Follow up to [59224]. Add CSS to cover usage of the `do_accordion_section()` function when used in extender contexts outside of the existing WordPress core usage.
Props mboynes, jorbin, joemcgill, joedolson.
Fixes#62907.
Built from https://develop.svn.wordpress.org/trunk@59772
git-svn-id: http://core.svn.wordpress.org/trunk@59114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a `ReferenceError` caused by a stray Unicode character in the unminified version of moxie.js. This has long been fixed upstream but the library cannot be wholesale updated in WordPress because of an incompatible license change.
Because of this, a new version is being tagged, `1.3.5.1`, and the file header has been updated to make it more clear that the file is a maintained fork with a high level list of changes made.
Props kinggmobb, jorbin, q0rban, azaozz, desrosj, sukhendu2002.
Fixes#59329.
Built from https://develop.svn.wordpress.org/trunk@59770
git-svn-id: http://core.svn.wordpress.org/trunk@59112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress Importer plugin has been maintained separately in a repository on GitHub since 2016. However, the unit tests were left in wordpress-develop due to the lack of a CI setup on GitHub.
With GitHub Actions set up for the plugin repository, these tests are now running in two locations. Because they are more relevant to the plugin itself, the tests have been synced, will run weekly through a `schedule` event, and are now being removed from wordpress-develop.
The only remaining test method in the `import` group covers `get_importers()`, which is a function maintained in WordPress Core itself.
Props frank-klein, netweb, dd32, peterwilsoncc, azaozz, desrosj, swissspidy.
Fixes#42668.
Built from https://develop.svn.wordpress.org/trunk@59769
git-svn-id: http://core.svn.wordpress.org/trunk@59111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of UglifyJS >= 3.18.0, the default behavior is to process input as an ES module. This updates the relevant configurations to ensure the build process continues to use the previous behavior to avoid JavaScript errors in the minified versions of files.
Follow up to [58563], [58586], and [59509].
Props siliconforks, nataliat2004, poena, mai21, SergeyBiryukov.
Fixes#62767. See #61519, #62220.
Built from https://develop.svn.wordpress.org/trunk@59768
git-svn-id: http://core.svn.wordpress.org/trunk@59110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces normalization a number of arguments passed to `WP_Query` to increase cache hits for equivalent requests. For example `author__in => [ 1, 2 ]` and `author__in => [ 2, 1 ]` will now hit the same cache.
Prior to generating the SQL request and cache key, the following are sorted, made unique and type cast as appropriate.
* `post_type` when passed as an array
* `post_status` when passed as an array
* `term_query`s containing `terms`
* `cat`
* `category__in`
* `category__not_in`
* `category__and`
* `tag_slug__in`
* `tag__in`
* `tag__not_in`
* `tag__and`
* `tag_slug__in`
* `tag_slug__and`
* `post_parent__not_in`
* `author`
* `author__not_in`
* `author__in`
The following are sorted for the purposes of generating the cache key and SQL `WHERE` clause but unmodified for use in the `ORDER BY` SQL clause:
* `post_name__in`
* `post__in`
* `post_parent__in`
This commit includes changes to unrelated tests, assertions in `Tests_Query_ParseQuery::test_parse_query_cat_array_mixed()` and `WP_Test_REST_Posts_Controller::test_get_items_not_sticky_with_exclude()` have been modified to account for the sorting of the items above.
Props thekt12, peterwilsoncc, spacedmonkey, joemcgill, flixos90, mukesh27, pbearne, swissspidy.
Fixes#59516.
Built from https://develop.svn.wordpress.org/trunk@59766
git-svn-id: http://core.svn.wordpress.org/trunk@59108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both `name` and `label` properties are required when registering a block style. If the label is missing, assign `name` as the value for the `label`, to ensure the property is defined. This avoids a PHP warning in such case.
Props poena, Rahmohn, aaronrobertshaw, audrasjb, rinkalpagdar.
Fixes#52592.
Built from https://develop.svn.wordpress.org/trunk@59760
git-svn-id: http://core.svn.wordpress.org/trunk@59102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Values passed to parameters with this attribute will be redacted if present in a stack trace when using PHP 8.2 or later. This reduces the chance that passwords and security keys get accidentally exposed in debug logs and bug reports.
Props petitphp, TobiasBg, jrf, johnbillion.
Fixes#57304
Built from https://develop.svn.wordpress.org/trunk@59754
git-svn-id: http://core.svn.wordpress.org/trunk@59096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the subsequent redirect to behave as expected if a site is using a strict referrer policy on the front end which prevents the full referrer from being sent.
Props zodiac1978, yogeshbhutkar, hbhalodia, mukesh27.
Fixes#62881
Built from https://develop.svn.wordpress.org/trunk@59753
git-svn-id: http://core.svn.wordpress.org/trunk@59095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces a job matrix for the "current", "before", and "base" performance tests to replace the current behaviour of running them sequentially in a single job. This speeds up the overall performance testing workflow and also reduces the chance of any given test interfering with another, for example by making a change to data in the database that affects a subsequent test.
Props johnbillion, swissspidy, dmsnell, joemcgill.
See #62221
Built from https://develop.svn.wordpress.org/trunk@59749
git-svn-id: http://core.svn.wordpress.org/trunk@59091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When originally committed, this code was targeting 6.7.1. However, it was not backported and included in 6.7.1. Will this be followed up by another version change? You'll need to stay tuned to next week's episode of "As the WordPress Turns" to find out!
Follow-up to [59285] and [59364].
See #62270.
Built from https://develop.svn.wordpress.org/trunk@59747
git-svn-id: http://core.svn.wordpress.org/trunk@59089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Custom post types may contain underscores, however block template registration has been using a regular expression that disallows underscores. Since the block template name for certain templates is directly associated with which post type it applies to, this regular expression was causing unexpected failures. This changeset adjusts the regular expression to allow block template names with underscore characters, effectively allowing block templates to be registered for any custom post type.
Props alexandrebuffet, ankitkumarshah, gaambo, jorbin, karthickmurugan, oglekler, poena, sukhendu2002.
Fixes#62523.
Built from https://develop.svn.wordpress.org/trunk@59742
git-svn-id: http://core.svn.wordpress.org/trunk@59084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations. To date, updates have only been merged into Core when problems arise using a highly manual process.
This introduces the `certificates:upgrade` Grunt task to automate the process of updating the included bundle with upstream changes using Composer to manage versioning.
The legacy 1024bit certificates included for backwards compatibility are now maintained in a separate file that is prepended to the built version of the bundle during the relevant Grunt tasks. Some expired certificates from this list have been removed:
- Cybertrust Global Root (expired 2021-12-15)
- Thawte Server CA (expired 2020-12-31)
- Thawte Premium Server CA (expired 2020-12-31)
The Dependabot configuration has also been updated to open pull requests when new releases occur upstream. Going forward, the recommendation is to create a task ticket for updating these certificates with each release when an update is published. See #62811 for an example of this.
Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry.
Fixes#62812. See #62811, 50828.
Built from https://develop.svn.wordpress.org/trunk@59740
git-svn-id: http://core.svn.wordpress.org/trunk@59082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On some instances of Windows, the assertions seem to find additional nodes. As this test is just about verifying that the handlers get called, not about testing the functionality of the handlers, we can adjust the assertion to look for a minimum number of nodes rather than exact number.
Follow-up to [59062].
Props yogeshbhutkar, hellofromTonya, SergeyBiryukov, coquardcyr, jrf, benniledl, desrosj, jorbin.
Fixes#62110. See #62061.
Built from https://develop.svn.wordpress.org/trunk@59739
git-svn-id: http://core.svn.wordpress.org/trunk@59081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Display a message notifying the user of an incorrect password when submitting the post password form. Improve the accessibility of the form by adding a required attribute for consistent identification.
Props henry.wright, jonnyauk, kreppar, tommusrhodus, joedolson, audrasjb, jdahir0789, parthvataliya, dhruvang21.
Fixes#37332.
Built from https://develop.svn.wordpress.org/trunk@59736
git-svn-id: http://core.svn.wordpress.org/trunk@59078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Deprecate the actions `setted_transient` and `setted_site_transient` in favour of `set_transient` and `set_site_transient` respectively.
This serves two purposes, the name is consistent with the transient specific actions `set_(site_)_transient_{$transient}`, and to make the names grammatically correct.
Props sukhendu2002, swissspidy, johnbillion, peterwilsoncc.
Fixes#62849.
Built from https://develop.svn.wordpress.org/trunk@59735
git-svn-id: http://core.svn.wordpress.org/trunk@59077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces plugin sanitized names with an auto increment integer to fix an issue with accordions displaying privacy policies for plugins with special characters in their names.
Follow-up to [50161].
Props ecgan, sabernhardt, audrasjb.
Fixes#62713.
Built from https://develop.svn.wordpress.org/trunk@59732
git-svn-id: http://core.svn.wordpress.org/trunk@59074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset allows for block metadata collections to be registered for almost any source, such as MU plugins, themes, or custom directories with e.g. symlinked plugins or symlinked themes. Prior to the change, block metadata collections could only be registered for plugins and WordPress Core.
There are still safeguards in place to prevent registration of collections in locations that would cause conflicts. For example, it is not possible to register a collection for the entire `wp-content/plugins` directory or the entire `wp-content/themes` directory, since such a collection would conflict with any specific plugin's or theme's collection. In case developers would like to enable this safeguard for their own custom directories, they can use the new `wp_allowed_block_metadata_collection_roots` filter.
Props assassinateur, bowedk, desrosj, dougwollison, flixos90, glynnquelch, gziolo, jorbin, mreishus, swissspidy.
Fixes#62140.
Built from https://develop.svn.wordpress.org/trunk@59730
git-svn-id: http://core.svn.wordpress.org/trunk@59072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the `skipTestOnTimeout()` method will catch a timeout and prevent it from causing a test to fail, other errors such as a failed DNS lookup or HTTPS handshake can still cause a test to unnecessarily fail. This introduces a simple retry mechanism that will hopefully further reduce the flakiness of tests that perform HTTP API requests.
Fixes#62830
Built from https://develop.svn.wordpress.org/trunk@59729
git-svn-id: http://core.svn.wordpress.org/trunk@59071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue introduced in [59134] that prevented manual entry of a page number in the pagination input field from navigating pages. Requiring validation of the bulk actions input also impacted other inputs nested in the same form.
Also fixes a pre-existing bug where it was not possible to navigate to page 1 using the input field.
Props ffffelix, im3dabasia1, apermo, rishavdutta, joedolson, swissspidy, jorbin, joedolson.
Fixes#62534.
Built from https://develop.svn.wordpress.org/trunk@59727
git-svn-id: http://core.svn.wordpress.org/trunk@59069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The intention of these headers is to prevent any form of caching, whether that's in the browser or in an intermediate cache such as a proxy server. These directives instruct an intermediate cache to not store the response in their cache for any user – not just for logged-in users.
This does not affect the caching behaviour of assets within a page such as images, CSS, and JavaScript files.
Props kkmuffme, devansh2002, johnbillion.
Fixes#61942
Built from https://develop.svn.wordpress.org/trunk@59724
git-svn-id: http://core.svn.wordpress.org/trunk@59066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because the build process test workflow accepts an input for runner image, older workflows still use `ubuntu-latest`. This adjusts a conditional check to be more broad, allowing any `ubuntu-` image to match.
Follow up to [59720].
See #62221.
Built from https://develop.svn.wordpress.org/trunk@59722
git-svn-id: http://core.svn.wordpress.org/trunk@59064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using the `ubuntu-latest`, `macos-latest`, and `windows-latest` runner image tags is convenient, it has proven to be problematic in a number of instances as the runners are slowly updated (see #62808 and #62843).
This switches all workflows to using specific version tags representing the latest non-preview versions, which currently are as follows:
- `ubuntu-24.04`
- `windows-2022`
- `macos-14`
Props swissspidy, johnbillion.
See #62221.
Built from https://develop.svn.wordpress.org/trunk@59720
git-svn-id: http://core.svn.wordpress.org/trunk@59062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The menu, menu item, and menu location endpoints were added to the REST API in [52079]. In that commit, menu data was treated as private and restricted to logged-in users with the edit_theme_options capability. However, in many cases, this data can be considered public. Previously, there was no simple way for developers to allow this data to be exposed via the REST API.
This commit introduces the rest_menu_read_access filter, enabling developers to control read access to menus, menu items, and menu locations in the REST API. The same filter is applied across all three REST API classes, simplifying the process of opting into exposing this data.
Each instance of the filter provides the current request and the relevant class instance as context, allowing developers to selectively or globally enable access to the data.
Props spacedmonkey, antonvlasenko, kadamwhite, julianmar, masteradhoc.
Fixes#54304.
Built from https://develop.svn.wordpress.org/trunk@59718
git-svn-id: http://core.svn.wordpress.org/trunk@59060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following GitHub Actions to their latest versions:
- `actions/cache`
- `actions/checkout`
- `actions/setup-node`
- `actions/upload-artifact`
- `codecov/codecov-action`
- `shivammathur/setup-php`
See #62221.
Built from https://develop.svn.wordpress.org/trunk@59716
git-svn-id: http://core.svn.wordpress.org/trunk@59058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replaced the raw SQL query in the `wp_get_post_autosave` function with a `WP_Query` call. This change improves code maintainability and replaces the raw SQL query with a cacheable query via `WP_Query`.
Props narenin, swissspidy, mukesh27, spacedmonkey, im3dabasia1.
Fixes#62658.
Built from https://develop.svn.wordpress.org/trunk@59715
git-svn-id: http://core.svn.wordpress.org/trunk@59057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This sets the same referrer policy of `strict-origin-when-cross-origin` that's used in the admin area to prevent a referrer being sent to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within the URL.
The header can be disabled if necessary by removing the `wp_admin_headers` action from the `login_init` hook.
Props kkmuffme, sagarlakhani, albatross10
Fixes#62273
See #42036
Built from https://develop.svn.wordpress.org/trunk@59712
git-svn-id: http://core.svn.wordpress.org/trunk@59054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
