Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes#44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
Built from https://develop.svn.wordpress.org/trunk@44824
git-svn-id: http://core.svn.wordpress.org/trunk@44656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34891], `WP_Screen` was updated with methods to store, retrieve, and render screen reader text used by screens with `WP_List_Table` instances. When the export/erase personal data list tables were introduced in [42967], these headings were missing.
Fixes#46041.
Props afercia, xkon, garrett-eclipse, desrosj.
Built from https://develop.svn.wordpress.org/trunk@44821
git-svn-id: http://core.svn.wordpress.org/trunk@44653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, if a parent block has a custom background color assigned, its child blocks will inherit the parent's text colors — even if the child block has its own custom text color assigned to it.
This update changes the following:
- Adjusts Twenty Nineteen's custom background color defaults to target direct children only which fixes the issue
Props kjellr.
See #46432.
Built from https://develop.svn.wordpress.org/trunk@44818
git-svn-id: http://core.svn.wordpress.org/trunk@44650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `change` event was previously required to ensure that the Customizer picked detected changes to the widget’s content and synced them to the preview. In the current state, though, the `trigger( ‘change’ )` is no longer required and is causing issues with the widget’s “Done” and “Save” buttons.
Fixes#45335.
Props audrasjb, afercia, westonruter.
Built from https://develop.svn.wordpress.org/trunk@44816
git-svn-id: http://core.svn.wordpress.org/trunk@44648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/trunk@44814
git-svn-id: http://core.svn.wordpress.org/trunk@44646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Restores `public`, `archived`, `mature`, `spam`, `deleted`, `lang_id`, and `WPLANG` to the `$meta` data passed to `wpmu_new_blog`. This hook was deprecated in 5.1.0, but code using it still relies on this data.
Props david.binda, pbiron.
Fixes#46351.
Built from https://develop.svn.wordpress.org/trunk@44805
git-svn-id: http://core.svn.wordpress.org/trunk@44637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`<button>` elements are natively interactive, supported by any assistive technology, and must be used instead of non-semantic, non-accessible `<div>` elements.
Also, this change aligns the Media Widgets and the Customizer site icon and site logo controls with the design pattern used in the new Block Editor for similar controls.
Props ramonopoly, welcher, afercia.
Fixes#43151.
Built from https://develop.svn.wordpress.org/trunk@44796
git-svn-id: http://core.svn.wordpress.org/trunk@44628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allows for themes or plugins setting the comment-reply JavaScript as a dependency of an HTML header script. This in turn causes `comment-reply.js` to be loaded early, requiring execution to be delayed.
Props pento, peterwilsoncc, jorbin for feedback.
Fixes#46280.
Built from https://develop.svn.wordpress.org/trunk@44794
git-svn-id: http://core.svn.wordpress.org/trunk@44626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
CSS generated content is rendered for speech output. When it's not meant to be announced by assistive technologies, for example with font icons, special care should be used to hide it. At the moment, the only reliable way to do this is making use of a wrapper element and set `aria-hidden="true"` on it.
Fixes#37513.
Built from https://develop.svn.wordpress.org/trunk@44793
git-svn-id: http://core.svn.wordpress.org/trunk@44625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `test_detects_cannot_create_index()` and `tests_detects_cannot_write_html()` test methods are prone to failure under certain configurations, as discovered by the hosts reporting back the test suite results. This removes those two methods until a better approach to testing those scenarios can be created.
Partial revert of [44786].
See #44233.
Built from https://develop.svn.wordpress.org/trunk@44792
git-svn-id: http://core.svn.wordpress.org/trunk@44624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A PHPUnit configuration file with more than one `<php>` tag causes a validation error in PHPUnit versions 7.x. There are currently 2 in the `tests/phpunit/multisite.xml` file, which appears to be accidentally introduced in [29954].
Fixes#46414.
Built from https://develop.svn.wordpress.org/trunk@44790
git-svn-id: http://core.svn.wordpress.org/trunk@44622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is only run if the wordpress.org API considers the PHP version acceptable. This ensures that other plugins or hosting providers can only make this check stricter, but not loosen it.
Props j-falk, mikeschroder.
Fixes#46065.
Built from https://develop.svn.wordpress.org/trunk@44788
git-svn-id: http://core.svn.wordpress.org/trunk@44620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 4.9.6, several new privacy related features were introduced. Admin pointers were included to make administrators aware of these features. They have served their purpose and can now go silently into the night.
Props garrett-eclipse, desrosj, xkon.
Fixes#45999.
Built from https://develop.svn.wordpress.org/trunk@44787
git-svn-id: http://core.svn.wordpress.org/trunk@44619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to `editor-color-palette`, a theme or plugin should be able to set the theme support for `editor-font-sizes` to an empty array, indicating that no additional font sizes should be available in the block’s ‘Text Settings’. The current conditional was using `empty()`, which was incorrectly causing the default font sizes to be used instead.
Props jorgefilipecosta, chrisvanpatten, SergeyBiryukov.
Fixes#46290.
Built from https://develop.svn.wordpress.org/trunk@44782
git-svn-id: http://core.svn.wordpress.org/trunk@44614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In an authoring context, the image `alt` attribute purpose is different from the one for the front end. For example, screen reader users need to know what the selected image is, even when the original `alt` value is empty.
This change introduces a new pattern for the `alt` text in an authoring context:
- uses the `alt` text if not empty
- when there's no `alt` text, informs users the image has no alternative text and provides a reference to the image filename
Also, makes the gallery media widget preview an unordered list to make screen readers announce the number of images automatically.
Fixes#43137.
Built from https://develop.svn.wordpress.org/trunk@44767
git-svn-id: http://core.svn.wordpress.org/trunk@44599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the exception of the "Edit" link, the "row actions" controls in the Comments table behave differently depending if JavaScript support is on or off.
When JavaScript support is off, they behave like links. When JavaScript support is on, they behave like buttons and they need to be buttons or have an ARIA `role="button"` added via JavaScript.
Lastly, the buttons in the Reply/Quick Edit form and the "Add Comment" in the edit post page meta box need to be buttons.
Fixes#43412.
Built from https://develop.svn.wordpress.org/trunk@44759
git-svn-id: http://core.svn.wordpress.org/trunk@44591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The custom date/time format previews in General Settings were updated only when blurring the related input fields. With this change, they're now updated when users finish typing a custom format, properly debouncing the `input` event callback.
Props dilipbheda, Girishpanchal.
Fixes#43364.
Built from https://develop.svn.wordpress.org/trunk@44758
git-svn-id: http://core.svn.wordpress.org/trunk@44590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Proximity of related information is an inclusive design principle that benefits everyone and it's particularly important for users with reduced visual field, low vision, or other vision or cognitive impairments. User interface controls that are logically grouped should be placed close to each other.
Also, this change makes the buttons visual order and the DOM order match.
Fixes#45972.
Built from https://develop.svn.wordpress.org/trunk@44757
git-svn-id: http://core.svn.wordpress.org/trunk@44589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Originally introduced in [32453], the `@ignore` annotation caused the
function to be improperly ignored by the Code Reference parser.
The `@access private` annotation is the correct way to mark a
function for internal use only.
Props coffee2code.
Fixes#45997.
Built from https://develop.svn.wordpress.org/trunk@44755
git-svn-id: http://core.svn.wordpress.org/trunk@44587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit also moves the images to s.w.org, removes the old "Gutenberg has been deactivated" warning, as well as removing some old JS from About pages of years gone past.
Props melchoyce, ryelle, paaljoachim, karmatosed, pento.
Fixes#46161.
Built from https://develop.svn.wordpress.org/trunk@44749
git-svn-id: http://core.svn.wordpress.org/trunk@44581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Gutenberg plugin will not be deactivated on sites upgrading to WordPress 5.1. This deprecates the `upgrade_500_was_gutenberg_active` option and the `upgrade_500()` function as they are no longer required.
Props peterwilsoncc.
Fixes#46029.
Built from https://develop.svn.wordpress.org/trunk@44732
git-svn-id: http://core.svn.wordpress.org/trunk@44563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[44618] added strict type checking to `_sanitize_text_fields()`, which has caused some compat issues with plugins.
We can loosen the type checking to only reject objects and arrays, and cast other types to string.
Props Nick_theGeek, pento.
Fixes#41450.
Built from https://develop.svn.wordpress.org/trunk@44731
git-svn-id: http://core.svn.wordpress.org/trunk@44562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because the names of the `get_header()`, `get_footer()`, `get_sidebar()`, and `get_template_part()` functions indicate that a value is returned, some plugins and themes already have `echo get_template_part()` in their codebase. Adding a return value to these functions using the approach in [44678] will cause the two unintended side effects of unexpected content being sent to the browser, and accidental path disclosure.
Reverts [44678].
Props davidbinda.
See #40969.
Built from https://develop.svn.wordpress.org/trunk@44725
git-svn-id: http://core.svn.wordpress.org/trunk@44556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies the jQuery selector for determining hidden columns to ensure they are detected when the expanded columns details are closed.
Adds high-specificity selectors specifically for setting screen options in the comments and plugins lists.
Props afercia.
Fixes#46005.
Built from https://develop.svn.wordpress.org/trunk@44722
git-svn-id: http://core.svn.wordpress.org/trunk@44553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
Built from https://develop.svn.wordpress.org/trunk@44717
git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [918/tests] and updated in [26871], the class is there to make sure that known bugs are not skipped when `phpunit` is called with a `--group` that corresponds to an `@ticket` annotation (such as `phpunit --group 12345`).
Enforcing recognized arguments or correctly formed arguments is not the concern here, so reusing `PHPUnit_Util_Getopt::parseLongOption()` was superfluous.
See #43218.
Built from https://develop.svn.wordpress.org/trunk@44715
git-svn-id: http://core.svn.wordpress.org/trunk@44546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The pre-save filters added to links in [43732] could invalidate JSON data when saving Customizer change-sets.
This removes the filters when saving and publishing change-sets.
Props peterwilsoncc, nikeo for testing.
See #45292.
Built from https://develop.svn.wordpress.org/trunk@44714
git-svn-id: http://core.svn.wordpress.org/trunk@44545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Edit Comment page:
- moves the "Author" `h2` heading out of the form fieldset
- removes an unnecessary `<span>` element
- adds a visually hidden legend element to the fieldset
- uses an existing string "Comment Author"
Fixes#43586.
Built from https://develop.svn.wordpress.org/trunk@44712
git-svn-id: http://core.svn.wordpress.org/trunk@44543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Create an abstract `WP_UnitTestCase_Base` class to share between PHPUnit 7.x and older versions.
* Add a speed-trap loader to determine which `SpeedTrapListener` class needs to be loaded for the current PHPUnit version.
* Remove unnecessary `PHPUnit\Util\Test` and `PHPUnit_Util_Getopt` inheritances.
* Update Travis CI config to use PHPUnit 7.x for PHP 7.1, 7.2, and nightly PHP versions.
Props jipmoors, netweb, desrosj, ayeshrajans, soulseekah, SergeyBiryukov.
See #43218.
Built from https://develop.svn.wordpress.org/trunk@44701
git-svn-id: http://core.svn.wordpress.org/trunk@44532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the logic for determining when an event will next run from `wp_next_scheduled()` to `wp_get_scheduled_event()`.
This improves the performance of `wp_get_scheduled_event()` by avoiding duplicate function calls and object cache hits.
Props peterwilsoncc.
Fixes#45976.
Built from https://develop.svn.wordpress.org/trunk@44693
git-svn-id: http://core.svn.wordpress.org/trunk@44524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Meta capability mapping doesn't recurse through multiple meta definitions, which creates a situation where the capabilities test is looking for the non-existent primitive capability `edit_blocks`, which should instead be mapped to `edit_posts`.
Defining the `edit_posts` capability when the `wp_block` post type is registered causes this check to change to to the `edit_posts` capability.
Props aduth.
Fixes#45373.
Built from https://develop.svn.wordpress.org/trunk@44687
git-svn-id: http://core.svn.wordpress.org/trunk@44518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the commenter doesn't have cookies set, they won't see the comment preview again. Showing an expanded message will help offset any confusion if they revisit the site later, and their comment is still in moderation, but they can't see it anymore.
Props azaozz, pento.
Fixes#44736.
Built from https://develop.svn.wordpress.org/trunk@44681
git-svn-id: http://core.svn.wordpress.org/trunk@44512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_header()`, `get_footer()`, `get_sidebar()`, and `get_template_part()` functions all call `locate_template()` as their final action, which returns the name of the template being loaded. Returning this value helps handle problems with templates being loaded.
Props tferry.
Fixes#40969.
Built from https://develop.svn.wordpress.org/trunk@44678
git-svn-id: http://core.svn.wordpress.org/trunk@44509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `Language_Pack_Upgrader::clear_destination()` to clear existing translations before installing new translations. Ensures that unused translations in JSON format are cleaned up.
Props dd32, swissspidy, ocean90.
Fixes#45468.
Built from https://develop.svn.wordpress.org/trunk@44676
git-svn-id: http://core.svn.wordpress.org/trunk@44507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_Shutdown_Handler` name plus related function names were premature when originally committed, as there can be multiple shutdown handlers in PHP, and WordPress makes use of that feature. This changeset modifies the name to a more appropriate `WP_Fatal_Error_Handler`, and related to that changes the following names:
* The drop-in to override the handler is now called `fatal-error-handler.php`.
* The internal function `wp_register_premature_shutdown_handler` is now called `wp_register_fatal_error_handler()`.
In addition to these naming changes, a new constant `WP_DISABLE_FATAL_ERROR_HANDLER` is introduced that can be set in `wp-config.php` to entirely disable the fatal error handler. That constant's value is and should be accessed indirectly via a new `wp_is_fatal_error_handler_enabled()` function and is filterable via a new `wp_fatal_error_handler_enabled` hook. Note that disabling the fatal error handler will skip the new functionality entirely, including the potentially used `fatal-error-handler.php` drop-in.
The new set of constant, filter and function provide for an easier-to-use mechanism to disable the fatal error handler altogether, rather than requiring developers to implement a drop-in for purely that purpose.
Props afragen, flixos90, joyously, knutsp, markjaquith, ocean90, schlessera, spacedmonkey.
Fixes#46047. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44674
git-svn-id: http://core.svn.wordpress.org/trunk@44505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `wp_die()` argument `exit`, which defaults to true and determines whether `wp_die()` should actually terminate the request. The new fatal error handler then calls `wp_die()` with that argument set to false, as calling `die()` or `exit` from a PHP shutdown function prevents other shutdown functions from being called.
Props schlessera, johnbillion.
Fixes#46038. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44671
git-svn-id: http://core.svn.wordpress.org/trunk@44502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, each `wp_die()` handler had their own logic for how to parse arguments, causing inconsistencies and even breakage because the arguments possible to pass to `wp_die()` depended on the request context. Passing a `WP_Error` as `$message` for example used to be only support by the default handler, but not the AJAX and XML-RPC handlers.
With the fatal error protection, plus the new `wp_die()` handlers related to that, improving this support and compatibility has become more significant. Therefore this changeset introduces a private `_wp_die_process_input()` function that handles all function parameters consistently.
Props spacedmonkey, flixos90, schlessera.
Fixes#45933. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44666
git-svn-id: http://core.svn.wordpress.org/trunk@44497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.
To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.
Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes#43857.
Built from https://develop.svn.wordpress.org/trunk@44659
git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the non-latin font fallback styles, languages using the Devanagari alphabet were initially committed in a comma-separated list in the `:lang()` selector, which isn't fully supported. This update separates those languages into their own `:lang()` selectors.
Props mako09.
Fixes#45731.
Built from https://develop.svn.wordpress.org/trunk@44657
git-svn-id: http://core.svn.wordpress.org/trunk@44488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The theme's original approach to its non-latin font fallbacks required `!important`, which overrode fonts that shouldn't have been changed, like the icon fonts used for editor buttons.
Props kjellr, mako09, allancole.
Fixes#45731.
Built from https://develop.svn.wordpress.org/trunk@44650
git-svn-id: http://core.svn.wordpress.org/trunk@44481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When merging, [44244] and [44260] were committed to trunk the opposite way that they were committed to the 5.0 branch. They were originally committed in [43885] and [43861], respectively.
Due to this switch, a change in how the Custom Fields meta box was registered wasn't merged from the 5.0 branch, causing it to not be registered correctly in trunk.
Props dd32, pento.
Fixes#46028.
Built from https://develop.svn.wordpress.org/trunk@44648
git-svn-id: http://core.svn.wordpress.org/trunk@44479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email.
This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email.
Props fuchsws, rachelbaker, desrosj.
Fixes#44672.
Built from https://develop.svn.wordpress.org/trunk@44641
git-svn-id: http://core.svn.wordpress.org/trunk@44472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Internet Explorer encounters a non interactive element with a `tabindex`
attribute, it adds the element to the accessibility tree with a `role=group` and
an accessible name computed from the element. This prevents JAWS from announcing
any fieldset legend within the element.
- removes `tabindex="0"` from the content and the toolbar containers: these tabindex attributes are no longer needed
- removes `aria-label="Main content"` from the content container: not needed
- keeps the media modal focus fallback introduced in [38142] by making the `#wpbody-content` element focusable only when needed
Props stevefaulkner, aardrian.
Fixes#43154.
Built from https://develop.svn.wordpress.org/trunk@44639
git-svn-id: http://core.svn.wordpress.org/trunk@44470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- properties should be followed by a colon and a space
- media queries shouldn't use spaces within parenthesis
- indentation should use tabs instead of spaces or mixed spaces / tabs
- the content property should use double quotes
- no double spaces
Props nadim0988, afercia.
Fixes#45185.
Built from https://develop.svn.wordpress.org/trunk@44637
git-svn-id: http://core.svn.wordpress.org/trunk@44468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Privacy Policy Guide, there is currently a ‘Copy’ button below each section of suggested text. It is unclear what copy means without more context. It could be assumed, for instance, that the suggested text is copied to a new page.
This changes the button text to read `Copy this section to clipboard` to more clearly inform the user what is copied and how.
Props JoshuaWold, garrett-eclipse, birgire, vishaldodiya.
Fixes#44677.
Built from https://develop.svn.wordpress.org/trunk@44629
git-svn-id: http://core.svn.wordpress.org/trunk@44460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows users to sort the export and erase personal data request tables by “Requester” (`post_title`, or user email) and “Requested” (`post_date`, or when the request was created), which can be helpful when sites have many requests present.
Props birgire, ianbelanger, pbiron, desrosj.
Fixes#43405.
Built from https://develop.svn.wordpress.org/trunk@44628
git-svn-id: http://core.svn.wordpress.org/trunk@44459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
Built from https://develop.svn.wordpress.org/trunk@44627
git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the hack that was used before to display more complex HTML markup than a simple message in the default PHP error template via `wp_die()`. By removing HTML markup from the arguments passed to `wp_die()` it furthermore paves the way for supporting other content types than the default.
The message and arguments can be modified with new `wp_php_error_message` and `wp_php_error_args` filters respectively.
Furthermore this changeset fixes a few issues of functions not existing which could potentially have caused fatal errors when executed early in the WordPress bootstrap process.
Props flixos90, spacedmonkey.
See #45933, #44458.
Built from https://develop.svn.wordpress.org/trunk@44624
git-svn-id: http://core.svn.wordpress.org/trunk@44455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Throughout the core privacy functions, `WP_User_Request` instances were stored in variables named both `$request`, and `$request_data`. This changes all occurrences of `$request_data` to `$request` for better consistency.
Props nateallen, bruceallen, garrett-eclipse.
Fixes#44708.
Built from https://develop.svn.wordpress.org/trunk@44606
git-svn-id: http://core.svn.wordpress.org/trunk@44437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.
Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.
Props fullyint.
Fixes#40020.
Built from https://develop.svn.wordpress.org/trunk@44580
git-svn-id: http://core.svn.wordpress.org/trunk@44411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
From the `WordPress.NamingConventions.ValidVariableName` sniff, this commit fixes/whitelists all `NotSnakeCaseMemberVar`, `MemberNotSnakeCase`, and `StringNotSnakeCase` violations. It also fixes a handful of the `NotSnakeCase` violations.
See #45934.
Built from https://develop.svn.wordpress.org/trunk@44573
git-svn-id: http://core.svn.wordpress.org/trunk@44404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calling `register_rest_route()` too early in the loading process has the potential to cause some unintentional problems and pitfalls. Because `register_rest_route()` calls `rest_get_server()` (which creates the `WP_REST_Server` instance), calling the function directly and/or before `rest_api_init` should be discouraged.
For example, if `register_rest_route ()` is called on `init`, the REST API server instance is set up (and all functions added to `rest_api_init` and other related hooks are invoked), even though the current request may not be a REST request. Also, if `register_rest_route()` is called even earlier (say, in an `mu-plugin` file), required endpoints may be missing since normal plugins have not yet been loaded and have not had a chance to register their own action hooks.
This adds a `_doing_it_wrong()` notice the first time `register_rest_route()` is called before `rest_api_init` in a request to encourage best practices for registering REST API routes.
Props kraftbj, desrosj, timothyblynjacobs.
Fixes#45265.
Built from https://develop.svn.wordpress.org/trunk@44568
git-svn-id: http://core.svn.wordpress.org/trunk@44399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both `wp_encode_emoji()` and `wp_staticize_emoji()` perform a PHP version check when deciding how to apply their behaviour, but this check only needs to happen once, rather than every time in their internal looks.
Moving the check outside of the loop reduces processing time by 50%.
Props johnbillion.
Fixes#45930.
Built from https://develop.svn.wordpress.org/trunk@44554
git-svn-id: http://core.svn.wordpress.org/trunk@44385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
At the start of `render_block()`, the `pre_render_block` filter allows the function to be short-circuited, and the `render_block_data` filter is applied to the `$block` parameter before it's processed.
Props kkarpieszuk, pento.
Fixes#45451.
Built from https://develop.svn.wordpress.org/trunk@44553
git-svn-id: http://core.svn.wordpress.org/trunk@44384 1a063a9b-81f0-0310-95a4-ce76da25c4cd