The `esc_url()` function expects to a string for `$url` parameter. There is no input validation within that function. The function contains a `ltrim()` which also expects a string. Passing `null` to this parameter results in `Deprecated: ltrim(): Passing null to parameter #1 ($string) of type string is deprecated` notice on PHP 8.1+.
Tracing the stack back, a `null` is being passed to it within `next_posts()` when `get_next_posts_page_link()` returns `null` (it can return a string or `null`).
On PHP 7.0 to PHP 8.x, an empty string is returned from `esc_url()` when `null` is passed to it. The change in this changeset avoids the deprecation notice by not invoking `esc_url()` when `get_next_posts_page_link()` returns `null` and instead sets the `$output` to an empty string, thus maintain the same behavior as before (minus the deprecation notice).
Adds a test to validate an empty string is returned and the absence of the deprecation (when running on PHP 8.1+).
Follow-up to [11383], [9632].
Props codersantosh, nihar007, hellofromTonya, mukesh27, oglekler, rajinsharwar.
Fixes#59154.
Built from https://develop.svn.wordpress.org/trunk@56740
git-svn-id: http://core.svn.wordpress.org/trunk@56252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes ignore annotations which are ignoring an error which would not be thrown for that code.
Includes tidying up the format of the ignore annotation:
* Customary one space between the `//` and the start of the comment.
* There should be no spaces in the comma-separated sniff list.
Follow-up to [45607], [47185], [49200], [53152].
Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56738
git-svn-id: http://core.svn.wordpress.org/trunk@56250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this changeset, we did not seem to have any unit test coverage for the Patterns registry (`WP_Block_Patterns_Registry`).
With Block Hooks logic recently added ([56649]), it is particularly advisable to add some unit tests to the `get_registered()` and `get_all_registered()` methods to guard hooked block insertion against regressions.
Fixes#59476.
Built from https://develop.svn.wordpress.org/trunk@56733
git-svn-id: http://core.svn.wordpress.org/trunk@56245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Round 2 of package updates for 6.4. Beta 1 which includes disabling the rendering of the Font Library in Core.
The full list of changes are found here 641b696cd6.
Follow-up to [56710], [56713].
Props mikachan, mmaattiiaass, mamaduka, desrosj, ockham, hellofromTonya.
See #59411.
Built from https://develop.svn.wordpress.org/trunk@56728
git-svn-id: http://core.svn.wordpress.org/trunk@56240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce a `_remove_theme_attribute_from_template_part_block()` function that can be used as a callback argument for `traverse_and_serialize_block(s)` on a parsed block tree in order to remove the `theme` attribute from all Template Part blocks found therein, and deprecate `_remove_theme_attribute_in_block_template_content()`.
Counterpart to `_inject_theme_attribute_in_template_part_block` from #59338 (which superseded `_inject_theme_attribute_in_block_template_content`, deprecated in #59452).
Props mukesh27.
Fixes#59460.
Built from https://develop.svn.wordpress.org/trunk@56724
git-svn-id: http://core.svn.wordpress.org/trunk@56236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is only used within the `WP_Http::_get_first_available_transport()` method, which has been marked as deprecated in favor of `\WpOrg\Requests\Requests::get_transport_class()`.
Follow-up to [56655]
Props desrosj, hellofromTonya.
Fixes#58705.
Built from https://develop.svn.wordpress.org/trunk@56723
git-svn-id: http://core.svn.wordpress.org/trunk@56235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move the now-deprecated function `_inject_theme_attribute_in_block_template_content` from `wp-includes/block-template-utils.php` to `wp-includes/deprecated.php`.
Follow-up [56719].
Props spacedmonkey, davidbaumwald, mukesh27.
See #59452.
Built from https://develop.svn.wordpress.org/trunk@56722
git-svn-id: http://core.svn.wordpress.org/trunk@56234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It can be replaced by passing `_inject_theme_attribute_in_template_part_block` as second argument to `traverse_and_serialize_blocks()`.
Per WordPress 6.4 Beta 1, there aren't going to be any more calls in Core to `_inject_theme_attribute_in_block_template_content()`.
Note that `_inject_theme_attribute_in_block_template_content` has always had `@access private` set in its PHPDoc.
Props gziolo.
Fixes#59452.
Built from https://develop.svn.wordpress.org/trunk@56719
git-svn-id: http://core.svn.wordpress.org/trunk@56231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-Four is designed to be flexible, versatile and applicable to any website. Its collection of templates and patterns tailor to different needs, such as presenting a business, blogging and writing or showcasing work. A multitude of possibilities open up with just a few adjustments to color and typography.
Twenty Twenty-Four comes with style variations and full page designs to help speed up the site building process, is fully compatible with the site editor, and takes advantage of new design tools introduced in WordPress 6.4.
Twenty-Four karat magic in the air!
Props onemaggie, luminuu, beafialho, chrisdesrochers, amedv, melchoyce, kafleg, jeffikus, poena, robpetrin, hiyascout, audrasjb, huzaifaalmesbah, fabiankaegy, jordesign, vcanales, shailu25, jessplease, juanfra, maneshtimilsina, sabernhardt, richtabor, travel_girl, kishanjasani, sofiashendi, nudge, gnanasekaran, marcelle42, bosskhj, oncecoupled, bijayyadav, barbmiller, devmuhib, lyndauwp, kraftbj, alaminfirdows, littlebigthing, dhamibirendra, jeffpaul, kopila47, rabmalin, aplauche, colorful-tones, khleomix, pbking, esratpopy, scruffian, alexandrebuffet, gpotter, pbwebd, anphira, suprsam, damonsharp, maurodf, soean, kawsaralameven, mhimon, rajinsharwar, labunchemjong, bonkerz, karmacharya50, aristath, mukesh27, mikachan, joedolson, aurooba, afercia, jffng, benimub, joen, tanvirul, jeryj, thelovekesh, mrwweb, nielslange, sergiomdgomes, binsaifullah, hanneslsm, masoudnkh, dhrumilk, dianeco, webmandesign, desrosj.
See #59447.
Built from https://develop.svn.wordpress.org/trunk@56716
git-svn-id: http://core.svn.wordpress.org/trunk@56228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enable the storing of post meta in revisions including autosaves and previews:
Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.
Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.
Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.
Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.
Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.
Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes#20564, #20299.
Built from https://develop.svn.wordpress.org/trunk@56714
git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This pre-fills category fields in the Quick/Bulk Edit form with their current status.
When bulk editing, if only some of the selected items are in a given category, the category's checkbox will display a line to indicate an indeterminate status.
Props pavelevap, scribu, chasedsiedu, helen, joshcanhelp, ubernaut, Cyberchicken, laumindproductscomau, SergeyBiryukov, Marcoevich, tomybyte, thinkluke, virtality-marketing-solutions, Michalooki, dmsnell, itecrs, pannelars, WHSajid, samba45, Mte90, johnbillion, tomluckies, soulseekah, francina, oglekler, ajmcfadyen, mukesh27, costdev.
Fixes#11302.
Built from https://develop.svn.wordpress.org/trunk@56712
git-svn-id: http://core.svn.wordpress.org/trunk@56224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`_wp_array_get()` is an expensive function, and it's called thousands of times on each page view on the front end. While the function performance was slightly improved in #58376, it is still called more times than it should be.
This commit aims to further optimize its usage:
* In many cases, `_wp_array_get()` can be replaced with a much simpler and faster `isset()` check.
* The `isset()` function is capable of checking nested arrays, so `isset( $foo['a']['b']['c'] )` will return false even if `$foo['a']` is unset, without throwing any errors or warnings.
* When `_wp_array_get()` cannot be directly replaced with `isset()`, it would be good practice to wrap it in an `isset()` function so that `_wp_array_get()` only runs when it needs to.
Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/51116#51116 Performance improvement: Reduce the use of the _wp_array_get() function]
Follow-up to [55851], [56382].
Props aristath, jrf, spacedmonkey, mukesh27, swissspidy, hellofromTonya.
Fixes#59405.
Built from https://develop.svn.wordpress.org/trunk@56709
git-svn-id: http://core.svn.wordpress.org/trunk@56221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Author archives are only generated for users who created at least one post.
Prevent adding author archives to the XML sitemap for users who only authored pages
as the links would otherwise result in a 404.
Props zodiac1978, huzaifaalmesbah.
Fixes#57816.
Built from https://develop.svn.wordpress.org/trunk@56708
git-svn-id: http://core.svn.wordpress.org/trunk@56220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Uses `wp_kses()` instead of `esc_html()` to allow a list of HTML tags and protocols in the message rather than escaping them.
Why? To retain message readability in the browser and server logs, especially given that Core itself adds HTML to messages in functions, e.g. `_doing_it_wrong()` and each of the `_deprecated_*()` functions.
HTML tags allowed:
* `a href`
* `br`
* `code`
* `em`
* `strong`
Protocols allowed: `http` and `https`.
To inform extenders, it also documents that any other HTML tags or protocols need to be escaped before passing the message to this function to avoid them being stripped from the message.
Follow-up to [56530], [56705].
Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
Fixes#57686.
Built from https://develop.svn.wordpress.org/trunk@56707
git-svn-id: http://core.svn.wordpress.org/trunk@56219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [56682], the `print_emoji_styles` function was deprecated and a corresponding deprecation notice was added. In order to maintain backward compatibility, `print_emoji_styles` was retained as a hook into wp_print_styles. This resulted in the appearance of deprecation notices within the block editor. The root of this issue was the manual invocation of the `wp_print_styles` function in block-editor.php. To address this, the `print_emoji_styles` callback was manually removed, `wp_print_styles` was called, and the action was subsequently rehooked, resolving the deprecation notice within the block editor.
Props mamaduka, hellofromtonya, spacedmonkey.
See #58775.
Built from https://develop.svn.wordpress.org/trunk@56706
git-svn-id: http://core.svn.wordpress.org/trunk@56218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Uses `wp_trigger_error()` in `_doing_it_wrong()` and each `_deprecated_*()` function, i.e. instead of `trigger_error()`.
To avoid redundancy, uses `wp_trigger_error()` once. How? Saves each message to `$message` variable and then passes it to `wp_trigger_error()` at the end of the function.
Functions:
* _doing_it_wrong()
* _deprecated_function()
* _deprecated_constructor()
* _deprecated_class()
* _deprecated_file()
* _deprecated_argument()
* _deprecated_hook()
Follow-up to [56530].
Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56705
git-svn-id: http://core.svn.wordpress.org/trunk@56217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
All existing calls of `get_hooked_blocks()` in non-test code are currently wrapped in an extra `array_keys()` call. This changeset absorbs that logic into the function and changes the structure of the return value accordingly.
Furthermore, this allows us to remove the extra `$relative_position` argument (introduced in [56673]) from the function again, as the same data can now be simply fetched via array access.
Props gziolo, spacedmonkey, mukesh27.
See #59383.
Built from https://develop.svn.wordpress.org/trunk@56704
git-svn-id: http://core.svn.wordpress.org/trunk@56216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch adds two new public methods to the HTML Tag Processor:
- `has_class()` indicates if a matched tag contains a given CSS class name.
- `class_list()` returns a generator to iterate over all the class names in a matched tag.
Included in this patch is a refactoring of the internal logic when matching
a tag to reuse the new `has_class()` function. Previously it was relying on
optimized code in the `matches()` function which performed byte-for-byte
class name comparison. With the change in this patch it will perform class
name matching on the decoded value, which might differ if a class attribute
contains character references.
These methods may be useful for running more complicated queries based
on the presence or absence of CSS class names. The use of these methods
avoids the need to manually decode the class attribute as reported by
`$process->get_attribute( 'class' )`.
Props dmsnell.
Fixes#59209.
Built from https://develop.svn.wordpress.org/trunk@56703
git-svn-id: http://core.svn.wordpress.org/trunk@56215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Inside a `next_tag()` loop it can be challenging to use breadcrumbs because they are only exposed inside the call to `next_tag()` via the `$query` arg.
In this patch a new method, `matches_breadcrumbs()`, is exposed which allows for querying within the `next_tag()` loop for more complicated queries.
This method exposes a wildcard `*` operator to allow matching ''any HTML tag'' that the currently-matched tag is a child or descendant of.
Props dmsnell, westonruter, mukesh27.
Fixes#59400.
Built from https://develop.svn.wordpress.org/trunk@56702
git-svn-id: http://core.svn.wordpress.org/trunk@56214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These two new unit tests document how Block Hooks behave with `first_child` and `last_child` relative positions. The hooked blocks will only get inserted in the case where the parent block has at least one child block present. While it seems like a limitation, in practice, it's hard to think of a case where the template would use a parent block without its children. It's more likely to happen with patterns in general, but in the case of patterns wired with the block theme, it also seems unlikely. The reasoning here is that out of the box, the block theme should produce a fully functional and valid HTML.
Props ockham.
See #59313.
Follow-up [56649].
Built from https://develop.svn.wordpress.org/trunk@56701
git-svn-id: http://core.svn.wordpress.org/trunk@56213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Backports the same changes to the webpack config in the Gutenberg plugin with https://github.com/WordPress/gutenberg/pull/50122.
The `warning` function from `@wordpress/warning` no longer worked correctly with webpack 5. In practice, it no longer called `console.warn`. To fix it, the usage of `process.env.NODE_ENV` check got replaced with another optional global: `SCRIPT_DEBUG`. All the tools used in the Gutenberg, get updated to work with this new constant, including `@wordpress/scripts`. This way, developers are able to guard code that should be run only in development mode. In WordPress core, the same constant needs to be added mostly to ensure that the code behind the check gets completely removed in production mode.
Fixes#59407.
Built from https://develop.svn.wordpress.org/trunk@56699
git-svn-id: http://core.svn.wordpress.org/trunk@56211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the event type (WordCamp, Meetup, etc) to the nearby events listing within the Dashboard's Events and News widget.
Props renyot, audrasjb, ankit-k-gupta, oglekler, devmuhib, dhruvishah2203, JeffPaul, anveshika, sarahwilliams889, ajakaroth.
Fixes#58947.
Built from https://develop.svn.wordpress.org/trunk@56697
git-svn-id: http://core.svn.wordpress.org/trunk@56209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers] which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-Developers-of-external-standards Upgrade Guide to WordPressCS 3.0.0 for Developers].
In all cases, please read the complete changelog carefully before you upgrade.
This commit:
* Updates the Composer dependencies to use the new version, including updating the underlying PHP_CodeSniffer dependency to the new minimum supported version for WPCS.[[BR]] Note: the Composer PHPCS installer plugin is no longer explicitly required as it is now a dependency of WPCS, so the dependency is inherited automatically.
* Updates the ruleset for WPCS 3.0.0. This includes:
* Raising the memory limit to be on the safe side as WPCS 3.0.0 contains a lot more sniffs.
* Removing explicit inclusions of extra rules, which have now been added to the `WordPress-Core` ruleset..
* Updating property names for select sniffs.
* Updating one exclusion — the `WordPress.CodeAnalysis.AssignmentInCondition` sniff has been (partially) replaced by the `Generic.CodeAnalysis.AssignmentInCondition` sniff.
* Adding one new exclusion.
* Downgrades one new error to a warning.[[BR]] The `Generic.Files.OneObjectStructurePerFile` sniff enforces that there is only one OO structure declaration per file. At this time, this sniff would yield 29 errors. By downgrading the sniff to a ''warning'', the build can pass and the issues can be fixed in due time. For now, the test directory will be excluded until the issues are fixed (as the test directory CS run does not allow for warnings).
* Updates ignore annotations for WPCS 3.0.0.
Reference: [https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 WPCS 3.0.0 release notes].
Follow-up to [43571], [44574], [45600], [47927].
Props jrf, jorbin, desrosj.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56695
git-svn-id: http://core.svn.wordpress.org/trunk@56207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$match` parameter to `$matches` in shortcode image tests.
Note: This is enforced by WPCS 3.0.0.
Follow-up to [56693].
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56694
git-svn-id: http://core.svn.wordpress.org/trunk@56206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, images added in shortcodes would be considered separately from all other images within post content, which led to incorrect application of the loading optimization attributes `loading="lazy"` and `fetchpriority="high"`.
This changeset changes the filter priority of `wp_filter_content_tags()` from the default `10` to `12` on the various content filters it is hooked in, in order to run that function after parsing shortcodes. While this may technically be considered a backward compatibility break, substantial research and lack of any relevant usage led to the assessment that the change is acceptable given its benefits.
An additional related fix included is that now the duplicate processing of images is prevented not only for post content blobs (`the_content` filter), but also for widget content blobs (`widget_text_content` and `widget_block_content` filters).
Props joemcgill, mukesh27, costdev, spacedmonkey, flixos90.
Fixes#58853.
Built from https://develop.svn.wordpress.org/trunk@56693
git-svn-id: http://core.svn.wordpress.org/trunk@56205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [56689], a ZIP file is needed in `tests/phpunit/data/filesystem/` but wasn't included in the changeset. This produced an error when attempting to create a subdirectory during the tests.
This adds the `tests/phpunit/data/filesystem/archive.zip` file.
Follow-up to [56689].
Props flixos90.
Fixes#37719.
Built from https://develop.svn.wordpress.org/trunk@56691
git-svn-id: http://core.svn.wordpress.org/trunk@56203 1a063a9b-81f0-0310-95a4-ce76da25c4cd