Removes the automatic addition of `rel="noopener noreferrer"` from links targeting a new tab or window, `target='_blank'`. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.
Deprecates:
* `wp_targeted_link_rel()`
* `wp_targeted_link_rel_callback()`
* `wp_init_targeted_link_rel_filters()`: converted to a noop function
* `wp_remove_targeted_link_rel_filters()`: converted to a noop function
The deprecated functions are retained in `formatting.php` as in `SHORTINIT` mode the file is included while `deprecated.php` is not.
This also removes the `noopener` from links hard coded within the WordPress dashboard linking to documentation and other resources.
Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes#53843.
Built from https://develop.svn.wordpress.org/trunk@59120
git-svn-id: http://core.svn.wordpress.org/trunk@58516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is recommended that for every option it is explicitly set whether to autoload it or not. This changeset updates relevant `update_option()` and `add_option()` calls.
Note that the `$autoload` parameter is only needed for `update_option()` if the option is potentially not present yet, i.e. the call will pass through to `add_option()`. Since WordPress core adds the majority of its options to the database during installation, only `update_option()` calls for dynamically added options need to be modified, which is what this changeset does.
As part of revisiting the autoload values for dynamically added WordPress core options, this changeset modifies some options to no longer be autoloaded, since they are only accessed in a few specific places that are not relevant for a regular request. These options are:
* `recently_activated`
* `_wp_suggested_policy_text_has_changed`
* `{upgradeLock}.lock`
* `dashboard_widget_options`
* `ftp_credentials`
* `adminhash`
* `nav_menu_options`
* `wp_force_deactivated_plugins`
* `delete_blog_hash`
* `allowedthemes`
* `{sessionId}_paused_extensions`
* `recovery_keys`
* `https_detection_errors`
* `fresh_site`
An upgrade routine is present as well that sets those options to no longer autoload for existing sites.
Props pbearne, flixos90, mukesh27, swissspidy, SergeyBiryukov, joemcgill, adamsilverstein.
Fixes#61103.
Built from https://develop.svn.wordpress.org/trunk@58975
git-svn-id: http://core.svn.wordpress.org/trunk@58371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.
Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.
Props debarghyabanerjee, afragen, costdev.
See #61627.
Built from https://develop.svn.wordpress.org/trunk@58813
git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to:
* Perform the checks as early as possible to avoid redundant function calls.
* Remove an empty conditiaonal branch and make the exit conditions clearer.
* Bring the formatting in line with other multi-line conditionals in core.
Follow-up to [56836].
See #59650.
Built from https://develop.svn.wordpress.org/trunk@57123
git-svn-id: http://core.svn.wordpress.org/trunk@56634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the event type (WordCamp, Meetup, etc) to the nearby events listing within the Dashboard's Events and News widget.
Props renyot, audrasjb, ankit-k-gupta, oglekler, devmuhib, dhruvishah2203, JeffPaul, anveshika, sarahwilliams889, ajakaroth.
Fixes#58947.
Built from https://develop.svn.wordpress.org/trunk@56697
git-svn-id: http://core.svn.wordpress.org/trunk@56209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds further usages of `wp_admin_notice()` in `/wp-admin/includes/` on `.notice-error`, `.notice-warning`, `.error`, and `.updated`.
Ongoing task to implement new function across core.
Follow-up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597].
Props joedolson, mukesh27, costdev.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56599
git-svn-id: http://core.svn.wordpress.org/trunk@56111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update the background image and styles for the Welcome Panel. This iteration does not use different colors on the admin color schemes, so the CSS for that has been removed. This also adds back in a working "Edit styles" link, which was removed in 6.2 because the link was broken.
Props richtabor, markoserb.
Fixes#58545.
Built from https://develop.svn.wordpress.org/trunk@56291
git-svn-id: http://core.svn.wordpress.org/trunk@55803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon
for better accessibility.
Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes#47303.
Built from https://develop.svn.wordpress.org/trunk@56211
git-svn-id: http://core.svn.wordpress.org/trunk@55723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the green background from the "dot" accent, to prevent low contrast for the dismiss button. Use menu colors for the background on alternate color schemes. Remove the "Edit styles" link as there is no longer a direct link to the global styles section of the site editor.
Follow-up to [55451].
Props sabernhardt, ryokuhi, laurlittle, richtabor.
Fixes#57759.
Built from https://develop.svn.wordpress.org/trunk@55574
git-svn-id: http://core.svn.wordpress.org/trunk@55086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes `role="img"` attribute from two decorative images: despite being hidden to assistive technologies using `aria-hidden="true"`, automated tools still understand them as images and expect alternative texts.
Props viralsampat, sabernhardt, audrasjb, ryokuhi, elifvish.
Fixes#56824.
Built from https://develop.svn.wordpress.org/trunk@54739
git-svn-id: http://core.svn.wordpress.org/trunk@54291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Add a check to `wp_check_php_version()` whether the current PHP version is lower than the next (desired) minimum version.
- Set the next desired minimum PHP version to 7.2.
- Use that check to update the warnings in the `wp_dashboard_php_nag()` widget, and on the Site Health screen.
Props Clorith, SergeyBiryukov, ironprogrammer, azaozz.
See #56199.
Built from https://develop.svn.wordpress.org/trunk@54169
git-svn-id: http://core.svn.wordpress.org/trunk@53728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This renames some variables for clarity, per the [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#naming-conventions Naming Conventions]:
> Don’t abbreviate variable names unnecessarily; let the code be unambiguous and self-documenting.
* `$out` is renamed to `$output` in various list table methods and admin functions.
* `$sep` is renamed to `$separator` in various list table methods and admin functions.
This affects:
* `WP_Comments_List_Table::handle_row_actions()`
* `WP_List_Table::row_actions()`
* `WP_Media_List_Table::column_default()`
* `WP_MS_Sites_List_Table::site_states()`
* `WP_MS_Users_List_Table::column_blogs()`
* `WP_Terms_List_Table::column_name()`
* `_wp_dashboard_recent_comments_row()`
* `image_align_input_fields()`
* `image_size_input_fields()`
* `wp_doc_link_parse()`
* `_post_states()`
* `_media_states()`
Follow-up to [8653], [8692], [8864], [8910], [8911], [8916], [9103], [9153], [10607], [15491], [17793], [32644], [54070].
Props mukesh27, costdev.
See #56448, #55647.
Built from https://develop.svn.wordpress.org/trunk@54071
git-svn-id: http://core.svn.wordpress.org/trunk@53630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.
The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word "we" should be avoided (…) unless its made very clear which group is speaking.
Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes#46057.
Built from https://develop.svn.wordpress.org/trunk@53131
git-svn-id: http://core.svn.wordpress.org/trunk@52720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Follow-up to [52978].
See #38913.
Built from https://develop.svn.wordpress.org/trunk@52979
git-svn-id: http://core.svn.wordpress.org/trunk@52568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With its last major update in 3.5, the welcome panel was feeling stale. This bright new design showcases links to recent features, including patterns, the site editor, and styles, depending on whether you have a block theme active.
Props jameskoster, desrosj, noisysocks, critterverse, karmatosed, hellofromtonya, smit08, melchoyce, poena, audrasjb, webcommsat, marybaum.
See #54489.
Built from https://develop.svn.wordpress.org/trunk@52442
git-svn-id: http://core.svn.wordpress.org/trunk@52034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit renames the following method and function to better represent block theme terminology:
* `WP_Theme::is_block_based()` to `WP_Theme::is_block_theme()`
* `wp_is_block_template_theme()` to `wp_is_block_theme()`
It also changes `wp_is_block_theme()` to be a helper wrapper (sugar syntax) for `wp_get_theme()->is_block_theme();`. Why? To ensure both the method and function behave the same, to help Gutenberg maintain WordPress cross-version compatibility, and to make it less cumbersome to port changes from Gutenberg to Core.
Follow-up to [52069], [52247], [52279].
Props antonvlasenko, costdev, hellofromTonya, noisysocks.
Fixes#54550.
Built from https://develop.svn.wordpress.org/trunk@52330
git-svn-id: http://core.svn.wordpress.org/trunk@51922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For block themes (like Twenty Twenty-Two), Customizer menu item is removed and replaced with the Site Editor menu item. However, other links exist in the Dashboard's welcome panel "Customize Your Site" button and the "Customize" button in each theme listed in the Appearance > Themes interface.
This commit changes each of those remaining links to link to the Site Editor interface instead of the Customizer.
To help identify block vs non-block themes, two method methods are introduced in `WP_Theme`:
* `WP_Theme:: is_block_based()` which identifies if the theme is a block theme or not.
* `WP_Theme::get_file_path()` which is similar to `get_theme_file_path()` but uses the directories within the theme object.
Both of these new methods include test coverage including the addition of a parent and child block theme in test data.
Follow-up to [18749], [35483], [42013], [42169].
Props antonvlasenko, jameskoster, hellofromTonya, matveb, noisysocks, poena, sergeybiryukov.
Fixes#54460.
Built from https://develop.svn.wordpress.org/trunk@52279
git-svn-id: http://core.svn.wordpress.org/trunk@51871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes the submit button text from "Submit" to "Save Changes".
Why? The text is more semantic and clear of what happens when activating that button.
Follow-up to [9103].
Props zodiac1978, knutsp, hilayt24, audrasjb.
Fixes#54229.
Built from https://develop.svn.wordpress.org/trunk@52014
git-svn-id: http://core.svn.wordpress.org/trunk@51605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress Events and News widget used an icon-only button to select a location. The Pencil icon alone provided insufficient context and labeling for accessibility. Add text to clearly describe button action and change icon to represent a location marker.
Props AmethystAnswers, sabernhardt.
Fixes#53311.
Built from https://develop.svn.wordpress.org/trunk@51971
git-svn-id: http://core.svn.wordpress.org/trunk@51560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This wraps the inner-content of the Site Health dashboard widget to give a unique target for CSS selectors, restoring the ability to collapse the widget.
The initial implementation targeted the `.inside` class used by all widgets to apply styling to the widget content, but this prevented the widget from being collapsed, as it added grid-styles which other widgets do not use, overriding the usual behavior when toggling widget visibility.
Follow-up to [50833].
Props alanjacobmathew, walbo.
Fixes#53521.
Built from https://develop.svn.wordpress.org/trunk@51247
git-svn-id: http://core.svn.wordpress.org/trunk@50856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a browser matches Internet Explorer, the dashboard will display a notice recommending a more modern browser.
Props youknowriad, sabernhardt, afercia, SergeyBiryukov, davidbaumwald, netweb, johnbillion, jeherve.
See #48743.
Built from https://develop.svn.wordpress.org/trunk@51117
git-svn-id: http://core.svn.wordpress.org/trunk@50726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The styles for the Privacy settings page were based on the Site Health section. These were duplicated into `edit.css` in #49264. This change merges the selectors from Site Health into the Privacy section, to reduce that duplicate code.
Props xkon, notlaura, clorith.
See #52429.
Built from https://develop.svn.wordpress.org/trunk@51025
git-svn-id: http://core.svn.wordpress.org/trunk@50634 1a063a9b-81f0-0310-95a4-ce76da25c4cd