for a similar code fragment in `get_comment_author()`.
Includes:
* Unit tests to demonstrate the fatal error and validate the fix.
* Changing the default value for a non-existent comment ID in `get_comment_author()` from an empty string to zero as a numeric string, for consistency with `get_comment_ID()`.
Follow-up to [52818], [55289], [58335], [58755].
Props narenin, mukesh27, iflairwebtechnologies, umeshsinghin, SergeyBiryukov.
Fixes#61715.
Built from https://develop.svn.wordpress.org/trunk@58809
git-svn-id: http://core.svn.wordpress.org/trunk@58205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[58069] introduced calling `sanitize_text_field()` with `$_REQUEST['autofocus']` (which is an array) and setting its default to a `string`. This fix restores the `array` data type for `autofocus`.
The fix also relocates the unsplash for `url`, `return`, and `autofocus` before sanitizing.
Follow-up to [58069], [34269], [29026], [21028].
Props jamesros161, swissspidy, dlh, audrasjb, hellofromTonya, ironprogrammer.
Fixes#61561.
Built from https://develop.svn.wordpress.org/trunk@58804
git-svn-id: http://core.svn.wordpress.org/trunk@58200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `variations` field in a block.json file could be used to provide a static list of the block's variations (i.e., an array). Alternatively, the block's `variation_callback` could be set during server-side block registration to point to a PHP function to generate those variations.
This changeset makes it so that the block.json `variations` field can be alternatively set to a string, which will be interpreted as the filename of a PHP file that generates the variations.
It is loosely modeled after [54132], which introduced the `render` field for `block.json`, as a way to point to a PHP file instead of providing a `render_callback`.
Props bernhard-reiter, gziolo.
Fixes#61280.
Built from https://develop.svn.wordpress.org/trunk@58801
git-svn-id: http://core.svn.wordpress.org/trunk@58197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `regenerator-runtime` library to version `0.14.1`.
This library has not been used by Core itself in quite a while and only maintained as a courtesy. Any projects relying on `regenerator-runtime` should reevaluate their usage.
Props manooweb.
Fixes#60515.
Built from https://develop.svn.wordpress.org/trunk@58800
git-svn-id: http://core.svn.wordpress.org/trunk@58196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves the border not also aligning with the quote block. When this theme was built the editor used style attributes for text alignment. This patch updates existing rules for center and right aligned quote blocks.
Props viralsampat, poena, sabernhardt.
Fixes#61132.
Built from https://develop.svn.wordpress.org/trunk@58796
git-svn-id: http://core.svn.wordpress.org/trunk@58192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The following third-party actions have been updated to their latest versions.
- `shivammathur/setup-php` from `2.30.0` to `2.31.1`.
- `actions/setup-node` from `4.0.2` to `4.0.3`.
- `actions/cache` from `4.0.1` to `4.0.2`.
- `actions/upload-artifact` from `4.3.1` to `4.3.4`.
- `slackapi/slack-github-action` from `1.25.0` to `1.26.0`.
- `codecov/codecov-action` from `4.1.0` to `4.5.0`.
See #61564.
Built from https://develop.svn.wordpress.org/trunk@58789
git-svn-id: http://core.svn.wordpress.org/trunk@58191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `inject_ignored_hooked_blocks_metadata_attributes` filter that is attached to both the `rest_pre_insert_wp_template` and `rest_pre_insert_wp_template_part` hooks receives a `stdClass` object from the Templates REST API controller that contains all fields that the client would like to modify when making a `POST` request (plus the `id` to identify the relevant template or template part, respectively).
There are cases when the `post_content` field is not set, e.g. when the client would like to rename an existing template (in which case it would only set the `title` field).
Prior to this changeset, the filter would erroneously apply the Block Hooks algorithm to the non-existent `post_content` field regardless, which would result in it being set to the empty string `''`. As a consequence, renaming a template would have the unwanted side effect of wiping its contents.
This changeset fixes the issue by returning early from the filter if the `post_content` field is not set.
Props alshakero, bernhard-reiter.
Fixes#61550.
Built from https://develop.svn.wordpress.org/trunk@58785
git-svn-id: http://core.svn.wordpress.org/trunk@58187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves the seperator block color settings ordering. They were displaying incorrectly due to ruleset problems. This edits the order for the front end also.
Props bhaveshdesai13, aniketpatel, miguelaxcar, nidhidhandhukiya, poena, pavanpatil1, sabernhardr.
Fixes#57544.
Built from https://develop.svn.wordpress.org/trunk@58784
git-svn-id: http://core.svn.wordpress.org/trunk@58186 1a063a9b-81f0-0310-95a4-ce76da25c4cd