Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.
A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.
Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes#52547.
git-svn-id: https://develop.svn.wordpress.org/trunk@50399 602fd350-edb4-49c9-b593-d223f7449a82
The `addInlineNotice()` function expects a single string as a success or error message, not an array of strings.
Follow-up to [50129].
Props audrasjb.
Fixes#52573.
git-svn-id: https://develop.svn.wordpress.org/trunk@50390 602fd350-edb4-49c9-b593-d223f7449a82
Use `home_url()` for asynchronous loopback test to ensure correct results on sites with WordPress installed elsewhere, for example WordPress in a sub-directory.
Props Levdbas.
Fixes#52547.
git-svn-id: https://develop.svn.wordpress.org/trunk@50381 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error on PHP 8 caused by passing a zero value to `fread()` as the `$length` argument, which must be greater than zero.
Props yakimun, fierevere, jrf, DavidAnderson, SergeyBiryukov.
Fixes#52018.
git-svn-id: https://develop.svn.wordpress.org/trunk@50355 602fd350-edb4-49c9-b593-d223f7449a82
Rename `wp_force_plain_ugly_permalink()` to `wp_force_plain_post_permalink()` to match terminology used in the WordPress dashboard.
Follow up to [50132].
Props SergeyBiryukov.
Fixes#5272.
git-svn-id: https://develop.svn.wordpress.org/trunk@50282 602fd350-edb4-49c9-b593-d223f7449a82
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.
In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.
See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.
Props Clorith, pixolin, helen, ratneshk.
Fixes#51466.
git-svn-id: https://develop.svn.wordpress.org/trunk@50263 602fd350-edb4-49c9-b593-d223f7449a82
Previously, date information was unable to be changed when using `media_handle_sideload()`.
Now you can override the date for a media item using `$post_data['post_date']` before using the function.
Props jamesgol, mukesh27, SergeyBiryukov, hellofromTonya, Mista-Flo.
Fixes#50972.
git-svn-id: https://develop.svn.wordpress.org/trunk@50258 602fd350-edb4-49c9-b593-d223f7449a82
Avoids a browser warning for having two elements with a non-unique id `#_wpnonce` on the post edit screen.
See #23165.
Fixes#51483.
Props vandestouwe, Mista-Flo.
git-svn-id: https://develop.svn.wordpress.org/trunk@50255 602fd350-edb4-49c9-b593-d223f7449a82
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.
Follow-up to [42827].
See #51800.
git-svn-id: https://develop.svn.wordpress.org/trunk@50234 602fd350-edb4-49c9-b593-d223f7449a82
This option is already available when editing an individual user, but it was previously missing from the bulk actions.
Props bonniebeeman, sabernhardt, ovidiul, jeroenrotty
Fixes#52238
git-svn-id: https://develop.svn.wordpress.org/trunk@50228 602fd350-edb4-49c9-b593-d223f7449a82
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.
We are now using `WP_RUN_CORE_TESTS` instead for consistency.
Props hellofromTonya, SergeyBiryukov.
See #49889.
git-svn-id: https://develop.svn.wordpress.org/trunk@50170 602fd350-edb4-49c9-b593-d223f7449a82
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed.
Fixes#51660.
Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50163 602fd350-edb4-49c9-b593-d223f7449a82
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.
Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes#49264.
git-svn-id: https://develop.svn.wordpress.org/trunk@50161 602fd350-edb4-49c9-b593-d223f7449a82
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
git-svn-id: https://develop.svn.wordpress.org/trunk@50159 602fd350-edb4-49c9-b593-d223f7449a82
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
git-svn-id: https://develop.svn.wordpress.org/trunk@50153 602fd350-edb4-49c9-b593-d223f7449a82
This allows for the capture and usage of error data from the method, to facilitate a potential plugin/theme rollback in the event of an update failure.
Props afragen, dd32.
Fixes#52381.
git-svn-id: https://develop.svn.wordpress.org/trunk@50151 602fd350-edb4-49c9-b593-d223f7449a82
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
git-svn-id: https://develop.svn.wordpress.org/trunk@50146 602fd350-edb4-49c9-b593-d223f7449a82
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.
Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes#44354.
git-svn-id: https://develop.svn.wordpress.org/trunk@50145 602fd350-edb4-49c9-b593-d223f7449a82
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
git-svn-id: https://develop.svn.wordpress.org/trunk@50133 602fd350-edb4-49c9-b593-d223f7449a82
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
git-svn-id: https://develop.svn.wordpress.org/trunk@50131 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
git-svn-id: https://develop.svn.wordpress.org/trunk@50128 602fd350-edb4-49c9-b593-d223f7449a82
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
git-svn-id: https://develop.svn.wordpress.org/trunk@50121 602fd350-edb4-49c9-b593-d223f7449a82
This provides a more consistent location for these strings and allows for reusing them in other places without hardcoding them in the markup.
Props nicolalaserra, audrasjb, johnjamesjacoby, SergeyBiryukov.
Fixes#42421.
git-svn-id: https://develop.svn.wordpress.org/trunk@50120 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
git-svn-id: https://develop.svn.wordpress.org/trunk@50082 602fd350-edb4-49c9-b593-d223f7449a82
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50072 602fd350-edb4-49c9-b593-d223f7449a82
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.
Fixes#52299.
Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50037 602fd350-edb4-49c9-b593-d223f7449a82
The version checks that are setup in `wp-includes/update.php` do set up the action, but only for the main site.
Fixes#52135.
Props audrasjb, SergeyBiryukov, maxpertici, aaribaud.
git-svn-id: https://develop.svn.wordpress.org/trunk@50035 602fd350-edb4-49c9-b593-d223f7449a82
The function `wp_text_diff` generated an invalid table structure if the $args parameter contained any values. This patch corrects the structure generated by `wp_text_diff` and related usages so that the column count matches the data generated. Additionally, this patch passes arguments to the Revisions screen so that the screen has column headings that reflect the content in each column. Improves the accessibility and usability of the Revisions table.
Props joedolson, mehulkaklotar, afercia, adamsilverstein, zodiac1978, jeremyfelt
Fixes#25473
git-svn-id: https://develop.svn.wordpress.org/trunk@50034 602fd350-edb4-49c9-b593-d223f7449a82
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.
Props afercia, xkon, audrasjb
Fixes#47327
git-svn-id: https://develop.svn.wordpress.org/trunk@50032 602fd350-edb4-49c9-b593-d223f7449a82
This is part of a larger project in cleaning up core's admin CSS. This collapses all colors used in the CSS to one of 12 blues, greens, reds, and yellows, 13 grays, pure black, and pure white. The colors are perceptually uniform from light to dark, half of each range has a 4.5 or higher contrast against white, the other half has a 4.5 or higher contrast against black.
Standardizing on this set of colors will help contributors make consistent, accessible design decisions. The full color palette can be seen here: https://codepen.io/ryelle/full/WNGVEjw
Props notlaura, danfarrow, kburgoine, drw158, audrasjb, Joen, hedgefield, ibdz, melchoyce.
See #49999.
git-svn-id: https://develop.svn.wordpress.org/trunk@50025 602fd350-edb4-49c9-b593-d223f7449a82
Since WordPress 2.5 and 2.6, `post_content` and `post_excerpt` have both had export-specific filters: `the_content_export`, and `the_excerpt_export`, respectively. `post_title`, however, has used `the_title_rss`, which behaves differently in two important ways:
- It strips HTML tags from the string.
- It HTML-encodes the title string.
These behaviours are not ideal for exports, since it changes the post title, resulting in data loss in export files, and incorrect post duplicate matching on import. This changes replaces the usage of `the_title_rss` with a new filter, `the_title_export`. The new filter is intended to be used in the same as `the_content_export` and `the_excerpt_export`.
Props jmdodd, audrasjb.
Fixes#52250.
git-svn-id: https://develop.svn.wordpress.org/trunk@50011 602fd350-edb4-49c9-b593-d223f7449a82
To be able to disable jQuery Migrate as step 3 of updating the jQuery version shipped with WordPress, all `JQMIGRATE` warnings in the browser console will have to be addressed.
This includes many minor adjustments to a wide array of core files.
Follow-up to:
* Step 1: Disabling jQuery Migrate 1.4.1 in WordPress 5.5: [48323], [48324]
* Step 2: Updating jQuery to 3.5.1 and adding jQuery Migrate 3.3.x in WordPress 5.6: [49101], [49338], [49615], [49649]
Props Clorith, azaozz.
See #51812.
git-svn-id: https://develop.svn.wordpress.org/trunk@50001 602fd350-edb4-49c9-b593-d223f7449a82
This makes the button label more clear and allows for removing unnecessary description.
Props afragen, audrasjb.
Fixes#51774.
git-svn-id: https://develop.svn.wordpress.org/trunk@49984 602fd350-edb4-49c9-b593-d223f7449a82
Previously, attachments without an author could cause a PHP fatal error due to calling the `::exists()` method on a `false` value.
Props antpb, carloscastilloadhoc, hellofromTonya, garrett-eclipse.
Fixes#52030.
git-svn-id: https://develop.svn.wordpress.org/trunk@49979 602fd350-edb4-49c9-b593-d223f7449a82
