* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.
Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.
Built from https://develop.svn.wordpress.org/trunk@56748
git-svn-id: http://core.svn.wordpress.org/trunk@56260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.
* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.
Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes#58664.
See #39941.
Built from https://develop.svn.wordpress.org/trunk@56687
git-svn-id: http://core.svn.wordpress.org/trunk@56199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `wp-polyfill-node-contains` and `'wp-polyfill-dom-rect` scripts to the latest version, `4.8.0`.
These scripts are no longer used by WordPress Core, but are kept up to date as a courtesy.
Props rajinsharwar, hrshahin, oglekler.
Fixes#59077.
Built from https://develop.svn.wordpress.org/trunk@56646
git-svn-id: http://core.svn.wordpress.org/trunk@56158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since most core scripts are registered using `WP_Scripts::add()`, which is not affected by the signature change, only calls to `wp_register_script()` using the old signature need to be updated. There is only a single instance left, which is updated in this changeset.
Props incursadesigns.
Fixes#58634.
Built from https://develop.svn.wordpress.org/trunk@56568
git-svn-id: http://core.svn.wordpress.org/trunk@56080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introducing Font Face, a server-side `@font-face` styles generator and printer.
tl;dr:
* Introduces Font Face.
* Deprecates `_wp_theme_json_webfonts_handler()`.
**Introduce Font Face**
From an array of fonts (i.e. each font-family and its font variations to be processed), it:
1. Validates each `font-face` declaration, i.e. the CSS property and value pairing. If validation fails, processing stops with no font-face styles printed.
3. Generates the `@font-face` CSS for each font-family.
4. Prints the CSS within a `<style id="wp-fonts-local">` element.
The entry point into Font Face is through a new global function called `wp_print_font_faces()`, which is automatically called:
* when the `'wp_head'` hook runs (for the front-end).
* when the `'admin_print_styles'` hook runs (for the back-end).
* when `_wp_get_iframed_editor_assets()` runs to inject the `@font-face` styles into the iframed editor.
Once called, it gets the fonts from Theme_JSON merged data layer, which includes theme defined fonts and user activated fonts (once the Font Library #59166 is introduced into Core).
For classic sites, themes and plugins can directly call `wp_print_font_faces()` and pass their fonts array to it for processing.
**Deprecates `_wp_theme_json_webfonts_handler()`.**
As Font Face is a direct replacement, the stopgap code in `_wp_theme_json_webfonts_handler()` (introduced in 6.0.0 via [53282]) is deprecated and unused in Core.
**Props note:**
There's a long multiple year history baked into Font Face, which dates back to the early versions of a web font API (see #46370 and [https://github.com/WordPress/gutenberg/issues/41479 roadmap]. The props list includes those who contributed from those early versions up to this commit.
**References:**
* #46370 original (Web)Fonts API proposal for registering and enqueuing web fonts.
* [https://github.com/WordPress/gutenberg/issues/41479 Gutenberg tracking issue] which includes the evolution from Webfonts API to Fonts API to Font Face.
* [53282] / #55567 Added the stopgap code `_wp_theme_json_webfonts_handler()` in 6.0.
* [https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face @font-face on mdn web docs]
* #59166 Font Library: Font manager for WordPress
Follow-up to [53282].
Props aristath, jonoaldersonwp, hellofromTonya, andraganescu, annezazu, antonvlasenko, arena, askdesign, azaozz, bph, bradley2083, colorful-tones, costdev, davidbaumwald, desrosj, dingo_d, djcowan, domainsupport, dryanpress, elmastudio, flixos90, francina, garrett-eclipse, gigitux, grantmkin, grapplerulrich, gziolo, ironprogrammer, jb510, jeffpaul, jeremyyip, jffng, joostdevalk, jorgefilipecosta, juanmaguitar, mamaduka, matveb, mburridge, mitogh, ndiego, ntsekouras, oandregal, ocean90, oglekler, paaljoachim, pagelab, peterwilsoncc, poena, priethor, scruffian, SergeyBiryukov, shiloey, simison, skorasaurus, soean, westonruter, wildworks, zaguiini.
Fixes#59165.
Built from https://develop.svn.wordpress.org/trunk@56500
git-svn-id: http://core.svn.wordpress.org/trunk@56012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset updates `wp_default_packages_inline_scripts()` to add relative time strings to the `wp-date` inline script, so the JS version of `human_time_diff`
can output translated strings.
Props ramonopoly, oandregal, swissspidy, manzoorwanijk, adrianduffell, Presskopp.
Fixes#59219, #47373.
Built from https://develop.svn.wordpress.org/trunk@56496
git-svn-id: http://core.svn.wordpress.org/trunk@56008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the `whatwg-fetch` library from version `3.6.2` to `3.6.17`, the latest current version.
This library is included and registered within WordPress as the `wp-polyfill-fetch` script and is no longer used by WordPress itself.
Props rajinsharwar, hareesh-pillai.
Fixes#59066.
Built from https://develop.svn.wordpress.org/trunk@56389
git-svn-id: http://core.svn.wordpress.org/trunk@55901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [52069] the function `wp_common_block_scripts_and_styles` was changed load individual theme stylesheets, if the current theme supports block styles and loading separate core block assets. To do this, the function calls many expensive file operation functions, such as `glob`, `file_exists` and `file_get_contents`. This is wasteful, as these functions are loaded on every page request, even request that do not include blocks, like REST API calls. In [56044] all core block styles are registered in a single place. In `register_core_block_style_handles` calls `glob` to get all css styles in block directories. While registering style and editor styles, also register block theme styles, under a new style handle. Example `wp-block-avatar-theme`. If the current theme supports block styles, also request the block to enqueue the theme style on the front end. As these new stylesheets have a path attribute set, the function `wp_maybe_inline_styles` will automatically inline the styles for you.
Props spacedmonkey, flixos90, oandregal, costdev, audrasjb, mukesh27.
Fixes#58560.
Built from https://develop.svn.wordpress.org/trunk@56064
git-svn-id: http://core.svn.wordpress.org/trunk@55576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a show/hide toggle for new passwords in initial user creation and database access during install and setup process using the same model as on user profiles. Add a new password toggle script. Change setup config table to two columns, matching the install table layout.
Props xmarcos, matt, markjaquith, nazgul, akbigdog, intoxination, rob1n, MichaelH, empireoflight, rmccue, markoheijnen, r0uter, amansurov, bi0xid, DrewAPicture, Narthur, wpnook, markparnell, costdev, clorith, ryokuhi, sabernhardt, bgoewert, ironprogrammer, adeltahri, joedolson, mukesh27, audrasjb, sergeybiryukov.
Fixes#3534.
Built from https://develop.svn.wordpress.org/trunk@56008
git-svn-id: http://core.svn.wordpress.org/trunk@55520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids fatal errors on PHP < 8.0 if the file is included via `wp-admin/load-scripts.php` or `wp-admin/load-styles.php`, in which case the polyfills from `wp-includes/compat.php` are not loaded.
Follow-up to [55703], [55710], [55988].
Props ryelle.
See #58206.
Built from https://develop.svn.wordpress.org/trunk@56002
git-svn-id: http://core.svn.wordpress.org/trunk@55514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [54358], a new CSS file classic-themes.css is enqueued on all pages on the front end of themes without `theme.json`. This is a blocking http request, the impact on performance will be affected by network conditions. Inlining this style, stops this blocking request. By adding style data of path to the registered style, the function `wp_maybe_inline_styles` will automatically inline the style for us.
Props spacedmonkey, adamsilverstein.
Fixes#58480.
Built from https://develop.svn.wordpress.org/trunk@55930
git-svn-id: http://core.svn.wordpress.org/trunk@55442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a check in `wp_maybe_inline_styles` to check that style is registered before processing items in queue. It is possible that developers may have called `wp_deregister_style`, unregistering style but the style still be in the queue to be processed. Without this check, typing to access the `src` property would result in a notice error.
Follow on from [55888].
Props spacedmonkey, flixos90, dd32, kebbet.
See #58394.
Built from https://develop.svn.wordpress.org/trunk@55909
git-svn-id: http://core.svn.wordpress.org/trunk@55421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_maybe_inline_styles` function is called twice on the average page load. On it's second run however, it did not check to see if the style had already been processed on the first run. This resulted in calling `filesize` and `get_file_contents` unnecessarily, which was bad for performance. Now, the loop around the queued styles, checks to see if the source is set to false, meaning it has already been processed. This change also replaces calls to `filesize` with the core function `wp_filesize`, which improves extensibility.
Props spacedmonkey, flixos90, peterwilsoncc, joemcgill.
Fixes#58394.
Built from https://develop.svn.wordpress.org/trunk@55888
git-svn-id: http://core.svn.wordpress.org/trunk@55400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Replace `preg_match_all()` and its secondary `str_replace()` call with `preg_replace_callback()`.
* Fix case where paths beginning with `http` and `https` (but not `http:` and `https:`) were erroneously not counted as relative.
* Improve code style and readability by consolidating conditions and returning once.
* Use `str_starts_with()` consistently instead of `strpos()`.
Follow-up to [52036], [52695], and [52754].
Fixes#58069.
See #54243.
Built from https://develop.svn.wordpress.org/trunk@55658
git-svn-id: http://core.svn.wordpress.org/trunk@55170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Check to see if the theme.json file exists before processing the rest of the code in `_wp_theme_json_webfonts_handler`. This improves performance by not trying to parse the theme.json, early in the bootstrap process.
Props spacedmonkey, hellofromTonya, flixos90.
Fixes#57814.
Built from https://develop.svn.wordpress.org/trunk@55612
git-svn-id: http://core.svn.wordpress.org/trunk@55124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead
Follow-up to [55099], [55192], [55194], [55271].
Props davidbaumwald, jrf, SergeyBiryukov.
Fixes#57994.
Built from https://develop.svn.wordpress.org/trunk@55606
git-svn-id: http://core.svn.wordpress.org/trunk@55118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset moves the `wp-theme-plugin-editor` admin script before `</body>` instead of in the `<head>`. This fixes an issue where the collapse admin menu feature was not working in the Theme|Plugin File Editor screens.
Props itsnikhilpatel, dilipbheda, stalukder03, audrasjb, adeltahri, Ankit-K-Gupta, mahbubshovan.
Fixes#57073.
Built from https://develop.svn.wordpress.org/trunk@55410
git-svn-id: http://core.svn.wordpress.org/trunk@54943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes the conditions for when to enqueue the opinionated block styles (i.e. `'wp-block-library-theme'` stylesheet):
* the theme adds `'wp-block-styles'` theme support;
* and no editor styles are declared.
This resolves an issue with themes that do not add the `'wp-block-styles'` theme support while not impacting themes that do.
Follow-up to [53419], [52069], [50761], [44157].
Props mikachan, costdev, glendaviesnz, hellofromTonya, jffng, mamaduka, ndiego, poena, sannevndrmeulen, scruffian.
Fixes#57561.
Built from https://develop.svn.wordpress.org/trunk@55368
git-svn-id: http://core.svn.wordpress.org/trunk@54901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes adding `local()` as a `@font-face` `src` within `_wp_theme_json_webfonts_handler()`.
Why?
To fix font incompatibilities when a user has the font-family locally installed on their viewing computer or device. It's unknown if all of the font-face variations specified by theme.json and/or global styles are:
* installed on the user's computer/device.
* and in one file or multiple files.
The previous implementation used the `src` specified when registering the font with the API. That src will likely vary from user computer/device to user computer/device.
To avoid these unknowns which could cause incompatibilities or styling issues, this changeset removes adding `local()` to the generated font-face CSS styles.
References:
* [https://github.com/WordPress/gutenberg/pull/47254 Gutenberg PR 47254]
Follow-up to [53282].
Props luehrsen, aristath, ehtmlu, hellofromTonya, wetah.
Fixes#57430.
Built from https://develop.svn.wordpress.org/trunk@55314
git-svn-id: http://core.svn.wordpress.org/trunk@54847 1a063a9b-81f0-0310-95a4-ce76da25c4cd