- Editor: Fix Path Traversal issue on Windows in Template-Part Block.
- Editor: Sanitize Template Part HTML tag on save.
- HTML API: Run URL attributes through `esc_url()`.
Merges [58470], [58471], [58472] and [58473] to the 6.1 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.
Built from https://develop.svn.wordpress.org/branches/6.1@58480
git-svn-id: http://core.svn.wordpress.org/branches/6.1@57929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 6.1 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
Built from https://develop.svn.wordpress.org/branches/6.1@57394
git-svn-id: http://core.svn.wordpress.org/branches/6.1@56900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- REST API: Limit `search_columns` for users without `list_users`.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
- Restrict media shortcode ajax to certain type
- REST API: Ensure no-cache headers are sent when methods are overriden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 6.1 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/6.1@56867
git-svn-id: http://core.svn.wordpress.org/branches/6.1@56378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates three GitHub Actions to their latest versions:
- `shivammathur/setup-php`
- `actions/cache`
- `wow-actions/welcome`
The welcome action now uses the `GITHUB_TOKEN` by default, so it no longer needs to be passed manually.
Merges [55487] to the 6.1 branch.
See #57572.
Built from https://develop.svn.wordpress.org/branches/6.1@55489
git-svn-id: http://core.svn.wordpress.org/branches/6.1@55022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the third-party action used to post a welcome message to pull requests opened by first time contributors.
This release updates the action to use Node.js version 16 instead of 12, the latter of which support has been deprecated for in GitHub Action runners.
The action has also changed from `bukboo/welcome-action` to `wow-action/welcome`.
Merges [54651] to the 6.1 branch.
See #56793.
Built from https://develop.svn.wordpress.org/branches/6.1@55488
git-svn-id: http://core.svn.wordpress.org/branches/6.1@55021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `setImagickTimeLimit()` function will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev.
Fixes#52569.
Built from https://develop.svn.wordpress.org/branches/6.1@55348
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 6.1 branch.
Fixes#57306.
See #56793.
Built from https://develop.svn.wordpress.org/branches/6.1@54974
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because themes are updated independently of Core updates, any deleted files from bundled themes should not be included in the `$_old_files` list.
Any file included in this list is deleted on update, which could cause problems for sites with a given theme active if the removed files were required in earlier versions of that theme and that theme is not updated at the same time.
Props desrosj, costdev, SergeyBiryukov.
Merges [54849] to the 6.1 branch.
Fixes#56936.
Built from https://develop.svn.wordpress.org/branches/6.1@54966
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [54352] `update_post_caches()` was replaced by `_prime_post_caches()` to reduce excessive object cache calls. That's because `_prime_post_caches()` checks first if post IDs aren't already cached. Unfortunately this becomes an issue if a post itself is cached but not the meta/terms.
To fix this regression, `_prime_post_caches()` now always calls `update_postmeta_cache()` and `update_object_term_cache()` depending on the arguments passed to it. Both functions internally check whether IDs are already cached so the fix from [54352] remains in place.
Props peterwilsoncc, spacedmonkey, ocean90.
Fixes#57163.
Built from https://develop.svn.wordpress.org/branches/6.1@54892
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This properly deletes the now empty `src/wp-includes/blocks/comments-query-loop` directory and adds that directory to the `$_old_files` array.
The files in this directory were removed in [54257], but the directory was not marked as deleted in SVN.
Props azaozz, jorbin, SergeyBiryukov.
Merges [54836] to the 6.1 branch.
Fixes#57080.
Built from https://develop.svn.wordpress.org/branches/6.1@54837
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[54768] added a few tests to verify that caching within `WP_Query` is bypassed when the `SELECT` clause has been modified via a filter, to avoid cache key collisions and the returning of incomplete or unexpected results.
However, creating several posts with the same date/time fields can result in inconsistent sort ordering between MySQL and MariaDB, as each engine refines the order further using a different index.
This commit aims to stabilize the tests by using `assertEqualSets()` instead of `assertEquals()`, since testing the order is out of their scope. Includes removing `array_unshift()` and `array_reverse()` calls as no longer needed.
This resolves a few test failures on MariaDB along the lines of:
{{{
Tests_Query_FieldsClause::test_should_limit_fields_to_id_and_parent_subset
Posts property for first query is not of expected form.
Failed asserting that two arrays are equal.
--- Expected
+++ Actual
@@ @@
Array (
0 => stdClass Object (
- 'ID' => 36019
+ 'ID' => 36015
'post_parent' => 0
)
1 => stdClass Object (
- 'ID' => 36018
+ 'ID' => 36016
'post_parent' => 0
)
2 => stdClass Object (...)
3 => stdClass Object (
- 'ID' => 36016
+ 'ID' => 36018
'post_parent' => 0
)
4 => stdClass Object (
- 'ID' => 36015
+ 'ID' => 36019
'post_parent' => 0
)
)
/tmp/wp-test-runner/tests/phpunit/tests/query/fieldsClause.php:67
/tmp/wp-test-runner/phpunit-5.7.phar:598
}}}
Follow-up to [54768].
Props peterwilsoncc, SergeyBiryukov.
Merges [54829] to the 6.1 branch.
Fixes#57012.
Built from https://develop.svn.wordpress.org/branches/6.1@54830
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Where no fluid max values are set (e.g., single or custom font size values), the "size" value will act as the maximum value in a `clamp()` function.
- In the absence of any fluid `min`/`max` values, the lower bound rule of `>16px` will be enforced. This applies to custom values from the editor or single-value `theme.json` styles. Font sizes below this will not be clamped.
- In a preset, if a `fluid.min` value has been specified, the lower bound rule of `>16px` won't be enforced on this value. Presets with a fluid object therefore, give precedence to theme author's values.
- In a preset, if there is NOT a `fluid.max` but there is `fluid.min`, use the incoming "size" value as the `max`.
- In a preset, if there is NOT a `fluid.min` but there is a `fluid.max`, use `size * min_size_factor` as the `min`. The lower bound rule of `>16px` is enforced here, because the block editor is computing the `min` value. This is consistent with the way minimum sizes are calculated for single or custom values.
Props ramonopoly, mamaduka, andrewserong, aristath, joen, desrosj.
Merges [54823] to the 6.1 branch.
Fixes#57075.
Built from https://develop.svn.wordpress.org/branches/6.1@54825
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When separator blocks are configured using only a `background-color`, they are shown correctly within the editor but not on the front end.
This changes `WP_Theme_JSON` to detect this scenario and move the `background-color` value to just `color` when both `color` and `border-color` are missing.
Props cbravobernal, flixos90, davidbaumwald, hellofromTonya, desrosj, andrewserong, czapla, glendaviesnz, wildworks.
Merges [54821] to the 6.1 branch.
Fixes#56903.
Built from https://develop.svn.wordpress.org/branches/6.1@54822
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calling the `wp_get_theme` function creates a instance of the `WP_Theme` class. This can be a performance issue, if all you need is one property of the class instance. This change replaces the usage of `wp_get_theme()->get_stylesheet()` with `get_stylesheet()` to improve performance.
Props spacedmonkey, flixos90, peterwilsoncc, desrosj.
Merges [54817] to the 6.1 branch.
Fixes#57057.
Built from https://develop.svn.wordpress.org/branches/6.1@54818
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This partially reverts [53860] and [53862], which refactored the `exists()` method to rely on `ftp_rawlist()` instead of `ftp_nlist()`.
[53860] makes a similar attempt to the ones made in [33648] and [34733] (which were also reverted in [35944]). Being compliant with the specifications while continuing to work without issue for all FTP servers continues seem impossible. These little ghosts are the ones we’re scared of the most.
Props jsh4, afragen, costdev, pkolenbr, SergeyBiryukov, dd32, peterwilsoncc, gamecreature, desrosj.
Merges [54815] to the 6.1 branch.
Fixes#56966.
See #51170, #28013.
Built from https://develop.svn.wordpress.org/branches/6.1@54816
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This applies to:
* `normalizer_is_normalized()`
* `normalizer_normalize()`
Includes removing the `Normalizer::FORM_C` constant as a parameter, since it is the default value for both functions and does not need to be explicitly passed. This avoids a fatal error if a plugin includes polyfill for any of the functions but the `Normalizer` class has a different namespace, for example when using the Symfony polyfill.
Follow-up to [53754].
Props hellofromTonya, costdev, desrosj, mukesh27, zodiac1978, jchambo, gisgeo, SergeyBiryukov.
Merges [54813] to the 6.1 branch.
Fixes#56980.
Built from https://develop.svn.wordpress.org/branches/6.1@54814
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the block editor related npm dependencies to their latest patch versions ahead of WordPress 6.1.1.
For a full list of what’s included in this update, see 432ed388f8...6566f5fe9e.
Props aaronrobertshaw, ntsekouras, bernhard-reiter, ramonopoly, isabel_brison, andrewserong, get_dave, scruffian, andraganescu, talldanwp, mciampini, noisysocks, cbravobernal, bph, tyxla, ellatrix, czapla, mcsf, ironprogrammer, wildworks, peterwilsoncc, mamaduka, mikachan, spacedmonkey, cybr, youknowriad, alexstine, aristath, kevin940726, ndiego, 0mirka00, poena, joen, ryankienstra, desrosj, vtad, nithins53, audrasjb, kacper3355, sabernhardt.
Merges [54811] to the 6.1 branch.
Fixes#57038, #56818, #56955, #56923.
Built from https://develop.svn.wordpress.org/branches/6.1@54812
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure the `menu-item-has-children` class is added to sub-menu items when `wp_nav_menu()` is called with the `depth` parameter specified to a non-zero value.
Follow up to [54478].
Props davidvongries, fpodhorsky, hellofromTonya, innovext, larsmqller, LeonidasMilossis, mattkeys, mukesh27, nuvoPoint, ocean90, outrankjames, petitphp, SergeyBiryukov, sippis, webmandesign, peterwilsoncc.
Merges [54801] to the 6.1 branch.
Fixes#56946.
See #28620.
Built from https://develop.svn.wordpress.org/branches/6.1@54809
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
- Fixing a few typos.
- Using the correct format for multi-line comments.
- Removing some comments that duplicate the assertion messages without providing any additional context.
Follow-up to [54478].
Props SergeyBiryukov.
Merges [54741] to the 6.1 branch.
See #56792, #56946.
Built from https://develop.svn.wordpress.org/branches/6.1@54808
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Workaround `wp_img_tag_add_decoding_attr()` potentially breaking JavaScript and JSON data by limiting the addition of the decoding attribute to image tags using unescaped double quoted attributes `src` attributes.
Props rodricus, TimothyBlynJacobs, joelmadigan, mw108, adamsilverstein, flixos90, desrosj, mukesh27, peterwilsoncc.
Merges [54802] to the 6.1 branch.
Fixes#56969.
Built from https://develop.svn.wordpress.org/branches/6.1@54807
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Initialize `WP_Textdomain_Registry` in `wp_load_translations_early()`. This ensures the global `$wp_textdomain_registry` is set up prior to loading the translations.
Props azurseisme, TimothyBlynJacobs, costdev, ocean90, flixos90, swissspidy, peterwilsoncc.
Merges [54803] to the 6.1 branch.
Fixes#57051.
Built from https://develop.svn.wordpress.org/branches/6.1@54806
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many scenarios array functions are more expensive than using simpler `for` or `foreach` loops.
This changeset results in roughly 4% faster `wp_head` execution time for both block themes and classic themes. While this may seem like a small win, it is a worthwhile enhancement and only one part of several other little performance tweaks which are being worked on to improve performance of `theme.json` parsing further.
Props aristath, desrosj, jrf, spacedmonkey.
Merges [54804] to the 6.1 branch.
Fixes#56974.
See #57067.
Built from https://develop.svn.wordpress.org/branches/6.1@54805
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Here's what it does:
* Do not load and parse `theme-i18n.json` schema if the theme does not have a `theme.json` file.
* Fix the variable caching layer around the theme's `theme.json` parsing so that a parent's theme `theme.json` is cached as well.
* Do not run a `WP_Query` for global styles for a user when the theme does not have a `theme.json`.
In a basic WordPress setup, this changeset improves `wp_head` execution time for classic themes by 10%, and overall response time for both block themes and classic themes by 4%. This may seem like a small win, but 4% reduced overall response time is actually quite a bit for one change, and it is worth mentioning that this is just one of several other little performance tweaks which are being worked on to improve performance of `theme.json` parsing further.
Props flixos90, manuilov, oandregal, peterwilsoncc, spacedmonkey.
Merges [54799] to the 6.1 branch.
Fixes#56945.
Built from https://develop.svn.wordpress.org/branches/6.1@54800
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.
Props ocean90, swissspidy, desrosj.
Merges [54797] to the 6.1 branch.
Fixes#57060.
Built from https://develop.svn.wordpress.org/branches/6.1@54798
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.
Props ocean90, swissspidy, desrosj.
Fixes#57060.
Built from https://develop.svn.wordpress.org/branches/6.1@54795
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent term `NOT EXISTS` queries causing `redirect_canonical()` to throw a fatal error in PHP 8 and above, or a warning in earlier versions.
This ensures the `tax_query`'s `terms` property both exists and is countable before attempting to count it.
Props codesdnc, SergeyBiryukov, kadamwhite, costdev, miguelaxcar.
Merges [54785] to the 6.1 branch.
Fixes#55955.
Built from https://develop.svn.wordpress.org/branches/6.1@54793
git-svn-id: http://core.svn.wordpress.org/branches/6.1@54345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
audrasjb
John Blackbourn
Joe McGill
Aaron Jorbin
desrosj
Sergey Biryukov
Peter Wilson
antpb
Dominik Schilling
Felix Arntz