Modifies `WP_Http::make_absolute_url()` to prevent it from dropping URL fragments, this in turn fixes the same issue for `links_add_base_url()`.
Props costdev, sergeybiryukov, dshanske, schlessera, jrf, desrosj, dd32.
Fixes#56231.
git-svn-id: https://develop.svn.wordpress.org/trunk@55370 602fd350-edb4-49c9-b593-d223f7449a82
Introduces client and server side validation to ensure the `replytocom` query string parameter can not be exploited to reply to an unapproved comment or display the name of an unapproved commenter.
This only affects commenting via the front end of the site. Comment replies via the dashboard continue their current behaviour of logging the reply and approving the parent comment.
Introduces the `$post` parameter, defaulting to the current global post, to `get_cancel_comment_reply_link()` and `comment_form_title()`.
Introduces `_get_comment_reply_id()` for determining the comment reply ID based on the `replytocom` query string parameter.
Renames the parameter `$post_id` to `$post` in `get_comment_id_fields()` and `comment_id_fields()` to accept either a post ID or `WP_Post` object.
Adds a new `WP_Error` return state to `wp_handle_comment_submission()` to prevent replies to unapproved comments. The error code is `comment_reply_to_unapproved_comment` with the message `Sorry, replies to unapproved comments are not allowed.`.
Props costdev, jrf, hellofromtonya, fasuto, boniu91, milana_cap.
Fixes#53962.
git-svn-id: https://develop.svn.wordpress.org/trunk@55369 602fd350-edb4-49c9-b593-d223f7449a82
Fixes the conditions for when to enqueue the opinionated block styles (i.e. `'wp-block-library-theme'` stylesheet):
* the theme adds `'wp-block-styles'` theme support;
* and no editor styles are declared.
This resolves an issue with themes that do not add the `'wp-block-styles'` theme support while not impacting themes that do.
Follow-up to [53419], [52069], [50761], [44157].
Props mikachan, costdev, glendaviesnz, hellofromTonya, jffng, mamaduka, ndiego, poena, sannevndrmeulen, scruffian.
Fixes#57561.
git-svn-id: https://develop.svn.wordpress.org/trunk@55368 602fd350-edb4-49c9-b593-d223f7449a82
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.
Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}
This affects:
* Function parameters in:
* `add_meta()`
* `post_preview()`
* `WP_Embed::delete_oembed_caches()`
* `WP_Embed::cache_oembed()`
* `wp_get_post_cats()`
* `wp_set_post_cats()`
* `wp_unique_post_slug()`
* `wp_set_post_categories()`
* `wp_check_post_hierarchy_for_loops()`
* `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
* `wp_filter_wp_template_unique_post_slug()`
* `wp_xmlrpc_server::add_enclosure_if_new()`
* `wp_xmlrpc_server::attach_uploads()`
* `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
* `wp_ajax_inline_save()`
* `wp_ajax_set_post_thumbnail()`
* `wp_ajax_get_post_thumbnail_html()`
* `edit_post()`
* `bulk_edit_posts()`
* `wp_write_post()`
* `WP_Embed::shortcode()`
* `wp_insert_post()`
* `wp_xmlrpc_server::_insert_post()`
* `wp_xmlrpc_server::blogger_getPost()`
* `wp_xmlrpc_server::blogger_newPost()`
* `wp_xmlrpc_server::blogger_editPost()`
* `wp_xmlrpc_server::blogger_deletePost()`
* `wp_xmlrpc_server::mw_getPost()`
* `wp_xmlrpc_server::mw_newPost()`
* `wp_xmlrpc_server::mw_editPost()`
* `wp_xmlrpc_server::mt_getPostCategories()`
* `wp_xmlrpc_server::mt_setPostCategories()`
* `wp_xmlrpc_server::mt_publishPost()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `oembed_ttl`
* `embed_oembed_html`
* `wp_insert_post_parent`
* `add_trashed_suffix_to_trashed_posts`
* `pre_post_update`
* `edit_attachment`
* `attachment_updated`
* `add_attachment`
* `edit_post_{$post->post_type}`
* `edit_post`
* `post_updated`
* `save_post_{$post->post_type}`
* `save_post`
* `wp_insert_post`
* `pre_wp_unique_post_slug`
* `wp_unique_post_slug`
* `xmlrpc_call_success_blogger_newPost`
* `xmlrpc_call_success_blogger_editPost`
* `xmlrpc_call_success_blogger_deletePost`
* `xmlrpc_call_success_mw_newPost`
* `xmlrpc_call_success_mw_editPost`
Note: The name change only affects variable names and DocBlocks.
The change does not affect the `$post_ID` global still used in a few places.
Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].
Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes#57692.
git-svn-id: https://develop.svn.wordpress.org/trunk@55365 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the `rest_pre_dispatch` filter could be used to return a `WP_Error` instance. This would cause a fatal error for `rest_post_dispath`
filters that were rightly expecting a `WP_REST_Response` object to be passed instead.
Props DaveFX, felipeelia.
Fixes#56566.
git-svn-id: https://develop.svn.wordpress.org/trunk@55361 602fd350-edb4-49c9-b593-d223f7449a82
When registering a new user, check that no existing user has an email matching the username.
Prevents a login name collision when one user registers with the email address user@test.com and a second user tries to register with the username user@test.com.
Props buutqn, dunhakdis, roytanck, ajayver.
Fixes#57394.
git-svn-id: https://develop.svn.wordpress.org/trunk@55358 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error if these functions are called in a mu-plugin before `$wp_locale` is set:
* `wp_get_list_item_separator()`
* `wp_get_word_count_type()`
Follow-up to [52929], [52933], [55279], [55295].
Props kraftbj.
Fixes#56698.
git-svn-id: https://develop.svn.wordpress.org/trunk@55351 602fd350-edb4-49c9-b593-d223f7449a82
Layout style properties are stored using indirect values, rather than direct CSS properties.
Allow users without the `unfiltered_html` capability to modify global styles using the indirect block spacing properties `contentSize`, `wideSize`, and `blockGap`, using a mapping of the eventual CSS property to the indirect property stored in `theme.json`. The mapped CSS property is then used for CSS validation.
Props andrewserong, costdev, hellofromtonya, mamaduka, mmtr86.
Fixes#57321.
git-svn-id: https://develop.svn.wordpress.org/trunk@55345 602fd350-edb4-49c9-b593-d223f7449a82
Sets the `styles` block setting to an empty array in the `REST_Block_Type_Controller_Test::test_get_item_invalid()` test to resolve:
{{{
Warning: foreach() argument must be of type array|object, string given in wp-includes/class-wp-theme-json.php on line 835
}}}
Previously the test set the `styles` setting to a string value, which is incompatible. The problem surfaced after [55172] added a `foreach` to iterate the `styles`. The root cause was due to this test passing a string instead of an array.
Why?
`WP_Block_Type` `styles` property is documented as only accepting an array data type. At the time of this changeset, it does not validate before setting the property.
Code interacting with the property expects it to be an array data type. The PHP Warning alerts that of a doing it wrong when the incorrect data type is registered for the block type.
Follow-up to [55172], [48173].
Props tanjimtc71, hellofromTonya, kapilpaul.
Fixes#57706.
git-svn-id: https://develop.svn.wordpress.org/trunk@55342 602fd350-edb4-49c9-b593-d223f7449a82
The call stack for `WP_UnitTestCase_Base::set_up()` includes a call to `WP_List_Util::pluck()`, which creates an inaccurate coverage report for this method.
To resolve, `parent::set_up()` is removed from `Tests_Functions_wpListPluck::set_up()`.
To ensure that deprecation and incorrect usage notices continue to be detectable, `$this->expectDeprecated()` is added in the test's `set_up()` fixture.
Follow-up to [51663], [28900].
Props costdev, jrf, SergeyBiryukov, audrasjb.
Fixes#56706.
git-svn-id: https://develop.svn.wordpress.org/trunk@55341 602fd350-edb4-49c9-b593-d223f7449a82
Per the [https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#6-file-headers documentation standards], whenever possible, all WordPress files should contain a header DocBlock, regardless of the file’s contents – this includes files containing classes.
However, this recommendation makes less sense for unit test classes if not applied consistently, and the duplicate tags cause some confusion.
This commit aims to reduce confusion and avoid repeating information by combining the DocBlocks.
Follow-up to [40607], [43183], [43291], [43292], [43499], [43568], [44502], [44535], [44628], [44786], [44824], [44906], [44909], [46175].
Props wojtekn, antonvlasenko, arafatjamil01, hztyfoon, mukesh27, costdev, jamilbd07, robinwpdeveloper, SergeyBiryukov.
Fixes#57099.
git-svn-id: https://develop.svn.wordpress.org/trunk@55337 602fd350-edb4-49c9-b593-d223f7449a82
As menus are re-arranged, it's possible a menu item was created prior to its parent.
This introduces a test to ensure the order in which menu items are created relevant to their parents does not trigger errors.
Props costdev, peterwilsoncc.
Fixes#57122.
git-svn-id: https://develop.svn.wordpress.org/trunk@55328 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that `get_comments()` is called with the correct parameter name in:
* `wp_comments_personal_data_exporter()`
* `wp_comments_personal_data_eraser()`
Follow-up to [42888], [42994].
Props smeunus, kapilpaul, SergeyBiryukov.
Fixes#57700.
git-svn-id: https://develop.svn.wordpress.org/trunk@55324 602fd350-edb4-49c9-b593-d223f7449a82
Use the same approach in `wp_comments_personal_data_eraser()` for consistency and to minimize the number of fixtures created in each individual test.
Follow-up to [55319], [55321].
Props hellofromTonya.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/trunk@55322 602fd350-edb4-49c9-b593-d223f7449a82
This aims to make the tests more discoverable and easier to expand.
Follow-up to [42987], [55319].
See #56793.
git-svn-id: https://develop.svn.wordpress.org/trunk@55321 602fd350-edb4-49c9-b593-d223f7449a82
[52065] originally introduced the logic to guess the LCP image based on certain heuristics and to not lazy-load that image. However, with the introduction of block themes, that logic was not functioning correctly, resulting in all featured images to be lazy-loaded, regardless of whether it was the LCP image or not.
Together with an update to the `core/post-featured-image` block included in [55079], this changeset fixes the logic to correctly handle featured images in block themes as well.
Additionally, in combination with an update to the `core/template-part` block from [55246], this changeset includes an enhancement which uses the benefits of block template parts to avoid lazy-loading images in the `header` block template part, making the lazy-loading heuristics even more accurate for sites using a block theme.
Props flixos90, adamsilverstein, mamaduka, antonvlasenko, shahidul95, reduanmasud, costdev, mukesh27, ironprogrammer, manfcarlo, robinwpdeveloper, spacedmonkey.
Fixes#56930.
git-svn-id: https://develop.svn.wordpress.org/trunk@55318 602fd350-edb4-49c9-b593-d223f7449a82
This matches the `WP_HTML_Tag_Processor` class location in `wp-includes` and the `@group` name used in the tests.
Follow-up to [55203].
See #56793.
git-svn-id: https://develop.svn.wordpress.org/trunk@55315 602fd350-edb4-49c9-b593-d223f7449a82
Removes adding `local()` as a `@font-face` `src` within `_wp_theme_json_webfonts_handler()`.
Why?
To fix font incompatibilities when a user has the font-family locally installed on their viewing computer or device. It's unknown if all of the font-face variations specified by theme.json and/or global styles are:
* installed on the user's computer/device.
* and in one file or multiple files.
The previous implementation used the `src` specified when registering the font with the API. That src will likely vary from user computer/device to user computer/device.
To avoid these unknowns which could cause incompatibilities or styling issues, this changeset removes adding `local()` to the generated font-face CSS styles.
References:
* [https://github.com/WordPress/gutenberg/pull/47254 Gutenberg PR 47254]
Follow-up to [53282].
Props luehrsen, aristath, ehtmlu, hellofromTonya, wetah.
Fixes#57430.
git-svn-id: https://develop.svn.wordpress.org/trunk@55314 602fd350-edb4-49c9-b593-d223f7449a82
While also used for post passwords and application passwords, the PasswordHash library appears to be initially introduced and primarily used for user passwords, so the test file can be moved to the `user` directory.
Follow-up to [6350], [55310].
See #56340.
git-svn-id: https://develop.svn.wordpress.org/trunk@55313 602fd350-edb4-49c9-b593-d223f7449a82
This changeset uses an `(int)` cast to prevent a PHP 8.1 deprecation notice for "Implicit conversation from float to int loses precision" in `PasswordHash::gensalt_blowfish()`.
Props hanshenrik, jrf, desrosj, costdev.
Fixes#56340.
git-svn-id: https://develop.svn.wordpress.org/trunk@55310 602fd350-edb4-49c9-b593-d223f7449a82
The `$credentials['user_login']` and `$credentials['user_password']` parameters are passed by reference to the `wp_authenticate` action, and are at that point [https://www.php.net/manual/en/language.references.pass.php#124383 created as null] if they don't exist in the array.
This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:
* One from `preg_replace()` in `wp_strip_all_tags()` via `sanitize_user()` in `wp_authenticate()`:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
* One from `trim()` in `wp_authenticate()` itself:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Includes documenting the `$credentials` parameter using hash notation.
Follow-up to [6643], [37697].
Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes#56850.
git-svn-id: https://develop.svn.wordpress.org/trunk@55301 602fd350-edb4-49c9-b593-d223f7449a82
Non-Latin characters are URL-encoded (e.g. `%cf%84%ce%b5%cf%83%cf%84`). Matching `%` in the route ensures templates with non-Latin titles can be properly saved.
Props antonyagrios, mburridge.
Fixes#57329.
git-svn-id: https://develop.svn.wordpress.org/trunk@55294 602fd350-edb4-49c9-b593-d223f7449a82
Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.
Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.
Fixes#53290, #56444.
git-svn-id: https://develop.svn.wordpress.org/trunk@55289 602fd350-edb4-49c9-b593-d223f7449a82
In the Gutenberg plugin, a position block support feature was introduced last year, that allows a Group block to be set to a "sticky" position, meaning that when the page scrolls, the block will stick to the top of the window.
This change merges the "sticky" position feature for blocks introduced in Gutenberg 15.0.
Props andrewserong, flixos90, mukesh27.
Fixes#57618.
git-svn-id: https://develop.svn.wordpress.org/trunk@55285 602fd350-edb4-49c9-b593-d223f7449a82
It's not uncommon for local environments to run over HTTP due to the relative complexity of configuring HTTPS for a local environment. This change allows HTTP URLs for application password responses when that is the case.
Props peterwilsoncc, wppunk, cadic, viralsampat
Fixes#52617
git-svn-id: https://develop.svn.wordpress.org/trunk@55283 602fd350-edb4-49c9-b593-d223f7449a82
This changesets adds a `word_count_type` property, so that it does not need to be translated separately across multiple projects.
List of changes:
- New property: `WP_Locale::word_count_type`.
- New method: `WP_Locale::get_word_count_type()`.
- New function: `wp_get_word_count_type()` as a wrapper for `WP_Locale::get_word_count_type()`.
- All `_x( 'words', 'Word count type. Do not translate!' )` strings have been replaced with a call to `wp_get_word_count_type()`.
Props pedromendonca, desrosj, costdev, mukesh27, johnbillion.
Fixes#56698.
git-svn-id: https://develop.svn.wordpress.org/trunk@55279 602fd350-edb4-49c9-b593-d223f7449a82
In `WP_Image_Editor_Imagick`, bail early in `make_subsize()` if the image is already the requested size. Previously, `make_subsize()` would create another copy of the file. `WP_Image_Editor_GD` doesn't have the same problem.
Props wojtekn, danielbachhuber.
Fixes#57370.
git-svn-id: https://develop.svn.wordpress.org/trunk@55278 602fd350-edb4-49c9-b593-d223f7449a82
The appearance tools theme support(merged in [55067]) includes block gap, a feature that was not intended for themes without a theme.json.
Until it has been determined if the feature can and should be enabled in these themes, and has been successfully tested, the appearance tools theme support should be reverted.
Reverts [55067].
Props poena, Mamaduka, audrasjb.
Fixes#57649.
git-svn-id: https://develop.svn.wordpress.org/trunk@55273 602fd350-edb4-49c9-b593-d223f7449a82
The `math` element can be displayed either as a block or inline element. If `wpautop` only treats it as an inline element, it will break multiline elements by inserting `br` elements. Treating the element as a block element means that the editor won't break common normative usages of the `math` element.
Prevent `math` elements from having internal elements split up with `br` elements, disrupting formatting.
Props nicholaswilson, wojtek.szkutnik, hakre, conner_bw, ericlewis, hughie.molloy, SteelWagstaff, ryokuhi, joedolson, bgoewert, adamsilverstein, joedolson.
Fixes#13340.
git-svn-id: https://develop.svn.wordpress.org/trunk@55272 602fd350-edb4-49c9-b593-d223f7449a82
This aims to resolve intermittent test failures due to indeterminate sort order.
Follow-up to [55248].
Props petitphp, costdev, audrasjb, johnbillion.
Fixes#43867.
git-svn-id: https://develop.svn.wordpress.org/trunk@55264 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces the `wp_get_attachment_link_attributes` hook to allow developers to filter the link attributes when getting the attachment link.
Props NathanAtmoz, aaroncampbell, antpb, costdev.
Fixes#41574.
git-svn-id: https://develop.svn.wordpress.org/trunk@55262 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds a `rel="privacy-policy"` attribute to user-facing links to the Privacy Policy of the website, when a privacy policy page is set and available. While this `rel` value is still a RFC of the Link Types HTML specification, this changeset helps to make Privacy Policy link more discoverable for user agents and HTML parsers.
Props dshanske, audrasjb, bhavz-10, bookwyrm, faisal03, JeffPaul, peterwilsoncc, paapst, davidbaumwald, costdev, robinwpdeveloper, kawserz.
Fixes#56345.
git-svn-id: https://develop.svn.wordpress.org/trunk@55261 602fd350-edb4-49c9-b593-d223f7449a82
Add a new filter `pre_wp_load_alloptions` in the `wp_load_alloptions` function to short circuit the return value.
Props pbearne, spacedmonkey, joyously, SergeyBiryukov, mukesh27, costdev.
Fixes#56045.
git-svn-id: https://develop.svn.wordpress.org/trunk@55256 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a new filter for `wp_save_post_revision()`. `wp_save_post_revision_revisions_before_deletion` passes the revisions to be considered for deletion, and the new revision's post ID.
This allows extenders to exclude specific revisions from being considered for deletion.
Props jhned, costdev, audrasjb, adamsilverstein, mukesh27.
Fixes#57320.
git-svn-id: https://develop.svn.wordpress.org/trunk@55254 602fd350-edb4-49c9-b593-d223f7449a82
In [47938] the `wp_cache_get_multiple` function was added to core. This function allows for multiple cache keys to be received from cache in a single function call. `wp_queue_posts_for_term_meta_lazyload` function does many calls to cache. To get taxonomy relationship for multiple posts and get all terms. Replace calls to `get_object_term_cache` with calls to `wp_cache_get_multiple` and `_prime_term_caches`. This improves performance on sites that implement the `wp_cache_get_multiple` in their object caching drop-in.
Props spacedmonkey, ocean90, SergeyBiryukov, costdev, flixos90, joemcgill, 10upsimon.
Fixes#57150.
git-svn-id: https://develop.svn.wordpress.org/trunk@55252 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the `s` argument of the `WP_Query::parse_query()` method searched the `post_title`, `post_excerpt`, and `post_content` fields, with no way of controlling this apart from using the `posts_search` filter and adjusting the SQL manually. This changeset adds the ability to specify which fields are searched when performing a query, using the `search_columns` argument.
Props johnbillion, birgire, petitphp, audrasjb, costdev, mukesh27.
Fixes#43867.
git-svn-id: https://develop.svn.wordpress.org/trunk@55248 602fd350-edb4-49c9-b593-d223f7449a82
In addition to all the packages being updated to the latest versions,
this commit also includes some mandatory changes to avoid editor breakage:
- Update React to to 18.2.0.
- Add the right stylesheets to support iframed block editors.
Props ntsekouras, mamaduka, flixos90, desrosj, peterwilsoncc.
See #57471.
git-svn-id: https://develop.svn.wordpress.org/trunk@55246 602fd350-edb4-49c9-b593-d223f7449a82
Check the input of `wp_strip_all_tags()` before passing it to `strip_tags()`. This protects against fatal errors introduced in PHP 8, retaining the `E_USER_WARNING` from PHP 7, and prevents a PHP 8.1 deprecation notice when passing null.
Props chocofc1, costdev, jrf, dd32, audrasjb, peterwilsoncc.
Fixes#56434.
git-svn-id: https://develop.svn.wordpress.org/trunk@55245 602fd350-edb4-49c9-b593-d223f7449a82
Introduces a test for the `WP_Error` object `destination_not_deleted_move_dir` in the `move_dir()` function.
Follow up to [55226].
Props costdev, mukesh27.
Fixes#57375.
git-svn-id: https://develop.svn.wordpress.org/trunk@55244 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds a `block_theme` entry in the theme cache data, similar to the existing entries `headers`, `errors`, `stylesheet`, and `template`.
Props spacedmonkey, costdev, joemcgill, flixos90, mukesh27, adamsilverstein.
Fixes#57114.
git-svn-id: https://develop.svn.wordpress.org/trunk@55236 602fd350-edb4-49c9-b593-d223f7449a82
