For accessibility, input fields should identify their "purpose". The HTML5 attribute `autocomplete` allows for various user data to be quickly autofilled while adding context for some assistive technologies.
This commit adds the appropriate autofill purposes for an author's name, email, and website URL in the comment form template.
Props juliemoynat, bhrugesh96, sabernhardt.
Fixes#55779.
git-svn-id: https://develop.svn.wordpress.org/trunk@53576 602fd350-edb4-49c9-b593-d223f7449a82
WordPress does not currently provide an explicit method for escaping SQL table and column names. This leads to potential security vulnerabilities, and makes reviewing code for security unnecessarily difficult. Also, static analysis tools also flag the queries as having unescaped SQL input.
Tables and column names in queries are usually in-the-raw, since using the existing `%s` will straight quote the value, making the query invalid.
This change introduces a new `%i` placeholder in `$wpdb->prepare` to properly quote table and column names using backticks.
Props tellyworth, iandunn, craigfrancis, peterwilsoncc, johnbillion, apokalyptik.
Fixes#52506.
git-svn-id: https://develop.svn.wordpress.org/trunk@53575 602fd350-edb4-49c9-b593-d223f7449a82
[https://github.com/WordPress/gutenberg/issues/38719 In 5.9 these utility classnames were removed], which removed the ability for theme/plugin authors to assign their own custom CSS related to specific layout selections. This was mostly related to the Button block.
This commit adds these classes dynamically based on attributes, rather than saving them to the serialized content.
Original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/41487#41487 Add utility classnames back to blocks that have layout attributes specified]
Props glendaviesnz, peterwilsoncc, andrewserong, zieladam, matveb, samikeijonen.
See #56058.
git-svn-id: https://develop.svn.wordpress.org/trunk@53568 602fd350-edb4-49c9-b593-d223f7449a82
This introduces the following new actions which wrap the process of loading a template file:
* `wp_before_load_template`
* `wp_after_load_template`
Props rmccue, tabrisrp, peterwilsoncc
Fixes#54541
git-svn-id: https://develop.svn.wordpress.org/trunk@53560 602fd350-edb4-49c9-b593-d223f7449a82
`use_block_editor_for_post_type` and `use_block_editor_for_post` can be very useful in more contexts than wp-admin, especially when a site is in transition. For example, you may want to do things on init that are different.
Neither function depends on other functions that are available only in wp-admin (other than use_block_editor_for_post() relying on use_block_editor_for_post_type() and an admin-referrer check that's historically gated by a query variable and now also gated by is_admin), therefore moving them to wp-includes seems both feasible and beneficial
Props ethitter, jorbin.
Fixes#51819.
git-svn-id: https://develop.svn.wordpress.org/trunk@53559 602fd350-edb4-49c9-b593-d223f7449a82
Cache result of database queries in `_find_post_by_old_slug` and `_find_post_by_old_date` functions. This means that repeated requests to a url where the page is not found, will result in hitting a cache for sites running persistent object caching.
Props Spacedmonkey, dd32, mukesh27, pbearne, flixos90.
Fixes#36723.
git-svn-id: https://develop.svn.wordpress.org/trunk@53549 602fd350-edb4-49c9-b593-d223f7449a82
This changeset sets the `ignore_sticky_posts` parameter to `true` in the default arguments passed to `wp_sitemaps_posts_query_args`.
Props RavanH, pbiron, swissspidy, audrasjb, SergeyBiryukov.
Fixes#55633.
git-svn-id: https://develop.svn.wordpress.org/trunk@53548 602fd350-edb4-49c9-b593-d223f7449a82
Includes:
* Documenting the returned array using hash notation.
* Adding a `@since` note for the `$filesize` value being included in the returned array.
This affects:
* `wp_generate_attachment_metadata()`
* `wp_get_attachment_metadata()`
* `WP_Image_Editor::save()`
* `WP_Image_Editor_GD::save()` and `::_save()`
* `WP_Image_Editor_Imagick::save()` and `::_save()`
Follow-up to [22094], [22619], [52837], [53546].
See #55646.
git-svn-id: https://develop.svn.wordpress.org/trunk@53547 602fd350-edb4-49c9-b593-d223f7449a82
Move logic to generate link to global styles to the `prepare_links` method in theme REST API controller. This way all logic to generate links is within the `prepare_links` method, bringing this controller inline with other REST API controllers.
Props SergeyBiryukov, Spacedmonkey.
Fixes#56018.
git-svn-id: https://develop.svn.wordpress.org/trunk@53544 602fd350-edb4-49c9-b593-d223f7449a82
This changeset removes Meetup as an oEmbed source, since Meetup.com have deprecated their oEmbed endpoint. The block has already been removed from the editor, see GB#35085.
Props peterwilsoncc, audrasjb, swissspidy.
Fixes#55997.
git-svn-id: https://develop.svn.wordpress.org/trunk@53540 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the global is explicitly declared and documented in:
* `get_next_posts_link()`
* `get_posts_nav_link()`
* `get_the_posts_navigation()`
* `get_the_posts_pagination()`
* `get_next_comments_link()`
Follow-up to [30065].
Props mt8.biz, sabernhardt.
Fixes#43164.
git-svn-id: https://develop.svn.wordpress.org/trunk@53520 602fd350-edb4-49c9-b593-d223f7449a82
This brings more consistency with similar `require_once` statements and `_deprecated_file()` calls in other files.
Follow-up to [601], [628], [36693], [44359], [45663], [45678], [52026],
Props malthert.
See #54233.
git-svn-id: https://develop.svn.wordpress.org/trunk@53518 602fd350-edb4-49c9-b593-d223f7449a82
* As of WordPress 3.6.1, the `html5` feature requires an array of types to be passed. Defaults to `comment-list`, `comment-form`, `search-form` for backward compatibility.
* As of WordPress 6.0, the previously added `_doing_it_wrong()` notice is actually displayed as expected.
Follow-up to [25193], [25235], [25785], [49344], [49354], [52828].
Props bobbingwide.
See #51657, #55646.
git-svn-id: https://develop.svn.wordpress.org/trunk@53513 602fd350-edb4-49c9-b593-d223f7449a82
* Make the function description more specific, for consistency with other similar functions.
* Add a `@since` note for the `$update_menu_item_cache` parameter of `WP_Query::parse_query()`.
* Add missing `@covers` tags for the unit tests.
Follow-up to [53504].
See #55620.
git-svn-id: https://develop.svn.wordpress.org/trunk@53508 602fd350-edb4-49c9-b593-d223f7449a82
* Make the function description more specific, for consistency with `update_post_author_caches()`.
* Add missing `@covers` tags for the unit test.
Follow-up to [53506].
See #55593.
git-svn-id: https://develop.svn.wordpress.org/trunk@53507 602fd350-edb4-49c9-b593-d223f7449a82
Prime caches for all post parents in the post REST API controller using the `_prime_post_caches` function. Post parent objects are required as part of the `check_read_permission` method’s permission check in post REST API controller.
Props spacedmonkey, furi3r, peterwilsoncc, mitogh, madpixels.
Fixes#55593.
git-svn-id: https://develop.svn.wordpress.org/trunk@53506 602fd350-edb4-49c9-b593-d223f7449a82
When using multilingual websites, this string could end up with multiple different translations in the error log, making it less actionable.
Unlike errors displayed to the user, a general consensus for software is that errors in logs should always be in English. Since MySQL errors are also returned in English, this brings more consistency to the logs.
Follow-up to [6391], [8168], [19760].
Props malthert.
Fixes#53125.
git-svn-id: https://develop.svn.wordpress.org/trunk@53505 602fd350-edb4-49c9-b593-d223f7449a82
Add a new parameter to `WP_Query` called `update_menu_item_cache` that when set to true, primes the caches for linked terms and posts for menu item post objects. This change moves logic
found in `wp_get_nav_menu_items` into a new function called `update_menu_item_cache`. Update the menu item REST API controller, to pass the `update_menu_item_cache` parameter to the
arguments used for the `WP_Query` run to get menu items.
Props furi3r, TimothyBlynJacobs, spacedmonkey, peterwilsoncc, mitogh.
Fixes#55620.
--This line, and those below, will be ignored--
M src/wp-includes/class-wp-query.php
M src/wp-includes/nav-menu.php
M src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php
M tests/phpunit/tests/post/nav-menu.php
git-svn-id: https://develop.svn.wordpress.org/trunk@53504 602fd350-edb4-49c9-b593-d223f7449a82
That allows locales to switch the order of the first name and last name, should they prefer to do so.
The string was previously used in `wp_insert_user()` and is now reused in other places for consistency:
* `WP_MS_Users_List_Table::column_name()`
* `WP_Users_List_Table::column_name()`
* `wp_list_authors()`
* `wp_list_users()`
Note: This also removes the `wp_list_author_full_name` filter, introduced for the same purpose in `wp_list_authors()`, as redundant for now.
Follow-up to [53486].
See #17025.
git-svn-id: https://develop.svn.wordpress.org/trunk@53501 602fd350-edb4-49c9-b593-d223f7449a82
Ensure that featured image caches are primed for post collections in the post REST API controller, by calling the `update_post_thumbnail_cache` function.
Props Spacedmonkey, TimothyBlynJacobs, mitogh.
Fixes#55592.
git-svn-id: https://develop.svn.wordpress.org/trunk@53499 602fd350-edb4-49c9-b593-d223f7449a82
Avoid duplicated query when retrieving empty posts collections by adding a check if the page is more than 1.
Props furi3r, gdetassigny, TimothyBlynJacobs, spacedmonkey.
Fixes#55677.
git-svn-id: https://develop.svn.wordpress.org/trunk@53498 602fd350-edb4-49c9-b593-d223f7449a82
Introduced [52836] when passing `child_of` or `pad_counts` parameters to `get_terms` or `WP_Term_Query` class, the array of terms received by the query, was not correctly cached. This
change simplifies the logic in `WP_Term_Query` and ensures terms are correctly cached. This change also, improves performance, by only caching an array of term ids where possible.
Props denishua, spacedmonkey, oztaser, peterwilsoncc, SergeyBiryukov, georgestephanis, jnz31, knutsp, mukesh27, costdev.
Fixes#55837.
git-svn-id: https://develop.svn.wordpress.org/trunk@53496 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_user_settings()` function calls the PHP native `setcookie()` function, the fifth parameter of which is the ''optional'' `$domain` parameter which expects a `string`.
A parameter being optional, however, does not automatically make it nullable.
As of PHP 8.1, passing `null` to a non-nullable PHP native function will generate a deprecation notice.
In this case, this function call yielded a `setcookie(): Passing null to parameter #5 ($domain) of type string is deprecated` notice.
Changing the `null` to an empty string fixes this without a backward compatibility break.
References:
* [https://www.php.net/manual/en/function.setcookie.php PHP Manual: setcookie()]
* [https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg PHP RFC: Deprecate passing null to non-nullable arguments of internal functions]
Follow-up to [29478].
Props ocean90, shenyanzhi, meysamnorouzi, jrf.
Fixes#54914.
git-svn-id: https://develop.svn.wordpress.org/trunk@53490 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces the `wp_list_author_full_name` hook to allows developers to filter author full name, which by default is a combinaison of the author first and last name, separated by a space.
Props kevinB, wonderboymusic, DrewAPicture, nacin, Mte90, jorbin, afercia, rafiahmedd.
Fixes#17025.
git-svn-id: https://develop.svn.wordpress.org/trunk@53486 602fd350-edb4-49c9-b593-d223f7449a82
In the `WP_REST_Post_Search_Handler` class, ensure that post, post meta and term caches are correctly primed when performing a search.
Props furi3r, spacedmonkey, TimothyBlynJacobs, audrasjb, peterwilsoncc.
Fixes#55674.
git-svn-id: https://develop.svn.wordpress.org/trunk@53485 602fd350-edb4-49c9-b593-d223f7449a82
* Make the descriptions for `update_post_author_caches()` and `update_post_caches()` more specific.
* Move the unit test into its own file, for consistency with `update_post_cache()` tests. This also allows for using shared fixtures in case more tests are added in the future.
Follow-up to [53482].
See #55716.
git-svn-id: https://develop.svn.wordpress.org/trunk@53483 602fd350-edb4-49c9-b593-d223f7449a82
For a call to `WP_Query` or a post REST API request that contains posts from multiple authors, call the `cache_users` function, to ensure that all user data for post authors is primed in
a single database query. This results in far fewer database queries on multiple author sites.
Props spacedmonkey, timothyblynjacobs, peterwilsoncc.
Fixes#55716.
git-svn-id: https://develop.svn.wordpress.org/trunk@53482 602fd350-edb4-49c9-b593-d223f7449a82
* Add a `@since` note for the `decoding` attribute in `wp_get_attachment_image()`.
* Adjust `wp_img_tag_add_decoding_attr()` DocBlocks per the documentation standards.
* Wrap some long `sprintf()` calls in unit tests for better readability. In at least one case, `the_content` was unnecessarily passed to `sprintf()` as an extra (unused) parameter.
Follow-up to [53480].
See #53232.
git-svn-id: https://develop.svn.wordpress.org/trunk@53481 602fd350-edb4-49c9-b593-d223f7449a82
Dynamically add `decoding="async"` to image tags on the front end of a site to instruct browsers to download them in parallel.
Modifies `wp_get_attachment_image()`, `get_avatar()` to include the attribute by default. Modifies `wp_filter_content_tags()` to add the attribute during the front-end render of the site.
Introduces `wp_img_tag_add_decoding_attr()` to take an image tag and modify it to include the attribute. Introduces the filter `wp_img_tag_add_decoding_attr` used to define the default value for the attribute.
Props adamsilverstein, ayeshrajans, costdev, flixos90, hellofromtonya, isaumya, michaelbourne, mihai2u, mitogh, sergiomdgomes, spacedmonkey, westonruter, peterwilsoncc.
Fixes#53232.
git-svn-id: https://develop.svn.wordpress.org/trunk@53480 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures `wp_rand()` returns zero instead of a random number when both `$min` and `$max` values are equal to zero.
Fixes#55194.
git-svn-id: https://develop.svn.wordpress.org/trunk@53473 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the methods are recognized by the WordPress Code Reference parser.
Follow-up to [7994], [25567], [27156], [28887], [49672], [52226].
Props dd32, audrasjb.
Fixes#55928.
git-svn-id: https://develop.svn.wordpress.org/trunk@53469 602fd350-edb4-49c9-b593-d223f7449a82
If the path starts with a slash, it will be considered absolute and returned as is earlier in the function.
It it's not absolute, then it does not start with a slash, so there is nothing to trim.
This change is covered by existing unit tests.
Follow-up to [6984], [53457].
Props karlijnbk.
See #55897.
git-svn-id: https://develop.svn.wordpress.org/trunk@53460 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
This replaces the only instance of the `add new media` context with `file`, used in other instances of the string.
Follow-up to [9198], [10680], [21948].
Props benjgrolleau, tobifjellner, SergeyBiryukov.
Fixes#55876.
git-svn-id: https://develop.svn.wordpress.org/trunk@53453 602fd350-edb4-49c9-b593-d223f7449a82
A general security rule is "Sanitize when you save, escape when you echo".
In WordPress 5.9, `sanitize_url()` was un-deprecated in order to better align with the naming of other sanitizing functions, while still being an alias for `esc_url_raw()`.
This commit reverses the order and turns `esc_url_raw()` into a wrapper for `sanitize_url()`, making the latter the canonical function call and aiming to improve performance by reducing the number of function calls required when using the recommended technique.
Follow-up to [11383], [13096], [51597].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
See #55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53452 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned correctly` WPCS warning.
Additionally, this commit sets the `svn:eol-style` property for the `phpunit/tests/ajax/wpAjaxCropImage.php` file and corrects line endings, so that the output of `composer format` is clean.
Follow-up to [53027], [53217], [53404].
Props hellofromTonya, SergeyBiryukov.
See #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53441 602fd350-edb4-49c9-b593-d223f7449a82
