Exit early when parsing Application Password credentials if Authorization header value does not contain at least one colon. The `Authorization` Basic header must use a colon to separate the username and password components per RFC 7617, so a username-only string is malformed and should not be processed.
Split `Authorization` header only on the first colon, properly handling passwords containing colons.
Resolves PHP 8.0 warning when `list()` was called on an exploded credentials array containing only one element.
Props kalpeshh, shooper, sc0ttkclark, jrf, mukesh27, oglekler, nicolefurlan.
Fixes#57512.
Built from https://develop.svn.wordpress.org/trunk@56804
git-svn-id: http://core.svn.wordpress.org/trunk@56316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Follow up to [56022] to fix inability to set a date/time in quick editing. Allow a user to set a quick/edit date while preventing accidental date assignments per the original intent.
Props tristanleboss, ivanzhuck, tibbsa, sabernhardt, sergeybiryukov, oandregal, khokansardar, joedolson, shailu25.
Fixes#59125. See #19907.
Built from https://develop.svn.wordpress.org/trunk@56802
git-svn-id: http://core.svn.wordpress.org/trunk@56314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the `$autoload` parameter of `update_option()` alongside an option value update, prior to this changeset the function would update the incorrect cache, not respecting the new autoload value. This could have severe implications such as returning a stale option value when the option in fact had already been deleted.
This changeset fixes the bug alongside test coverage that failed with `trunk` but now passes.
Props kkmuffme, pentatonicfunk, SergeyBiryukov, oglekler, azaozz, spacedmonkey, nicolefurlan, joemcgill, flixos90.
Fixes#51352.
Built from https://develop.svn.wordpress.org/trunk@56796
git-svn-id: http://core.svn.wordpress.org/trunk@56308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to better align the navigation fallback implementation with core architecture and best practices.
The function that updates the `wp_navigation` post response schema is now a public method of the `WP_Navigation_Fallback` class, so an extra file previously used for that specific function is no longer necessary.
Follow-up to [56052].
Props ramonopoly, scruffian, isabel_brison, mukesh27, swissspidy, rajinsharwar, afercia, audrasjb, mikeschroder, JeffPaul, johnjamesjacoby, TimothyBlynJacobs, oglekler, SergeyBiryukov.
Fixes#58910.
Built from https://develop.svn.wordpress.org/trunk@56793
git-svn-id: http://core.svn.wordpress.org/trunk@56305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because the contents of binary files are not included in patches by default, occasionally empty versions of these files are committed on accident. This is the most commonly happens within default themes because they usually contain image and font files.
This adds a job to the theme related GitHub Action workflow that checks for the presence of zero-byte files so that these instances are caught more easily.
Props costdev, hellofromTonya, luminuu, onemaggie.
Fixes#59527.
Built from https://develop.svn.wordpress.org/trunk@56792
git-svn-id: http://core.svn.wordpress.org/trunk@56304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When calling `update_option()` with value `false` on a non-existent option, prior to [56681] the function would have returned `false` and not stored the value in the database, since the given value was the same as the default.
The aforementioned changeset broke that promise with good intention, however this particular change was a backward compatibility break and therefore is resolved here.
Props mukesh27, costdev.
Fixes#22192.
Built from https://develop.svn.wordpress.org/trunk@56788
git-svn-id: http://core.svn.wordpress.org/trunk@56300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a follow-up to [56528], which normalizes the `BLOCKS_PATH` for Windows prior to making paths relative for caches during the registration process. Prior to this change, incorrect file paths would lead to broken styles for core blocks on Windows.
Props wildworks, pbiron, flixos90, joemcgill.
Fixes#59489. See #59111.
Built from https://develop.svn.wordpress.org/trunk@56785
git-svn-id: http://core.svn.wordpress.org/trunk@56297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset:
- Replaces `body` with `html` for the first CSS selector that makes text white against a dark background
- Moves `twentytwenty_block_editor_styles()` from the `enqueue_block_editor_assets` action to `enqueue_block_assets` for WordPress 6.3 and later
- Removes the obsolete `twentytwenty-block-editor-script` from the styles function to avoid an error in the iframe
Props floydwilde, poena, huzaifaalmesbah, greenshady, sabernhardt, audrasjb, pooja1210, shailu25, joemcgill.
Fixes#59086.
Built from https://develop.svn.wordpress.org/trunk@56783
git-svn-id: http://core.svn.wordpress.org/trunk@56295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [53947], all workflows will automatically be restarted once in an attempt to rule out reasons for failures, such as timeouts or network hiccups.
Second attempt at [56404], which was previously reverted in [56407].
See #58867.
Built from https://develop.svn.wordpress.org/trunk@56780
git-svn-id: http://core.svn.wordpress.org/trunk@56292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Expanding and synchronizing documentation for the `default` and `rating` arguments.
* Adding `@since` entries for the `loading`, `fetchpriority`, and `decoding` arguments.
* Wrapping long lines as per the documentation standards.
* Fixing a typo in the `identicon` value.
* Minor formatting edits for consistency.
Follow-up to [31107], [45632], [47554], [53480], [56037].
See #58833.
Built from https://develop.svn.wordpress.org/trunk@56767
git-svn-id: http://core.svn.wordpress.org/trunk@56279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `_register_theme_block_patterns` function imposed a significant resource overhead. This issue primarily stems from themes, such as TT4, that register a substantial number of block patterns. These patterns necessitate numerous file operations, including file lookups, file reading into memory, and related processes. To provide an overview, the _register_theme_block_patterns function performed the following file operations:
- is_dir
- is_readable
- file_exists
- glob
- file_get_contents (utilized via get_file_data)
To address these issues, caching using a transient has been added to a new function call `_wp_get_block_patterns`. If theme development mode is disabled and theme exists, the block patterns are saved in a transient cache. This cache is used all requests after that, saving file lookups and reading files into memory. Cache invalidation is done, when themes are switched, deleted or updated. Meaning that block patterns are not stored in the cache incorrectly.
Props flixos90, joemcgill, peterwilsoncc, costdev, swissspidy, aristath, westonruter, spacedmonkey.
Fixes#59490
Built from https://develop.svn.wordpress.org/trunk@56765
git-svn-id: http://core.svn.wordpress.org/trunk@56277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-Four (TT4) updates for 6.4 Beta 2.
Changes include bugfixes from the theme's development repo since Beta 1 such as:
* Renamed patterns and images
* Improved image descriptions
* Polished a few of the templates to fit better the design
* Addressed some a11y concerns.
* Changed the required version to 6.4, aligning it with the last few default themes since we are making use of some of the features that will make it to 6.4, such as aspect ratio.
Follow-up to [56726], [56721], [56716].
Props onemaggie, desrosj, mukesh27.
Fixes#59524.
Built from https://develop.svn.wordpress.org/trunk@56764
git-svn-id: http://core.svn.wordpress.org/trunk@56276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [53941], the addition of query caching to `WP_Query` brought about an unintended issue when querying for fields equal to id=>parent. Specifically, on websites with object caching enabled and a substantial number of pages, the second run of this query triggered the `_prime_post_caches` function for id=>parent. This led to the unnecessary priming of post, meta, and term caches, even when only id and parent information were requested.
This commit addresses this issue by introducing a new function, `_prime_post_parents_caches`, which primes a dedicated cache for post parents. This cache is primed during the initial query execution. Subsequently, the `wp_cache_get_multiple` function is employed to retrieve all post parent data in a single object cache request, optimizing performance.
Additionally, this commit extends the coverage of existing unit tests to ensure the reliability of the changes.
Props kevinfodness, joemcgill, peterwilsoncc, LinSoftware, thekt12, spacedmonkey.
Fixes#59188
Built from https://develop.svn.wordpress.org/trunk@56763
git-svn-id: http://core.svn.wordpress.org/trunk@56275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a simplified version of Twenty Twenty-Three theme that helps testing Block Hooks integration. The theme contains:
- The required index.html template.
- The optional single.html template used with tests.
- 3 template parts where two of them reference patterns.
- 3 patterns referenced in the templates and the template parts.
New tests automatically register 4 custom blocks with the test theme where each of them hooks into another block using all four target relative positions: `before`, `after`, `firstChild`, `lastChild`.
The tests verify that the block gets hooked into the correct positions when targeting:
- template
- template part
- pattern
Props ockham, costdev.
See #59313, #59383.
Follow-up [56610].
Built from https://develop.svn.wordpress.org/trunk@56759
git-svn-id: http://core.svn.wordpress.org/trunk@56271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This was causing a `_doing_it_wrong()` notice from `wp_remove_surrounding_empty_script_tags()`. In fact, the `type` attribute was added in [56748] to test this incorrect usage notice. This commit reverts that change.
Follow-up to [56748].
Unprops westonruter.
See #58664.
Built from https://develop.svn.wordpress.org/trunk@56750
git-svn-id: http://core.svn.wordpress.org/trunk@56262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since IE11 is no longer supported, the `URL` and `URLSearchParams` APIs can now be leveraged for simpler and more robust URL manipulation. This was done similarly in [56383] for `embed.js`.
Props nicolefurlan, dmsnell, westonruter.
Fixes#59480.
Built from https://develop.svn.wordpress.org/trunk@56749
git-svn-id: http://core.svn.wordpress.org/trunk@56261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.
Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.
Built from https://develop.svn.wordpress.org/trunk@56748
git-svn-id: http://core.svn.wordpress.org/trunk@56260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In cases where `WP_Comment_Query` or `get_comments` is employed with the 'count' parameter set to true, specify 'order by' as 'none'. Since these queries serve solely to determine the count of comments matching specific query parameters, the 'order by' clause becomes redundant and places unnecessary strain on the database server, resulting in slower query execution. Given that count queries are executed on every admin request to retrieve comment counts, this change enhances the performance of the wp-admin interface.
Props guss77, davidbaumwald, SergeyBiryukov, westonruter, peterwilsoncc, foliovision, hareesh-pillai, spacedmonkey.
Fixes#58368
Built from https://develop.svn.wordpress.org/trunk@56747
git-svn-id: http://core.svn.wordpress.org/trunk@56259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Correct an issue where meta values containing characters like quote `”` could not be previewed on published posts. The function `update_metadata` expects data to be slashed.
Also, add a test to confirm that storing JSON data which requires slashing in autosave meta works as expected, and improve naming for a data provider added in [56714].
Follow up to [56714].
Props mukesh27, spacedmonkey.
Fixes#20564.
Built from https://develop.svn.wordpress.org/trunk@56745
git-svn-id: http://core.svn.wordpress.org/trunk@56257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the context of register_block_script_handle, the get_block_asset_url function may return false when an empty string is provided as the input. This behavior is intended to prevent the generation of invalid URLs. However, when the script loading strategy is set to "defer" while passing false, it triggers a "doing it wrong" message.
This situation becomes problematic, especially for scenarios where the scripts haven't been built yet. In such cases, the realpath call returns an empty string because the file doesn't exist. To address this issue, we now perform a simple check to ensure that the script URI is not empty before applying the "defer" loading strategy. This adjustment prevents unnecessary deferral of loading for scripts with empty URIs.
Follow on from [56683] and [56033].
Props kebbet, mukesh27, swissspidy, westonruter, spacedmonkey.
Fixes#59475
Built from https://develop.svn.wordpress.org/trunk@56744
git-svn-id: http://core.svn.wordpress.org/trunk@56256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.
Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].
Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56743
git-svn-id: http://core.svn.wordpress.org/trunk@56255 1a063a9b-81f0-0310-95a4-ce76da25c4cd