Commit Graph

50363 Commits

Author SHA1 Message Date
dmsnell 5b3b3f7df2 HTML API: Add `normalize()` to give us the HTML we always wanted.
HTML often appears in ways that are unexpected. It may be missing implicit tags, may have unquoted, single-quoted, or double-quoted attributes, may contain duplicate attributes, may contain unescaped text content, or any number of other possible invalid constructions. The HTML API understands all fo these inputs, but downline parsers may not, and HTML snippets which are safe on their own may introduce problems when joined with other HTML snippets.

This patch introduces the `serialize()` method on the HTML Processor, which prints a fully-normative HTML output, eliminating invalid markup along the way. It produces a string which contains every missing tag, double-quoted attributes, and no duplicates. A `normalize()` static method on the HTML Processor provides a convenient wrapper for constructing a fragment parser and immediately serializing.

Subclasses relying on the `serialize_token()` method may perform structural HTML modifications with as much security as the upcoming `\Dom\HTMLDocument()` parser will, though these are not
able to provide the full safety that will eventually appear with `set_inner_html()`.

Further work may explore serializing to XML (which involves a number of other important transformations) and adding constraints to serialization (such as only allowing inline/flow/formatting elements and text).

Developed in https://github.com/wordpress/wordpress-develop/pull/7331
Discussed in https://core.trac.wordpress.org/ticket/62036

Props dmsnell, jonsurrell, westonruter.
Fixes #62036.

Built from https://develop.svn.wordpress.org/trunk@59076


git-svn-id: http://core.svn.wordpress.org/trunk@58472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 22:32:17 +00:00
dmsnell 00dd23da6a HTML API: Add `get_full_comment_text()` method.
Previously, there were a few cases where the modifiable text read from an HTML comment differs slightly from the parsed value of its inner text in a browser. This is due to the specific way that invalid HTML syntax tokens become "bogus comments."

This patch introduces a new method to the Tag Processor to allow differentiating these specific cases, such as when copying or serializing HTML from one source to another. Similar code has already been in use in the html5lib tests, and this patch simplifies the test runner, evidencing the fact that this method was already needed.

Developed in https://github.com/wordpress/wordpress-develop/pull/7342
Discussed in https://core.trac.wordpress.org/ticket/62036

Props dmsnell, jonsurrell.
See #62036.

Built from https://develop.svn.wordpress.org/trunk@59075


git-svn-id: http://core.svn.wordpress.org/trunk@58471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 20:23:15 +00:00
Sergey Biryukov 5959fb256f Editor: Restore the merging of TinyMCE settings in `wp_tinymce_inline_scripts()`.
This ensures that the function applies the `wp_editor_settings` filter and merges the resulting array with the rest of TinyMCE init settings.

Includes a unit test to verify that the settings are merged correctly after adding the assignment of `array_merge()` result that was missed in the initial commit.

Follow-up to [44265], [59033].

Props kkmuffme, akshat2802, davidbaumwald, SergeyBiryukov.
Fixes #61754.
Built from https://develop.svn.wordpress.org/trunk@59074


git-svn-id: http://core.svn.wordpress.org/trunk@58470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 14:09:18 +00:00
noisysocks ef2b22c001 Editor: Add plugin template registration API and improve theme overrides for plugin-registered templates
This commit introduces a new API to allow plugins to easily register block
templates with `wp_register_block_template()` and the
`WP_Block_Templates_Registry` class, addressing the complexity of hooking into
multiple filters. It also ensures plugin-registered templates overridden by
themes fall back to the plugin-provided title and description when the theme
doesn't define them.

See https://github.com/WordPress/gutenberg/pull/61577.
See https://github.com/WordPress/gutenberg/pull/64610.

Fixes #61804.
Props aljullu, peterwilsoncc, antonvlasenko, azaozz, youknowriad, noisysocks.

Built from https://develop.svn.wordpress.org/trunk@59073


git-svn-id: http://core.svn.wordpress.org/trunk@58469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 02:07:12 +00:00
noisysocks f6df3fba16 Editor: Update packages for 6.7 Beta 1.
Syncs `@wordpress/*` packages to the `wp-6.7` npm tag.

Fixes #61906.
Props peterwilsoncc, gziolo, kevin940726.

Built from https://develop.svn.wordpress.org/trunk@59072


git-svn-id: http://core.svn.wordpress.org/trunk@58468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 01:55:35 +00:00
Peter Wilson 2086230339 External Libraries: Test registered script versions match package.json.
Expands tests to ensure the version number of packages updated via NPM matches the version number used for registering the script in the script loader.

This adds tests for (by their registered name in WordPress):

* backbone
* clipboard
* hoverIntent
* hoverintent-js
* imagesloaded
* jquery-color
* jquery-core
* jquery-form
* masonry
* react-jsx-runtime
* underscore
* wp-polyfill-dom-rect
* wp-polyfill-element-closest
* wp-polyfill-fetch
* wp-polyfill-formdata
* wp-polyfill-inert
* wp-polyfill-node-contains
* wp-polyfill-object-fit
* wp-polyfill-url


This expands on the earlier tests introduced for:

* lodash
* moment
* react
* react-dom
* regenerator-runtime

An additional test is added to ensure that the data provider for these tests is maintained as libraries are added via package.json.

`@wordpress/*` scripts are excluded from these tests as wp-scripts generates a version number automatically based on the file's contents.

Additionally, the version of element-closest listed in package.json is updated to use a fixed version rather than a range. This reflects the current practice of WordPress to define the specific version in core. For the avoidance of doubt, this does not affect the version shipped in WordPress.

Follow up to [57185].

Props peterwilsoncc, jorbin.
Fixes #61855.

Built from https://develop.svn.wordpress.org/trunk@59071


git-svn-id: http://core.svn.wordpress.org/trunk@58467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-20 00:52:20 +00:00
hellofromTonya 4ab4b38ecd External Libraries: Skip instanceof check when null in Text_Diff::_check().
On the first `foreach` loop in Text_Diff::_check()`, `$prevtype` is `null`. As `instanceof` requires the class name term to be an object or string, a fatal error is thrown:

>Fatal error: Uncaught Error: Class name must be a valid object or a string on line 279

This change:
* Adds a simple test for the `Text_Diff::_check()` method, which is how the bug was discovered as the test could never pass with the code as-is.

* Adds a defensive guard to protect against the fatal. It checks if `$prevtype` is not `null` as a pre-condition to for checking the instance. This bugfix also resolves the failing test.

Follow-up to [49194], [7747].

Props jrf, hellofromTonya.
See #62083.
Built from https://develop.svn.wordpress.org/trunk@59070


git-svn-id: http://core.svn.wordpress.org/trunk@58466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 20:22:15 +00:00
hellofromTonya b58cc4d2b0 Code Modernization: handle mysqli_ping() deprecation in wpdb::check_connection().
The `mysqli_ping()` function is deprecated as of PHP 8.4, though, in reality, the function wasn't working according to spec anymore since PHP 8.2 when the `libmysql` driver was dropped in favour of `libmysqlnd`, which was already the default (and recommended) driver since PHP 5.4.

The `mysqli_ping()` method was also not really correctly named as its functionality was to reconnect to the database, not just ping.

The alternative is to "manually" ping the database by sending a `DO 1` query (the cheapest possible SQL query).

Adding a PHP version based toggle was considered, but as mentioned above, the default driver has been `libmysqlnd` since PHP 5.4 and in that case, the function never worked anyway, so in reality `mysqli_ping()` was only really functional for the odd custom PHP compilation where `mysqli` was build against `libmysql` AND `reconnect` was not disabled.

With this in mind, this change replaces the call to `mysqli_ping()` with the `DO 1` query completely. If that query succeeds, it concludes the database connection is still alive. This solution should be the most stable as it will work for both PHP 7.2 <= 8.1, independently of which driver `mysqli` was compiled with, as well as for PHP 8.2+.

Note: It could also be considered to remove the function call to `mysqli_ping()` completely and rely on standard error handling in case the connection would have dropped, as after all, the fact that the connection existed at the moment the "ping" happened, is no guarantee that the connection will still exist when the next query is send.... this approach was not chosen so as WP has custom error handling and does not use the PHP native mysqli exceptions for this, which would make implementing this more awkward.

Includes a test to verify that the connection check works when there is a valid connection (this was previously not covered by tests).

Refs:
* https://wiki.php.net/rfc/deprecations_php_8_4#mysqli_ping_and_mysqliping
* https://github.com/php/php-src/pull/11912#issuecomment-1671762583
* https://stackoverflow.com/questions/2546868/cheapest-way-to-determine-if-a-mysql-connection-is-still-alive/2546922#2546922
* php/php-src#11945
* https://wiki.php.net/rfc/mysqli_support_for_libmysql
* https://www.php.net/mysqli_ping

Follow-up to [56475], [27250], [27075].

Props jrf, hellofromTonya.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59069


git-svn-id: http://core.svn.wordpress.org/trunk@58465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 18:56:16 +00:00
hellofromTonya 854e55b852 Tests: Remove use of E_STRICT.
The `E_STRICT` constant is deprecated as of PHP 8.4 and will be removed in PHP 9.0.

The error level hasn't been in use since PHP 8.0 anyway, so removing the exclusion from the `error_reporting()` setting in the `install.php` script used in the tests should make no difference in practice.

Ref:
* https://wiki.php.net/rfc/deprecations_php_8_4#remove_e_strict_error_level_and_deprecate_e_strict_constant

Follow-up to [25002].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59068


git-svn-id: http://core.svn.wordpress.org/trunk@58464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 18:14:14 +00:00
Sergey Biryukov 4b9dc0d225 Coding Standards: Update PHPCS to version 3.10.3.
PHPCS has seen several new releases since the last update, which means more bugs have been fixed, syntax support for PHP 8.3 was added, more sniff documentation is available, performance improvements, a new Help screen, etc.

References:
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.10.3 PHP_CodeSniffer 3.10.3 release notes]
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.10.2 PHP_CodeSniffer 3.10.2 release notes]
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.10.1 PHP_CodeSniffer 3.10.1 release notes]
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.10.0 PHP_CodeSniffer 3.10.0 release notes]
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.9.2 PHP_CodeSniffer 3.9.2 release notes]
* [https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/tag/3.9.1 PHP_CodeSniffer 3.9.1 release notes]

Follow-up to [56695], [56799], [57378], [57986].

Props jrf.
Fixes #62076.
Built from https://develop.svn.wordpress.org/trunk@59067


git-svn-id: http://core.svn.wordpress.org/trunk@58463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 12:40:14 +00:00
Sergey Biryukov 345ff42a6a Coding Standards: Remove unused return value for `WP_Object_Cache::__set()`.
This resolves a WPCS warning:
{{{
Assignments must be the first block of code on a line
}}}

Note: This is enforced by PHPCS 3.10.3.

Follow-up to [28521], [29146].

Props jrf.
See #62076, #61607.
Built from https://develop.svn.wordpress.org/trunk@59066


git-svn-id: http://core.svn.wordpress.org/trunk@58462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 12:12:16 +00:00
poena ec7041f1c2 Bundled Themes: Make text strings translatable.
This changeset updates Twenty Twenty-Three and Twenty Twenty-Four and replaces text strings in HTML files with patterns to make the strings translatable.

Follow-up to [58459].

Props sabernhardt, karmatosed, iflairwebtechnologies, poena.
Fixes #61951.
Built from https://develop.svn.wordpress.org/trunk@59065


git-svn-id: http://core.svn.wordpress.org/trunk@58461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-19 10:34:13 +00:00
Peter Wilson 2cc6bb80ef Date/Time, PHP Compat: Prevent type errors using GMT offset option.
Prevents a potential type errors when making use of the `gmt_offset` option by casting the value to a float prior to performing calculations with the value.

This mainly accounts for incorrect storage of values, such as an empty string or city name.

Follow up to [58923].

Props chaion07, hellofromtonya, kirasong, mhshohel, mukesh27, nicolefurlan, nihar007, nurielmeni, oglekler, peterwilsoncc, prionkor, rajinsharwar, rarst, rleeson, sabernhardt, SergeyBiryukov, swissspidy, toastercookie, verygoode.
Fixes #56358, #58986, #60629.

Built from https://develop.svn.wordpress.org/trunk@59064


git-svn-id: http://core.svn.wordpress.org/trunk@58460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 22:37:15 +00:00
hellofromTonya abe6e87596 Code Modernization: Remove xml_set_object() in MagpieRSS::__construct().
The XML Parser extension still supports a quite dated mechanism for method based callbacks, where the object is first set via `xml_set_object()` and the callbacks are then set by passing only the name of the method to the relevant parameters on any of the `xml_set_*_handler()` functions.

{{{
xml_set_object( $parser, $my_obj );
xml_set_character_data_handler( $parser, 'method_name_on_my_obj' );
}}}

Passing proper callables to the `xml_set_*_handler()` functions has been supported for the longest time and is cross-version compatible. So the above code is 100% equivalent to:

{{{
xml_set_character_data_handler( $parser, [$my_obj, 'method_name_on_my_obj'] );
}}}

The mechanism of setting the callbacks with `xml_set_object()` has now been deprecated as of PHP 8.4, in favour of passing proper callables to the `xml_set_*_handler()` functions. This is also means that calling the `xml_set_object()` function is deprecated as well.

This commit fixes this deprecation for the `MagpieRSS::__construct()` method.

The change has not been not covered by tests. This class has been deprecated since WP 3.0.0 and is not covered by tests at all. Adding those now seems superfluous, all the more as the principle of the fix is no different than for the other files, so we can be sure it works anyway.

Note: Though this is "officially" an external library, this package is no longer externally maintained. The code style of the fix in the source file is in line with the existing code style for the file.

Refs:
* https://wiki.php.net/rfc/deprecations_php_8_4#xml_set_object_and_xml_set_handler_with_string_method_names
* https://www.php.net/manual/en/function.xml-set-object.php
* https://www.php.net/manual/en/ref.xml.php

Follow-up to [4399].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59063


git-svn-id: http://core.svn.wordpress.org/trunk@58459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 21:40:12 +00:00
hellofromTonya 7b0af151b6 Code Modernization: Remove xml_set_object() in AtomParser::parse().
The XML Parser extension still supports a quite dated mechanism for method based callbacks, where the object is first set via `xml_set_object()` and the callbacks are then set by passing only the name of the method to the relevant parameters on any of the `xml_set_*_handler()` functions.

{{{
xml_set_object( $parser, $my_obj );
xml_set_character_data_handler( $parser, 'method_name_on_my_obj' );
}}}

Passing proper callables to the `xml_set_*_handler()` functions has been supported for the longest time and is cross-version compatible. So the above code is 100% equivalent to:

{{{
xml_set_character_data_handler( $parser, [$my_obj, 'method_name_on_my_obj'] );
}}}

The mechanism of setting the callbacks with `xml_set_object()` has now been deprecated as of PHP 8.4, in favour of passing proper callables to the `xml_set_*_handler()` functions. This is also means that calling the `xml_set_object()` function is deprecated as well.

This commit fixes this deprecation for the `AtomParser::parse()` method.

This change is safeguarded via the new `AtomParser_Parse_Test` class.

Notes:
* Though this is "officially" an external library, this package is no longer externally maintained. The code style of the fix in the source file is in line with the existing code style for the file.
* It appears that this class is not actually used by WP Core itself, so it could be considered to deprecate the class. However, as the class is not currently deprecated, safeguarding the change with a test seemed prudent.
* The fixture used for the test reuses a fixture from the original package: https://code.google.com/archive/p/phpatomlib/source/default/source
* The new test class follows the recommended test format (naming convention of the class, `@covers` tag at class level, only testing one method) as per Trac tickets 62004 / 53010.

Refs:
* https://wiki.php.net/rfc/deprecations_php_8_4#xml_set_object_and_xml_set_handler_with_string_method_names
* https://www.php.net/manual/en/function.xml-set-object.php
* https://www.php.net/manual/en/ref.xml.php

Follow-up to [5951].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59062


git-svn-id: http://core.svn.wordpress.org/trunk@58458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 21:20:15 +00:00
hellofromTonya ef383d7a78 Tests: Use file paths independent of OS-specifics assertion or helper.
Use `WP_UnitTestCase_Base::assertSamePathIgnoringDirectorySeparators()` and `WP_UnitTestCase_Base::normalizeDirectorySeparatorsInPath()` in existing tests.

Follow-up to [59057], [57753], [57215], [56635], [48937], [25002].

Props jrf.
See #61530.
Built from https://develop.svn.wordpress.org/trunk@59061


git-svn-id: http://core.svn.wordpress.org/trunk@58457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 21:06:15 +00:00
dmsnell e7040022b8 WP_Debug_Data: Extract `wp-media` data into separate method.
This is the sixth part in a larger modularization of the data in `WP_Debug_Data`. Previously this was a single massive method drawing in debug data from various groups of related data, where the groups were independent from each other.

This patch separates the sixth of twelve groups, the `wp-media` info, into a separate method focused on that data.

This work precedes changes to make the `WP_Debug_Data` class more extensible for better use by plugin and theme code.

Developed in https://github.com/wordpress/wordpress-develop/pull/7356
Discussed in https://core.trac.wordpress.org/ticket/61648

Props apermo, dmsnell.
See #61648.

Built from https://develop.svn.wordpress.org/trunk@59060


git-svn-id: http://core.svn.wordpress.org/trunk@58456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 19:12:06 +00:00
Drew Jaynes adf9b988e2 Docs: The `$feedname` parameter in `add_feed()` should not start with an underscore.
Props snehapatil02, hellofromtonya, narenin.
Fixes #59945.

Built from https://develop.svn.wordpress.org/trunk@59059


git-svn-id: http://core.svn.wordpress.org/trunk@58455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 19:08:11 +00:00
hellofromTonya 25b40364d6 Code Modernization: Explicitly declare all properties in AtomParser.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.

There are a number of ways to mitigate this:
* If it's an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()` et al methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods build in.
* For unknown _use of_ dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.

In this case, the property added are explicitly referenced in this class, so fall in the "known property" category.

Refs:
* https://wiki.php.net/rfc/deprecate_dynamic_properties

Props jrf.
See #56034.
Built from https://develop.svn.wordpress.org/trunk@59058


git-svn-id: http://core.svn.wordpress.org/trunk@58454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 18:46:15 +00:00
hellofromTonya dce18de151 Tests: Introduce assertion for comparing file paths independent of OS-specifics.
Introduces `WP_UnitTestCase_Base::assertSamePathIgnoringDirectorySeparators()` and an associated helper method `WP_UnitTestCase_Base::normalizeDirectorySeparatorsInPath()` to allow for comparing two file path strings independently of OS-specific differences.

The normalization is done in a separate method to also allow this method to be used for path normalization within test methods themselves, like for normalizing a group of paths in an array.

The pretty specific method name for the helper (`normalizeDirectorySeparatorsInPath()`) is an attempt to prevent naming conflicts with methods which may exist in plugin test suites build on top of the WP Core test suite.

Props jrf, hellofromTonya.
See #61530.
Built from https://develop.svn.wordpress.org/trunk@59057


git-svn-id: http://core.svn.wordpress.org/trunk@58453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 18:22:15 +00:00
hellofromTonya 2fa3d5a56f Code Modernization: Remove xml_set_object() in IXR_Message::parse().
The XML Parser extension still supports a quite dated mechanism for method based callbacks, where the object is first set via `xml_set_object()` and the callbacks are then set by passing only the name of the method to the relevant parameters on any of the `xml_set_*_handler()` functions.

{{{
xml_set_object( $parser, $my_obj );
xml_set_character_data_handler( $parser, 'method_name_on_my_obj' );
}}}

Passing proper callables to the `xml_set_*_handler()` functions has been supported for the longest time and is cross-version compatible. So the above code is 100% equivalent to:

{{{
xml_set_character_data_handler( $parser, [$my_obj, 'method_name_on_my_obj'] );
}}}

The mechanism of setting the callbacks with `xml_set_object()` has now been deprecated as of PHP 8.4, in favour of passing proper callables to the `xml_set_*_handler()` functions. This is also means that calling the `xml_set_object()` function is deprecated as well.

This commit fixes this deprecation for the `IXR_Message::parse()` method.

This change is safeguarded via the new`Tests_XMLRPC_Message::test_parse_sets_handlers()` test method.

Note: Though this is "officially" an external library, this package is no longer externally maintained. The code style of the fix in the source file is in line with the existing code style for the file.

Refs:
* https://wiki.php.net/rfc/deprecations_php_8_4#xml_set_object_and_xml_set_handler_with_string_method_names
* https://www.php.net/manual/en/function.xml-set-object.php
* https://www.php.net/manual/en/ref.xml.php

Follow-up to [15612], [1346].

Props jrf, hellofromTonya.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59056


git-svn-id: http://core.svn.wordpress.org/trunk@58452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 18:04:14 +00:00
hellofromTonya 9846d9ce8e Tests: Remove use of xml_set_object() in TestXMLParser.
The XML Parser extension still supports a quite dated mechanism for method based callbacks, where the object is first set via `xml_set_object()` and the callbacks are then set by passing only the name of the method to the relevant parameters on any of the `xml_set_*_handler()` functions.

{{{
xml_set_object( $parser, $my_obj );
xml_set_character_data_handler( $parser, 'method_name_on_my_obj' );
}}}

Passing proper callables to the `xml_set_*_handler()` functions has been supported for the longest time and is cross-version compatible. So the above code is 100% equivalent to:

{{{
xml_set_character_data_handler( $parser, [$my_obj, 'method_name_on_my_obj'] );
}}}

The mechanism of setting the callbacks with `xml_set_object()` has now been deprecated as of PHP 8.4, in favour of passing proper callables to the `xml_set_*_handler()` functions. This is also means that calling the `xml_set_object()` function is deprecated as well.

This commit fixes this deprecation for the `TestXMLParser` helper utility. In this case, the callbacks were already using the recommended format and the call to `xml_set_object()` was completely redundant.

As this is a test utility and was already causing pre-existing tests using the utility to fail, there is no need for dedicated tests to cover this change.

Refs:
* https://wiki.php.net/rfc/deprecations_php_8_4#xml_set_object_and_xml_set_handler_with_string_method_names
* https://www.php.net/manual/en/function.xml-set-object.php
* https://www.php.net/manual/en/ref.xml.php

Follow-up to [25002].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59055


git-svn-id: http://core.svn.wordpress.org/trunk@58451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 17:26:16 +00:00
hellofromTonya 71996c82e7 Tests: Fix Tests_Theme tests to run (and pass) cross-OS.
Uses `DIRECTORY_SEPARATOR` in closures for cross-OS differences.

Follow-up to [56635].

Props jrf.
See #61530.
Built from https://develop.svn.wordpress.org/trunk@59054


git-svn-id: http://core.svn.wordpress.org/trunk@58450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 16:18:15 +00:00
hellofromTonya 37e081e8dc Code Modernization: Fix implicitly nullable parameter in WP_HTML_Processor.
PHP 8.4 deprecates implicitly nullable parameters, i.e. typed parameters with a `null` default value, which are not explicitly declared as nullable.

This commit the one instance of this in the `WP_HTML_Processor` class.

Fixed by adding the nullability operator to the type, which is supported since PHP 7.1, so we can use it now the minimum supported PHP version is PHP 7.2.

As this deprecation is thrown at compile time, it can be seen at the top of the test output when running on PHP 8.4 (which will be gone once this change has been committed). It is not possible to write a test to cover this.

Ref: https://wiki.php.net/rfc/deprecate-implicitly-nullable-types

Follow-up to [58867], [58769], [58304], [58192].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59053


git-svn-id: http://core.svn.wordpress.org/trunk@58449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 15:04:14 +00:00
hellofromTonya 800e34d2e4 Tests: Fix implicitly nullable parameters in Tests_HtmlApi_WpHtmlProcessorComments.
PHP 8.4 deprecates implicitly nullable parameters, i.e. typed parameters with a `null` default value, which are not explicitly declared as nullable.

The `Tests_HtmlApi_WpHtmlProcessorComments` test class contains one problematic parameter in the `test_comment_processing()` method declaration.

While this could be fixed by adding the nullability operator, the type declarations in the test method is removed instead, including other type declarations for this method and the second test method, which were not affected by the deprecation.

The reason for this is quite straight-forward: using type declarations in tests is bad practice and inhibits defense-in-depth type testing.

Using type declarations in tests prevents being able to test the "code under test" with unexpected input types as the values with unexpected (scalar) types will be juggled to the expected type between the data provider and the test method and the _real_ data value would therefore never reach the method under test.

The knock-on effects of this are:
* That the input handling of the "code under test" can not be safeguarded, whether this input handling is done via in-function type checking or via a type declaration in the "code under test".
* That if such "unexpected data type" tests are added to the data provider, they will silently pass (due to the type being juggled before reaching the "code under test"), giving a false sense of security, while in actual fact, these data sets would not be testing anything at all and if, for instance, the type declaration in the "code under test" would be removed, these tests would still pass, while by rights they should start failing.

Also note that this problem would only be exacerbated if the file would be put under `strict_types`.

Ref: https://wiki.php.net/rfc/deprecate-implicitly-nullable-types

Follow-up to [58734].

Props jrf.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59052


git-svn-id: http://core.svn.wordpress.org/trunk@58448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 14:55:15 +00:00
Sergey Biryukov 11a4dc8aba Script Loader: Restore `user-profile.js` dependencies after an accidental revert.
Follow-up to [59033], [59046], [59047].

Props TobiasBg.
See #61754.
Built from https://develop.svn.wordpress.org/trunk@59051


git-svn-id: http://core.svn.wordpress.org/trunk@58447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 14:24:17 +00:00
Drew Jaynes dbc9df26db Docs: Add missing @since and @param annotations for the `edit_post_{$field}` hook doc.
Props mukesh27
See #50654

Built from https://develop.svn.wordpress.org/trunk@59050


git-svn-id: http://core.svn.wordpress.org/trunk@58446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 06:04:10 +00:00
desrosj b863c8320c Build/Test Tools: Submit host test results for each PHP version.
The WordPress Hosting Test Results now supports multiple reports for the same commit from the same test bot. This updates the PHPUnit test workflow to submit results for each version of PHP running the tests.

Props swissspidy, jorbin, crixu, kirasong, desrosj.
See #61564.
Built from https://develop.svn.wordpress.org/trunk@59049


git-svn-id: http://core.svn.wordpress.org/trunk@58445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 05:44:12 +00:00
ramonopoly 840f0fc053 Global Styles: allow read access to users with `edit_posts` capabilities
This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.

Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
Fixes #62042.



Built from https://develop.svn.wordpress.org/trunk@59048


git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 05:19:14 +00:00
davidbaumwald 0ec15861c7 Script Loader: Revert removing unused array_merge.
Code is poetry, until it isn’t.

Unprops davidbaumwald.
See #61754.
Built from https://develop.svn.wordpress.org/trunk@59047


git-svn-id: http://core.svn.wordpress.org/trunk@58443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 00:48:14 +00:00
Jeremy Felt 3c85d540d4 Application Passwords: Add copy button when adding new password.
Props circlecube, dhruvang21, ironprogrammer, desrosj.
Fixes #62019.

Built from https://develop.svn.wordpress.org/trunk@59046


git-svn-id: http://core.svn.wordpress.org/trunk@58442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 00:14:13 +00:00
Drew Jaynes c9c2f41ab4 Docs: Add possible filter names to the hook docs for the following filters in `sanitize_post_field()`:
- `edit_{$field}`
- `{$field_no_prefix}_edit_pre`
- `edit_post_{$field}`
- `pre_{$field}`
- `{$field_no_prefix}_save_pre`
- `pre_post_{$field}`
- `{$field}_pre`
- `{$field}`
- `post_{$field}`

Props johnbillion, DrewAPicture.
Fixes #50654

Built from https://develop.svn.wordpress.org/trunk@59045


git-svn-id: http://core.svn.wordpress.org/trunk@58441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-18 00:02:13 +00:00
Aaron Jorbin 2597c1b946 Bootstrap/Load: Add documentation warning about updating `$table_prefix`.
Props bjerke-johannessen, swissspidy, SergeyBiryukov, morganestes, stevenlinx, jorbin.
Fixes #34189.

Built from https://develop.svn.wordpress.org/trunk@59044


git-svn-id: http://core.svn.wordpress.org/trunk@58440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 23:58:13 +00:00
Helen Hou-Sandí d5206419d7 Bootstrap/Load: Give more context and warning about editing compat.php.
As indicated by name, this is a compatibility file which warrants more care to begin with, but it's still worth warning folks about how narrow function availability is in this file.

Props jorbin, dmsnell, helen.
See #61694.

Built from https://develop.svn.wordpress.org/trunk@59043


git-svn-id: http://core.svn.wordpress.org/trunk@58439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 23:50:12 +00:00
Adam Silverstein d10887c93d Media: improve speed of AVIF image generation.
Set the AVIF encoder to work faster by raising heic:speed to 7 from the default of 5. AVIF generation time is reduced by up to 20% with minimal impact on image size.

Props: adamsilverstein, erikyo, mukesh27, yguyon, felixarntz, jzern.
Fixes #61758.



Built from https://develop.svn.wordpress.org/trunk@59042


git-svn-id: http://core.svn.wordpress.org/trunk@58438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 23:29:29 +00:00
joedolson 549f626d96 Accessibility: Add border around menus and submenus in high contrast mode.
Add outlines and borders to mark the boundaries between the admin navigation menu and content and around adminbar submenus that are visible when Windows High Contrast Mode is enabled. This clarifies the page structure and makes high contrast mode easier to use.

Props wildworks, hbhalodia, sabernhardt, joedolson, rcreators.
Fixes #61616.
Built from https://develop.svn.wordpress.org/trunk@59041


git-svn-id: http://core.svn.wordpress.org/trunk@58437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 23:28:15 +00:00
K. Adam White 24a4ba8885 REST API: Allow posts to be published with a publication date of midnight 1970-01-01.
Explicitly checks date parsing return values for `false`, so that `0` (the value returned for the UNIX epoch of `1970-01-01 00:00:00`) is correctly treated as a valid timestamp.

It should be valid to create a post dated to any point in history.

Props emmanuel78, sabernhardt, siliconforks, drjosh07, antpb, TimothyBlynJacobs.
Fixes #60184.



Built from https://develop.svn.wordpress.org/trunk@59040


git-svn-id: http://core.svn.wordpress.org/trunk@58436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 23:24:12 +00:00
Aaron Jorbin 723d01e3e1 Bootstrap/Load: Ensure uses of set_time_limit are documented why.
`set_time_limit` can cause unexpected behavior so it general should be avoided. There are instances though where they should be used so those instances should be properly documented.

Props Rcrayno, ryan, kurtpayne, jorbin.
Fixes #21521. See #19487.

Built from https://develop.svn.wordpress.org/trunk@59039


git-svn-id: http://core.svn.wordpress.org/trunk@58435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 22:41:13 +00:00
TimothyBlynJacobs d598d459ac Build Tools: Allow easier customization of the .env file.
The .env file allows for configuring how the WordPress Local environment should be configured. However, because the file is version controlled, developers must be careful not to commit their modifications.

This commit renames the .env file to be .env.example. During env start, the .env.example file is copied to .env if it does not exist. This allows for contributors to continue using the project without thinking about .env and to make changes when needed. This brings WordPress Core into the dotenv project guidelines.

Props johnbillion, afragen, h71, desrosj.
Fixes #52668.

Built from https://develop.svn.wordpress.org/trunk@59038


git-svn-id: http://core.svn.wordpress.org/trunk@58434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 22:28:18 +00:00
antpb f92af0238e Coding Standards: Avoid using confusing `!` condition in Media Library selection check.
Checks that value is now equal or less than or equal to 0 which has the same result as the previous confusing `!` usage.

Props kadamwhite, drjosh07.
See #60369.

Built from https://develop.svn.wordpress.org/trunk@59037


git-svn-id: http://core.svn.wordpress.org/trunk@58433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 22:26:17 +00:00
K. Adam White c418ba0205 REST API: Only check password value in query parameters while checking post permissions.
The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.

That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.

Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.

Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes #61837.


Built from https://develop.svn.wordpress.org/trunk@59036


git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 22:19:14 +00:00
antpb 2bc0e28dfe Media: Add Ctrl/Command + Enter shortcut to insert selected Media Library items.
Adds a Ctrl/Command + Enter keyboard shortcut to insert the currently selected single media or multiple media items when selecting in the Media Library modal.

Props poena, hirschferkel, antpb, joedolson, skobe, rcreators, plaidharper.
Fixes #60369.

Built from https://develop.svn.wordpress.org/trunk@59035


git-svn-id: http://core.svn.wordpress.org/trunk@58431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:59:24 +00:00
Felix Arntz 1da67e31b5 REST API: Support exact search in the REST API posts endpoint.
This changeset adds support for a new `search_semantics` enum query parameter that can be passed alongside the `search` string parameter. At this point, it only supports "exact" as possible value, but an enum is used for forward compatibility with potential enhancements like "sentence" search support. If `search_semantics=exact` is passed, it will look for an exact match rather than do a full text search, which for some use-cases is more appropriate and more performant.

Props mehulkaklotar, timothyblynjacobs, jimmyh61, ironprogrammer, johnregan3, mukesh27, costdev.
Fixes #56350.

Built from https://develop.svn.wordpress.org/trunk@59034


git-svn-id: http://core.svn.wordpress.org/trunk@58430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:58:14 +00:00
davidbaumwald 90d4f10e74 Script Loader: Remove unused array_merge.
This change removes an unused `array_merge` that was added in [44265].

Props kkmuffme, SergeyBiryukov, akshat2802.
Fixes #61754.
Built from https://develop.svn.wordpress.org/trunk@59033


git-svn-id: http://core.svn.wordpress.org/trunk@58429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:54:13 +00:00
TimothyBlynJacobs b4acb10706 REST API: Automatically populate targetHints for the Allow header.
The REST API uses the "Allow" header to communicate what methods a user is authorized to perform on a resource. This works great when operating on a single item route, but can break down when needing to determine authorization over a collection of items.

This commit uses the "targetHints" property of JSON Hyper Schema to provide access to the "allow" header for "self" links. This alleviates needing to make a separate network request for each item in a collection.

Props mamaduka, noisysocks, peterwilsoncc, spacedmonkey, swissspidy, timothyblynjacobs, tyxla, youknowriad.
Fixes #61739.

Built from https://develop.svn.wordpress.org/trunk@59032


git-svn-id: http://core.svn.wordpress.org/trunk@58428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:52:20 +00:00
John Blackbourn 757729e878 Plugins: Correct the item schema for the plugins REST API endpoint.
The `author` property contains the string name of the plugin author.

Props narenin.

Fixes #61920

Built from https://develop.svn.wordpress.org/trunk@59031


git-svn-id: http://core.svn.wordpress.org/trunk@58427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:33:14 +00:00
desrosj 7629bd782d External Libraries: Update PHPass library.
This updates the PHPass library to version `0.5.4` while maintaining the adjustments introduced in [30466].

Props jrf.
Fixes #62058.
Built from https://develop.svn.wordpress.org/trunk@59030


git-svn-id: http://core.svn.wordpress.org/trunk@58426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 21:08:16 +00:00
Pascal Birchler 56eb5c22d8 I18N: Add a new way to determine whether a translation is available.
A new `has_translation()` function can be used to determine whether a translation exists for a given string.

Props louiswol94, swissspidy, drzraf, ckanitz, tomhine, mchirag2002, samuelsilvapt.
Fixes #52696.


Built from https://develop.svn.wordpress.org/trunk@59029


git-svn-id: http://core.svn.wordpress.org/trunk@58425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 20:58:15 +00:00
Felix Arntz 90673b9066 Taxonomy: Remove redundant `$taxonomies` value from cache keys used for `WP_Term_Query`.
Props niravsherasiya7707, spacedmonkey.
Fixes #59594.
See #35381.

Built from https://develop.svn.wordpress.org/trunk@59028


git-svn-id: http://core.svn.wordpress.org/trunk@58424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 17:00:14 +00:00
Sergey Biryukov 3cd067ee34 General: Add missing `initial-scale` value in viewport meta tags.
The viewport meta should include `initial-scale=1.0` to ensure that high DPI/mobile display works as expected.

References:
* [https://css-tricks.com/probably-use-initial-scale1/ CSS-Tricks: Probably Use initial-scale=1]
* [https://www.sitepoint.com/community/t/is-it-necessary-to-include-initial-scale-1-0-in-the-meta-viewport-tag/455119 SitePoint Forums: Is it necessary to include initial-scale=1.0 in the meta viewport tag?]

Follow-up to [59026].

Props dhruvang21, sabernhardt, kkmuffme, mukesh27, narenin, swissspidy, SergeyBiryukov.
Fixes #61988.
Built from https://develop.svn.wordpress.org/trunk@59027


git-svn-id: http://core.svn.wordpress.org/trunk@58423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 00:03:54 +00:00