In `wp_guess_url`, the regex to check for wp-login.php in the URL is slightly too permissive, not escaping `.` in "wp-login.php". `.` is a token in regex that matches any character.
This change simply escapes the `.` and adds unit test coverage for `wp_guess_url`.
Props cfinke, ocean90, jrf, voldemortensen, jdgrimes, curdin, netweb, petitphp, SergeyBiryukov, costdev.
Fixes#36827.
Built from https://develop.svn.wordpress.org/trunk@54146
git-svn-id: http://core.svn.wordpress.org/trunk@53705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Although a `pre_option_{$option}` filter already exists, this change adds a more general `pre_option` filter that will run on every `get_option` call. This brings the control flow into similar flow as `update_option`.
Props flixos90, NathanAtmoz, desrosj, spacedmonkey, pbearne.
Fixes#37930.
Built from https://develop.svn.wordpress.org/trunk@54145
git-svn-id: http://core.svn.wordpress.org/trunk@53704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress 3.2 introduced several enhancements to the `copy_dir()` function:
* No more re-installing Akismet upon upgrade.
* Respect custom `WP_CONTENT_DIR` for bundled plugins/theme installation.
* Respect custom `WP_CONTENT_DIR`/`WP_LANG_DIR` for language files when upgrading.
* Add an exclusion list to `copy_dir()` as well as `WP_Filesystem_Base::wp_lang_dir()`.
* Standardize `WP_Filesystem` path method returns.
However, the version of `copy_dir()` that runs during the upgrade process is the one from the older install, not the newer, which means that these enhancements would only be available after upgrading to WordPress 3.2 first, e.g. in a subsequent upgrade to WordPress 3.3.
In order to make these enhancements immediately available in WordPress 3.2, specifically to take advantage of skip lists and avoid re-installing Akismet if it was previously deleted, a temporary copy of the function was utilized, with the intention to remove it in WordPress 3.3 or a later release.
With further enhancements made to the Upgrade API to support partial and no-content builds, this temporary copy is no longer relevant and can be safely removed.
Follow-up to [17576], [17580], [17581], [18225].
Props afragen, costdev, dd32, peterwilsoncc, SergeyBiryukov.
Fixes#55712. See #17173.
Built from https://develop.svn.wordpress.org/trunk@54143
git-svn-id: http://core.svn.wordpress.org/trunk@53702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This function was previously already problematic as it does not do proper input validation, and it has already received tweaks related to PHP 8.0 in [50408] / #52534, which also introduced a `_doing_it_wrong()` notice and added tests.
The short of it is:
* The function expects to receive an `array` for the `$l10n` parameter;
* ...but silently supported the parameter being passed as a `string`;
* ...and would expect PHP to gracefully handle everything else or throw appropriate warnings/errors.
In the previous fix, a `_doing_it_wrong()` notice was added for any non-array inputs. The function would also cause a PHP native "Cannot use a scalar value as an array" warning (PHP < 8.0) or error (PHP 8.0+) for all scalar values, except `false`.
PHP 8.1 deprecated autovivification from `false` to `array`, so now `false` starts throwing an "Automatic conversion of false to array is deprecated" notice.
By rights, the function should just throw an exception when a non-array/string input is received, but that would be a backward compatibility break.
So the current change will maintain the previous behavior, but will prevent both the "Cannot use a scalar value as an array" warning/error as well as the "Automatic conversion of false to array" deprecation notice for invalid inputs.
Invalid inputs ''will'' still receive a `_doing_it_wrong()` notice, which is the reason this fix is considered acceptable.
Includes:
* Adding a test passing an empty array.
* Adding a test to the data provider for a `null` input to make sure that the function will not throw a PHP 8.1 "passing null to non-nullable" notice.
This solves the following PHP 8.1 test error:
{{{
Tests_Dependencies_Scripts::test_wp_localize_script_data_formats with data set #8 (false, '[""]')
Automatic conversion of false to array is deprecated
/var/www/src/wp-includes/class.wp-scripts.php:514
/var/www/src/wp-includes/functions.wp-scripts.php:221
/var/www/tests/phpunit/tests/dependencies/scripts.php:1447
/var/www/vendor/bin/phpunit:123
}}}
Reference: [https://www.php.net/manual/en/migration81.deprecated.php#migration81.deprecated.core.autovivification-false PHP Manual: PHP 8.1 Deprecations: Autovivification from false].
Follow-up to [7970], [18464], [18490], [19217], [50408].
Props jrf, costdev.
See #55656.
Built from https://develop.svn.wordpress.org/trunk@54142
git-svn-id: http://core.svn.wordpress.org/trunk@53701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces `white-space: nowrap` with `white-space: preline` to ensure long text used in the button block correctly wraps to a second line.
Follow-up to [44148].
Props robertghetau, bhrugesh12, sabernhardt, mukesh27.
Fixes#55783.
Built from https://develop.svn.wordpress.org/trunk@54139
git-svn-id: http://core.svn.wordpress.org/trunk@53698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adss an `aria-hidden="true"` attribute to the optional arrows/chevron characters to the Query Loop and to the Comments Query Loop blocks pagination links.
These characters are text, so they're read out by assistive technologies. For better accessibility, it's best to reduce noise for screen reader users and prevent them to be rendered, using the `aria-hidden="true"` attribute.
Follow-up to [52057].
Props afercia, sabernhardt, kamig478, zieladam, audrasjb, joedolson, costdev.
Fixes#56067.
Built from https://develop.svn.wordpress.org/trunk@54138
git-svn-id: http://core.svn.wordpress.org/trunk@53697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two new hooks:
- `wp_required_field_indicator` allows developers to filter the HTML output of the `wp_required_field_indicator()` function.
- `wp_required_field_message` does the same for the `wp_required_field_message()` function.
The changeset also adds new phpunit tests for these filters.
Follow-up to [53888], [54136].
Props kebbet, audrasjb, sabernhardt, costdev, mukesh27.
Fixes#56389.
See #54394.
Built from https://develop.svn.wordpress.org/trunk@54137
git-svn-id: http://core.svn.wordpress.org/trunk@53696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes `aria-hidden="true"` attribute used for required fields in comments template, for better accessibility. It removes the attribute from both `wp_required_field_indicator()` and `wp_required_field_message()` patterns.
Follow-up to [53888].
Props juliemoynat, audrasjb, joedolson, sabernhardt, afercia, costdev.
Fixes#55717.
Built from https://develop.svn.wordpress.org/trunk@54136
git-svn-id: http://core.svn.wordpress.org/trunk@53695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This particular code block only makes sense to run when `$this->return_url` is not null. Previously, it caused a "passing null to non-nullable" deprecation notice on PHP 8.1.
By moving the code into the `if ( $this->return_url )` condition block, the code will only be run when `$this->return_url` contains a non-falsey/non-null value.
No additional tests added as this issue was found via the existing tests for the function containing the bug.
This solves the following two PHP 8.1 test errors:
{{{
1) Tests_WP_Customize_Manager::test_return_url
parse_url(): Passing null to parameter #1 ($url) of type string is deprecated
/var/www/src/wp-includes/class-wp-customize-manager.php:4696
/var/www/tests/phpunit/tests/customize/manager.php:2975
/var/www/vendor/bin/phpunit:123
2) Tests_WP_Customize_Manager::test_customize_pane_settings
parse_url(): Passing null to parameter #1 ($url) of type string is deprecated
/var/www/src/wp-includes/class-wp-customize-manager.php:4696
/var/www/src/wp-includes/class-wp-customize-manager.php:4898
/var/www/tests/phpunit/tests/customize/manager.php:3085
/var/www/vendor/bin/phpunit:123
}}}
Follow-up to [46754].
Props jrf, costdev.
See #55656.
Built from https://develop.svn.wordpress.org/trunk@54135
git-svn-id: http://core.svn.wordpress.org/trunk@53694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133
git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously when a user was locked from editing a post in the block editor, autosave functionality was allowed to overwrite changes made by the editor that has taken control. This patch honors the lock status keeping autosave from conflicitng with other content editors.
Props jhart35, adamsilverstein, sathyapulse, chanthaboune, primetimejas, joemcgill, kadamwhite.
Fixes#55659.
Built from https://develop.svn.wordpress.org/trunk@54130
git-svn-id: http://core.svn.wordpress.org/trunk@53689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change allows for the muted property to be used in video elements which solves for content that wishes to `autoPlay` when a page is viewed. Adding `muted` to video elements adhears to the requirements browsers have to honor `autoPlay` functionality.
Props prokium, peterwilsoncc, costdev, johnbillion, Benouare.
Fixes#54788.
Built from https://develop.svn.wordpress.org/trunk@54128
git-svn-id: http://core.svn.wordpress.org/trunk@53687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for a "_pretty" meta-parameter on all REST controllers which instructs WordPress to return pretty-printed JSON, for better readability when inspecting endpoint responses in curl output or certain developer tools.
Introduce the "rest_json_encode_options" filter to permit site owners to control this behavior globally.
Props Viper007Bond, TimothyBlynJacobs, chrisguitarguy, johnbillion, swissspidy, adamsilverstein, danielbachhuber, rmccue.
Fixes#41998.
Built from https://develop.svn.wordpress.org/trunk@54127
git-svn-id: http://core.svn.wordpress.org/trunk@53686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_resolve_post_date()` extracts year/month/day from a post date (which is a string) and passes it to `wp_checkdate` (and from there to `checkdate()`), which requires `int`s.
Casting the strings to integers avoids PHP notices due to incorrect argument types.
Props hilayt24.
Fixes#54186
Built from https://develop.svn.wordpress.org/trunk@54126
git-svn-id: http://core.svn.wordpress.org/trunk@53685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `$blog_id` global was replaced with `get_current_blog_id()` and is no longer used directly.
* `$wp_roles` global usage was previously undocumented.
Follow-up to [32637], [38457], [51943].
Props shoaibkarimali.
Fixes#56543.
Built from https://develop.svn.wordpress.org/trunk@54119
git-svn-id: http://core.svn.wordpress.org/trunk@53678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `safecss_filter_attr()` function allows using custom CSS variables like `color: var(--color)`. However, it did not allow assigning values to CSS variables like `--color: #F00`, which is common in Global Styles and Gutenberg.
This commit adds support for assigning values to CSS variables, so that the function can be used consistently in Global Styles and the future Style Engine in Gutenberg.
Follow-up to [50923], [54100].
Props aristath, ramonopoly, SergeyBiryukov.
Fixes#56353.
Built from https://develop.svn.wordpress.org/trunk@54117
git-svn-id: http://core.svn.wordpress.org/trunk@53676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:
- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.
Follow-up to [11823], [13177], [21996], [37747], [53714].
Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes#56293.
See #55647.
Built from https://develop.svn.wordpress.org/trunk@54113
git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent unnecessary database queries on page load by initializing widget options. On sites with uninitialized widgets, this prevents one or two database queries per uninitialized widget on each page load.
Props Chouby, mvraghavan, costdev, peterwilsoncc, spacedmonkey, mukesh27.
Fixes#54677.
Built from https://develop.svn.wordpress.org/trunk@54112
git-svn-id: http://core.svn.wordpress.org/trunk@53671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modify how `WP_Query` determines whether a database query contains a taxonomy component and accounts for term changes when generating the cache key. This presents a stale cache been used under some circumstances.
Props Chouby, costdev, peterwilsoncc.
See #22176.
Built from https://develop.svn.wordpress.org/trunk@54111
git-svn-id: http://core.svn.wordpress.org/trunk@53670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the check for future events prior iterating the array of crons in `wp_get_ready_cron_jobs()`. If there are no ready events, the `foreach` loop will break on the first iteration so the optimization is not required.
As WordPress Core adds a number of events by default, accounting for an empty array is not required in most instances.
Props lev0, jrf, SergeyBiryukov.
Fixes#56092.
Built from https://develop.svn.wordpress.org/trunk@54110
git-svn-id: http://core.svn.wordpress.org/trunk@53669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures `h5` and `h5` heading levels don't use the same font size.
Follow-up to [29892].
Props poena, akabarikalpesh, hellofromTonya, afrid1719, aezazshekh, sabernhardt, anitanenova, viralsampat, alansyue, pratiweb, russel07.
Fixes#52028.
Built from https://develop.svn.wordpress.org/trunk@54109
git-svn-id: http://core.svn.wordpress.org/trunk@53668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset addresses an issue where button-style links with Outline style variation were not consistent with the corresponding variation of the Button block.
Props umesh84, sabernhardt, mrfoxtalbot, mohitdadhich10.
Fixes#55824.
Built from https://develop.svn.wordpress.org/trunk@54107
git-svn-id: http://core.svn.wordpress.org/trunk@53666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enables themes to:
* Set style rules for all heading elements together rather than having to do it individually.
* Style captions in `theme.json` by adding this into your `theme.json` file:
{{{
{
"styles": {
"elements": {
"caption": {
"color": {
"background": "red",
"text": "yellow"
}
}
}
}
}
}}}
This commit backports the original PRs from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/41981#41981: Global Styles: Add support for heading elements]
* [https://github.com/WordPress/gutenberg/pull/41140#41140: Global Styles: Add support for caption elements]
Follow-up to [50973].
Props cbravobernal, scruffian, madhudollu, mikachan, zieladam, bph, poena, andraganescu, ndiego, bgardner.
See #56467.
Built from https://develop.svn.wordpress.org/trunk@54105
git-svn-id: http://core.svn.wordpress.org/trunk@53664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to add more template types we need to update some copy from the current default templates provided.
This updates the `single` template copy as it's needed to clear up the ambiguity between the single template that is the fallback for any custom post type (including `post`) and the menu item to be added in a subsequent commit, that will allow the creation the `single-post` template and any `single_$post_type` template.
This commit backports the original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/41302#41302: Site Editor: Update single default template copy]
Follow-up to [52062], [52331].
Props ntsekouras, bernhard-reiter, jameskoster, Mamaduka, scruffian.
Fixes#56534.
Built from https://develop.svn.wordpress.org/trunk@54104
git-svn-id: http://core.svn.wordpress.org/trunk@53663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The theme includes styles for the spacer block for the front which appears to be unnecessary:
* It adds `display: block` even though that is the default.
* It removes top and bottom margin, even though this is not needed in the post content because of collapsing margins between blocks.
* It uses a custom CSS property to force a specific height on mobile. This affects the patterns in the theme negatively.
It also causes styling problems:
* When the spacer block has a height set to `0` in the navigation block, as the theme forces this to be larger on smaller screens.
* When the block is horizontal. Horizontal was not an option when this style was added.
Consequences of removal:
* Removing the use of the custom CSS property will cause a style change for websites that have adjusted the spacing property.
Follow-up to [49216], [49574].
Props poena, mukesh27.
Fixes#56222.
Built from https://develop.svn.wordpress.org/trunk@54103
git-svn-id: http://core.svn.wordpress.org/trunk@53662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the following CSS properties considered safe for inline CSS:
* `flex-wrap`
* `gap`
* `column-gap`
* `row-gap`
Extends support for `margin` and `padding` to include logical properties:
* `margin-block-start`
* `margin-block-end`
* `margin-inline-start`
* `margin-inline-end`
* `padding-block-start`
* `padding-block-end`
* `padding-inline-start`
* `padding-inline-end`
Follow-up to [46235].
Props andrewserong, peterwilsoncc, ramonopoly, bernhard-reiter.
Fixes#56122.
Built from https://develop.svn.wordpress.org/trunk@54102
git-svn-id: http://core.svn.wordpress.org/trunk@53661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Additionally, this commit updates `safecss_filter_attr()` to add support for nested `var()` functions, so that a fallback value can be another CSS variable.
Follow-up to [50923].
Props johnregan3, noisysocks, cbravobernal, uxl, isabel_brison, andrewserong, ramonopoly, joyously, bernhard-reiter, peterwilsoncc.
Fixes#55966.
Built from https://develop.svn.wordpress.org/trunk@54100
git-svn-id: http://core.svn.wordpress.org/trunk@53659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The existing filter `image_editor_output_format` receives an additional parameter `$size_name` which is populated whenever it controls the output format for a specific registered image size to create. Otherwise, it remains empty. In order to achieve this, a low level change has been added in bringing a new `$size_name` class property to the `WP_Image_Editor` base class, which is introduced in a backward compatible way that will not cause conflicts with custom implementations.
This parameter is then used in new logic inside the `wp_default_image_output_mapping()` callback function for the filter, controlling whether `image/jpeg` should map to `image/webp` output or not. By default, this is enabled for all WordPress core image sizes by default, and this list can be modified using a new `wp_image_sizes_with_additional_mime_type_support` filter, e.g. to remove core sizes or add custom sizes.
The customization per image size may be further enhanced by providing a more declarative API via a new parameter on the `add_image_size()` function.
Props eugenemanuilov, flixos90, adamsilverstein, joegrainger.
Fixes#56526.
See #55443, #56288.
Built from https://develop.svn.wordpress.org/trunk@54097
git-svn-id: http://core.svn.wordpress.org/trunk@53656 1a063a9b-81f0-0310-95a4-ce76da25c4cd