Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
Built from https://develop.svn.wordpress.org/trunk@52032
git-svn-id: http://core.svn.wordpress.org/trunk@51624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add required asterisk to the comment text field. Historically, the name and email fields are marked as required, but the comment text field is not, though it is actually a required field.
Props infected, solarissmoke, rianrietveld, afercia, sabernhardt, strider72, mai21, audrasjb.
Fixes#16206.
Built from https://develop.svn.wordpress.org/trunk@52029
git-svn-id: http://core.svn.wordpress.org/trunk@51621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new filter `post_thumbnail_id` which allows overriding the default id returned from `get_post_thumbnail_id()`.
Props engelen, alexvorn2, gilbitron, sebastianpisula, SergeyBiryukov, leogermani, rzen, joemcgill, audrasjb.
Fixes#23983.
Built from https://develop.svn.wordpress.org/trunk@52028
git-svn-id: http://core.svn.wordpress.org/trunk@51620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This renames the file containing the `WP_Http` class to conform to the coding standards.
This commit also includes:
- A new `class-http.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.
Follow-up to [8516], [13274], [33748].
Fixes#54389. See #53359.
Built from https://develop.svn.wordpress.org/trunk@52026
git-svn-id: http://core.svn.wordpress.org/trunk@51618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new filter `'is_post_type_viewable'` which allows overriding the check. The expected filtered value is a boolean. As filtered values can change, including the data type, this commit includes a `is_bool()` check, thus ensuring backwards-compatibility.
Follow-up to [33666], [36402].
Props audrasjb, deepaklalwani, hellofromTonya, peterwilsoncc, powerbuoy, sergeybiryukov.
Fixes#49628.
Built from https://develop.svn.wordpress.org/trunk@52024
git-svn-id: http://core.svn.wordpress.org/trunk@51616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As a legacy from the old Health Check plugin, the constant `WP_LOCAL_DEV` was included in the debug data under the "WordPress Constants" section. This was incorrect, and has never been a constant used by core.
Instead, that field is now replaced by `WP_ENVIRONMENT_TYPE`, which was introduced with WordPress 5.5, and is a much more appropriate value to provide in a debug scenario.
Props johnbillion, bgoewert, sabbirshouvo.
Fixes#54340.
Built from https://develop.svn.wordpress.org/trunk@52021
git-svn-id: http://core.svn.wordpress.org/trunk@51613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_core_checksums()` and `wp_version_check()` functions call the PHP native `http_build_query()` function, the second parameter of which is the ''optional'' `$numeric_prefix` parameter which expects a non-nullable `string`.
A parameter being optional, however, does not automatically make it nullable.
As of PHP 8.1, passing `null` to a non-nullable PHP native function will generate a deprecation notice.
In this case, this function call yielded a `http_build_query(): Passing null to parameter #2 ($numeric_prefix) of type string is deprecated` notice.
Changing the `null` to an empty string fixes this without a backward compatibility break.
References:
* [https://www.php.net/manual/en/function.http-build-query.php PHP Manual: http_build_query()]
* [https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg PHP RFC: Deprecate passing null to non-nullable arguments of internal functions]
Follow-up to [18697], [25540].
Props bjorsch, kraftbj, hellofromTonya, jrf.
See #54229.
Built from https://develop.svn.wordpress.org/trunk@52019
git-svn-id: http://core.svn.wordpress.org/trunk@51611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The icon used to be a rather blocky checkmark, but has now been changed to the more friendly, and less ambiguous, smiley dashicon.
It also helps cover a rare cases where a checkmark, while often used to mark something as done, may also be used to indicate that something is incorrect (many thanks to my 6th grade teacher for this rationale).
As an added bonus, this commit also adjusts the margins used around the icon, to make it fit more nicely on both large and small viewports.
Props sabernhardt, generosus.
Fixes#53980.
Built from https://develop.svn.wordpress.org/trunk@52018
git-svn-id: http://core.svn.wordpress.org/trunk@51610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, only users with the `edit_theme_options` capability can access the sidebars and widgets REST API endpoints. In this commit, A new `show_in_rest` parameter is added to the `register_sidebar` function. When enabled, all users will be able to access that sidebar and any widgets belonging to that sidebar.
This commit reduces the `context` for a widget's `instance` information to only `edit`. This is to ensure that internal widget data is not inadvertently exposed to the public. A future ticket may expose additional APIs to allow widget authors to indicate that their instance data can be safely exposed. REST API consumers intending to access this `instance` information should take care to explicitly set the `context` parameter to `edit`.
Props spacedmonkey, zieladam.
Fixes#53915.
Built from https://develop.svn.wordpress.org/trunk@52016
git-svn-id: http://core.svn.wordpress.org/trunk@51608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Delete comments in a descending order by comment ID when deleting a post.
This avoids the expense of additional database queries required to re-parent threaded comments that are themselves about to be deleted.
Props Mte90, andraganescu, johnbillion, hellofromTonya, peterwilsoncc.
Fixes#37703.
Built from https://develop.svn.wordpress.org/trunk@52015
git-svn-id: http://core.svn.wordpress.org/trunk@51606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes the submit button text from "Submit" to "Save Changes".
Why? The text is more semantic and clear of what happens when activating that button.
Follow-up to [9103].
Props zodiac1978, knutsp, hilayt24, audrasjb.
Fixes#54229.
Built from https://develop.svn.wordpress.org/trunk@52014
git-svn-id: http://core.svn.wordpress.org/trunk@51605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With IE11 no longer supported, the primary problem with assistive technology support for native HTML5 elements no longer applies.
This commit removes the `role` attribute from the following HTML5 elements with default landmark roles, per formerly required role attributes and W3C.
Follow-up to [17669], [21261], [23452], [24832], [29892], [38833], [40851], [43842], [46271], [49216].
Props costdev, craigfrancis, joedolson, mukesh27, ryokuhi, sabernhardt.
Fixes#54079.
Built from https://develop.svn.wordpress.org/trunk@52013
git-svn-id: http://core.svn.wordpress.org/trunk@51604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Related changes in Gutenberg: https://github.com/WordPress/gutenberg/pull/35038.
When adding a block with a view.js script, the frontend loads an additional ~20kb of scripts that were previously not there. These are coming from polyfills that are defined as a dependency for view.js scripts.
Since WordPress dropped support for IE, these polyfills are no longer needed and can be removed.
Follow-up to [51501].
See #53690.
Props aristath.
Built from https://develop.svn.wordpress.org/trunk@52011
git-svn-id: http://core.svn.wordpress.org/trunk@51602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a `public` visibility to test fixtures, tests, data providers, and callbacks methods.
Adds a `private` visibility to helper methods within test classes.
Renames callbacks and helpers that previously started with a `_` prefix. Why? For consistency and to leverage using the method visibility. Further naming standardizations is beyond the scope of this commit.
Props costdev, jrf, hellofromTonya.
Fixes#54177.
Built from https://develop.svn.wordpress.org/trunk@52010
git-svn-id: http://core.svn.wordpress.org/trunk@51601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. As these are part of the WordPress testing framework (for Core and extenders), changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf, hellofromTonya.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@52009
git-svn-id: http://core.svn.wordpress.org/trunk@51600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improvements:
* Removes HTML tags from translatable strings. Uses `sprintf` with placeholder and translators comment.
* Spells out "OG" to "Open Graph" to help translators.
* Adds `@since` param to new filters.
* Improves comments for code standards and consistency.
* Improves readability by making multiple args multiline.
* Micro-optimizations to avoid unnecessary variable assignments.
Follow-up to [51973].
Props hellofromTonya, sergeybiryukov, swissspidy.
Fixes#54358.
Built from https://develop.svn.wordpress.org/trunk@52008
git-svn-id: http://core.svn.wordpress.org/trunk@51599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When viewing the listing of all comments, author links previously passed referrer information to untrusted URLs. This change adds `noreferrer` to each author link, as well as `noopener` to prevent the passing of information about the parent window.
Props cybr, adam3128, erayalakese, andraganescu, audrasjb, joedolson, sabernhardt.
Fixes#40916.
Built from https://develop.svn.wordpress.org/trunk@52007
git-svn-id: http://core.svn.wordpress.org/trunk@51596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The latest version includes jQuery 3.x deprecation fixes:
* `$.isArray` → `Array.isArray`
* Event attachment/trigger shorthands → `.on()` and `.trigger()`
For a full list of changes in this update, see the PR on GitHub:
https://github.com/Automattic/Iris/pull/72
Follow-up to [22030], [22033], [22385], [22457], [22697], [22732], [23443], [26334], [30551], [30650], [38931], [50547].
Props Clorith, mattwiebe, Cybr.
Fixes#54224.
Built from https://develop.svn.wordpress.org/trunk@52006
git-svn-id: http://core.svn.wordpress.org/trunk@51595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a child panel is open, `wp.customize.panel('parent_panel').focus()` (e.g. `'parent_parent'` might be `'nav_menus'`) collapses the child panel(s) to show the parent panel.
Follow-up to [30102], [31920], [38648].
Props celloexpressions, costdev, dlh, hareesh-pillai, hellofromTonya, westonruter, wpweaver.
Fixes#34436.
Built from https://develop.svn.wordpress.org/trunk@52003
git-svn-id: http://core.svn.wordpress.org/trunk@51592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using a workflow as a callable workflow, the job status check functions do not take the called workflow into account. This has caused some failures to be incorrectly reported as successful.
This adds an input to the Slack notifications workflow for when the `workflow_call` event is used.
See #53363.
Built from https://develop.svn.wordpress.org/trunk@52002
git-svn-id: http://core.svn.wordpress.org/trunk@51591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per the general consensus in #8714 and similar tickets, user-facing strings should use “curly quotes” for better typography.
Remove the `svn:executable` property that appears to be added accidentally.
Follow-up to [38049], [42200], [46585], [51995].
See #54321.
Built from https://develop.svn.wordpress.org/trunk@52001
git-svn-id: http://core.svn.wordpress.org/trunk@51590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves an issue where setting up `$_REQUEST['post_type']` and not clearing it afterwards in `Tests_Admin_IncludesScreen::setup_block_editor_test()` started affecting a few `WP_Comments_List_Table` tests after [51997]. It also ensures a similar issue does not inadvertently happen in other tests.
Follow-up to [760/tests], [51997].
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51999
git-svn-id: http://core.svn.wordpress.org/trunk@51588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These were previously combined in the `includesListTable.php` file. Since the tests were specific neither to the `_get_list_table()` function nor the parent `WP_List_Table` class, the naming was confusing, which should now be resolved.
Follow-up to [31730], [38854], [40297], [48151], [48521], [49190], [51993].
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51997
git-svn-id: http://core.svn.wordpress.org/trunk@51586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds CSS for range controls in the Customizer to be as wide as possible allowing for smaller increments to be more easily obtained by the user.
Follow-up to [28930].
Props domainsupport, dlh, sabernhardt, audrasjb.
Fixes#54329.
Built from https://develop.svn.wordpress.org/trunk@51996
git-svn-id: http://core.svn.wordpress.org/trunk@51585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Simplifies the logic for when not in alpha/beta/RC.
The changelog URL is translatable in a few other places in core. This commit uses the same pattern for consistency.
Follow-up to [51985].
Props sergeybiryukov.
Fixes#47848.
Built from https://develop.svn.wordpress.org/trunk@51991
git-svn-id: http://core.svn.wordpress.org/trunk@51580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds e2e tests for 'Edit Posts':
* No posts found
* Shows a single post after publishing
* Edit existing post via Edit button
* Quick edit existing post via Quick Edit button
* Delete post
Props isabel_brison, azaozz, hellofromTonya, justinahinon, talldanwp, youknowriad.
Fixes#49507.
Built from https://develop.svn.wordpress.org/trunk@51990
git-svn-id: http://core.svn.wordpress.org/trunk@51579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds the ability to ''locally'' run visual regression testing for wp-admin pages via `npm run test:visual`. Snapshots are stored on contributors' local machines.
Note:
Wiring to the CI is not included. Why? The challenges for the CI are storage of the artifacts and unreliability of testing these across different environments.
This commit is a first step towards visual regression testing. Running it locally provides a learning opportunity which could help to craft how to build it into the automated CI process.
Props isabel_brison, andraganescu, azaozz, danfarrow, desrosj, hellofromTonya, justinahinon, netweb, talldanwp.
Fixes#49606.
Built from https://develop.svn.wordpress.org/trunk@51989
git-svn-id: http://core.svn.wordpress.org/trunk@51578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comment.
* Add missing space, correct indentation.
* Put opening and closing PHP tag on a line by itself.
* Remove unnecessary escaping for consistency with other strings.
Follow-up to [51980].
See #53658.
Built from https://develop.svn.wordpress.org/trunk@51988
git-svn-id: http://core.svn.wordpress.org/trunk@51577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a new way for users to quickly identify what version of WordPress they are looking at, directly from the "Help" sidebar on the main "Dashboard" page.
* Stable versions will link to their respective support documents.
* Development versions (alpha/beta/RC) will not link anywhere.
Props audrasjb, costdev, donmhico, hellofromtonya, ipstenu, justinahinon, karmatosed, knutsp, marybaum, sergeybiryukov, webcommsat.
Fixes#47848.
Built from https://develop.svn.wordpress.org/trunk@51985
git-svn-id: http://core.svn.wordpress.org/trunk@51574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change prevents non-visible characters in titles from creating encoded values in permalinks, opting instead for the following replacement strategy:
* Non-visible non-zero-width characters are replaced with hyphens
* Non-visible zero-width characters are removed entirely
Included with this change are 64 additional PHPUnit assertions to confirm that only the targeted non-visible characters are sanitized as intended.
Before this change, URLs would unintentionally contain encoded values where these non-visible characters were. After this change, URLs intentionally strip out or hyphenate these non-visible characters.
Props costdev, dhanendran, hellofromtonya, paaljoachim, peterwilsoncc, poena, sergeybiryukov.
Fixes#47912.
Built from https://develop.svn.wordpress.org/trunk@51984
git-svn-id: http://core.svn.wordpress.org/trunk@51573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.
It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.
Props ashfame, audrasjb, iluy, johnbillion.
Fixes #53658.
Built from https://develop.svn.wordpress.org/trunk@51980
git-svn-id: http://core.svn.wordpress.org/trunk@51569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word “we” should be avoided (...) unless its made very clear which group is speaking
(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)
Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.
Fixes #46057.
Built from https://develop.svn.wordpress.org/trunk@51979
git-svn-id: http://core.svn.wordpress.org/trunk@51568 1a063a9b-81f0-0310-95a4-ce76da25c4cd