This change adds a filter inside of the `get_header_image_tag()` function allowing developers to filter the attributes of the header image HTML tag before they are escaped, concatenated, and returned.
Before this change, it was not possible to externally and preemptively intercept this array of attributes. After this change, these attributes can now be easily filtered, matching it nicely to the `wp_get_attachment_image_attributes` hook.
Props audrasjb, chaion07, junaidbhura, sabernhardt.
Fixes#38942.
git-svn-id: https://develop.svn.wordpress.org/trunk@51978 602fd350-edb4-49c9-b593-d223f7449a82
Adds a new REST API endpoint (`/wp-block-editor/v1/url-details`) for retrieving information from an external URL.
Information retrieved:
* Title: content of the `<title>` element
* Icon: favicon image link
* Description: content of the `description` or `og:description` meta element
* Image: OG image link
This endpoint is used by the block editor for link previews.
Props get_dave, aduth, andraganescu, beaulebens, hellofromTonya, kevin940726, mamaduka, marekhrabe, mnelson4, noisysocks, obenland, ocean90, retrofox, shaunandrews, spacedmonkey, swissspidy, timothyblynjacobs, xknown, youknowriad.
Fixes#54358.
git-svn-id: https://develop.svn.wordpress.org/trunk@51973 602fd350-edb4-49c9-b593-d223f7449a82
Role="navigation" was required for assistive technology to recognize HTML5 element's native ARIA roles while HTML5 and ARIA were being introduced. With the deprecation of IE11, the role attribute is only required when mapping elements that don't have native role.
Props costdev, mukesh27.
Fixes#54054.
git-svn-id: https://develop.svn.wordpress.org/trunk@51967 602fd350-edb4-49c9-b593-d223f7449a82
Use 3-digit, x.x.x-style semantic versioning for `@since` tags of the `$rest_namespace` property in `WP_Post_Type` and `WP_Taxonomy`.
Add a `@since` note to `WP_REST_Taxonomies_Controller::get_item_schema()` for the `visibility` and `rest_namespace` properties.
The `rest_base` property was also added after the method was initially introduced, but that happened during the same release cycle, so it doesn't need a separate `@since` note.
Follow-up to [38832], [39191], [42729], [51959], [51961], [51962], [51964].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51965 602fd350-edb4-49c9-b593-d223f7449a82
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.
A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.
For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.
Props spacedmonkey.
Fixes#54267.
See [51962].
git-svn-id: https://develop.svn.wordpress.org/trunk@51964 602fd350-edb4-49c9-b593-d223f7449a82
This change adds two now attribute-related config options to KSES:
- An array of allowed values can be defined for attributes. If the attribute value doesn't fall into the list, the attribute will be removed from the tag.
- Attributes can be marked as required. If a required attribute is not present, KSES will remove all attributes from the tag. As KSES doesn't match opening and closing tags, it's not possible to safely remove the tag itself, the safest fallback is to strip all attributes from the tag, instead.
Included with this change is an implementation of these options, allowing the `<object>` tag to be stored in posts, but only when it has a `type` attribute set to `application/pdf`.
Props pento, swissspidy, peterwilsoncc, dd32, jorbin.
Fixes#54261.
git-svn-id: https://develop.svn.wordpress.org/trunk@51963 602fd350-edb4-49c9-b593-d223f7449a82
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument.
A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.
While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.
Props spacedmonkey, swissspidy.
Fixes#53656.
git-svn-id: https://develop.svn.wordpress.org/trunk@51962 602fd350-edb4-49c9-b593-d223f7449a82
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.
Follow-up to [38832], [39097], [39191], [39647], [51959].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51961 602fd350-edb4-49c9-b593-d223f7449a82
Previously, a 200 status code would be sent despite the 500 status code present in the response body.
Props hermpheus, lalitjalandhar.
Fixes#53056.
git-svn-id: https://develop.svn.wordpress.org/trunk@51960 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.
Follow-up to [50973], [51819].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51944 602fd350-edb4-49c9-b593-d223f7449a82
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
git-svn-id: https://develop.svn.wordpress.org/trunk@51943 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.
Follow-up to [51471].
Props aristath, shimon246, jrf, gziolo.
Fixes#54323.
git-svn-id: https://develop.svn.wordpress.org/trunk@51941 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for better readability.
Follow-up to [8516], [51826], [51929], [51931].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51940 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [8520], [51826], [51929].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51931 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [51826].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51929 602fd350-edb4-49c9-b593-d223f7449a82
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value.
* Escape the form `name` and `id` attributes.
Follow-up to [12696], [18444], [19033].
Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov.
Fixes#54279.
git-svn-id: https://develop.svn.wordpress.org/trunk@51926 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
git-svn-id: https://develop.svn.wordpress.org/trunk@51919 602fd350-edb4-49c9-b593-d223f7449a82
[51916] fixed a bug where `array( `false` )` was added to the cron array when `_get_cron_array()` returned `false`.
This commit:
* Removes any `false` values from the cron array when upgrading to 5.9+.
* Bumps the database version.
Follow-up to [44917], [51916].
Props peterwilsoncc, jrf.
See #53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51917 602fd350-edb4-49c9-b593-d223f7449a82
In `wp_schedule_single_event()`, the cron info array is retrieved via a call to `_get_cron_array()` and straight away cast to an array. But as the documentation for that function (correctly) states, the return type of that function is `array|false`, where `false` is returned for a site where no cron jobs have been scheduled (yet).
In the case that `_get_cron_array()` would return `false`, this would now unintentionally create an array with a single entry with key `0` and as the value `false`.
This is a bug. Fixed now by adding validation to the output of `_get_cron_array()` and initializing `$crons` to an empty array if `false` was returned.
Tests added first to prove the bug (a) was introduced in #44818 [44917] and (b) is now fixed.
Follow-up to [44917].
Props jrf, peterwilsoncc.
Fixes#53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51916 602fd350-edb4-49c9-b593-d223f7449a82
The `get_attached_file()` function is supposed to return the path to the file, but could:
1. Return `false` if the file doesn't exist.
2. Return literally anything else, as a filter is being applied to the value on return.
As the `clean_dirsize_cache()` now has input validation, passing anything but a non-empty string to `clean_dirsize_cache()` will result in a PHP error notice.
This was exposed by the `Tests_Post_GetPostStatus::wpSetUpBeforeClass()` method which started generating unexpected output (the doing it wrong message) during the test run.
While this indicates that there is a flaw in the mocking being done in the test suite, debugging that is outside of the scope of the current patch.
At the same time, as based on the above point, this ''could'' potentially happen in a real-world situation as well, adding additional conditions to the `if` in the `wp_delete_attachment()` function before calling the `clean_dirsize_cache()` function, is warranted.
As there are no tests for the `wp_delete_attachment()` function at all at this time, we're not adding a test specifically for this change for now. This should however be addressed in the future, when tests will be added to cover the `wp_delete_attachment()` function completely.
Follow-up to [32619], [49212], [51910].
Props jrf, hellofromTonya.
See #52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51912 602fd350-edb4-49c9-b593-d223f7449a82
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.
The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.
The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.
By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.
Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.
Includes some girl-scouting: touching up a parameter description and some code layout.
Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/
Follow-up to [49212], [49744].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51911 602fd350-edb4-49c9-b593-d223f7449a82
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.
The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.
The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.
A number of other improvements made:
1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.
2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.
In both these cases, a PHP notice will now be thrown.
3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.
This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.
Unfortunately, no tests can be added to guard against the infinite loop.
For the other fixes, we have added appropriate unit tests.
Follow-up up [49212], [49616], [49744].
Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes#52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51910 602fd350-edb4-49c9-b593-d223f7449a82
Remove outdated list of accepted column name values, add a reference to `WP_Date_Query::validate_column()` and the `date_query_valid_columns` filter instead for a more detailed description.
Follow-up to [25139], [25860], [29933], [29934], [29938], [37477], [51905].
Props dimadin, johnjamesjacoby.
Fixes#54248.
git-svn-id: https://develop.svn.wordpress.org/trunk@51906 602fd350-edb4-49c9-b593-d223f7449a82
Add a `@since` note for `registered` and `last_updated` as default recognized date query columns.
Follow-up to [25139], [25860], [29933], [29934], [29938], [37477].
Props dimadin, johnjamesjacoby.
See #54248.
git-svn-id: https://develop.svn.wordpress.org/trunk@51905 602fd350-edb4-49c9-b593-d223f7449a82
* Audio
* Video
* Unattached
This allows for more homogeneous translations in languages where keeping a plural form is important.
Follow-up to [6910], [7397], [8901], [9556], [11749], [13100], [12110], [15491], [15578], [22743], [29426], [29625], [34256], [45651], [46437].
Props jdy68, audrasjb, SergeyBiryukov.
Fixes#54238.
git-svn-id: https://develop.svn.wordpress.org/trunk@51903 602fd350-edb4-49c9-b593-d223f7449a82
* Document the post statuses global as an array of `stdClass` objects
* Document the taxonomies global as an array of `WP_Taxonomy` objects
* Document the return value of the post count functions as `stdClass` objects
* Fix some typos
See #53399
git-svn-id: https://develop.svn.wordpress.org/trunk@51885 602fd350-edb4-49c9-b593-d223f7449a82
> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere.
Fixes#54207. See #50828.
git-svn-id: https://develop.svn.wordpress.org/trunk@51883 602fd350-edb4-49c9-b593-d223f7449a82
