Whether App Passwords are being used is a global featurel, not a per-network feature. This fixes issues on Multi Network installs if App Passwords are used on a different network from where they were created.
Props spacedmonkey.
Fixes#51939.
See [49752].
Merges [49764] to the 5.6 branch.
Built from https://develop.svn.wordpress.org/branches/5.6@49765
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The main element must not appear as a descendant of the section element. Correct markup is the first requirement to make user agents and assistive technologies work properly.
Changes the <section> element that was wrapping the <main> element to a <div>.
Follow-up to [45942] for Twenty Nineteen.
Props albertomake, poena.
Reviewed by SergeyBiryukov, peterwilsoncc.
Merges [49759] to the 5.6 branch.
Fixes#51944.
Built from https://develop.svn.wordpress.org/branches/5.6@49760
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Reviewed by TimothyBlynJacobs, helen.
Merges [49752] to the 5.6 branch.
Fixes#51939.
Built from https://develop.svn.wordpress.org/branches/5.6@49754
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an error on PHP 8 caused by calling `wp_imagecreatetruecolor()` with inputs that aren't numeric, or are less than 0.
Props hellofromtonya, Boniu91, metalandcoffee, SergeyBiryukov.
Reviewed by SergeyBiryukov, iandunn.
Merges [49751] to the 5.6 branch.
Fixes#51937.
Built from https://develop.svn.wordpress.org/branches/5.6@49753
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `date_i18n` function is now used when formatting the dates in PHP instead of `gmdate` which doesn't handle localization properly.
Additionally, we now use a translation to get the date format to use instead of pulling from the `date_format` option which is only supposed to affect the front-end.
Lastly, when passing the date format to the Backbone JS template, we now use `wp_json_encode()` to format the value for JavaScript. This ensures that backslashes are properly preserved which are used by some locales to escape date formatting control characters.
Props pedromendonca, TimothyBlynJacobs, ocean90, hellofromtonya, SergeyBiryukov, antpb.
Reviewed by TimothyBlynJacobs, SergeyBiryukov.
Merges [49746] to the 5.6 branch.
Fixes#51918.
See [35811].
Built from https://develop.svn.wordpress.org/branches/5.6@49747
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r49212 greatly improved the performance of `get_dirsize()`, but also changed the structure of the data stored in the `dirsize_cache` transient. It stored relative paths instead of absolute ones, and also removed the unnecessary `size` array.
That difference in data structures led to a fatal error in the following environment:
* PHP 8
* Multisite
* A custom `WP_CONTENT_DIR` which is not a child of WP's `ABSPATH` folder (e.g., [https://roots.io/bedrock/ Bedrock])
* The `upload_space_check_disabled` option set to `0`
After upgrading to WP 5.6, the `dirsize_cache` transient still had data in the old format. When `wp-admin.php/index.php` was visited, `get_space_used()` received an `array` instead of an `int`, and tried to divide it by another `int`. PHP 7 would silently cast the arguments to match data types, but [https://wiki.php.net/rfc/arithmetic_operator_type_checks PHP 8 throws a fatal error]:
`Uncaught TypeError: Unsupported operand types: array / int`
`recurse_dirsize()` was using `ABSPATH` to convert the absolute paths to relative ones, but some upload locations are not located under `ABSPATH`. In those cases, `$directory` and `$cache_path` were identical, and that triggered the early return of the old `array`, instead of the expected `int`.
In order to avoid that, this commit restores the absolute paths, but without the `size` array. It also adds a type check when returning cached values. Using absolute paths without `size` has the result of overwriting the old data, so that it matches the new format. The type check and upgrade routine are additional safety measures.
Props peterwilsoncc, janthiel, helen, hellofromtonya, francina, pbiron.
Reviewed by SergeyBiryukov, iandunn.
Merges [49744] to the 5.6 branch.
Fixes#51913. See #19879.
Built from https://develop.svn.wordpress.org/branches/5.6@49745
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with the same check in `core_upgrade_preamble()` and avoids a PHP warning if `$cur->version` is not set.
Additionally, remove the check for `$cur->url` property, unused since [8595].
Follow-up to [49708], [49709].
Props pbiron, afragen, audrasjb.
Reviewed by azaozz, SergeyBiryukov.
Merges [49736] to the 5.6 branch.
Fixes#51892.
Built from https://develop.svn.wordpress.org/branches/5.6@49743
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
This merges [45114] into the 5.6 branch
See #45114
Built from https://develop.svn.wordpress.org/branches/5.6@49732
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This will be the final sync from GitHub before placing that repository into read-only mode. All further changes should now flow entirely through Trac.
For a full list of changes since [49633], see 1d5a895...53acd9b.
Props poena, luminuu, kjellr, ryelle, allancole, melchoyce, felipeelia, aljullu, kebbet, chaton666, Clorith, mkaz, ingereck, paaljoachim.
Reviewed by desrosj, SergeyBiryukov.
Merges [49726] to the 5.6 branch.
Fixes#51526.
Built from https://develop.svn.wordpress.org/branches/5.6@49728
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API requests in Site Health and App Passwords now include `_locale=user` in the request URL to ensure the user's locale is used instead of the site locale. Additionally, the `apiRequest` library now sends a JSON `Accept` header which is required by `determine_locale()` to respect the `_locale` query parameter.
The Site Health REST API controllers now manually load the default admin textdomain if not `is_admin()`. This allows for the Site Health tests to be translated even though the translations are part of the administration project and the REST API is not.
Props oglekler, kebbet, Clorith, TimothyBlynJacobs, ocean90, SergeyBiryukov, adamsilverstein.
Reviewed by TimothyBlynJacobs, SergeyBiryukov.
Merges [49716] to the 5.6 branch.
Fixes#51871.
Built from https://develop.svn.wordpress.org/branches/5.6@49724
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As a best practice, strings available for translation should contain entire sentences whenever possible.
Splitting a sentence in two parts and putting them back together after translation should be avoided, as the word order in other languages can be different from English.
Props tobifjellner, kebbet, audrasjb, mukesh27, hellofromTonya, azaozz, SergeyBiryukov.
Reviewed by azaozz, SergeyBiryukov.
Merges [49722] to the 5.6 branch.
Fixes#51893.
Built from https://develop.svn.wordpress.org/branches/5.6@49723
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace the placeholder links now that the posts have been published. This also updates the jQuery plugin links to to local-site links, if the user can install plugins.
Follow-up to [49640].
Props mukesh27, ocean90.
Reviewed by ryelle, SergeyBiryukov.
Merges [49702] to the 5.6 branch.
See #51415.
Built from https://develop.svn.wordpress.org/branches/5.6@49715
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the message is displayed when the `WP_AUTO_UPDATE_CORE` constant is set to `beta` or `rc` and the user is on a development version.
Follow-up to [49245], [49254], [49292], [49638], [49708].
Props afragen, audrasjb, azaozz, SergeyBiryukov.
Reviewed by azaozz, SergeyBiryukov.
Merges [49709] and [49668] to the 5.6 branch.
Fixes#51822.
Built from https://develop.svn.wordpress.org/branches/5.6@49712
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Captions are uploaded in the block editor, and not created in the editor.
* Avoid making an invalid claim of WCAG 2.1 conformance or trivialize the efforts still required to build an accessible and compliant site.
Follow-up to [49640].
Props joedolson.
Reviewed by ryelle, SergeyBiryukov.
Merges [49674] to the 5.6 branch.
See #51415.
Built from https://develop.svn.wordpress.org/branches/5.6@49687
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Clarifies that if you are on maintenance/security auto-updates that you are only on those and therefore there are more options available.
* Adds a message if a version control system has been detected, as automatic updates are disabled in that case.
* Ensures only one heading between `update available`, `you are on a dev version`, and `you are on latest` appears at any given time, falling back to `you are on latest` if something strange happens with the returned update data.
* Removes some older strings related to auto-updates, which greatly simplifies the above.
* Strips the `core-major-auto-updates-saved` query arg from the URL, as it is related to a dismissible notice.
Props audrasjb, pbiron, helen.
Fixes#51742.
Built from https://develop.svn.wordpress.org/trunk@49638
git-svn-id: http://core.svn.wordpress.org/trunk@49376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings some consistency with the other similar actions:
* `pre_get_comments`
* `pre_get_networks`
* `pre_get_posts`
* `pre_get_sites`
* `pre_user_query`
Follow-up to [29363] and [37572].
Props andy, adamsilverstein, hellofromTonya, desrosj, SergeyBiryukov.
Fixes#50961.
Built from https://develop.svn.wordpress.org/trunk@49637
git-svn-id: http://core.svn.wordpress.org/trunk@49375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords introduced a new Rewrite Rule to handle the Authorization header on certain systems.
This bumps the database version and updates the file so the change is applied to sites upon upgrading to 5.6.
Follow-up to [49534].
Props pbiron, TimothyBlynJacobs, SergeyBiryukov.
Fixes#51723.
Built from https://develop.svn.wordpress.org/trunk@49632
git-svn-id: http://core.svn.wordpress.org/trunk@49370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes the "There is a more recent autosave of your changes" notice from not
being removed when the dismiss button is clicked.
The problem is caused by the notice being initialized twice: once by the
`common` script and then again by the `customize-controls` script.
This temporary fix prevents `customize-controls` from initializing a notice if
it has already been initialized.
A better fix would be to not initialize notices twice. This can be done by
removing `common` as a dependency of `updates` when `deprecateL10nObject` is
removed.
When this happens (est: 5.7), this temporary fix should be reverted.
Fixes#51425.
See #51317.
Props karthikbhatb, dlh, SergeyBiryukov.
Built from https://develop.svn.wordpress.org/trunk@49625
git-svn-id: http://core.svn.wordpress.org/trunk@49363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When multiple CSS classes are added to a menu item, the nav_menu_link_attributes
filter should be called with $item->classes set to an array of CSS class names.
When previewing in the Customizer, however, a single string was being passed to
$item->classes because WP_Customize_Nav_Menu_Item_Setting::preview() bypasses
wp_update_nav_menu_item() and instead uses filter_wp_get_nav_menu_items().
The fix is to make filter_wp_get_nav_menu_items() match what
wp_update_nav_menu_item() does and split the string into an array.
Fixes#43113.
Props dlh.
Built from https://develop.svn.wordpress.org/trunk@49624
git-svn-id: http://core.svn.wordpress.org/trunk@49362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This largely reverts [49563] due to attachment pages returning 404: File not found errors when they use the `inherit` status.
Permalink changes to attachment pages are retained when they are descendants of trashed or deleted posts.
Props Toro_Unit, helen, johnbillion, peterwilsoncc.
Fixes#51776.
See #5272.
Built from https://develop.svn.wordpress.org/trunk@49622
git-svn-id: http://core.svn.wordpress.org/trunk@49360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks.
This change fixes an instance of `libxml_disable_entity_loader()` within the getID3 library that has not yet been included in a tagged release for the library.
Props jrf, hellofromtonya.
Fixes#50898.
Built from https://develop.svn.wordpress.org/trunk@49621
git-svn-id: http://core.svn.wordpress.org/trunk@49359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
Built from https://develop.svn.wordpress.org/trunk@49617
git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move the pre_render_block, render_block_data, and render_block_context
filters from render_block() to WP_Block. This ensures that they are
called for all blocks, including nested blocks, not just top-level
blocks.
Fixes#51612.
Props gaambo, gziolo, TimothyBlynJacobs.
Built from https://develop.svn.wordpress.org/trunk@49608
git-svn-id: http://core.svn.wordpress.org/trunk@49346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This test already ensures `WP_Scripts->do_concat` is true, therefore it has no dependency on `SCRIPT_DEBUG` being false. This means the test can run in an environment where the `.min` suffix is not used.
This change allows for the test to pass in this situation.
See #36392, #51734, #51344
Built from https://develop.svn.wordpress.org/trunk@49601
git-svn-id: http://core.svn.wordpress.org/trunk@49339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds clearer messages about what your current settings mean for updates, uses a more compact link-based action instead of a checkbox to change the setting, and respects constants and filters.
Props audrasjb, karmatosed, helen, azaozz, hedgefield, marybaum.
Fixes#51742.
Built from https://develop.svn.wordpress.org/trunk@49587
git-svn-id: http://core.svn.wordpress.org/trunk@49325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This converts strings using Title Case to sentence case, which is currently preferred for consistency (see discussions on #40244).
Also included is the replacement of an escaped apostrophe with `’`, which is also preferred per the Internationalization guidelines.
See #51526.
Built from https://develop.svn.wordpress.org/trunk@49578
git-svn-id: http://core.svn.wordpress.org/trunk@49316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In addition to syncing the latest changes, this change also merges the theme’s `.scss` files and other related build tool configurations required to compile the theme’s CSS.
This will allow development of the theme to continue on Trac after 5.6 is released and the GitHub repository is archived.
For a full list of changes since [], see e7d5991...aa284fd.
Props poena, luminuu kjellr, aristath, justinahinon.
See #51526.
Built from https://develop.svn.wordpress.org/trunk@49574
git-svn-id: http://core.svn.wordpress.org/trunk@49312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Its presence may conflict with `WP_Post::__get()`, which should generally fill the non-existent `post_category` property, but is not triggered if the column exists in the database.
Follow-up to [10895].
Props leogermani, davidbaumwald, hellofromTonya.
Fixes#51288.
Built from https://develop.svn.wordpress.org/trunk@49572
git-svn-id: http://core.svn.wordpress.org/trunk@49310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows other users of the WordPress unit test suite framework to run their own unit tests without needing the GD extension, which should only be a requirement if running core tests.
Follow-up to [49535].
Props jamescollins.
Fixes#50640.
Built from https://develop.svn.wordpress.org/trunk@49571
git-svn-id: http://core.svn.wordpress.org/trunk@49309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Deleting all visible items on the last page of the media library previously left a blank page with no media items available. Using `wp_count_attachements` instead of `found_posts` solves the problem.
Props donsony, karmatosed, desrosj, mista-flo, justinahinon.
Fixes#39968.
Built from https://develop.svn.wordpress.org/trunk@49567
git-svn-id: http://core.svn.wordpress.org/trunk@49305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add check to `redirect_canonical()` to ensure the destination post is not using a private post status.
Props dd32, Denis-de-Bernardy, donmhico, helen, nacin, peterwilsoncc, pishmishy, TimothyBlynJacobs, tzafrir, Viper007Bond, whyisjake.
Fixes#5272.
Built from https://develop.svn.wordpress.org/trunk@49563
git-svn-id: http://core.svn.wordpress.org/trunk@49301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is due to the new `before|after_sidebar` args, which are empty by default, but can introduce markup that causes admin JS to stop working.
Also adds documentation for the `sprintf()` on `before_sidebar`.
Props audrasjb, lpointet.
See #19709.
Built from https://develop.svn.wordpress.org/trunk@49560
git-svn-id: http://core.svn.wordpress.org/trunk@49298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sets a defined size for text alongside the media browser uploader button fixing alignment on popular browsers.
Props krupajnanda, mikeschroder, aaroncampbell, lucagrandicelli, andraganescu, samful, sabernhardt, andystitt829, kburgoine.
Fixes#41648
Built from https://develop.svn.wordpress.org/trunk@49553
git-svn-id: http://core.svn.wordpress.org/trunk@49291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.
Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes#51580.
Built from https://develop.svn.wordpress.org/trunk@49549
git-svn-id: http://core.svn.wordpress.org/trunk@49287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [48937], [48939], [48940], [48944].
See #38266.
Built from https://develop.svn.wordpress.org/trunk@49547
git-svn-id: http://core.svn.wordpress.org/trunk@49285 1a063a9b-81f0-0310-95a4-ce76da25c4cd