When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.
Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.
Props fullyint.
Fixes#40020.
Built from https://develop.svn.wordpress.org/trunk@44580
git-svn-id: http://core.svn.wordpress.org/trunk@44411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
From the `WordPress.NamingConventions.ValidVariableName` sniff, this commit fixes/whitelists all `NotSnakeCaseMemberVar`, `MemberNotSnakeCase`, and `StringNotSnakeCase` violations. It also fixes a handful of the `NotSnakeCase` violations.
See #45934.
Built from https://develop.svn.wordpress.org/trunk@44573
git-svn-id: http://core.svn.wordpress.org/trunk@44404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calling `register_rest_route()` too early in the loading process has the potential to cause some unintentional problems and pitfalls. Because `register_rest_route()` calls `rest_get_server()` (which creates the `WP_REST_Server` instance), calling the function directly and/or before `rest_api_init` should be discouraged.
For example, if `register_rest_route ()` is called on `init`, the REST API server instance is set up (and all functions added to `rest_api_init` and other related hooks are invoked), even though the current request may not be a REST request. Also, if `register_rest_route()` is called even earlier (say, in an `mu-plugin` file), required endpoints may be missing since normal plugins have not yet been loaded and have not had a chance to register their own action hooks.
This adds a `_doing_it_wrong()` notice the first time `register_rest_route()` is called before `rest_api_init` in a request to encourage best practices for registering REST API routes.
Props kraftbj, desrosj, timothyblynjacobs.
Fixes#45265.
Built from https://develop.svn.wordpress.org/trunk@44568
git-svn-id: http://core.svn.wordpress.org/trunk@44399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both `wp_encode_emoji()` and `wp_staticize_emoji()` perform a PHP version check when deciding how to apply their behaviour, but this check only needs to happen once, rather than every time in their internal looks.
Moving the check outside of the loop reduces processing time by 50%.
Props johnbillion.
Fixes#45930.
Built from https://develop.svn.wordpress.org/trunk@44554
git-svn-id: http://core.svn.wordpress.org/trunk@44385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
At the start of `render_block()`, the `pre_render_block` filter allows the function to be short-circuited, and the `render_block_data` filter is applied to the `$block` parameter before it's processed.
Props kkarpieszuk, pento.
Fixes#45451.
Built from https://develop.svn.wordpress.org/trunk@44553
git-svn-id: http://core.svn.wordpress.org/trunk@44384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
Built from https://develop.svn.wordpress.org/trunk@44546
git-svn-id: http://core.svn.wordpress.org/trunk@44377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces in core new focus styles dedicated to Windows High Contrast mode. The
new styles use a transparent CSS outline as already explored in the Block Editor.
This first part covers some of the main user interface controls like buttons, links,
and media views elements. Other parts will be addressed in the next future.
Fixes#41286.
Built from https://develop.svn.wordpress.org/trunk@44544
git-svn-id: http://core.svn.wordpress.org/trunk@44375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, Safari and VoiceOver read out the text hidden with `screen-reader-text`
in a wrong order. While there's no known, full, solution, it is possible to make
them respect the correct order reliably at least within buttons.
Fixes#42006.
Built from https://develop.svn.wordpress.org/trunk@44543
git-svn-id: http://core.svn.wordpress.org/trunk@44374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `keyup` event was used to provide support for IE8, where which doesn't support the `input` event. As we dropped IE8 support some time ago, this was simply adding unnecessary complexity and double-event triggers.
Props dlh, afercia.
Fixes#32882.
Built from https://develop.svn.wordpress.org/trunk@44539
git-svn-id: http://core.svn.wordpress.org/trunk@44370 1a063a9b-81f0-0310-95a4-ce76da25c4cd