This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
git-svn-id: https://develop.svn.wordpress.org/trunk@49992 602fd350-edb4-49c9-b593-d223f7449a82
Prevent `get_post_status()` returning `false` for attachments if the parent post has been deleted. The returned attachment post status is now passed through the `get_post_status` filter.
Add tests for `get_post_status()`.
Props peterwilsoncc, timothyblynjacobs for review.
Fixes#52326.
git-svn-id: https://develop.svn.wordpress.org/trunk@49985 602fd350-edb4-49c9-b593-d223f7449a82
Related Gutenberg issue: https://github.com/WordPress/gutenberg/pull/28274
With this change it is going to be possible to use the same pattern that wp_style_add_data uses for RTL handling. If the block style file with "-rtl.css" is included in addition to the regular style referenced in "block.json" file then it is going to be automatically registered.
Props swisspidy, aristath.
See #52301.
git-svn-id: https://develop.svn.wordpress.org/trunk@49982 602fd350-edb4-49c9-b593-d223f7449a82
This brings consistency between single site and multisite in REST API plugin installation tests.
Previously, multisite tests were unnecessarily downloading the plugin from WordPress.org on each test run, causing external HTTP requests and leading to failures in case of a timeout.
Follow-up to [48242], [49491], [49913].
See #51669.
git-svn-id: https://develop.svn.wordpress.org/trunk@49951 602fd350-edb4-49c9-b593-d223f7449a82
Adds 2 new hooks in `register_block_type_from_metadata`:
- Named `block_type_metadata` to filter the content of metadata read from `block.json`
- Named `block_type_metadata_settings` to filter the settings object determined from the metadata that is passed to `register_block_type` call
Props swissspidy.
Fixes#52138.
git-svn-id: https://develop.svn.wordpress.org/trunk@49948 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.
This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.
Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes#50152.
git-svn-id: https://develop.svn.wordpress.org/trunk@49925 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
git-svn-id: https://develop.svn.wordpress.org/trunk@49919 602fd350-edb4-49c9-b593-d223f7449a82
This adjusts the logic for determining whether to skip some tests when not in the primary branch, and allows for running these tests locally.
Follow-up to [47000], [47001], [49264], [49267], [49280].
See #50401.
git-svn-id: https://develop.svn.wordpress.org/trunk@49916 602fd350-edb4-49c9-b593-d223f7449a82
This prevents external HTTP requests that are not required for the tests in question and may interfere with the results in case of a timeout.
Follow-up to [48242], [49491].
See #51669.
git-svn-id: https://develop.svn.wordpress.org/trunk@49913 602fd350-edb4-49c9-b593-d223f7449a82
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.
* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.
Props Clorith, flixos90, miinasikk, westonruter.
Fixes#47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@49904 602fd350-edb4-49c9-b593-d223f7449a82
The modified checks of the `read_private_posts` capability could result in unexpected SQL queries when calling `WP_Query` with invalid parameters.
Reverts [49830], [49832] and [49833].
See #48556.
git-svn-id: https://develop.svn.wordpress.org/trunk@49899 602fd350-edb4-49c9-b593-d223f7449a82
This reinstates [49848], previously reverted in [49849], with the addition of `static` keyword for the `wpSetUpBeforeClass()` method, allowing the tests to pass on PHP 8.
Props peterwilsoncc.
See #51802.
git-svn-id: https://develop.svn.wordpress.org/trunk@49863 602fd350-edb4-49c9-b593-d223f7449a82
This most notably affects the response when XML-RPC is disabled or when the supplied username and password is incorrect.
Props ericmann
Fixes#48213
git-svn-id: https://develop.svn.wordpress.org/trunk@49862 602fd350-edb4-49c9-b593-d223f7449a82
Related Gutenberg PR: https://github.com/WordPress/gutenberg/pull/25220.
It aligns with the latest changes added by aristath to the Gutenberg project. As part of styles splitting for core blocks, there was a special pattern introduced for how style handles are named. Ideally, we would apply it to all blocks but there might be some backward compatibility considerations so I left the handling for non-core blocks unchanged.
Props aristath.
See #50328.
git-svn-id: https://develop.svn.wordpress.org/trunk@49850 602fd350-edb4-49c9-b593-d223f7449a82
This brings the behaviour inline with the `<title>` element of the page which always shows the author name.
Props Tkama, subrataemfluence
Fixes#44183
git-svn-id: https://develop.svn.wordpress.org/trunk@49843 602fd350-edb4-49c9-b593-d223f7449a82
This will help catch issues with Ajax related functionality on multisite.
A few tests have also been marked as `skipWithMultisite()` as they require network admin level capabilities when performing the same operations on a multisite install.
Props garrett-eclipse, netweb.
Fixes#46567.
git-svn-id: https://develop.svn.wordpress.org/trunk@49835 602fd350-edb4-49c9-b593-d223f7449a82
After this change, the relevant `read_private_posts` capability is checked for
each queried post type. This ensures that private posts appear in search and
archive queries for users who have the ability to view those posts.
Props leogermani.
Fixes#13509, #48968, #48556.
git-svn-id: https://develop.svn.wordpress.org/trunk@49830 602fd350-edb4-49c9-b593-d223f7449a82
* Expands the capabilities of `wp_filter_content_tags()` to add the attribute to iframe tags if enabled.
* Modifies the default behavior of `wp_lazy_loading_enabled()` so that it returns `true` for `iframe` tags.
* Introduces a `wp_iframe_tag_add_loading_attr()` function.
* Introduces a `wp_iframe_tag_add_loading_attr` filter.
Like for images, the attribute is only added to iframes which have both `width` and `height` specified (see related #50367).
Props azaozz, flixos90, westonruter.
Fixes#50756.
git-svn-id: https://develop.svn.wordpress.org/trunk@49808 602fd350-edb4-49c9-b593-d223f7449a82
When SimplePie parses HTTP headers, it combines multiple values for the same header into a comma-separated string. `WP_SimplePie_File` overrides the parsing, but was leaving them as an array instead.
That lead to a fatal error in PHP 8, because other parts of the codebase ended up passing an array to a function that expected a string.
Props david.binda, litemotiv, inc2734, NicolasKulka, hellofromTonya, mbabker, skithund, SergeyBiryukov, desrosj, timothyblynjacobs.
Fixes#51056. See #51956.
git-svn-id: https://develop.svn.wordpress.org/trunk@49803 602fd350-edb4-49c9-b593-d223f7449a82
In PHPUnit 3.6.x, `exclude` and `file` paths were required to be relative to the checkout root. This changed in PHPUnit 4 when the path requirements were changed require them to be relative to the configuration file.
Since PHPUnit 3.6.x is only used to test on PHP 5.2 in older branches and is no longer supported, these can be safely removed from the configuration file.
See #51802.
git-svn-id: https://develop.svn.wordpress.org/trunk@49796 602fd350-edb4-49c9-b593-d223f7449a82
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
git-svn-id: https://develop.svn.wordpress.org/trunk@49752 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an error on PHP 8 caused by calling `wp_imagecreatetruecolor()` with inputs that aren't numeric, or are less than 0.
Props hellofromtonya, Boniu91, metalandcoffee, SergeyBiryukov.
Fixes#51937.
git-svn-id: https://develop.svn.wordpress.org/trunk@49751 602fd350-edb4-49c9-b593-d223f7449a82
r49212 greatly improved the performance of `get_dirsize()`, but also changed the structure of the data stored in the `dirsize_cache` transient. It stored relative paths instead of absolute ones, and also removed the unnecessary `size` array.
That difference in data structures led to a fatal error in the following environment:
* PHP 8
* Multisite
* A custom `WP_CONTENT_DIR` which is not a child of WP's `ABSPATH` folder (e.g., [https://roots.io/bedrock/ Bedrock])
* The `upload_space_check_disabled` option set to `0`
After upgrading to WP 5.6, the `dirsize_cache` transient still had data in the old format. When `wp-admin.php/index.php` was visited, `get_space_used()` received an `array` instead of an `int`, and tried to divide it by another `int`. PHP 7 would silently cast the arguments to match data types, but [https://wiki.php.net/rfc/arithmetic_operator_type_checks PHP 8 throws a fatal error]:
`Uncaught TypeError: Unsupported operand types: array / int`
`recurse_dirsize()` was using `ABSPATH` to convert the absolute paths to relative ones, but some upload locations are not located under `ABSPATH`. In those cases, `$directory` and `$cache_path` were identical, and that triggered the early return of the old `array`, instead of the expected `int`.
In order to avoid that, this commit restores the absolute paths, but without the `size` array. It also adds a type check when returning cached values. Using absolute paths without `size` has the result of overwriting the old data, so that it matches the new format. The type check and upgrade routine are additional safety measures.
Props peterwilsoncc, janthiel, helen, hellofromtonya, francina, pbiron.
Fixes#51913. See #19879.
git-svn-id: https://develop.svn.wordpress.org/trunk@49744 602fd350-edb4-49c9-b593-d223f7449a82
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
Props Collizo4sky, peterwilsoncc, hellofromTonya, TimothyBlynJacobs, SergeyBiryukov
Fixes#45114
git-svn-id: https://develop.svn.wordpress.org/trunk@49731 602fd350-edb4-49c9-b593-d223f7449a82
Removes the creation of five posts from the AJAX test suite `setUp()` function, replacing it with a shared fixture only where required.
See #51802.
git-svn-id: https://develop.svn.wordpress.org/trunk@49696 602fd350-edb4-49c9-b593-d223f7449a82
