Commit Graph

45912 Commits

Author SHA1 Message Date
audrasjb 0f3b3218c2 Menus: Use more appropriate escaping functions in class `Walker_Nav_Menu_Edit`.
This changeset replaces `esc_attr` escaping function with `esc_url` as it is more appropriate in the context of a link's `href` attribute.

Props audrasjb, aniketpatel.
Fixes #56108.

Built from https://develop.svn.wordpress.org/trunk@53654


git-svn-id: http://core.svn.wordpress.org/trunk@53213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-05 08:06:17 +00:00
Peter Wilson 2c768f7c9d Cron API: Make wp-cron non-blocking for LiteSpeed LSAPI.
This should make cron spawning faster on LSAPI by ensuring that cron requests return immediately.

To avoid code repetition, the no caching headers are relocated and always sent. Caching plugins attempting to set these 
headers later will replace those set by WordPress Core.

Follow up to [44488].

Props maximej, johnbillion.
Fixes #54668.

Built from https://develop.svn.wordpress.org/trunk@53653


git-svn-id: http://core.svn.wordpress.org/trunk@53212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-05 03:14:14 +00:00
Peter Wilson e54b4ad284 Media: Add tests for `wp_img_tag_add_decoding_attr()`.
Add new tests skipped in original commit. Follow up to [53480].

Fixes #53232.


Built from https://develop.svn.wordpress.org/trunk@53652


git-svn-id: http://core.svn.wordpress.org/trunk@53211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-05 00:48:14 +00:00
Sergey Biryukov 0ea522b7a8 Help/About: Add help tab info for the "Send password reset" row action on Users screen.
This adds a description in the "Available Actions" help tab for the "Send password reset" quick action when hovering over a username in the user list.

Follow-up to [50129].

Props kebbet, costdev.
Fixes #55801.
Built from https://develop.svn.wordpress.org/trunk@53651


git-svn-id: http://core.svn.wordpress.org/trunk@53210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-05 00:25:13 +00:00
Sergey Biryukov 8f37ef9daa Docs: Update the version in which Meetup.com was removed as an oEmbed source.
Meetup.com was previously removed as an oEmbed source, since they have deprecated their endpoint. The block has also been removed from the editor, see #GB35085.

This commit updates the associated changelog entry for the `oembed_providers` filter to version 6.0.1, as the change is being backported to the 6.0 branch.

Follow-up to [53540].

See #55997.
Built from https://develop.svn.wordpress.org/trunk@53646


git-svn-id: http://core.svn.wordpress.org/trunk@53205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 18:15:15 +00:00
Sergey Biryukov 0705b9daed Editor: Update block editor packages for WordPress 6.0.1.
This brings a new version of the Gutenberg code from the [https://github.com/WordPress/gutenberg/tree/wp/6.0 wp/6.0 branch] into core.

The following packages were updated:
* `@wordpress/block-directory` to `3.4.12`
* `@wordpress/block-editor` to `8.5.9`
* `@wordpress/block-library` to `7.3.12`
* `@wordpress/components` to `19.8.5`
* `@wordpress/customize-widgets` to `3.3.12`
* `@wordpress/edit-post` to `6.3.12`
* `@wordpress/edit-site` to `4.3.12`
* `@wordpress/edit-widgets` to `4.3.12`
* `@wordpress/editor` to `12.5.9`
* `@wordpress/format-library` to `3.4.9`
* `@wordpress/icons` to `8.2.3`
* `@wordpress/interface` to `4.5.6`
* `@wordpress/list-reusable-blocks` to `3.4.5`
* `@wordpress/nux` to `5.4.5`
* `@wordpress/plugins` to `4.4.3`
* `@wordpress/preferences` to `1.2.5`
* `@wordpress/reusable-blocks` to `3.4.9`
* `@wordpress/server-side-render` to `3.4.6`
* `@wordpress/widgets` to `2.4.9`

Props zieladam.
See #56058.
Built from https://develop.svn.wordpress.org/trunk@53644


git-svn-id: http://core.svn.wordpress.org/trunk@53203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 12:06:43 +00:00
Sergey Biryukov e70ac7004c Coding Standards: Escape the home URL in the "Background updated. Visit your site" message.
This affects `Custom_Background::admin_page()`.

Follow-up to [13041], [45662], [53642].

Props robinwpdeveloper, sajjad67, rudlinkon, hztyfoon, costdev.
Fixes #56133.
Built from https://develop.svn.wordpress.org/trunk@53643


git-svn-id: http://core.svn.wordpress.org/trunk@53202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 10:14:14 +00:00
Sergey Biryukov eb08ad9160 Coding Standards: Escape the home URL in the "Header updated. Visit your site" message.
This affects `Custom_Image_Header::step_1()`.

Follow-up to [12890], [45654].

Props jakariaistauk, rudlinkon, hztyfoon, costdev.
Fixes #56132.
Built from https://develop.svn.wordpress.org/trunk@53642


git-svn-id: http://core.svn.wordpress.org/trunk@53201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 10:11:12 +00:00
audrasjb 7c94f45bb0 Docs: Use third-person singular verbs for function descriptions in `WP_Comments_List_Table` class, as per docblock standards.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53641


git-svn-id: http://core.svn.wordpress.org/trunk@53200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 08:20:15 +00:00
audrasjb ec9b9bee76 Comments: Use more appropriate escaping functions in class `WP_Comments_List_Table`.
This changeset replaces `esc_attr` escaping function with `esc_html` as it is more appropriate in this context.

Props chintan1896, afragen, peterwilsoncc, SergeyBiryukov.
Fixes #56101.

Built from https://develop.svn.wordpress.org/trunk@53640


git-svn-id: http://core.svn.wordpress.org/trunk@53199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 08:16:16 +00:00
audrasjb a72203aa54 Docs: Add missing docblock description for `install_themes_upload()`.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53639


git-svn-id: http://core.svn.wordpress.org/trunk@53198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-04 08:00:15 +00:00
Sergey Biryukov 5cfb35a5f2 Docs: Add `@since` tags for `_doing_it_wrong()` and deprecation notice handlers in the PHPUnit test suite.
This affects methods in the `WP_UnitTestCase_Base` class:
* `::expectDeprecated()`
* `::expectedDeprecated()`
* `::setExpectedException()`
* `::deprecated_function_run()`
* `::doing_it_wrong_run()`

Follow-up to [25402], [25408], [25785], [37861], [40536], [40539], [40872], [51872], [53637].

See #55652, #55646.
Built from https://develop.svn.wordpress.org/trunk@53638


git-svn-id: http://core.svn.wordpress.org/trunk@53197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-03 17:30:09 +00:00
Sergey Biryukov b8da90698c Build/Test Tools: Include the actual `_doing_it_wrong()` message or deprecation notice in the output.
This aims to provide better context and more details if an unexpected `_doing_it_wrong()` message or deprecation notice is encountered during a test run.

Previously, this would display a message like `Unexpected incorrect usage notice for [...]`, but without any further details, making it harder to track down the actual issue.

Follow-up to [25402], [25408], [25785], [37861], [51872].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53637


git-svn-id: http://core.svn.wordpress.org/trunk@53196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-03 16:41:14 +00:00
John Blackbourn c29d3d8142 Build/Test Tools: Enable loopback requests to work on the local development environment.
This maps `localhost` to the host machine so the requests get routed to the web server container.

Props sandrasanzdev, hasanuzzamanshamim

Fixes #52708

Built from https://develop.svn.wordpress.org/trunk@53636


git-svn-id: http://core.svn.wordpress.org/trunk@53195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-02 22:54:12 +00:00
Sergey Biryukov d7efd9a793 Docs: Add `@since` tags for `wp_die()` handlers in the PHPUnit test suite.
Follow-up to [289/tests], [28797], [41966], [53634].

See #55652, #55646.
Built from https://develop.svn.wordpress.org/trunk@53635


git-svn-id: http://core.svn.wordpress.org/trunk@53194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-02 18:29:11 +00:00
Sergey Biryukov 6ee60c3ebe Build/Test Tools: Add support for `WP_Error` in the test suite's `wp_die()` handlers.
This brings parity with WordPress core `wp_die()` handlers and ensures that if a `WP_Error` object is passed as the `$message` argument to `wp_die()`, the PHPUnit test suite displays the error message correctly.

Previously, this would cause a silent fatal error: `Object of class WP_Error could not be converted to string`, leading to just displaying `wp_die called` without any further details.

Follow-up to [28797], [41966], [44666], [45160], [47882].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53634


git-svn-id: http://core.svn.wordpress.org/trunk@53193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-02 18:07:11 +00:00
Sergey Biryukov 9bea9ddfc9 Editor: Alphabetize block lists in various places.
This affects:
* `wp-includes/blocks/index.php`
* `tools/webpack/blocks.js`
* `_unhook_block_registration()` in `tests/phpunit/includes/functions.php`

Follow-up to [47250], [52069], [52730], [53157], [53278].

Fixes #56131.
Built from https://develop.svn.wordpress.org/trunk@53633


git-svn-id: http://core.svn.wordpress.org/trunk@53192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-02 17:46:13 +00:00
Sergey Biryukov 354545bc3e Editor: Register the Comments Query Loop block from metadata.
This ensures that the block title and description can be translated.

Follow-up to [53157].

Props cbravobernal, bernhard-reiter, adamziel, gziolo, peterwilsoncc, audrasjb, mukesh27, SergeyBiryukov.
Fixes #56093. See #55809.
Built from https://develop.svn.wordpress.org/trunk@53631


git-svn-id: http://core.svn.wordpress.org/trunk@53190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-02 14:35:14 +00:00
Sergey Biryukov 1f87125366 Widgets: Add a comment in `WP_Nav_Menu_Widget::form()` to clarify the `esc_attr()` usage.
The URL to create a new menu from the the Navigation Menu widget can be a `javascript:` link to the Customizer Menus panel, so `esc_attr()` is used here instead of `esc_url()`.

Follow-up to [53092].

Props hztyfoon.
Fixes #56128.
Built from https://develop.svn.wordpress.org/trunk@53630


git-svn-id: http://core.svn.wordpress.org/trunk@53189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-01 20:01:15 +00:00
John Blackbourn c3188a2566 Build/Test Tools: Remove an unused build configuration file.
This is a configuration file for Apache Ant that is no longer used.

Fixes #52604

Built from https://develop.svn.wordpress.org/trunk@53629


git-svn-id: http://core.svn.wordpress.org/trunk@53188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-01 19:56:16 +00:00
John Blackbourn f5cbb5585a Build/Test Tools: Run the PHP container with PID > 1 so Ctrl+C works correctly.
This allows for cancellation of operations in the PHP container, such as a PHPUnit test suite run.

Fixes #55702

Built from https://develop.svn.wordpress.org/trunk@53628


git-svn-id: http://core.svn.wordpress.org/trunk@53187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-01 19:37:14 +00:00
John Blackbourn d50fbb4469 Taxonomy: Pass the `$args` parameter to all actions and filters in `wp_insert_term()` and `wp_update_term()`.
This allows actions and filters to access potentially useful contextual information when terms are inserted and updated.

Props mboynes

Fixes #55441

Built from https://develop.svn.wordpress.org/trunk@53627


git-svn-id: http://core.svn.wordpress.org/trunk@53186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-01 19:09:14 +00:00
Sergey Biryukov 3e622b1d75 Twenty Eleven: Replace deprecated function calls on theme options page.
This includes:
* Removing the deprecated `screen_icon()` function call.
* Replacing the deprecated `get_current_theme()` function call with `get_option( 'current_theme' )`.
* Using `wp_get_theme()->display( 'Name' )` explicitly instead of relying on `WP_Theme`'s `__toString()` method, for clarity.

Follow-up to [6334], [20039], [20040], [20042], [20508], [26537], [41274].

Props Presskopp, cu121, viralsampat, costdev, tomjdv, sabernhardt, SergeyBiryukov.
Fixes #54833.
Built from https://develop.svn.wordpress.org/trunk@53626


git-svn-id: http://core.svn.wordpress.org/trunk@53185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-01 14:26:15 +00:00
Sergey Biryukov 580d991349 Editor: Ensure only the main query is modified when resolving template for new posts.
This adds a check for the main query in `_resolve_template_for_new_post()` to fix a 404 response when resolving template for new posts or pages caused by the wrong query being modified.

Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/40799 #40799: Ensure only the main query is modified when resolving template for new posts]

Follow-up to [52316].

Props petitphp, zieladam, poena, ndiego, gziolo, kebbet, Mamaduka, manfcarlo.
See #56058.
Built from https://develop.svn.wordpress.org/trunk@53593


git-svn-id: http://core.svn.wordpress.org/trunk@53181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-30 15:48:15 +00:00
desrosj 296c363bc1 Build/Test Tools: Correct some GitHub Action workflow inline documentation.
See #55652.
Built from https://develop.svn.wordpress.org/trunk@53592


git-svn-id: http://core.svn.wordpress.org/trunk@53180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-30 15:09:15 +00:00
desrosj 856cee1568 Build/Test Tools: Remove the `workflow_run` event from the Slack notification workflow.
The `workflow_run` event was added to restore Slack notifications for older branches (5.8 and older) without having to backport any changes while alternate approaches were explored.

The workflow has been tested and refined as a reusable one in `trunk`, and this approach is superior to the `workflow_run` event in several ways.

Primarily, the `workflow_run` event results in a separate workflow run being created for sending Slack notifications after the completion of each workflow triggered by `push`. When called as a reusable workflow, this does not happen and the additional jobs are instead added to the initial workflow. This makes which jobs are sending notifications for the current workflow more clear, and reduces the amount of noise (less workflow runs overall).

The `workflow_run` event also makes some data available in different ways than `push` events. By removing it, much of the logic within the workflow can be simplified.

See #56095.
Built from https://develop.svn.wordpress.org/trunk@53591


git-svn-id: http://core.svn.wordpress.org/trunk@53179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-30 14:07:14 +00:00
Sergey Biryukov 78d4db9924 REST API: Use the `integer` type for `page_on_front` and `page_for_posts` options.
This adjusts the newly added options in the settings endpoint to use the `integer` type instead of `number`. Since these are page IDs and are not supposed to be floats, `integer` is the correct type.

Follow-up to [53588].

See #56058.
Built from https://develop.svn.wordpress.org/trunk@53589


git-svn-id: http://core.svn.wordpress.org/trunk@53177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-29 14:17:16 +00:00
Sergey Biryukov 126de33a0d REST API: Add missing options to the settings endpoint.
This adds the `show_on_front`, `page_on_front`, and `page_for_posts` options to the settings endpoint that were missed during WP 6.0 backports.

Related PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/38607 #38607 Page for Posts: Display notice in template panel]

Props Mamaduka, spacedmonkey, gziolo, jameskoster.
See #56058.
Built from https://develop.svn.wordpress.org/trunk@53588


git-svn-id: http://core.svn.wordpress.org/trunk@53176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-29 13:48:14 +00:00
audrasjb 46eb690e8f Help/About: Typo correction in the Media Library help tab text.
Follow-up to [53586].

Props SergeyBiryukov.
Fixes #55800.

Built from https://develop.svn.wordpress.org/trunk@53587


git-svn-id: http://core.svn.wordpress.org/trunk@53175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-29 13:39:14 +00:00
audrasjb e170038ca1 Help/About: Add help tab info for available row actions in the Media Library.
This changeset fills the existing help tab with more detailed information about available row actions in the Media Library, when using the List view.

Props kebbet, audrasjb, costdev, SergeyBiryukov, mukesh27.
Fixes #55800.

Built from https://develop.svn.wordpress.org/trunk@53586


git-svn-id: http://core.svn.wordpress.org/trunk@53174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-28 20:47:11 +00:00
audrasjb d5971fc876 Docs: Misc fixes in Shortcode API function and hook descriptions, as per documentation standards.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53585


git-svn-id: http://core.svn.wordpress.org/trunk@53173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-28 20:37:15 +00:00
Sergey Biryukov 98beaad58d Docs: Adjust some DocBlocks in `wpdb` per the documentation standards.
Includes:
* Wrapping long single-line comments to multi-line for better readability.
* Formatting code blocks to display correctly on the Code Reference.
* Other minor edits for consistency.

This applies to:
* `wpdb::$allow_unsafe_unquoted_parameters`
* `wpdb::escape_identifier()`
* `wpdb::_escape_identifier_value()`
* `wpdb::prepare()`
* `wpdb::has_cap()`

Follow-up to [53575].

See #52506, #55646.
Built from https://develop.svn.wordpress.org/trunk@53584


git-svn-id: http://core.svn.wordpress.org/trunk@53172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-28 11:27:14 +00:00
desrosj f210e677f1 Build/Test Tools: Update the `actions/cache` action.
This correctly updates the `actions/cache` action. [53581] updated the inline comment to the latest version but did not update the actual SHA value correctly.

Follow up to [53581].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53582


git-svn-id: http://core.svn.wordpress.org/trunk@53171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-27 19:25:15 +00:00
desrosj 5f51f82e46 Build/Test Tools: Update 3rd party GitHub Actions.
This updates the following GitHub Actions to the latest versions:

- `actions/checkout`
- `actions/cache`
- `actions/github-script`
- `actions/setup-node`
- `codecov/codecov-action`
- `shivammathur/setup-php`
- `slackapi/slack-github-action`

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53581


git-svn-id: http://core.svn.wordpress.org/trunk@53170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-27 18:58:13 +00:00
desrosj 9930476af2 Build/Test Tools: Update NPM `devDependencies` to their latest versions.
This updates the following `devDependencies` to newer versions:

- `dotenv` from `16.0.0` to `16.0.1`.
- `grunt` from `1.5.2` to `1.5.3`.
- `grunt-contrib-qunit` from `6.0.0` to `6.2.0`.
- `grunt-contrib-uglify` from `5.2.1` to `5.2.2`.
- `qunit` from `2.18.2` to `2.19.1`.
- `sass` from `1.51.0` to `1.53.0`.
- `sinon` from `13.0.2` to `14.0.0`.
- `uglify-js` from `3.15.4` to `3.16.1`.

Additionally, `npm audit fix` has been run to update dependencies with vulnerabilities.

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53580


git-svn-id: http://core.svn.wordpress.org/trunk@53169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-27 18:53:29 +00:00
Sergey Biryukov 729831b40f General: Revert an earlier define of the `WPINC` constant in `src/index.php`.
This avoids a `Constant WPINC already defined in src/wp-settings.php on line 16` PHP warning, which happens when running a WordPress install out of the `src` directory after `npm run build:dev`.

Add a comment to clarify the check for built assets and the direct mention of `wp-includes`.

Follow-up to [53518].

Props aristath.
See #54233.
Built from https://develop.svn.wordpress.org/trunk@53579


git-svn-id: http://core.svn.wordpress.org/trunk@53168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-27 10:20:19 +00:00
Sergey Biryukov 79efd59bca Upgrade/Install: Add a conditional to facilitate testing of the Rollbacks feature project.
The [https://make.wordpress.org/core/2021/02/19/feature-plugin-rollback-update-failure/ Rollback Update Failure feature project] creates a temporary backup of plugins and themes before updating. This aims to make the update process more reliable and ensure that if a plugin or theme update fails, the previous version can be safely restored.

If the [https://wordpress.org/plugins/rollback-update-failure/ Rollback Update Failure plugin] is installed, `WP_Upgrader::install_package()` will use the `move_dir()` function from there for better performance. Instead of copying a directory from one location to another, it uses the `rename()` PHP function to speed up the process, which is instrumental in creating a temporary backup without a delay. If the renaming failed, it falls back to `copy_dir()` WP function.

This conditional aims to facilitate broader testing of the feature. It is temporary, until the plugin is merged into core.

Props afragen, pbiron, costdev, davidbaumwald, audrasjb, jrf, SergeyBiryukov.
Fixes #56057. See #51857, #54166.
Built from https://develop.svn.wordpress.org/trunk@53578


git-svn-id: http://core.svn.wordpress.org/trunk@53167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-26 12:37:18 +00:00
Sergey Biryukov d533b76ef8 Tests: Remove multiple `$wpdb::placeholder_escape()` calls in `wpdb` tests.
This aims to improve performance of the tests by reducing the number of function calls.

Since `$wpdb::placeholder_escape()` saves the result in a static variable on the first run, there is no need for repeated function calls during the same request or test run, as the result would still be the same.

Follow-up to [42056].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53577


git-svn-id: http://core.svn.wordpress.org/trunk@53166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-25 14:45:12 +00:00
davidbaumwald c2fbb4950d Comments: Add contextual `autocomplete` attributes to comment form fields.
For accessibility, input fields should identify their "purpose".  The HTML5 attribute `autocomplete` allows for various user data to be quickly autofilled while adding context for some assistive technologies.

This commit adds the appropriate autofill purposes for an author's name, email, and website URL in the comment form template.

Props juliemoynat, bhrugesh96, sabernhardt.
Fixes #55779.
Built from https://develop.svn.wordpress.org/trunk@53576


git-svn-id: http://core.svn.wordpress.org/trunk@53165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 21:26:12 +00:00
davidbaumwald e7a9fe918c Database: Add `%i` placeholder support to `$wpdb->prepare` to escape table and column names.
WordPress does not currently provide an explicit method for escaping SQL table and column names. This leads to potential security vulnerabilities, and makes reviewing code for security unnecessarily difficult.  Also, static analysis tools also flag the queries as having unescaped SQL input.

Tables and column names in queries are usually in-the-raw, since using the existing `%s` will straight quote the value, making the query invalid.

This change introduces a new `%i` placeholder in `$wpdb->prepare` to properly quote table and column names using backticks.

Props tellyworth, iandunn, craigfrancis, peterwilsoncc, johnbillion, apokalyptik.
Fixes #52506.
Built from https://develop.svn.wordpress.org/trunk@53575


git-svn-id: http://core.svn.wordpress.org/trunk@53164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 20:35:14 +00:00
Sergey Biryukov 178bd65605 Tests: Replace `esc_url_raw()` calls with `sanitize_url()`.
Previously committed in [53455], appears to be accidentally reverted in [53562].

Follow-up to [51597], [53452], [53455], [53562].

See #39265, #55652.
Built from https://develop.svn.wordpress.org/trunk@53574


git-svn-id: http://core.svn.wordpress.org/trunk@53163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 15:09:11 +00:00
Sergey Biryukov dc8416e7c2 Tests: Use more consistent wording when referring to PHP deprecation notices.
Previously committed in [53492], appears to be accidentally reverted in [53564].

Follow-up to [51619], [51695], [53492], [53563].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53573


git-svn-id: http://core.svn.wordpress.org/trunk@53162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 15:04:10 +00:00
Sergey Biryukov d0588e2f1b Tests: Give the tests for adding empty post meta values more consistent names.
One of these was previously renamed to mention `update_metadata_by_mid()`.

While `update_metadata_by_mid()` is indeed called in `wp_ajax_add_meta()` to update an existing meta value, the functionality change that the test intended to verify was in the latter function.

Follow-up to [44153], [53561].

See #55652.
Built from https://develop.svn.wordpress.org/trunk@53572


git-svn-id: http://core.svn.wordpress.org/trunk@53161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 14:43:11 +00:00
Sergey Biryukov 816325b9b8 Tests: Put `@covers` tags before `@params` in Ajax and Formatting groups.
This makes the placement more consistent with the rest of the test suite.

Follow-up to [53561], [53562].

See #39265.
Built from https://develop.svn.wordpress.org/trunk@53571


git-svn-id: http://core.svn.wordpress.org/trunk@53160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 14:20:13 +00:00
Sergey Biryukov 7abd4bc951 Media: Use correct escaping function for URLs in some legacy media functions.
This affects:
* `get_image_send_to_editor()`
* `image_link_input_fields()`

Follow-up to [7092], [7874], [8653], [11109], [11204], [11383], [12051], [12199], [19982].

Props smit08, mukesh27.
Fixes #56064.
Built from https://develop.svn.wordpress.org/trunk@53570


git-svn-id: http://core.svn.wordpress.org/trunk@53159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-24 13:52:13 +00:00
Sergey Biryukov bb92e303d7 Editor: Add utility classnames back to blocks that have layout attributes specified.
[https://github.com/WordPress/gutenberg/issues/38719 In 5.9 these utility classnames were removed], which removed the ability for theme/plugin authors to assign their own custom CSS related to specific layout selections. This was mostly related to the Button block.

This commit adds these classes dynamically based on attributes, rather than saving them to the serialized content.

Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/41487 #41487 Add utility classnames back to blocks that have layout attributes specified]

Props glendaviesnz, peterwilsoncc, andrewserong, zieladam, matveb, samikeijonen.
See #56058.
Built from https://develop.svn.wordpress.org/trunk@53568


git-svn-id: http://core.svn.wordpress.org/trunk@53157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-23 23:09:09 +00:00
audrasjb 9a2ae08812 Application Passwords: Ensure long passwords don't break the "new password" notice.
This changeset adds a `word-wrap: break-word` CSS declaration to avoid text overflow in the "new application password" notice.

Props Presskopp, hasanuzzamanshamim, yannielsen, audrasjb.
Fixes #54581.

Built from https://develop.svn.wordpress.org/trunk@53567


git-svn-id: http://core.svn.wordpress.org/trunk@53156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-23 23:04:09 +00:00
audrasjb a33fd9fc55 Docs: Use third-person singular verbs for function descriptions in Bookmark related files, as per docblock standards.
This changeset updates `bookmark.php` and `bookmark-template.php` files.

See #55646.

Built from https://develop.svn.wordpress.org/trunk@53566


git-svn-id: http://core.svn.wordpress.org/trunk@53155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-23 22:57:12 +00:00
Sergey Biryukov a5ab6b8d8b Tests: Correct the expected result for `wp_ajax_replyto_comment()` test with a draft post.
The "Error:" prefix was previously removed and accidentally re-added with `@covers` tags.

Follow-up to [53337], [53561].

See #39265.
Built from https://develop.svn.wordpress.org/trunk@53565


git-svn-id: http://core.svn.wordpress.org/trunk@53154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-23 21:38:12 +00:00
Andrew Ozz 4c9bf00e9c Build/Test Tools: Add missing @covers tags and fix the docs for the Cron test group.
Props pbeane, hellofromTonya, antonvlasenko, ironprogrammer, SergeyBiryukov, costdev.
See #39265.

Built from https://develop.svn.wordpress.org/trunk@53564


git-svn-id: http://core.svn.wordpress.org/trunk@53153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-23 20:43:13 +00:00