Commit Graph

35611 Commits

Author SHA1 Message Date
hellofromTonya d02e84860f Editor: 2nd package updates for 6.4 Beta 1.
Round 2 of package updates for 6.4. Beta 1 which includes disabling the rendering of the Font Library in Core.

The full list of changes are found here 641b696cd6.

Follow-up to [56710], [56713].

Props mikachan, mmaattiiaass, mamaduka, desrosj, ockham, hellofromTonya.
See #59411.
Built from https://develop.svn.wordpress.org/trunk@56728


git-svn-id: http://core.svn.wordpress.org/trunk@56240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 19:11:22 +00:00
Tammie Lister 7df8ec6846 Bundled Themes: Twenty Twenty-Four is now the default theme.
Follow up to [56716].
Props desrosj.

See #59447.

Built from https://develop.svn.wordpress.org/trunk@56727


git-svn-id: http://core.svn.wordpress.org/trunk@56239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:33:20 +00:00
desrosj e814c09465 Twenty Twenty-Four: Fix issue with theme screenshot.
Follow up to [56716] and [56725].

Props karmatosed.
Fixes #59447.
Built from https://develop.svn.wordpress.org/trunk@56726


git-svn-id: http://core.svn.wordpress.org/trunk@56238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:15:22 +00:00
desrosj dd0700e374 General: Define the desired `mime-type` for WebP files.
Fixes #59463.
Built from https://develop.svn.wordpress.org/trunk@56725


git-svn-id: http://core.svn.wordpress.org/trunk@56237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:07:22 +00:00
Bernhard Reiter dfd85ad690 Templates: Introduce _remove_theme_attribute_from_template_part_block.
Introduce a `_remove_theme_attribute_from_template_part_block()` function that can be used as a callback argument for `traverse_and_serialize_block(s)` on a parsed block tree in order to remove the `theme` attribute from all Template Part blocks found therein, and deprecate `_remove_theme_attribute_in_block_template_content()`.

Counterpart to `_inject_theme_attribute_in_template_part_block` from #59338 (which superseded `_inject_theme_attribute_in_block_template_content`, deprecated in #59452).

Props mukesh27.
Fixes #59460.
Built from https://develop.svn.wordpress.org/trunk@56724


git-svn-id: http://core.svn.wordpress.org/trunk@56236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 17:01:24 +00:00
Sergey Biryukov 2c11f49301 HTTP API: Deprecate the `http_api_transports` filter.
The filter is only used within the `WP_Http::_get_first_available_transport()` method, which has been marked as deprecated in favor of `\WpOrg\Requests\Requests::get_transport_class()`.

Follow-up to [56655]

Props desrosj, hellofromTonya.
Fixes #58705.
Built from https://develop.svn.wordpress.org/trunk@56723


git-svn-id: http://core.svn.wordpress.org/trunk@56235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:55:20 +00:00
Bernhard Reiter c44e5163b6 Templates: Move old theme attr injection function to deprecated.php.
Move the now-deprecated function `_inject_theme_attribute_in_block_template_content` from `wp-includes/block-template-utils.php` to `wp-includes/deprecated.php`.

Follow-up [56719].
Props spacedmonkey, davidbaumwald, mukesh27.
See #59452.
Built from https://develop.svn.wordpress.org/trunk@56722


git-svn-id: http://core.svn.wordpress.org/trunk@56234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:49:21 +00:00
desrosj 0543b6216a Twenty Twenty-Four: Fix font and image assets.
This updates the font and image files to include the correct file contents.

Follow up to [56716].

Props onemaggie, karmatosed.
See #59447.
Built from https://develop.svn.wordpress.org/trunk@56721


git-svn-id: http://core.svn.wordpress.org/trunk@56233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:46:22 +00:00
costdev a27059766b Toolbar: Link to Learn WordPress in the WordPress Logo menu.
This aims to make the various resources on learn.wordpress.org more easily available.

Props jeherve, mikinc860, audrasjb, sabernhardt, courane01, devmuhib, dhrumilk, estelaris, hellofromTonya.
Fixes #58820.
Built from https://develop.svn.wordpress.org/trunk@56720


git-svn-id: http://core.svn.wordpress.org/trunk@56232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:29:20 +00:00
Bernhard Reiter 70e906c26e Templates: Deprecate _inject_theme_attribute_in_block_template_content.
It can be replaced by passing `_inject_theme_attribute_in_template_part_block` as second argument to `traverse_and_serialize_blocks()`.

Per WordPress 6.4 Beta 1, there aren't going to be any more calls in Core to `_inject_theme_attribute_in_block_template_content()`.

Note that `_inject_theme_attribute_in_block_template_content` has always had `@access private` set in its PHPDoc.

Props gziolo.
Fixes #59452.
Built from https://develop.svn.wordpress.org/trunk@56719


git-svn-id: http://core.svn.wordpress.org/trunk@56231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:19:21 +00:00
Sergey Biryukov 57f2930594 Login and Registration: Add `/login.php` as an alias for the login page.
This aims to make the login process more user-friendly.

Follow-up to [19875], [19880].

Props lancewillett, subrataemfluence, tejwanihemant, ankit-k-gupta, devmuhib, audrasjb, hellofromTonya, joemcgill.
Fixes #40762.
Built from https://develop.svn.wordpress.org/trunk@56718


git-svn-id: http://core.svn.wordpress.org/trunk@56230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 16:11:20 +00:00
Felix Arntz 7e1caa5b44 Options, Meta APIs: Fix follow up bug when comparing values for options using the `pre_option_{$option}` filter.
This fix is relevant for options such as `gmt_offset` that use a filter to force a specific value regardless of what is stored in the database.

Props mamaduka, flixos90, mukesh27, spacedmonkey.
See #22192.

Built from https://develop.svn.wordpress.org/trunk@56717


git-svn-id: http://core.svn.wordpress.org/trunk@56229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:55:18 +00:00
Tammie Lister 7b9c4a9dfe Bundled Themes: Import Twenty Twenty-Four, the new default theme for WordPress 6.4.
Twenty Twenty-Four is designed to be flexible, versatile and applicable to any website. Its collection of templates and patterns tailor to different needs, such as presenting a business, blogging and writing or showcasing work. A multitude of possibilities open up with just a few adjustments to color and typography.

Twenty Twenty-Four comes with style variations and full page designs to help speed up the site building process, is fully compatible with the site editor, and takes advantage of new design tools introduced in WordPress 6.4. 

Twenty-Four karat magic in the air!

Props onemaggie, luminuu, beafialho, chrisdesrochers, amedv, melchoyce, kafleg, jeffikus, poena, robpetrin, hiyascout, audrasjb, huzaifaalmesbah, fabiankaegy, jordesign, vcanales, shailu25, jessplease, juanfra, maneshtimilsina, sabernhardt, richtabor, travel_girl, kishanjasani, sofiashendi, nudge, gnanasekaran, marcelle42, bosskhj, oncecoupled, bijayyadav, barbmiller, devmuhib, lyndauwp, kraftbj, alaminfirdows, littlebigthing, dhamibirendra, jeffpaul, kopila47, rabmalin, aplauche, colorful-tones, khleomix, pbking, esratpopy, scruffian, alexandrebuffet, gpotter, pbwebd, anphira, suprsam, damonsharp, maurodf, soean, kawsaralameven, mhimon, rajinsharwar, labunchemjong, bonkerz, karmacharya50, aristath, mukesh27, mikachan, joedolson, aurooba, afercia, jffng, benimub, joen, tanvirul, jeryj, thelovekesh, mrwweb, nielslange, sergiomdgomes, binsaifullah, hanneslsm, masoudnkh, dhrumilk, dianeco, webmandesign, desrosj.
See #59447.

Built from https://develop.svn.wordpress.org/trunk@56716


git-svn-id: http://core.svn.wordpress.org/trunk@56228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:50:23 +00:00
Adam Silverstein 3092085a60 Revisions: avoid double call to wp_restore_post_revision_meta when restoring post.
Remove an extra call to `wp_restore_post_revision_meta` - the meta restore action is already hooked to `wp_restore_post_revision`.

Follow up to [56714].

Props: spacedmonkey.
Fixes #20564.


Built from https://develop.svn.wordpress.org/trunk@56715


git-svn-id: http://core.svn.wordpress.org/trunk@56227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:44:19 +00:00
Adam Silverstein 89a99dba2f Revisions: framework for storing post meta revisions.
Enable the storing of post meta in revisions including autosaves and previews:

Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.

Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.

Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.

Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.

Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.

Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes #20564, #20299.



Built from https://develop.svn.wordpress.org/trunk@56714


git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:32:19 +00:00
Tammie Lister 36f1df7246 Update regenerated build files.
This adds in missed generated build files from commit for [56710].

Props desrosj.
See #59411.

Built from https://develop.svn.wordpress.org/trunk@56713


git-svn-id: http://core.svn.wordpress.org/trunk@56225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:27:22 +00:00
costdev 61cef87240 Quick/Bulk Edit: Pre-fill category fields with their status.
This pre-fills category fields in the Quick/Bulk Edit form with their current status.

When bulk editing, if only some of the selected items are in a given category, the category's checkbox will display a line to indicate an indeterminate status.

Props pavelevap, scribu, chasedsiedu, helen, joshcanhelp, ubernaut, Cyberchicken, laumindproductscomau, SergeyBiryukov, Marcoevich, tomybyte, thinkluke, virtality-marketing-solutions, Michalooki, dmsnell, itecrs, pannelars, WHSajid, samba45, Mte90, johnbillion, tomluckies, soulseekah, francina, oglekler, ajmcfadyen, mukesh27, costdev.
Fixes #11302.
Built from https://develop.svn.wordpress.org/trunk@56712


git-svn-id: http://core.svn.wordpress.org/trunk@56224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 15:05:21 +00:00
hellofromTonya 61003dc0e7 Media: Change link text when attachment pages disabled.
When attachment pages are disabled, change the links from "View Attachment Page" to "View Media File".

Follow-up to [56657], [56658].

Props joedolson, ironprogrammer, oglekler.
Fixes #57913.
Built from https://develop.svn.wordpress.org/trunk@56711


git-svn-id: http://core.svn.wordpress.org/trunk@56223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 14:45:23 +00:00
Tammie Lister 04f631f232 Update editor related npm packages
The npm packages needed updating for 6.4 to the latest.

Props mikachan, mukesdpanchal27, luisherranz, youknowriad, tellthemachines, gziolo, ockham, michalczaplinski

Fixes #59411


Built from https://develop.svn.wordpress.org/trunk@56710


git-svn-id: http://core.svn.wordpress.org/trunk@56222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 14:23:26 +00:00
Sergey Biryukov 9bf6faff7c Editor: Reduce the use of the `_wp_array_get()` function to improve performance.
`_wp_array_get()` is an expensive function, and it's called thousands of times on each page view on the front end. While the function performance was slightly improved in #58376, it is still called more times than it should be.

This commit aims to further optimize its usage:
* In many cases, `_wp_array_get()` can be replaced with a much simpler and faster `isset()` check.
* The `isset()` function is capable of checking nested arrays, so `isset( $foo['a']['b']['c'] )` will return false even if `$foo['a']` is unset, without throwing any errors or warnings.
* When `_wp_array_get()` cannot be directly replaced with `isset()`, it would be good practice to wrap it in an `isset()` function so that `_wp_array_get()` only runs when it needs to.

Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/51116 #51116 Performance improvement: Reduce the use of the _wp_array_get() function]

Follow-up to [55851], [56382].

Props aristath, jrf, spacedmonkey, mukesh27, swissspidy, hellofromTonya.
Fixes #59405.
Built from https://develop.svn.wordpress.org/trunk@56709


git-svn-id: http://core.svn.wordpress.org/trunk@56221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 13:47:20 +00:00
Pascal Birchler 72460848c9 Sitemaps: do not list users who only authored pages.
Author archives are only generated for users who created at least one post.
Prevent adding author archives to the XML sitemap for users who only authored pages
as the links would otherwise result in a 404.

Props zodiac1978, huzaifaalmesbah.
Fixes #57816.
Built from https://develop.svn.wordpress.org/trunk@56708


git-svn-id: http://core.svn.wordpress.org/trunk@56220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 12:42:19 +00:00
hellofromTonya 534f200e48 General: Use wp_kses() in wp_trigger_error().
Uses `wp_kses()` instead of `esc_html()` to allow a list of HTML tags and protocols in the message rather than escaping them.

Why? To retain message readability in the browser and server logs, especially given that Core itself adds HTML to messages in functions, e.g. `_doing_it_wrong()` and each of the `_deprecated_*()` functions. 

HTML tags allowed:
* `a href`
* `br`
* `code`
* `em`
* `strong`

Protocols allowed: `http` and `https`.

To inform extenders, it also documents that any other HTML tags or protocols need to be escaped before passing the message to this function to avoid them being stripped from the message.

Follow-up to [56530], [56705].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
Fixes #57686.
Built from https://develop.svn.wordpress.org/trunk@56707


git-svn-id: http://core.svn.wordpress.org/trunk@56219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 12:38:19 +00:00
spacedmonkey d969240845 Editor: Fix deprecation notice in block editor.
In [56682], the `print_emoji_styles` function was deprecated and a corresponding deprecation notice was added. In order to maintain backward compatibility, `print_emoji_styles` was retained as a hook into wp_print_styles. This resulted in the appearance of deprecation notices within the block editor. The root of this issue was the manual invocation of the `wp_print_styles` function in block-editor.php. To address this, the `print_emoji_styles` callback was manually removed, `wp_print_styles` was called, and the action was subsequently rehooked, resolving the deprecation notice within the block editor. 

Props mamaduka, hellofromtonya, spacedmonkey.
See #58775.
Built from https://develop.svn.wordpress.org/trunk@56706


git-svn-id: http://core.svn.wordpress.org/trunk@56218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 12:28:22 +00:00
hellofromTonya c8aea02b38 General: Use wp_trigger_error() in _doing_it_wrong() and _deprecated_*().
Uses `wp_trigger_error()` in `_doing_it_wrong()` and each `_deprecated_*()` function, i.e. instead of `trigger_error()`.

To avoid redundancy, uses `wp_trigger_error()` once. How? Saves each message to `$message` variable and then passes it to `wp_trigger_error()` at the end of the function.

Functions:
* _doing_it_wrong()
* _deprecated_function()
* _deprecated_constructor()
* _deprecated_class()
* _deprecated_file()
* _deprecated_argument()
* _deprecated_hook()

Follow-up to [56530].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56705


git-svn-id: http://core.svn.wordpress.org/trunk@56217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 11:51:19 +00:00
Bernhard Reiter eeefd48208 Blocks: Have get_hooked_blocks() return blocks grouped by position.
All existing calls of `get_hooked_blocks()` in non-test code are currently wrapped in an extra `array_keys()` call. This changeset absorbs that logic into the function and changes the structure of the return value accordingly.

Furthermore, this allows us to remove the extra `$relative_position` argument (introduced in [56673]) from the function again, as the same data can now be simply fetched via array access.

Props gziolo, spacedmonkey, mukesh27.
See #59383.
Built from https://develop.svn.wordpress.org/trunk@56704


git-svn-id: http://core.svn.wordpress.org/trunk@56216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 11:49:21 +00:00
Bernhard Reiter 2d9b5cb098 HTML API: Add class name utilities `has_class()` and `class_list()`.
This patch adds two new public methods to the HTML Tag Processor:
 - `has_class()` indicates if a matched tag contains a given CSS class name.
 - `class_list()` returns a generator to iterate over all the class names in a matched tag.

Included in this patch is a refactoring of the internal logic when matching
a tag to reuse the new `has_class()` function. Previously it was relying on
optimized code in the `matches()` function which performed byte-for-byte
class name comparison. With the change in this patch it will perform class
name matching on the decoded value, which might differ if a class attribute
contains character references.

These methods may be useful for running more complicated queries based
on the presence or absence of CSS class names. The use of these methods
avoids the need to manually decode the class attribute as reported by
`$process->get_attribute( 'class' )`.

Props dmsnell.
Fixes #59209.
Built from https://develop.svn.wordpress.org/trunk@56703


git-svn-id: http://core.svn.wordpress.org/trunk@56215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 09:17:18 +00:00
Bernhard Reiter 374bcd9b3d HTML API: Add `matches_breadcrumbs()` method for better querying.
Inside a `next_tag()` loop it can be challenging to use breadcrumbs because they are only exposed inside the call to `next_tag()` via the `$query` arg.

In this patch a new method, `matches_breadcrumbs()`, is exposed which allows for querying within the `next_tag()` loop for more complicated queries.

This method exposes a wildcard `*` operator to allow matching ''any HTML tag'' that the currently-matched tag is a child or descendant of.

Props dmsnell, westonruter, mukesh27.
Fixes #59400.
Built from https://develop.svn.wordpress.org/trunk@56702


git-svn-id: http://core.svn.wordpress.org/trunk@56214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 08:20:17 +00:00
gziolo 2481f2de2b Blocks: Add more unit test covering edge cases for Block Hooks
These two new unit tests document how Block Hooks behave with `first_child` and `last_child` relative positions. The hooked blocks will only get inserted in the case where the parent block has at least one child block present. While it seems like a limitation, in practice, it's hard to think of a case where the template would use a parent block without its children. It's more likely to happen with patterns in general, but in the case of patterns wired with the block theme, it also seems unlikely. The reasoning here is that out of the box, the block theme should produce a fully functional and valid HTML.

Props ockham.
See #59313.
Follow-up [56649].


Built from https://develop.svn.wordpress.org/trunk@56701


git-svn-id: http://core.svn.wordpress.org/trunk@56213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 08:09:16 +00:00
isabel_brison 5ce36ff8f5 Editor: remove null coalescing operator from layout.
Replaces uses of null coalescing operator in [56698].

Props dmsnell, mukesh27.
See #59443.

Built from https://develop.svn.wordpress.org/trunk@56700


git-svn-id: http://core.svn.wordpress.org/trunk@56212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 06:55:12 +00:00
gziolo bab9c206eb Build: Introduce SCRIPT_DEBUG global in webpack processing
Backports the same changes to the webpack config in the Gutenberg plugin with https://github.com/WordPress/gutenberg/pull/50122.

The `warning` function from `@wordpress/warning` no longer worked correctly with webpack 5. In practice, it no longer called `console.warn`. To fix it, the usage of `process.env.NODE_ENV` check got replaced with another optional global: `SCRIPT_DEBUG`. All the tools used in the Gutenberg, get updated to work with this new constant, including `@wordpress/scripts`. This way, developers are able to guard code that should be run only in development mode. In WordPress core, the same constant needs to be added mostly to ensure that the code behind the check gets completely removed in production mode.

Fixes #59407.


Built from https://develop.svn.wordpress.org/trunk@56699


git-svn-id: http://core.svn.wordpress.org/trunk@56211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 06:51:19 +00:00
isabel_brison 3317a134af Editor: make better use of Tag Processor in layout block support.
Refactors layout support to use a single Tag Processor instance and send one class at a time to `add_class()`.

Props dmsnell, hellofromTonya.
Fixes #59443.

Built from https://develop.svn.wordpress.org/trunk@56698


git-svn-id: http://core.svn.wordpress.org/trunk@56210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 05:04:22 +00:00
Peter Wilson 109f531fbf Administration: Add event type to Events and News widget.
Add the event type (WordCamp, Meetup, etc) to the nearby events listing within the Dashboard's Events and News widget.

Props renyot, audrasjb, ankit-k-gupta, oglekler, devmuhib, dhruvishah2203, JeffPaul, anveshika, sarahwilliams889, ajakaroth.
Fixes #58947.

Built from https://develop.svn.wordpress.org/trunk@56697


git-svn-id: http://core.svn.wordpress.org/trunk@56209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 03:54:20 +00:00
Sergey Biryukov 7fd4a45fca Build/Test Tools: Use the latest PHP version for the coding standards workflow.
PHPCS can now be run on the latest PHP version as all known PHP 8.x compatibility issues (in WPCS) have been fixed.

Follow-up to [49162], [56695].

Props jrf, desrosj.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56696


git-svn-id: http://core.svn.wordpress.org/trunk@56208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:48:18 +00:00
Sergey Biryukov 114a672cfa Coding Standards: Upgrade WPCS to version 3.0.0.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.

WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.

If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers] which lists the most important changes and contains a step by step guide for upgrading.

If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-Developers-of-external-standards Upgrade Guide to WordPressCS 3.0.0 for Developers].

In all cases, please read the complete changelog carefully before you upgrade.

This commit:
* Updates the Composer dependencies to use the new version, including updating the underlying PHP_CodeSniffer dependency to the new minimum supported version for WPCS.[[BR]] Note: the Composer PHPCS installer plugin is no longer explicitly required as it is now a dependency of WPCS, so the dependency is inherited automatically.
* Updates the ruleset for WPCS 3.0.0. This includes:
 * Raising the memory limit to be on the safe side as WPCS 3.0.0 contains a lot more sniffs.
 * Removing explicit inclusions of extra rules, which have now been added to the `WordPress-Core` ruleset..
 * Updating property names for select sniffs.
 * Updating one exclusion — the `WordPress.CodeAnalysis.AssignmentInCondition` sniff has been (partially) replaced by the `Generic.CodeAnalysis.AssignmentInCondition` sniff.
 * Adding one new exclusion.
* Downgrades one new error to a warning.[[BR]] The `Generic.Files.OneObjectStructurePerFile` sniff enforces that there is only one OO structure declaration per file. At this time, this sniff would yield 29 errors. By downgrading the sniff to a ''warning'', the build can pass and the issues can be fixed in due time. For now, the test directory will be excluded until the issues are fixed (as the test directory CS run does not allow for warnings).
* Updates ignore annotations for WPCS 3.0.0.

Reference: [https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 WPCS 3.0.0 release notes].

Follow-up to [43571], [44574], [45600], [47927].

Props jrf, jorbin, desrosj.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56695


git-svn-id: http://core.svn.wordpress.org/trunk@56207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:27:12 +00:00
Sergey Biryukov 46b0f1bba1 Code Modernization: Rename parameters that use reserved keywords in `phpunit/tests/media.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$match` parameter to `$matches` in shortcode image tests.

Note: This is enforced by WPCS 3.0.0.

Follow-up to [56693].

See #58831.
Built from https://develop.svn.wordpress.org/trunk@56694


git-svn-id: http://core.svn.wordpress.org/trunk@56206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:25:17 +00:00
Felix Arntz 70e0a22e7d Media: Ensure images within shortcodes are correctly considered for loading optimization attributes.
Prior to this change, images added in shortcodes would be considered separately from all other images within post content, which led to incorrect application of the loading optimization attributes `loading="lazy"` and `fetchpriority="high"`.

This changeset changes the filter priority of `wp_filter_content_tags()` from the default `10` to `12` on the various content filters it is hooked in, in order to run that function after parsing shortcodes. While this may technically be considered a backward compatibility break, substantial research and lack of any relevant usage led to the assessment that the change is acceptable given its benefits.

An additional related fix included is that now the duplicate processing of images is prevented not only for post content blobs (`the_content` filter), but also for widget content blobs (`widget_text_content` and `widget_block_content` filters).

Props joemcgill, mukesh27, costdev, spacedmonkey, flixos90.
Fixes #58853.

Built from https://develop.svn.wordpress.org/trunk@56693


git-svn-id: http://core.svn.wordpress.org/trunk@56205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:13:12 +00:00
Sergey Biryukov 5d91b75895 Coding Standards: Fix a few newly introduced WPCS issues.
Follow-up to [56683], [56689].

See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56692


git-svn-id: http://core.svn.wordpress.org/trunk@56204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 00:09:19 +00:00
costdev 1c79a2c23b Filesystem API: Add missing ZIP file for unzip tests.
In [56689], a ZIP file is needed in `tests/phpunit/data/filesystem/` but wasn't included in the changeset. This produced an error when attempting to create a subdirectory during the tests.

This adds the `tests/phpunit/data/filesystem/archive.zip` file.

Follow-up to [56689].

Props flixos90.
Fixes #37719.
Built from https://develop.svn.wordpress.org/trunk@56691


git-svn-id: http://core.svn.wordpress.org/trunk@56203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 23:40:17 +00:00
Felix Arntz 8964275967 Media: Rely on `wp_get_loading_optimization_attributes()` to add `decoding="async"` to images.
The `wp_get_loading_optimization_attributes()` function was introduced in 6.3, as a single centralized place to control loading optimization attributes for various tags, most importantly images.

This changeset consolidates the `decoding="async"` optimization, which was added in 6.1, to occur solely as part of `wp_get_loading_optimization_attributes()`, removing duplicate code and allowing centralized filtering based on [56651].

As part of the change, the `wp_img_tag_add_decoding_attr()` function has been deprecated. The filter of the same name continues to be maintained for backward compatibility, as before covering only images that are part of a content blob such as post content (`the_content`).

Props pereirinha, mukesh27, joemcgill, flixos90.
Fixes #58892.
See #53232.

Built from https://develop.svn.wordpress.org/trunk@56690


git-svn-id: http://core.svn.wordpress.org/trunk@56202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 22:38:17 +00:00
costdev 36e754b5c3 Filesystem API: Introduce filters for before/after unzipping archives.
This introduces the following new filters which wrap the process of unzipping an archive:
- `pre_unzip_file` - Filters archive unzipping to allow an override with a custom process.
- `unzip_file` - Filters the result of unzipping an archive.

Both filters pass the following:
- `string $file` - Full path and filename of ZIP archive.
- `string $to` - Full path on the filesystem to extract archive to.
- `string[] $needed_dirs` - A full list of required folders that need to be created.
- `float|false $required_space` - The space required to unzip the file and copy its contents, with a 10% buffer.

Props dfavor, azaozz, oglekler, afragen, costdev.
Fixes #37719.
Built from https://develop.svn.wordpress.org/trunk@56689


git-svn-id: http://core.svn.wordpress.org/trunk@56201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 22:16:17 +00:00
hellofromTonya 9122ef68e1 Fonts: Get font-family name from 'fontFamily' field.
Instead of getting the name from the optional `'name'` field, the font-family name now comes from the required `'fontFamily'` field.

This change fixes a back-compat (BC) break in how the font-family name is pulled from the incoming font data in the `WP_Font_Face_Resolver`.

Why?

WP Core does not require the `'name'` field in theme.json. For themes that do not declare it, that set of font variations is ignored, thus causing a BC break from how the stopgap code worked (see [53282]).

However, `WP_Theme_JSON` schema does require the `fontFamily` field in each of the `typography.fontFamilies`.

== Other details:

Includes a parser to extract the first entry when a `fontFamily` field has a comma-separated list of font-families, e.g. `Inter, sans-serif`.

References:
* Merge from Gutenberg's PR https://github.com/WordPress/gutenberg/pull/54615.

Follow-up to [56500], [53282].

Props ironprogrammer, hellofromTonya, mmaattiiaass, pbking.
Fixes #59165.
Built from https://develop.svn.wordpress.org/trunk@56688


git-svn-id: http://core.svn.wordpress.org/trunk@56200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 21:29:17 +00:00
Weston Ruter e7747ce23e Script Loader: Use `wp_get_script_tag()` and `wp_get_inline_script_tag()`/`wp_print_inline_script_tag()` helper functions to output scripts on the frontend and login screen.
Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.

* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.

Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.

Built from https://develop.svn.wordpress.org/trunk@56687


git-svn-id: http://core.svn.wordpress.org/trunk@56199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 21:05:21 +00:00
desrosj 98a0a6b5e5 Docs: Revert [56679].
`Memoizes` is actually correct in this context.

Unprops desrosj.
See #18298.
Built from https://develop.svn.wordpress.org/trunk@56686


git-svn-id: http://core.svn.wordpress.org/trunk@56198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 20:49:18 +00:00
Bernhard Reiter 061c32d574 HTML API: Remove all duplicate copies of an attribute when removing.
When encountering an HTML tag with duplicate copies of an attribute the tag processor ignores the duplicate values, according to the specification. However, when removing an attribute it must remove all copies of that attribute lest one of the duplicates becomes the primary and it appears as if no attributes were removed.

In this patch we're adding tests that will be used to ensure that all attribute copies are removed from a tag when one is request to be removed.

**Before**

{{{#!php
<?php
$p = new WP_HTML_Tag_Processor( '<br id=one id="two" id='three' id>' );
$p->next_tag();
$p->remove_attribute( 'id' );
$p->get_updated_html();
// <br id="two" id='three' id>
}}}

**After**

{{{#!php
<?php
$p = new WP_HTML_Tag_Processor( '<br id=one id="two" id='three' id>' );
$p->next_tag();
$p->remove_attribute( 'id' );
$p->get_updated_html();
// <br>
}}}

Previously we have been overlooking duplicate attributes since they don't have an impact on what parses into the DOM. However, as one unit test affirmed (asserting the presence of the bug in the tag processor) when removing an attribute where duplicates exist this meant we ended up changing the value of an attribute instead of removing it.

In this patch we're tracking the text spans of the parsed duplicate attributes so that ''if'' we attempt to remove them then we'll have the appropriate information necessary to do so. When an attribute isn't removed we'll simply forget about the tracked duplicates. This involves some overhead for normal operation ''when'' in fact there are duplicate attributes on a tag, but that overhead is minimal in the form of integer pairs of indices for each duplicated attribute.

Props dmsnell, zieladam.
Fixes #58119.
Built from https://develop.svn.wordpress.org/trunk@56684


git-svn-id: http://core.svn.wordpress.org/trunk@56196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 19:04:19 +00:00
spacedmonkey 66c782f6cd Editor: Introduce get_block_asset_url Utility Function.
This commit introduces a valuable utility function, get_block_asset_url, designed to simplify the retrieval of block asset URLs, such as those for CSS and JavaScript files. This utility eliminates redundancy in both register_block_script_handle and register_block_style_handle. Additionally, `get_block_asset_url` incorporates an early exit mechanism to optimize performance.

This update includes comprehensive unit tests, covering various scenarios, including asset registration from core (wp-includes), themes, child themes, plugins, and mu-plugins.

Props spacedmonkey, joemcgill, flixos90, gziolo.
Fixes #58525.
Built from https://develop.svn.wordpress.org/trunk@56683


git-svn-id: http://core.svn.wordpress.org/trunk@56195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 17:49:19 +00:00
spacedmonkey 72f19abd94 Script Loader: Replace hardcoded output of style tags with calls to `wp_add_inline_style`.
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.

To ensure backward compatibility, the following functions have been deprecated and replaced:

- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb

Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.

However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:

- custom-background
- wp-custom

These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.

Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes #58775.
Built from https://develop.svn.wordpress.org/trunk@56682


git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 17:06:34 +00:00
Felix Arntz bfbcb02444 Options, Meta APIs: Improve logic to avoid unnecessary database writes in `update_option()`.
Prior to this change, a strict comparison between the old and new database value could lead to a false negative, since database values are generally stored as strings. For example, passing an integer to `update_option()` would almost always result in an update given any existing database value for that option would be that number cast to a string.

This changeset adjusts the logic to perform an intentional "loose-y" comparison by casting the values to strings. Extensive coverage previously added in [56648] provides additional confidence that this does not introduce any backward compatibility issues.

Props mukesh27, costdev, spacedmonkey, joemcgill, flixos90, nacin, atimmer, duck_, boonebgorges.
Fixes #22192.

Built from https://develop.svn.wordpress.org/trunk@56681


git-svn-id: http://core.svn.wordpress.org/trunk@56193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 16:25:19 +00:00
Sergey Biryukov 28af9eafb0 Coding Standards: Fix a few newly introduced WPCS issues.
Follow-up to [56570], [56573], [56589], [56604], [56612], [56620], [56629], [56631], [56638], [56642], [56644], [56649].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56680


git-svn-id: http://core.svn.wordpress.org/trunk@56192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 15:36:18 +00:00
desrosj d9f4318a56 Docs: Correct typo in new `@since` tag.
Follow up to [56635], [56641].

See #18298.
Built from https://develop.svn.wordpress.org/trunk@56679


git-svn-id: http://core.svn.wordpress.org/trunk@56191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 15:18:22 +00:00
spacedmonkey ffad402ba3 Themes: Use instanceof in block_has_support.
In [50761], the block_has_support function was introduced. However, using `property_exists` within this function negatively impacted its performance. This commit replaces the `property_exists` function call with `instanceof WP_Block_Type`, resulting in improved performance.

Props mukesh27, gziolo, spacedmonkey.
Fixes #59441.
Built from https://develop.svn.wordpress.org/trunk@56678


git-svn-id: http://core.svn.wordpress.org/trunk@56190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 12:17:23 +00:00
spacedmonkey 73c8507a84 Themes: Use instanceof in get_hooked_blocks.
In [56610], the get_hooked_blocks function was introduced. However, using property_exists within this function negatively impacted its performance. This commit replaces the property_exists function call with instanceof WP_Block_Type, resulting in improved performance.

Props gziolo, spacedmonkey.
See #59383.
Built from https://develop.svn.wordpress.org/trunk@56677


git-svn-id: http://core.svn.wordpress.org/trunk@56189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 11:48:17 +00:00
gziolo 158f4a8fcc REST API: Improve the block type schema for the `name` field
Align the schema between `block.json` defined in Gutenberg and the REST API endpoint for block types. It looks like the `name` field isn't validated in all places and when it uses pattern matching in the REST API code, then it was slightly different.

Props spacedmonkey, ockham.
See #59346.


Built from https://develop.svn.wordpress.org/trunk@56676


git-svn-id: http://core.svn.wordpress.org/trunk@56188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 10:03:38 +00:00
Andrea Fercia 97b85f2823 Editor: Add missing parameter to the `block_editor_no_javascript_message` filter after [56672].
Props mukesh27.

Fixes #59229.

Built from https://develop.svn.wordpress.org/trunk@56675


git-svn-id: http://core.svn.wordpress.org/trunk@56187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 10:02:22 +00:00
Bernhard Reiter 9fd898a7c7 Blocks: Remove `inject_hooked_block_markup` filter.
Per discussion in #59424, there's agreement that the new `hooked_block_types` filter  (introduced in [56673]) covers conditional addition and removal of hooked blocks better and at a higher level than the `inject_hooked_block_markup` filter that was originally added in [56649] for that same purpose.
Consequently, this changeset removes the latter filter.

Props gziolo.
Fixes #59439.
Built from https://develop.svn.wordpress.org/trunk@56674


git-svn-id: http://core.svn.wordpress.org/trunk@56186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 09:14:17 +00:00
Bernhard Reiter ffb8b43072 Blocks: Introduce filter to allow easy addition of hooked blocks.
Introduce a `hooked_block_types` filter that allows easier conditional addition (or removal) of hooked blocks for a given anchor block and relative position.

{{{#!php
function insert_shopping_cart_hooked_block( $hooked_blocks, $position, $anchor_block, $context ) {
	if ( 'after' === $position && 'core/navigation' === $anchor_block && /** $context is header template part **/ ) {
		$hooked_blocks[] = 'mycommerce/shopping-cart';
	}
	return $hooked_blocks;
}
add_filter( 'hooked_block_types', 'insert_shopping_cart_hooked_block', 10, 4 );
}}}

Props gziolo, nerrad, dmsnell, ndiego.
Fixes #59424.
Built from https://develop.svn.wordpress.org/trunk@56673


git-svn-id: http://core.svn.wordpress.org/trunk@56185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 08:44:22 +00:00
joedolson 8663e65bde Editor: Improve no JS message for block editor.
Show the user a link to install the classic editor if they do not have JavaScript available and the plugin is not already installed.

Props bosskhj, audrasjb, huzaifaalmesbah, sajjad67, joedolson, costdev.
Fixes #59229.
Built from https://develop.svn.wordpress.org/trunk@56672


git-svn-id: http://core.svn.wordpress.org/trunk@56184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 00:07:21 +00:00
joedolson 8743d1318c Widgets: Add missing no JS notice in Widgets screen.
Add an H1 heading and an admin notice to display on the Widgets screen when JS is not available. Invite the user to either install or activate the Classic Widgets plugin, as that plugin provides basic functionality without JS.

Props afercia, nihar007, huzaifaalmesbah, joedolson, matthewfarlymn, bvreeman22, bosskhj, devmuhib, shailu25, joedolson.
Fixes #58738.
Built from https://develop.svn.wordpress.org/trunk@56671


git-svn-id: http://core.svn.wordpress.org/trunk@56183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 00:00:17 +00:00
joedolson 223b713734 Site Health: Improve `wp.a11y.speak()` notifications.
Improve the experience for screen reader users by removing announcements produced in the Dashboard, simplifying the text to reduce verbosity, and ensuring that messages are spoken in the correct order to match the state of the user interface without repetition.

Props afercia, alexstine.
Fixes #58573.
Built from https://develop.svn.wordpress.org/trunk@56670


git-svn-id: http://core.svn.wordpress.org/trunk@56182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-24 20:13:21 +00:00
Sergey Biryukov 86c9da14e3 Build/Test Tools: Remove random_compat from PHPCS and PHPUnit configuration files.
This package was removed in WP 6.3, so these exclusion entries are no longer necessary.

Follow-up to [42346], [42665], [49797], [56141], [56667].

See #58831, #58955.
Built from https://develop.svn.wordpress.org/trunk@56669


git-svn-id: http://core.svn.wordpress.org/trunk@56181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-24 07:45:25 +00:00
costdev 464026afbc REST API: Correct spelling error in `block_hooks` field documentation.
In [56587], a spelling error was introduced in the documentation of the new `block_hooks` field in `WP_REST_Block_Types_Controller`.

This fixes the spelling error.

Follow-up to [56587].

Props kebbet, mukesh27, tahmina1du.
Fixes #59426. See #59346.
Built from https://develop.svn.wordpress.org/trunk@56668


git-svn-id: http://core.svn.wordpress.org/trunk@56180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-23 15:37:22 +00:00
Sergey Biryukov db00a83b39 Coding Standards: Remove unnecessary directives in the PHPCompatibility ruleset.
This commit:

* Removes the unnecessary exclusion patterns for the `node_modules` and `vendor` directories. As this ruleset only scans the `src` directory, those directories would never be scanned anyway.
* Removes the selective excludes related to the random_compat package. This package was removed in WP 6.3, so these excludes are no longer necessary.

Follow-up to [46290], [56141].

Props jrf.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56667


git-svn-id: http://core.svn.wordpress.org/trunk@56179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-23 11:07:19 +00:00
Sergey Biryukov bc9dc31200 Coding Standards: Improve organization of the PHPCompatibility ruleset.
This commit:
* Adds section headers to the ruleset file.
* Organizes all directives in their respective sections.

No functional changes.

Props jrf.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56666


git-svn-id: http://core.svn.wordpress.org/trunk@56178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-23 10:58:23 +00:00
joedolson 5d6106539e Administration: Switch order of label/checkbox in `WP_List_Table`.
Move the label after the checkbox in `WP_List_Table` instances. Resolve a false positive that will be presented by automated accessibility testing tools. Follow up to [55954].

Props dimitrism, joedolson, sabernhardt, oglekler, marybaum, tobiasbg.
Fixes #58703.
Built from https://develop.svn.wordpress.org/trunk@56665


git-svn-id: http://core.svn.wordpress.org/trunk@56177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:58:16 +00:00
Adam Silverstein 77582c4be9 Security: remove the cron event that checked for https support.
Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter  which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.


Built from https://develop.svn.wordpress.org/trunk@56664


git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:08:19 +00:00
joedolson 61ed1cb48e Administration: Remove duplicate `wp_admin_notice()` call.
Remove duplicate success message displayed in `wp-admin/upload.php`. Follow up to [56573].

Props davidbinda.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56663


git-svn-id: http://core.svn.wordpress.org/trunk@56175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:19:19 +00:00
joedolson 4b17383d2c Code Modernization: Rename reserved keyword used as variable.
Change the `$echo` parameter added to `wp_update_php_annnotation()` to `$display` to avoid using reserved PHP keywords as parameters. Follow up to [56570].

Props kebbet, mukesh27.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56662


git-svn-id: http://core.svn.wordpress.org/trunk@56174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:14:16 +00:00
desrosj da9f594a55 Build/Test Tools: Introduce install and upgrade testing workflows.
This introduces GitHub Action workflows for testing the installation and upgrade process to ensure there are no unexpected issues. The goal of these workflows is to replicate some of the manual testing that happens during the release process. This does not replace that testing which is a fantastic, low barrier way for someone newer to contributing to get involved. Instead, it should serve as an additional sanity check to ensure no combinations are missed.

The installation workflow tests installing the latest or specified version of WordPress on all PHP and MySQL version combinations for both single and multisite.

The upgrade testing will test upgrading from each branch that still receives security updates to the latest or specified version on all PHP and MySQL version combinations for both single and multisite.

Both workflows confirm that no errors are encountered when using WP-CLI to install or upgrade WordPress. No test assertions of any type are currently performed, but adding some will be explored.

Props costdev, azaozz, ironprogrammer, desrosj.
See #58977.
Built from https://develop.svn.wordpress.org/trunk@56661


git-svn-id: http://core.svn.wordpress.org/trunk@56173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 17:43:21 +00:00
desrosj e3954daefa Build/Test Tools: Simplify some logic in GitHub Action workflows.
This simplifies the logic within the `slack-notifications` and `failed-workflow` steps in GitHub Action workflows to use the `contains()` function and object filtering.

This makes it simpler to perform the needed checks by removing the need to list out every single dependent job defined in `needs`.

See #58867.
Built from https://develop.svn.wordpress.org/trunk@56660


git-svn-id: http://core.svn.wordpress.org/trunk@56172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 14:29:17 +00:00
desrosj ecf275f1c3 Build/Test Tools: Update the environment variable for skipping browser binaries.
This changes the environment variable used in GitHub Action workflows to skip downloading the browser binary that’s a peer dependency when it’s not needed.

In [56647], the version of `puppeteer` peer-dependency was bumped to `>= 20.0.0`. Starting in version `20.0.0`, puppeteer switched to using Chrome for testing instead of Chromium. With this release, the `PUPPETEER_SKIP_CHROMIUM_DOWNLOAD` environment variable was removed in favor of the more generic `PUPPETEER_SKIP_DOWNLOAD`.

All workflows that do not need a browser binary now contain the correct `PUPPETEER_SKIP_CHROMIUM_DOWNLOAD` variable.

Follow up to [56647].

See #58863.
Built from https://develop.svn.wordpress.org/trunk@56659


git-svn-id: http://core.svn.wordpress.org/trunk@56171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 13:57:18 +00:00
Sergey Biryukov 2d7e5afa3e Media: Use correct option name for attachment pages in `upgrade_640()`.
Follow-up to [56657].

See #57913.
Built from https://develop.svn.wordpress.org/trunk@56658


git-svn-id: http://core.svn.wordpress.org/trunk@56170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 01:18:18 +00:00
Sergey Biryukov 229d32f6d7 Media: Disable attachment pages for new installations.
WordPress creates attachment pages by default for every attachment uploaded. On the vast majority of sites, these attachment pages don't contain any meaningful information. They do however exist, get indexed by search engines, and sometimes even rank in search results, leading to bad results for users and site owners.

This commit introduces a `wp_attachment_pages_enabled` database option to control the attachment pages behavior:

* On existing sites, the option is set to `1` on upgrade, so that attachment pages continue to work as is.
* For new sites, the option is set to to `0` by default, which means attachment pages are redirected to the attachment URL.
* Sites that want to enable or disable the attachment pages can set the option to `1` or `0`, respectively.

Follow-up to [2958], [3303], [7149], [34690].

Props aristath, poena, afercia, joostdevalk, jonoaldersonwp, azaozz, johnbillion, joedolson, basiliskan, audrasjb, davelo, rilwis, manfcarlo, tyxla, garrett-eclipse, seedsca, eatingrules, matveb, antpb, zodiac1978, oglekler, zunaid321, costdev, SergeyBiryukov.
Fixes #57913.
Built from https://develop.svn.wordpress.org/trunk@56657


git-svn-id: http://core.svn.wordpress.org/trunk@56169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 00:04:41 +00:00
spacedmonkey d211ad45b1 Query: Improved handling of filtered queries in WP_Query.
The `WP_Query` class enables developers to customize queries using filters like `posts_fields_request`, `posts_request`, and `the_posts`, which can modify both the queried fields and retrieved post objects. In some cases with these filters, incomplete or invalid post objects lacking essential data may arise. To address this, if any of these filters are active during a query, the `get_posts` method now avoids caching post objects with the usual `update_post_caches` function call, opting for a call to `_prime_post_caches` instead. This may occasionally trigger new database queries to prime the post data cache. While this enhancement may result in rare additional database queries, it ensures that invalid post objects aren't cached, prioritizing data consistency and integrity in filtered query scenarios.

Props saulirajala, spacedmonkey, flixos90, mukesh27, peterwilsoncc.
Fixes #58599.
Built from https://develop.svn.wordpress.org/trunk@56656


git-svn-id: http://core.svn.wordpress.org/trunk@56168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 19:34:18 +00:00
desrosj ced31b7c58 HTTP API: Deprecate `WP_Http_Curl` and `WP_Http_Streams` classes.
These classes have not been used in WordPress Core since the Requests library was introduced in [37428]. These classes are now deprecated in favor of `WP_Http`.

There are two remaining spots in Core that reference these classes:
- The `WP_Http::_dispatch_request()` method, which was marked as deprecated in favor of `WP_Http::request()` in [42766]/[44346].
- The `WP_Http::_get_first_available_transport()`.

That latter is now also marked as deprecated in favor of `\WpOrg\Requests\Requests::get_transport_class()`.

Props SergeyBiryukov, rajinsharwar, hellofromTonya.
Fixes #58705.
Built from https://develop.svn.wordpress.org/trunk@56655


git-svn-id: http://core.svn.wordpress.org/trunk@56167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:29:12 +00:00
joedolson 491a21da64 Login and Registration: Improve HTML for errors and notices.
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group. 

Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes #30685.
Built from https://develop.svn.wordpress.org/trunk@56654


git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:24:15 +00:00
joedolson 198543cf2f Coding Standards: Remove unused variable `el` in monitorPopup.
Remove an unused variable to resolves coding standards failure. Follow up to [56651].

Props joedolson.
See #58756.
Built from https://develop.svn.wordpress.org/trunk@56653


git-svn-id: http://core.svn.wordpress.org/trunk@56165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:04:16 +00:00
joedolson 665928659b Media: Close image rotation menu when not focused.
Implement a focus monitor so that if user focus moves away from the image rotation menu, it closes and doesn't block the image editing canvas. Follow up to [56239], [55919].

Props nithi22, deepakvijayan, dharm1025, faisal03.
Fixes #58756.
Built from https://develop.svn.wordpress.org/trunk@56652


git-svn-id: http://core.svn.wordpress.org/trunk@56164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 17:49:18 +00:00
Felix Arntz cd11ddbac1 Media: Introduce filters to customize the results from `wp_get_loading_optimization_attributes()`.
This changeset introduces two filters that allow customizing the loading optimization attributes array returned from `wp_get_loading_optimization_attributes()` for individual HTML tags:
* The `wp_get_loading_optimization_attributes` filter can be used to modify the results from the WordPress core logic.
* The `pre_wp_get_loading_optimization_attributes` filter can be used to use entirely custom logic and effectively short-circuit the core function.

Props pereirinha, mukesh27, spacedmonkey, joemcgill.
Fixes #58893.

Built from https://develop.svn.wordpress.org/trunk@56651


git-svn-id: http://core.svn.wordpress.org/trunk@56163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:38:15 +00:00
spacedmonkey c4c54f035c Taxonomy: Stop double sanitization in get_term function.
In the `get_term` function, the filter method is invoked on the `WP_Term` object, which subsequently triggers the execution of `sanitize_term`. The filter method is also executed within `WP_Term::get_instance`.

A common scenario when calling the `get_term` function is to invoke the function with an integer ID for the term and a filter set to "raw." This results in a call to `WP_Term::get_instance`. However, since both `get_term` and `WP_Term::get_instance` invoke the filter method, it leads to double sanitization of the term.

Considering that `get_term` may be called thousands of times on a page, especially when priming a large number of terms into memory, this redundancy can result in thousands of unnecessary calls to `sanitize_term`. Performing the same sanitization operation twice with the same parameters is wasteful and detrimental to performance.

To address this issue, the code has been updated to execute the filter method only when the filter parameter does not match or when changes have been made to the term object within the get_term hook. This optimization ensures that the filter is applied selectively, mitigating performance concerns and avoiding unnecessary sanitization calls.

Props spacedmonkey, flixos90, costdev, mukesh27, joemcgill, oglekler, peterwilsoncc.
Fixes #58329.
Built from https://develop.svn.wordpress.org/trunk@56650


git-svn-id: http://core.svn.wordpress.org/trunk@56162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:36:20 +00:00
Bernhard Reiter 6bf6244dc7 Blocks: Implement automatic block insertion into Block Hooks.
Block Hooks allow a third-party block to specify a position relative to a given block into which it will then be automatically inserted (e.g. a "Like" button block can ask to be inserted after the Post Content block, or an eCommerce shopping cart block can ask to be inserted after the Navigation block).

The underlying idea is to provide an extensibility mechanism for Block Themes, in analogy to WordPress' [https://developer.wordpress.org/plugins/hooks/ Hooks] concept that has allowed extending Classic Themes through filters and actions.

The two core tenets for Block Hooks are:

1. Insertion into the frontend should happen right after a plugin containing a hooked block is activated (i.e. the user isn't required to insert the block manually in the editor first); similarly, disabling the plugin should remove the hooked block from the frontend.
2. The user has the ultimate power to customize that automatic insertion: The hooked block is also visible in the editor, and the user's decision to persist, dismiss (i.e. remove), customize, or move it will be respected (and reflected on the frontend).

To account for both tenets, the **tradeoff** was made to limit automatic block insertion to unmodified templates (and template parts, respectively). The reason for this is that the simplest way of storing the information whether a block has been persisted to (or dismissed from) a given template (or part) is right in the template markup.

To accommodate for that tradeoff, [https://github.com/WordPress/gutenberg/pull/52969 UI controls (toggles)] are being added to increase visibility of hooked blocks, and to allow for their later insertion into templates (or parts) that already have been modified by the user.

For hooked blocks to appear both in the frontend and in the editor (see tenet number 2), they need to be inserted into both the frontend markup and the REST API (templates and patterns endpoints) equally. As a consequence, this means that automatic insertion couldn't (only) be implemented at block ''render'' stage, as for the editor, the ''serialized'' (but ''unrendered'') markup needs to be modified.

Furthermore, hooked blocks also have to be inserted into block patterns. Since practically no filters exist for the patterns registry, this has to be done in the registry's `get_registered` and `get_all_registered` methods.

Props gziolo.
Fixes #59313.
Built from https://develop.svn.wordpress.org/trunk@56649


git-svn-id: http://core.svn.wordpress.org/trunk@56161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 16:18:17 +00:00
Felix Arntz b2a2411fcd Options, Meta APIs: Add further test coverage for comparison between old and new option value.
This ensures potential future changes to the logic are covered by existing tests that should pass before and after.

Props joemcgill.
See #22192.

Built from https://develop.svn.wordpress.org/trunk@56648


git-svn-id: http://core.svn.wordpress.org/trunk@56160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 15:23:16 +00:00
desrosj 3c8457e747 Build/Test Tools: Update build related dependencies to their latest versions.
This updates the following npm dependencies:
- `autoprefixer` to version `10.4.16`.
- `grunt-contrib-qunit` to version `8.0.1`.
- `postcss` to version `8.4.30`.
- `react-refresh` to version `0.14.0`.
- `sass` to version `1.68.0`.
- `sinon` to version `16.0.0`.
- `uuid` to version `9.0.1`.
- `tslib` to version `2.6.2`.

This change accompanies a similar one in the Gutenberg repository: https://github.com/WordPress/gutenberg/pull/54657.

Props gziolo, desrosj.
Fixes #58863.
Built from https://develop.svn.wordpress.org/trunk@56647


git-svn-id: http://core.svn.wordpress.org/trunk@56159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 13:26:32 +00:00
desrosj 1df2b50c43 External Libraries: Update the `polyfill-library` package.
This updates the `wp-polyfill-node-contains` and `'wp-polyfill-dom-rect` scripts to the latest version, `4.8.0`.

These scripts are no longer used by WordPress Core, but are kept up to date as a courtesy.

Props rajinsharwar, hrshahin, oglekler.
Fixes #59077.
Built from https://develop.svn.wordpress.org/trunk@56646


git-svn-id: http://core.svn.wordpress.org/trunk@56158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 12:28:33 +00:00
Sergey Biryukov ae8ddcf935 REST API: Remove unused variable in `WP_REST_Server::match_request_to_handler()`.
Previously initialized in `WP_REST_Server::dispatch()`, the `$response` variable became unused when the logic was split into two new methods, `::match_request_to_handler()` and `::respond_to_request()`.

Follow-up to [34928], [48947].

Props upadalavipul, mukesh27.
Fixes #59420.
Built from https://develop.svn.wordpress.org/trunk@56645


git-svn-id: http://core.svn.wordpress.org/trunk@56157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 12:19:17 +00:00
Bernhard Reiter f6307ff5fc Blocks: Change `traverse_and_serialize_block(s)`'s callback signature.
During work on #59399, it was discovered that ''sibling'' block insertion wasn't likely going to work the way it was planned, which required devising an alternative solution. This new solution requires some changes to `traverse_and_serialize_block(s)`:

- Change the signature of the existing callback such that:
  - the return value is a string that will be prepended to the result of the inner block traversal and serialization;
  - the function arguments are: a ''reference'' to the current block (so it can be modified inline, which is important e.g. for `theme` attribute insertion), the parent block, and the previous block (instead of the block index and chunk index).
- Add a second callback argument to `traverse_and_serialize_block(s)`, which is called ''after'' the block is traversed and serialized.
  - Its function arguments are a reference to the current block, the parent block, and the next block.

Props gziolo.
Fixes #59412. See #59313.
Built from https://develop.svn.wordpress.org/trunk@56644


git-svn-id: http://core.svn.wordpress.org/trunk@56156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 08:34:18 +00:00
isabel_brison 2f5d2da8f8 Editor: add lightbox setting.
Adds lightbox as a valid setting to `WP_Theme_JSON` class and as an image block setting in theme.json.

Props czapla, costdev, desrosj.
Fixes #59393.

Built from https://develop.svn.wordpress.org/trunk@56643


git-svn-id: http://core.svn.wordpress.org/trunk@56155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 06:35:20 +00:00
isabel_brison 9ba50bb623 Taxonomy: add taxonomy for user pattern categories.
Adds a `wp_pattern_category` taxonomy linked to the `wp-block` object.

Props glendaviesnz, kebbet, desrosj, mamaduka.
Fixes #59379.

Built from https://develop.svn.wordpress.org/trunk@56642


git-svn-id: http://core.svn.wordpress.org/trunk@56154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 04:25:22 +00:00
Felix Arntz 091e385f8d Themes: Fix fatal error in `load-styles.php`.
Following [56635], a fatal error occurred in `load-styles.php` leading to admin styles not working, because of a `has_filter()` call being added to `get_stylesheet_director()` and `get_template_directory()`.

This changeset adds `has_filter()` to `wp-admin/includes/noop.php` to prevent such errors. The lack of loading the function does not cause any unintended side effects itself.

Props iandunn, adamsilverstein.
Fixes #59417.
See #18298.

Built from https://develop.svn.wordpress.org/trunk@56641


git-svn-id: http://core.svn.wordpress.org/trunk@56153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 01:27:26 +00:00
isabel_brison 3c22144a0d Editor: fix typo in `css_var` doc update.
Fixes a type in the doc update in [56630].

Props ramonopoly, audrasjb, costdev.
Fixes #59401.

Built from https://develop.svn.wordpress.org/trunk@56640


git-svn-id: http://core.svn.wordpress.org/trunk@56152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 00:18:23 +00:00
joedolson 48dfebac74 Administration: Improve control proximity in theme details modal.
Make the theme details modals in the Customizer and at Appearance > Themes consistent. Change the order of controls so both modals are in the same sequence, center all controls in both desktop and mobile views, and change delete link color to meet color contrast requirements.

Props trishasalas, afercia, melchoyce, karmatosed, cathibosco1, michaelarestad, joedolson, petitphp, mikinc860.
Fixes #59372. See #59371, #40822.
Built from https://develop.svn.wordpress.org/trunk@56639


git-svn-id: http://core.svn.wordpress.org/trunk@56151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 21:03:20 +00:00
Weston Ruter 09d8bc184b General: Account for `Sec-CH-UA-Mobile` client hint request header in `wp_is_mobile()`.
Add missing test coverage for `wp_is_mobile()`.

Fixes #59370.
Props westonruter, flixos90.

Built from https://develop.svn.wordpress.org/trunk@56638


git-svn-id: http://core.svn.wordpress.org/trunk@56150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 20:51:19 +00:00
joedolson ebfa9be225 XML-RPC: Add `alt` attribute value to media item API.
Add alt text to the `wp.getMediaItem` method in the XML-RPC API. Allows users to fetch alt text as a first-class member of a media object.

Props thomashorta, joedolson, jivygraphics, stephenerdelyi, mukesh27, whyisjake.
Fixes #58582.
Built from https://develop.svn.wordpress.org/trunk@56637


git-svn-id: http://core.svn.wordpress.org/trunk@56149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 19:31:20 +00:00
joedolson 453fb650d6 Users: Improve vertical spacing consistency in labels.
Adjust display of user profile labels on small screens so they are consistent with the layout used elsewhere.

Props nandhuraj, costdev, sabernhardt, sarathar, vivekawsm.
Fixes #58493.
Built from https://develop.svn.wordpress.org/trunk@56636


git-svn-id: http://core.svn.wordpress.org/trunk@56148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 17:55:17 +00:00
Felix Arntz 59e8596941 Themes: Deprecate usage of `TEMPLATEPATH` and `STYLESHEETPATH` constants.
While generally the functions `get_template_directory()` and `get_stylesheet_directory()` were long recommended to use to get the parent or child theme directory, the `TEMPLATEPATH` and `STYLESHEETPATH` constants were still used in a few places in core, most importantly in template related logic.

The remaining usage was problematic as it prevented testability of certain key components of WordPress core.

This changeset replaces all remaining usage with the corresponding functions and effectively marks these constants as deprecated. It also adds test coverage accordingly and even unlocks some existing, previously commented out test coverage to work as expected.

Performance of the new approach has been benchmarked and shows no notable differences. Yet, given that the current theme directories are not expected to change within a regular WordPress page load, the `get_template_directory()` and `get_stylesheet_directory()` functions were amended with in-memory caching of the result, unless one of the defining values is being filtered.

Props thekt12, spacedmonkey, mukesh27, aaroncampbell, scribu, lloydbudd, cais, chipbennett, toscho, omarabid, CrazyJaco, DrewAPicture, obenland, wonderboymusic, nacin, helen, dd32, chriscct7, SergeyBiryukov, swissspidy, joemcgill, flixos90.
Fixes #18298.

Built from https://develop.svn.wordpress.org/trunk@56635


git-svn-id: http://core.svn.wordpress.org/trunk@56147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 17:27:23 +00:00
Bernhard Reiter 68be796e1d Blocks: Revert implementation of block insertion functions.
In [56618], three functions (`insert_inner_block`, `prepend_inner_block`, and `append_inner_block`) were introduced. They were meant to be used for insertion of hooked blocks; however, it was discovered that the original idea wouldn't work for sibling insertion. Instead, a different approach will be taken (see #59412), and these functions are no longer needed and can thus be removed.

Reverts [56618].
See #59412, #59385, #59313.
Built from https://develop.svn.wordpress.org/trunk@56634


git-svn-id: http://core.svn.wordpress.org/trunk@56146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 16:49:18 +00:00
Sergey Biryukov b57af57210 Coding Standards: Escape the whole attribute in `wp-admin/export.php`.
It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.

While the hardcoded hyphen in this case don't necessarily create that risk, it may change to a value which could be problematic, so making it a habit to escape the value in one go is best practice.

Escaping the complete value also means that a single `esc_attr()` call can be used instead of two.

Follow-up to [14444], [16652], [55616], [56632].

See #58831.
Built from https://develop.svn.wordpress.org/trunk@56633


git-svn-id: http://core.svn.wordpress.org/trunk@56145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 09:47:18 +00:00
audrasjb 5cce7674ca Coding Standards: Add missing escaping functions in `wp-admin/export.php`
Props viralsampat.
See #58831.




Built from https://develop.svn.wordpress.org/trunk@56632


git-svn-id: http://core.svn.wordpress.org/trunk@56144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 08:44:20 +00:00
audrasjb 25b109a0e5 Taxonomy: Restrict term edit link generation in `WP_Terms_List_Table::handle_row_actions()`.
This changeset restricts edit term link generation if the user lacks the `edit_term` cap in order to prevent PHP 8.1+ deprecations shown when a user lacks this 
capability and `get_edit_term_link()` returns null.

Props thelovekesh, jrf.
Fixes #59336.




Built from https://develop.svn.wordpress.org/trunk@56631


git-svn-id: http://core.svn.wordpress.org/trunk@56143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 08:10:16 +00:00
isabel_brison d761ed56ca Editor: update docs for `css_var`.
Updates inline doc for the `css_var` key value pair in WP_Style_Engine.

Props ramonopoly.
Fixes #59401.

Built from https://develop.svn.wordpress.org/trunk@56630


git-svn-id: http://core.svn.wordpress.org/trunk@56142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 07:06:20 +00:00
isabel_brison 9699ef2e41 Editor: Fix post editor layout when Post Content has no attributes.
Changes output of `wp_get_post_content_block_attributes` to return null if Post Content block doesn’t exist or empty array if it has no attributes.

Props flixos90, mukesh27.
Fixes #59358.

Built from https://develop.svn.wordpress.org/trunk@56629


git-svn-id: http://core.svn.wordpress.org/trunk@56141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-20 01:26:19 +00:00
costdev f388dc8e38 Login and Registration: Introduce classes `wp-login.php` footer links.
This introduces classes for the "Log in", "Register" and "Lost your password?" links in the footer of `wp-login.php` forms so that they may be easily targeted for individual styling.

The new classes are:
- `.wp-login-log-in`
- `.wp-login-register`
- `.wp-login-lost-password`

Props wparslan, thomasplevy, rajinsharwar, audrasjb, joedolson, costdev.
Fixes #57590.
Built from https://develop.svn.wordpress.org/trunk@56628


git-svn-id: http://core.svn.wordpress.org/trunk@56140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-19 22:45:19 +00:00