Commit Graph

1978 Commits

Author SHA1 Message Date
Peter Wilson 8c3dd2eb88 General: Remove `noopener` from links opening in a new tab.
Removes the automatic addition of `rel="noopener noreferrer"` from links targeting a new tab or window, `target='_blank'`. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

* `wp_targeted_link_rel()`
* `wp_targeted_link_rel_callback()`
* `wp_init_targeted_link_rel_filters()`: converted to a noop function
* `wp_remove_targeted_link_rel_filters()`: converted to a noop function

The deprecated functions are retained in `formatting.php` as in `SHORTINIT` mode the file is included while `deprecated.php` is not.

This also removes the `noopener` from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

Built from https://develop.svn.wordpress.org/trunk@59120


git-svn-id: http://core.svn.wordpress.org/trunk@58516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-30 05:19:16 +00:00
hellofromTonya 9160482cf3 Code Modernization: Fix trigger_error() with E_USER_ERROR deprecation in wp_trigger_error().
PHP 8.4 deprecates the use of `trigger_errror()` with `E_USER_ERROR` as the error level, as there are a number of gotchas to this way of creating a `Fatal Error` (`finally` blocks not executing, destructors not executing). The recommended replacements are either to use exceptions or to do a hard `exit`.

WP has its own `wp_trigger_error()` function, which under the hood calls `trigger_error()`. If passed `E_USER_ERROR` as the `$error_level`, this will hit the PHP 8.4 deprecation.

Now, there were basically three options:
* Silence the deprecation until PHP 9.0 and delay properly solving this until then. This would lead to an awkward solution, as prior to PHP 8.0, error silencing would apply to all errors, while, as of PHP 8.0, it will no longer apply to fatal errors. It also would only buy us some time and wouldn't actually solve anything.

* Use `exit($status)` when `wp_trigger_error()` is called with `E_USER_ERROR`. This would make the code untestable and would disable handling of these errors via custom error handlers, which makes this an undesirable solution.

* Throw an exception when `wp_trigger_error()` is called with `E_USER_ERROR`. This makes for the most elegant solution with the least BC-breaking impact, though it does open it up to the error potential being "caught" via a `try-catch`. That's not actually a bad thing and is likely to only happen for those errors which can be worked around, in which case, it's a bonus that that's now possible.

The third option is implemented which:
* Introduces a new `WP_Exception` class.
* Starts using `WP_Exception` in the `wp_trigger_error()` function when the `$error_level` is set to `E_USER_ERROR`.

This change is covered by pre-existing tests, which have been updated to expect the exception instead of a PHP error.

Why not use `WP_Error`?

Well, for one, this would lead to completely different behaviour (BC).

As `WP_Error` doesn't extend `Exception`, the program would not be stopped, but would continue running, which would be a much bigger breaking change and carries security risks. `WP_Error` also doesn't natively trigger displaying/logging of the error message, so in that case, it would still need an `exit` with the error message, bringing us back to point 2 above.

Introducing `WP_Exception` provides (essentially) the same behaviour in that it retains the fatal error and error message displaying/logging behaviors. It also introduces a base Exception class, from which future exception classes can extend.

References:
* https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_passing_e_user_error_to_trigger_error
* https://www.php.net/manual/en/migration80.incompatible.php

Follow-up to [56530].

Props jrf, hellofromTonya.
See #62061.
Built from https://develop.svn.wordpress.org/trunk@59107


git-svn-id: http://core.svn.wordpress.org/trunk@58503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 19:28:14 +00:00
Sergey Biryukov 3cd067ee34 General: Add missing `initial-scale` value in viewport meta tags.
The viewport meta should include `initial-scale=1.0` to ensure that high DPI/mobile display works as expected.

References:
* [https://css-tricks.com/probably-use-initial-scale1/ CSS-Tricks: Probably Use initial-scale=1]
* [https://www.sitepoint.com/community/t/is-it-necessary-to-include-initial-scale-1-0-in-the-meta-viewport-tag/455119 SitePoint Forums: Is it necessary to include initial-scale=1.0 in the meta viewport tag?]

Follow-up to [59026].

Props dhruvang21, sabernhardt, kkmuffme, mukesh27, narenin, swissspidy, SergeyBiryukov.
Fixes #61988.
Built from https://develop.svn.wordpress.org/trunk@59027


git-svn-id: http://core.svn.wordpress.org/trunk@58423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-17 00:03:54 +00:00
Felix Arntz 4e167c593d Options, Meta APIs: Explicitly pass `$autoload` parameter to when potentially adding new options.
It is recommended that for every option it is explicitly set whether to autoload it or not. This changeset updates relevant `update_option()` and `add_option()` calls.

Note that the `$autoload` parameter is only needed for `update_option()` if the option is potentially not present yet, i.e. the call will pass through to `add_option()`. Since WordPress core adds the majority of its options to the database during installation, only `update_option()` calls for dynamically added options need to be modified, which is what this changeset does.

As part of revisiting the autoload values for dynamically added WordPress core options, this changeset modifies some options to no longer be autoloaded, since they are only accessed in a few specific places that are not relevant for a regular request. These options are:
* `recently_activated`
* `_wp_suggested_policy_text_has_changed`
* `{upgradeLock}.lock`
* `dashboard_widget_options`
* `ftp_credentials`
* `adminhash`
* `nav_menu_options`
* `wp_force_deactivated_plugins`
* `delete_blog_hash`
* `allowedthemes`
* `{sessionId}_paused_extensions`
* `recovery_keys`
* `https_detection_errors`
* `fresh_site`

An upgrade routine is present as well that sets those options to no longer autoload for existing sites.

Props pbearne, flixos90, mukesh27, swissspidy, SergeyBiryukov, joemcgill, adamsilverstein.
Fixes #61103.

Built from https://develop.svn.wordpress.org/trunk@58975


git-svn-id: http://core.svn.wordpress.org/trunk@58371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-03 18:19:14 +00:00
Peter Wilson 78a0c7a5b3 Date/Time: Prevent type errors in `current_time()`.
Prevents a potential type error when calling `current_time( 'timestamp' )` by casting `get_option( 'gmt_offset' )` to a float prior to performing calculations with the value.

This mainly accounts for incorrect storage of values, such as an empty string or city name.

Follow up to [45856], [55054], [55598].

Props hellofromtonya, peterwilsoncc, rarst, costdev, Nick_theGeek, SergeyBiryukov, johnbillion, desrosj, reputeinfosystems, audrasjb, oglekler.
Fixes #57035.

Built from https://develop.svn.wordpress.org/trunk@58923


git-svn-id: http://core.svn.wordpress.org/trunk@58319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-08-22 23:27:24 +00:00
noisysocks 3a703f86cd Media: Automatically convert HEIC images to JPEG
Automatically create a JPEG version of uploaded HEIC images if the server has
a version of Imagick that supports HEIC. Conversion is done silently through
the existing `WP_Image_Editor` infrastructure that creates multiple sizes of
uploaded images.

This allows users to view HEIC images in WP Admin and use them in their posts
and pages regardless of whether their browser supports HEIC. Browser support
for HEIC is relatively low (only Safari) while the occurrence of HEIC images is
relatively common. The original HEIC image can be downloaded via a link on
the attachment page.

Props adamsilverstein, noisysocks, swissspidy, spacedmonkey, peterwilsoncc.
Fixes #53645.

Built from https://develop.svn.wordpress.org/trunk@58849


git-svn-id: http://core.svn.wordpress.org/trunk@58245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-08-05 04:13:15 +00:00
Peter Wilson 066d83f670 General: Removing static from `wp_get_wp_version()`.
Removes the static storing the version number in `wp_get_wp_version()` to ensure the version number is reported correctly after a WordPress upgrade is completed.

Reverts [58827].

Props costdev, SergeyBiryukov, Cybr.
See #61782.

Built from https://develop.svn.wordpress.org/trunk@58848


git-svn-id: http://core.svn.wordpress.org/trunk@58244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-08-04 22:09:18 +00:00
Peter Wilson 6a559b739b General: Use clean WordPress version in `is_wp_version_compatible()`.
Update `is_wp_version_compatible()` to use `wp_get_wp_version()` introduced in [58813] to ensure the value of `$wp_version` has not been modified by a theme or plugin.

Props costdev, mukesh27, Cybr, sergeybiryukov.
Fixes #61781.


Built from https://develop.svn.wordpress.org/trunk@58843


git-svn-id: http://core.svn.wordpress.org/trunk@58239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-08-02 22:38:15 +00:00
Sergey Biryukov 12991d53a4 General: Memoize the return value in `wp_get_wp_version()`.
This aims to optimize performance by saving the return value to a static variable, so that the `version.php` file is not unnecessarily required on each function call.

Follow-up to [58813].

Props Cybr, debarghyabanerjee, mukesh27.
Fixes #61782. See #61627.
Built from https://develop.svn.wordpress.org/trunk@58827


git-svn-id: http://core.svn.wordpress.org/trunk@58223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-29 15:02:17 +00:00
Sergey Biryukov eb33b8b4f7 General: Move `wp_get_wp_version()` to a more appropriate place.
This places the function in a more predictable location, next to the `is_wp_version_compatible()` and `is_php_version_compatible()` functions.

Follow-up to [58813].

See #61627.
Built from https://develop.svn.wordpress.org/trunk@58826


git-svn-id: http://core.svn.wordpress.org/trunk@58222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-29 14:52:19 +00:00
Peter Wilson dd21bf5f22 General: Introduce `wp_get_wp_version()` to get unmodified version.
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.

Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.

Props debarghyabanerjee, afragen, costdev.
See #61627.


Built from https://develop.svn.wordpress.org/trunk@58813


git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-27 00:27:16 +00:00
Aaron Jorbin 23b0fdc142 General: Provide _is_utf8_charset() in compat.php for early use
#61182 introduced is_utf8_charset() as a way of standardizing checks for charset slugs referring to UTF-8. This is called by _mb_strlen() inside of compat.php, but is_utf8_charset() is defined in functions.php, which isn't loaded early on. Code calling mb_strlen() early on before functions.php loads in hosts without the multibyte extension therefore may crash.

Props dmsnell, jonsurrell, joemcgill, jorbin.
Fixes #61681.

Built from https://develop.svn.wordpress.org/trunk@58763


git-svn-id: http://core.svn.wordpress.org/trunk@58165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-18 18:04:11 +00:00
dmsnell b7b504dc0d Fix phpdoc nullable types in some files.
It was found that in several places in the HTML API and its supporting files,
the wrong form of type annotation was used for optional parameters.

Instead of using `?type`, this patch uses `type|type-of-default-value` instead,
noting where important if the parameter is optional, and if so, what its default
value is.

Developed in https://github.com/WordPress/wordpress-develop/pull/7031
Discussed in https://core.trac.wordpress.org/ticket/61399

Props dmsnell, jonsurrell.
See #61399.

Built from https://develop.svn.wordpress.org/trunk@58742


git-svn-id: http://core.svn.wordpress.org/trunk@58144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-17 00:53:17 +00:00
Sergey Biryukov 667521c97f Filesystem API: Add a return value for `wp_delete_file()`.
This addresses a discrepancy where using `unlink()` allows for checking if it was successful via the return value, but `wp_delete_file()` did not have a return value, making it impossible to verify the result without doing overhead checks if the file still exists.

This also brings more consistency with the other `wp_delete_*()` functions, specifically:

* `wp_delete_file_from_directory()`
* `wp_delete_post()`
* `wp_delete_post_revision()`
* `wp_delete_attachment()`
* `wp_delete_attachment_files()`
* `wp_delete_comment()`
* `wp_delete_nav_menu()`
* `wp_delete_term()`
* `wp_delete_site()`
* `wp_delete_user()`

Includes adding basic unit tests for `wp_delete_file()`.

Follow-up to [31575].

Props bedas, debarghyabanerjee, mukesh27, SergeyBiryukov.
Fixes #61590.
Built from https://develop.svn.wordpress.org/trunk@58715


git-svn-id: http://core.svn.wordpress.org/trunk@58117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-13 05:03:16 +00:00
Sergey Biryukov 61c8c315a9 Code Modernization: Replace `substr( PHP_OS, 0, 3 )` calls with `PHP_OS_FAMILY`.
The `PHP_OS_FAMILY` constant indicates the operating system family PHP was built for, and is available as of PHP 7.2.0.

Reference: [https://www.php.net/manual/en/reserved.constants.php#constant.php-os-family PHP Manual: Predefined Constants: PHP_OS_FAMILY].

Follow-up to [23255], [57753], [57985], [58678].

Props ayeshrajans, jrf.
See #61574.
Built from https://develop.svn.wordpress.org/trunk@58684


git-svn-id: http://core.svn.wordpress.org/trunk@58086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-07 12:44:16 +00:00
Aaron Jorbin 9da0418c41 Filesystem: Normalize allowed_files so comparison is apples to apples.
In [58470] a change was made to normalize the filename in validate_file, however this leads to instances where the list of files that are allowed aren't normalized such as in the theme editor. By normalizing the array, the comparison is apples to apples.

Fixes #61488.
Props jorbin, hellofromtonya, swissspidy, misulicus, script2see, Presskopp, audrasjb, peterwilsoncc, siliconforks, littler.chicken, paulkevan,

Built from https://develop.svn.wordpress.org/trunk@58570


git-svn-id: http://core.svn.wordpress.org/trunk@58018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-25 14:19:12 +00:00
audrasjb abc2db829a Editor: Fix Path Traversal issue on Windows in Template-Part Block.
Props xknown.



Built from https://develop.svn.wordpress.org/trunk@58470


git-svn-id: http://core.svn.wordpress.org/trunk@57919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-24 14:38:16 +00:00
Pascal Birchler ac8ac3941b Build/Test Tools: add new end-to-end tests for edge cases such as maintenance mode.
Sometimes errors only occur in unusual code paths such as the maintenance mode or installation screens. Due to lack of tests for these scenarios in core, such errors are usually only noticed very late. This change adds new end-to-end (e2e) tests to prevent regressions in the following areas:

- Maintenance mode (presence of a `.maintenance` file)
- Fatal error handler (simulated with an mu-plugin that causes an error)
- Installation screen (verifying full installation flow & that there are no database errors)

Thanks to these tests, an issue was already found and addressed in the default `wp_die` handler, as `wp_robots_noindex_embeds` and `wp_robots_noindex_search` used to cause PHP warnings due to `$wp_query` not existing.

In the future, these tests can be extended to also test scenarios like localized error pages via `wp_load_translations_early()`.

Fixes #61240.
Built from https://develop.svn.wordpress.org/trunk@58430


git-svn-id: http://core.svn.wordpress.org/trunk@57879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-18 08:20:08 +00:00
hellofromTonya b5ec907fb0 Code Modernization: Use wp_trigger_error() instead of trigger_error().
Replaces `trigger_error()` with `wp_trigger_error()`.

The usage of `wp_trigger_error()` avoids generating `E_USER` family errors unless `WP_DEBUG` is on. In doing so, users should not see these messages in normal production.

Notes:
* Removes `E_USER_NOTICE` when passed as an argumnent, as it's the default error level.
* An empty string is passed for the function name when its name is already in the error message or does not add value to the error message.
* Externally maintained libraries are not included.

Follow-up to [55204], [25956], [29630], [38883], [52062], [52049], [54272], [38883], [55245], [51599], [14452], [38883], [24976].

Props prasadkarmalkar, rajinsharwar, thelovekesh, hellofromTonya, swissspidy. 
Fixes #59652.
Built from https://develop.svn.wordpress.org/trunk@58409


git-svn-id: http://core.svn.wordpress.org/trunk@57858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-13 20:50:14 +00:00
Weston Ruter 7529944c8d General: Fix array format for allowed HTML passed into wp_kses() for wp_trigger_error().
Kses requires an associative array of allowed HTML.

See #57686. Follow-up to [56707].

Props thelovekesh, westonruter.
Fixes #61318.

Built from https://develop.svn.wordpress.org/trunk@58361


git-svn-id: http://core.svn.wordpress.org/trunk@57810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-07 16:50:15 +00:00
audrasjb a0ba76dec8 Editor: Expose the Site Editor Patterns page for classic themes.
The Site Editor Patterns page was exposed internally for the Classic theme as of WP6.5. As we aim to officially expose the new Patterns page as of WP6.6, this changeset makes the following changes available when a classic themes is activated:

- Link Appearance > Patterns submenu to the Site Editor Patterns page located at `wp-admin/site-editor.php?path=/patterns
- Remove Template Parts submenu

Props wildworks, audrasjb, ironprogrammer, azaozz, youknowriad.
Fixes #61109.



Built from https://develop.svn.wordpress.org/trunk@58278


git-svn-id: http://core.svn.wordpress.org/trunk@57738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-02 08:17:17 +00:00
Sergey Biryukov eba0df8c7b Docs: Correct the placement of `@global` tags in various files.
Follow-up to [6589], [8598], [10798], [25490], [25594], [31192], [31194], [35718], [37437], [44169], [44948], [45247], [56763], [56773], [57370], [57503].

Props shailu25.
Fixes #61295.
Built from https://develop.svn.wordpress.org/trunk@58200


git-svn-id: http://core.svn.wordpress.org/trunk@57663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-05-26 20:51:13 +00:00
dmsnell c4ff251f13 Move is_utf8_charset() into functions.php
This caused issues in maintenance mode, and it's not warranted to have
its own module. This will live alongside `_canonical_charset()`, it's
partner function.

Fixes: #61182.
Props: dmsnell, sergeybiryukov, swisspiddy.
Follow-up to: [58148].

Built from https://develop.svn.wordpress.org/trunk@58169


git-svn-id: http://core.svn.wordpress.org/trunk@57632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-05-18 18:22:14 +00:00
dmsnell d30cd41ed4 Normalize UTF-8 charset slug detection.
There are several exist places in Core that attempt to detect if a blog charset
is UTF-8. Each place attempts to perform the same check, except the logic is
spread throughout and there's no single method provided to make this
determination in a consistent way. The `_canonical_charset()` method exists,
but is marked private for use.

In this patch the new `unicode` module provides `is_utf8_charset()` as a method
taking an optional charset slug and indicating if it represents UTF-8,
examining all of the allowable variants of that slug. Associated code is
updated to use this new function, including `_canonical_charset()`. If no slug
is provided, it will look up the current `get_option( 'blog_charset' )`.

Finally, the test functions governing `_canonical_charset()` have been
rewritten as a single test with a data provider instead of as separate test
functions.

Developed in https://github.com/WordPress/wordpress-develop/pull/6535
Discussed in https://core.trac.wordpress.org/ticket/61182

Fixes #61182.
Props dmsnell, jonsurrell.

Built from https://develop.svn.wordpress.org/trunk@58147


git-svn-id: http://core.svn.wordpress.org/trunk@57612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-05-14 18:05:11 +00:00
Pascal Birchler 960c3631e4 REST API: Ensure attachments are uploaded to the post's year/month folder.
If organizing uploads into month- and year-based folders, uploading an attachment to an existing post should store the file in `wp-content/uploads/<year>/<month>` based on the post's publish date. This is in line with the behavior in classic editor / the media modal.

Props swissspidy, adamsilverstein, timothyblynjacobs, skithund, sergeybiryukov, patricia70.
Fixes #61189.
Built from https://develop.svn.wordpress.org/trunk@58130


git-svn-id: http://core.svn.wordpress.org/trunk@57595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-05-10 18:59:11 +00:00
Pascal Birchler 00d06db33d Docs: Fix various typos and spelling mistakes.
Props swissspidy, jucaduca, sergeybiryukov.
See #60699.
Built from https://develop.svn.wordpress.org/trunk@57987


git-svn-id: http://core.svn.wordpress.org/trunk@57473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-12 17:47:13 +00:00
Sergey Biryukov c518c3a924 Docs: Correct `@since` version for status code 425 in `get_status_header_desc()`.
Follow-up to [57936].

See #60942.
Built from https://develop.svn.wordpress.org/trunk@57937


git-svn-id: http://core.svn.wordpress.org/trunk@57438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-07 11:22:08 +00:00
Sergey Biryukov 70e045910b HTTP API: Add support for a description for HTTP status code 425 (Too Early).
Reference: [https://datatracker.ietf.org/doc/rfc8470/ RFC 8470: Using Early Data in HTTP].

Follow-up to [5446], [6104], [10740], [27422], [36274], [36294], [42207].

Props kkmuffme, mukesh27, joemcgill.
Fixes #60942.
Built from https://develop.svn.wordpress.org/trunk@57936


git-svn-id: http://core.svn.wordpress.org/trunk@57437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-07 11:18:17 +00:00
audrasjb 5cdfecb35e Docs: Update various HelpHub links to avoid unnecessary redirections.
Follow-up to [57793], [57798], [57800].

Props mkismy.
See #60732, #60699.




Built from https://develop.svn.wordpress.org/trunk@57801


git-svn-id: http://core.svn.wordpress.org/trunk@57302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-03-11 14:08:10 +00:00
Peter Wilson 25ae4b9733 Upgrade/Install: Normalize major versions in `is_wp_version_compatible()`.
Modify `is_wp_version_compatible()` to return the expected result for major WordPress versions formatted as either `x.x` or `x.x.0` (for example `6.5` and `6.5.0`).

The WordPress project currently documents major version numbers in both formats leading to confusion for developers using the `is_wp_version_compatible()` function. As the PHP function `version_compare()` treats `x.x` and `x.x.0` as different version numbers this leads to unexpected results in the WP function.

This change removes a trailing `.0` from major version numbers to account for the WordPress project using the two formats interchangeably.

Props afragen, azaozz, costdev, joemcgill, jorbin, kkmuffme, sessioncookiemonster, swissspidy, wazeter.
Fixes #59448.

Built from https://develop.svn.wordpress.org/trunk@57707


git-svn-id: http://core.svn.wordpress.org/trunk@57208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-25 22:17:13 +00:00
spacedmonkey 31a092799f REST API: Provide detailed error data in REST API response.
When the fatal error handler is triggered within a REST API request, it currently utilizes wp_die to display a specially formatted error response. However, crucial information captured by the fatal error handler, such as the exact line where the error occurred, is not included in the response due to potential security concerns, such as leaking file paths.

To address this limitation and aid developers in debugging, this enhancement introduces the inclusion of error data in the response when the `WP_DEBUG_DISPLAY` constant is set to true. This additional data, appended under the new key error_data, will facilitate more thorough debugging for REST API errors.

Props ecc, spacedmonkey, TimothyBlynJacobs, rcorrales.
Fixes #60014.
Built from https://develop.svn.wordpress.org/trunk@57610


git-svn-id: http://core.svn.wordpress.org/trunk@57111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-13 09:10:08 +00:00
joedolson 7464bdc47a Administration: Improve contrast and consistency of focus styles.
Apply new focus styles from WordPress 5.3 more broadly. An updated focus style for form inputs, buttons, and link styled as buttons was added in WordPress 5.3; this commit makes other focus styles consistent with those changes so they meet accessibility standards for color contrast.

Props johnbillion, kebbet, joedolson, afercia.
Fixes #51870.
Built from https://develop.svn.wordpress.org/trunk@57553


git-svn-id: http://core.svn.wordpress.org/trunk@57054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-07 16:56:13 +00:00
costdev c60fc98b33 Upgrade/Install: Introduce Plugin Dependencies.
Introduces a new "Requires Plugins" plugin header so that plugin developers can list the slugs of the plugins theirs depends on.

This will inform users of the requirements, and provide links to the WordPress.org Plugins Repository that they can click to install and activate the dependencies first.

Plugins whose requirements are not met cannot be installed or activated, and they will be deactivated automatically if their requirements become unmet.
Plugins that others rely on cannot be deactivated or deleted until their dependent plugins are deactivated or deleted.

In memory of Alex Mills and Alex King.
WordPress Remembers.

Props ahoereth, afragen, alanfuller, alexkingorg, amykamala, anonymized_10690803, apeatling, ashfame, atimmer, audrasjb, aristath, azaozz, batmoo, beaulebens, blobaugh, bobbingwide, boonebgorges, brianhenryie, chanthaboune, chrisdavidmiles, coolmann, costdev, courane01, danielbachhuber, davidperez, dd32, Denis-de-Bernardy, dingo_d, DJPaul, dougal, DrewAPicture, ethitter, filosofo, georgestephanis, giuseppemazzapica-1, goldenapples, griffinjt, hellofromTonya, husobj, ideag, jarednova, jbobich, jbrinley, jltallon, joedolson, johnciacia, johnjamesjacoby, joppuyo, jsmoriss, karmatosed, kebbet, knutsp, kraftbj, kraftner, kurtpayne, lkraav, logikal16, luisherranz, man4toman, markjaquith, matt, mbijon, megphillips91, mikeschinkel, mordauk, morehawes, mrwweb, mte90, mukesh27, mzaweb, nacin, norcross, nvwd, nwjames, obliviousharmony, ocean90, oglekler, paaljoachim, pauldewouters, pbaylies, pbiron, peterwilsoncc, Philipp15b, poena, pogidude, retlehs, rmccue, ryan, sabreuse, sc0ttkclark, scribu, sereedmedia, SergeyBiryukov, ShaneF, shidouhikari, soean, spacedmonkey, stephenh1988, swissspidy, taylorde, tazotodua, threadi, TimothyBlynJacobs, TJNowell, tollmanz, toscho, tropicalista, Viper007Bond, westi, whiteshadow, williamsba1, wpsmith, ZaneMatthew.
Fixes #22316.
Built from https://develop.svn.wordpress.org/trunk@57545


git-svn-id: http://core.svn.wordpress.org/trunk@57046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-06 23:46:14 +00:00
youknowriad cb6c706152 Editor: Show the patterns page for classic themes.
Block themes and classic themes with template parts support 
can already access the patterns list within the site editor.
This adds a "Patterns" menu item under Appearance for classic themes
without template parts support.

Props wildworks, kevin940726, aaronrobertshaw, fabiankaegy, swissspidy, get_dave, kebbet.
Fixes #58827.
Built from https://develop.svn.wordpress.org/trunk@57543


git-svn-id: http://core.svn.wordpress.org/trunk@57044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-06 19:42:13 +00:00
Sergey Biryukov 98b3a8d314 Coding Standards: Rename the `$expires_offset` variable in `cache_javascript_headers()`.
This resolves a WPCS warning:
{{{
Variable "$expiresOffset" is not in valid snake_case format, try "$expires_offset"
}}}

Follow-up to [4109], [21996].

See #59650.
Built from https://develop.svn.wordpress.org/trunk@57532


git-svn-id: http://core.svn.wordpress.org/trunk@57033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-05 03:42:11 +00:00
Adam Silverstein f94f194552 Media: enable AVIF support.
Add support for uploading, editing and saving AVIF images when supported by the server.

Add 'image/avif' to supported mime types. Correctly identify AVIF images and sizes even when PHP doesn't support AVIF. Resize uploaded AVIF files (when supported) and use for front end markup.

Props adamsilverstein, lukefiretoss, ayeshrajans, navjotjsingh, Tyrannous, jb510, gregbenz, nickpagz, JavierCasares, mukesh27, yguyon, swissspidy.
Fixes #51228.


Built from https://develop.svn.wordpress.org/trunk@57524


git-svn-id: http://core.svn.wordpress.org/trunk@57025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-02 17:48:15 +00:00
Pascal Birchler a8616f8e33 Docs: Fix typo in `do_robots()` docblock.
This was introduced in [45928].

Props shailu25, mukesh27.
Fixes #60405.
Built from https://develop.svn.wordpress.org/trunk@57509


git-svn-id: http://core.svn.wordpress.org/trunk@57010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-01 08:40:16 +00:00
Pascal Birchler c6ccfb1242 I18N: Introduce a more performant localization library.
This introduces a more lightweight library for loading `.mo` translation files which offers increased speed and lower memory usage.
It also supports loading multiple locales at the same time, which makes locale switching faster too.

For plugins interacting with the `$l10n` global variable in core, a shim is added to retain backward compatibility with the existing `pomo` library.

In addition to that, this library supports translations contained in PHP files, avoiding a binary file format and leveraging OPCache if available.
If an `.mo` translation file has a corresponding `.l10n.php` file, the latter will be loaded instead.
This behavior can be adjusted using the new `translation_file_format` and `load_translation_file` filters.

PHP translation files will be typically created by downloading language packs, but can also be generated by plugins.
See https://make.wordpress.org/core/2023/11/08/merging-performant-translations-into-core/ for more context.

Props dd32, swissspidy, flixos90, joemcgill, westonruter, akirk, SergeyBiryukov.
Fixes #59656.
Built from https://develop.svn.wordpress.org/trunk@57337


git-svn-id: http://core.svn.wordpress.org/trunk@56843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-23 13:34:11 +00:00
Felix Arntz e19c18cba9 Bootstrap/Load: Introduce functions to check whether WordPress is serving a REST API request.
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.

Both functions should only be used after the `parse_request` action.

All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.

A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.

Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes #42061.

Built from https://develop.svn.wordpress.org/trunk@57312


git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-19 17:40:09 +00:00
audrasjb 855c1b55d6 Docs: Improve `wp_admin_notice()` function docblock.
This changeset adds a description for the `attributes` key of `$args` in `wp_admin_notice()`.

Props tmatsuur.
Fixes #59887.




Built from https://develop.svn.wordpress.org/trunk@57279


git-svn-id: http://core.svn.wordpress.org/trunk@56785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-14 08:42:19 +00:00
hellofromTonya d30fe43245 Docs: Replace "sanity" with "confidence" for inclusive language.
The phrase "sanity check" unnecessarily references mental health. It's an old phrase used to denote an extra step in verifying code works as expected.

“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

While "sanity check" is a well-known phrase with a specific meaning, "confidence check" is a direct replacement that is more clear of its intent while being more inclusive.

Words matter.

Follow-up to [49216], [46271], [40583], [38832], [38637], [37409], [33359], [32162], [30346], [30345], [30238], [30055], [29902], [28763], [26141], [25002], [22227], [13428], [12148], [11025], [8927].

Props dartiss, hellofromTonya.
Fixes #60187.
Built from https://develop.svn.wordpress.org/trunk@57239


git-svn-id: http://core.svn.wordpress.org/trunk@56745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-03 21:59:19 +00:00
Sergey Biryukov a0504e8091 Text Changes: Update mentions of “web site” to “website” for consistency.
While “web site” was the original spelling, this variant has become rarely used, and “website” is now the standard spelling, already used throughout most of the WordPress core.

Reference: [https://en.wikipedia.org/wiki/Website Wikipedia: Website].

Props LiamMcArthur, cafenoirdesign, sabbirshouvo, sabernhardt, ironprogrammer, mukesh27.
Fixes #59853, #54276.
Built from https://develop.svn.wordpress.org/trunk@57131


git-svn-id: http://core.svn.wordpress.org/trunk@56642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-11-22 17:44:24 +00:00
Sergey Biryukov dd3b952a10 General: Rename `wp_json_encode()` parameters for parity with PHP Core.
`wp_json_encode()` is a wrapper for the PHP native `json_encode()` function with some extra safety checks.

This commit renames the `$data` parameter in the `wp_json_encode()` function and associated functions to `$value`, and the `$options` parameter to `$flags` for parity with the parameter names used in PHP Core.

Reference: [https://www.php.net/manual/en/function.json-encode.php PHP Manual: json_encode()].

Follow-up to [30055].

Props jrf, hellofromTonya.
Fixes #59630.
Built from https://develop.svn.wordpress.org/trunk@57130


git-svn-id: http://core.svn.wordpress.org/trunk@56641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-11-21 00:24:20 +00:00
Bernhard Reiter 2e0baf4f79 Blocks: Fix layout support to be compatible with enhanced pagination.
Make layout support compatible with enhanced pagination by ensuring that generated class names are stable across pagination, even when the number of rendered posts is different.

With the previous implementation of enhanced pagination, the CSS corresponding to each block was not detected. Therefore, for enhanced pagination to work correctly, the CSS of the blocks present in the Post Template must be stable on all pages.

The number of posts rendered by the Query block is always the same, except in the last page, where it can be only a fraction. If any of the blocks rendered by the Post Template used the `wp_unique_id` function, the ID (which is incremental) would have been different than in the previous pages and the class names would have varied.

This is remediated by this changeset by replacing the usage of `wp_unique_id` in the layout support (which is used by the Query block) with an implementation that uses IDs that are incremental only for that block. That way, the generated class names are never affected by the number of times `wp_unique_id` runs.

Props luisherranz, andrewserong, isabel_brison, costdev, mukesh27, cbravobernal, hellofromTonya, jorbin.
Fixes #59681.
Built from https://develop.svn.wordpress.org/trunk@56994


git-svn-id: http://core.svn.wordpress.org/trunk@56505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-24 08:51:24 +00:00
Weston Ruter 2869e3a186 Administration: Remove deprecated `unload` event handlers and use `pagehide` (and `pageshow`) when appropriate.
Use `pagehide` event instead of `unload` in the following cases:

* For classic editor to release the post lock.
* In Text widget to rebuild editor after dragging widget to new location in classic widgets interface.
* To clear out the `window.name` when navigating away from a post preview.
* To suspend heartbeat, while also using `pageshow` event to resume as if it had been a focused tab in case page restored from bfcache. 

Also:

* Remove obsolete mobile cleanup code in `js/_enqueues/lib/gallery.js` (introduced in [9894]). Do same for `src/js/_enqueues/wp/media/models.js` (introduced in [22872]). See #22552.
* Remove obsolete Firefox-specific workaround in `js/_enqueues/wp/mce-view.js` from [39282]. See #38511.

Fixes #55491.
Props spenserhale, westonruter, adamsilverstein, azaozz, shawfactor, peterwilsoncc, swissspidy.
Built from https://develop.svn.wordpress.org/trunk@56809


git-svn-id: http://core.svn.wordpress.org/trunk@56321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-09 21:31:27 +00:00
spacedmonkey 5283300aac Query: Improve caching behavior for WP_Query when retrieving id=>parent fields
In [53941], the addition of query caching to `WP_Query` brought about an unintended issue when querying for fields equal to id=>parent. Specifically, on websites with object caching enabled and a substantial number of pages, the second run of this query triggered the `_prime_post_caches` function for id=>parent. This led to the unnecessary priming of post, meta, and term caches, even when only id and parent information were requested.

This commit addresses this issue by introducing a new function, `_prime_post_parents_caches`, which primes a dedicated cache for post parents. This cache is primed during the initial query execution. Subsequently, the `wp_cache_get_multiple` function is employed to retrieve all post parent data in a single object cache request, optimizing performance.

Additionally, this commit extends the coverage of existing unit tests to ensure the reliability of the changes.

Props kevinfodness, joemcgill, peterwilsoncc, LinSoftware, thekt12, spacedmonkey.
Fixes #59188
Built from https://develop.svn.wordpress.org/trunk@56763


git-svn-id: http://core.svn.wordpress.org/trunk@56275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-03 15:01:21 +00:00
Sergey Biryukov ffd72aac28 Coding Standards: Remove redundant ignore annotations, take 5.
The `VariableAnalysis` standard is not used by WP Core.

Follow-up to [50958], [51003], [52049], [52051], [52069], [53072], [54132], [55132], [56363], [56738], [56743], [56751], [56752].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56753


git-svn-id: http://core.svn.wordpress.org/trunk@56265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-02 11:27:24 +00:00
Weston Ruter a20cb28d14 Script Loader: Harden removal of script tag wrappers.
* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.

Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.

Built from https://develop.svn.wordpress.org/trunk@56748


git-svn-id: http://core.svn.wordpress.org/trunk@56260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 19:47:21 +00:00
Sergey Biryukov 440b8c2aba Coding Standards: Remove redundant ignore annotations, take 2.
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.

Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56743


git-svn-id: http://core.svn.wordpress.org/trunk@56255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 12:21:24 +00:00
Sergey Biryukov b2c997556a Bootstrap/Load: Remove a redundant `continue` statement in `add_magic_quotes()`.
Follow-up to [48205], [48440].

Props Cybr.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56732


git-svn-id: http://core.svn.wordpress.org/trunk@56244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-27 09:42:24 +00:00