This changeset fixes failing unit tests on the Hosting test suite because of the hardcoded table name in `WP_Test_REST_Users_Controller::test_get_items_only_fetches_ids_for_head_requests`.
Reviewed by audrasjb, spacedmonkey.
Merges [60141] to the 6.8 branch.
Props antonvlasenko, desrosj.
Fixes#56481.
git-svn-id: https://develop.svn.wordpress.org/branches/6.8@60143 602fd350-edb4-49c9-b593-d223f7449a82
These tests are not critical to the bcrypt functionality, they exist to reaffirm that the underlying use of `password_hash()` and `password_verify()` supports this algorithm. The Argon2 tests therefore shouldn't unnecessarily fail on hosts that don't support it.
Reviewed by desrosj.
Merges [60124] to the 6.8 branch.
Props desrosj, johnbillion.
Fixes#21022.
git-svn-id: https://develop.svn.wordpress.org/branches/6.8@60126 602fd350-edb4-49c9-b593-d223f7449a82
Application passwords that aren't hashed using BLAKE2b should be checked using wp_check_password() rather than assuming they were hashed with phpass. This provides full back compat support for application passwords that were created via an overridden wp_hash_password() function that uses an alternative hashing algorithm.
Reviewed by audrasjb.
Merges [60123] into the 6.8 branch.
Props snicco, debarghyabanerjee, peterwilsoncc, jorbin, johnbillion.
Fixes#63203
git-svn-id: https://develop.svn.wordpress.org/branches/6.8@60125 602fd350-edb4-49c9-b593-d223f7449a82
This is a follow-up to [60038], which updates the PHPUnit tests to account for different systems producing potentially different hashes due to platform specific floating point precision settings.
Reviewed by audrasjb, desrosj.
Merges [60113] to the 6.8 branch.
Props debarghyabanerjee, joemcgill, peterwilsoncc, siliconforks.
Fixes#63175.
git-svn-id: https://develop.svn.wordpress.org/branches/6.8@60116 602fd350-edb4-49c9-b593-d223f7449a82
The original commit ignores some of the arguments that can be passed to the function, mainly `base` and `format`. Reverting for now.
Props peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/trunk@60088 602fd350-edb4-49c9-b593-d223f7449a82
Normalize behavior between uploading in the media library and uploading directly to the block editor. Now, when uploading an image with a mime type the server does not support (either in the media library or the block editor), the user will see an error message “This image cannot be processed by the web server. Convert it to JPEG or PNG before uploading”.
Alos, add a new filter `wp_prevent_unsupported_mime_type_uploads` which determines whether the server should prevent uploads for image types it doesn't support. The default value is true and the filter also receives the uploaded image mime type.
Props: joomskys, adamsilverstein, azaozz, swissspidy, joemcgill, flixos90, audrasjb.
Fixes#61167
git-svn-id: https://develop.svn.wordpress.org/trunk@60084 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a modification to the `get_params()` method within the WordPress REST API. The change ensures that the `rest_route` parameter is excluded from the parameters returned when pretty permalinks are not enabled. This update enhances the developer experience by ensuring that the parameters returned by `get_params()` are relevant and do not include unnecessary values, thereby reducing potential confusion and errors.
Props westonruter, TimothyBlynJacobs, audrasjb, debarghyabanerjee, dilip2615, shanemuir, peterwilsoncc.
Fixes#62163.
git-svn-id: https://develop.svn.wordpress.org/trunk@60073 602fd350-edb4-49c9-b593-d223f7449a82
This adds the same logic to filter directive data attributes to ignore invalid data attributes that is applied in the client to avoid processing directives on the server that will not be processed in the client.
Props jonsurrell, SirLouen.
Fixes#62426.
git-svn-id: https://develop.svn.wordpress.org/trunk@60070 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [48291], [50124], [57603].
See #62278.
git-svn-id: https://develop.svn.wordpress.org/trunk@60068 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [39061], [48937].
See #62278.
git-svn-id: https://develop.svn.wordpress.org/trunk@60067 602fd350-edb4-49c9-b593-d223f7449a82
This changeset fixes a edge case in `get_custom_logo()` where a page was set for the homepage without any front page in Settings > Reading and the `aria-current` attribute wasn't present on the logo link.
Props bschneidewind, audrasjb, siliconforks, sabernhardt, faisal03, shailu25, peterwilsoncc.
Fixes#62879.
git-svn-id: https://develop.svn.wordpress.org/trunk@60062 602fd350-edb4-49c9-b593-d223f7449a82
This changeset removes the automatic addition of `rel="noopener"` from links targeting a new tab via `target="_blank"` in the `wp_list_bookmarks()` function. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab. This also removes the unit test cases previously located in `wpListBookmarks.php` as they were dedicated to test the presence of `rel="noopener"`.
Follow-up to [52061], [59120].
Props audrasjb, rvouill, marineevain, jeremy80.
Fixes#63096.
git-svn-id: https://develop.svn.wordpress.org/trunk@60058 602fd350-edb4-49c9-b593-d223f7449a82
This version adds support for the latest emoji added in Unicode Emoji 15.1.
I will rise like a phoenix 🐦🔥 but you’re my flame 🔥.
Props audrasjb, azaozz, hbhalodia, jorbin, sergeybiryukov, sirlouen.
Fixes#63064.
git-svn-id: https://develop.svn.wordpress.org/trunk@60035 602fd350-edb4-49c9-b593-d223f7449a82
Only test PDF alpha functionality when supported by the server.
Props: adamsilverstein, swissspidy, antpb, sippis.
Fixes#60798.
git-svn-id: https://develop.svn.wordpress.org/trunk@60030 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a performance regression starting the loop after calling `WP_Query( [ 'fields' => 'all' ] )`. This changes how `WP_Query::the_post()` determines whether there is a need to traverse the posts for cache warming.
If IDs are queried, `WP_Query::$posts` is assumed to be an array of post IDs. If all fields are queried, `WP_Query::$posts` is assumed to be an array of fully populated post objects.
Follow up to [59919], [59937].
Props joemcgill, peterwilsoncc, SirLouen.
Fixes#56992.
git-svn-id: https://develop.svn.wordpress.org/trunk@59993 602fd350-edb4-49c9-b593-d223f7449a82
Add the 'muted' attribute to the audio shortcode. Fix boolean attributes to meet HTML5 standards. Replaces instances like `attr="1"` with `attr` for `loop`, `autoplay`, and `muted`, and improves handling of the `preload` attribute to only output valid values.
Props shub07, dmsnell, debarghyabanerjee, audrasjb, narenin, apermo, joedolson.
Fixes#61515.
git-svn-id: https://develop.svn.wordpress.org/trunk@59987 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that not only the return values match the expected results, but also that their type is the same.
Going forward, stricter type checking by using `assertSame()` should generally be preferred to `assertEquals()` where appropriate, to make the tests more reliable.
Follow-up to [59630].
See #62278.
git-svn-id: https://develop.svn.wordpress.org/trunk@59985 602fd350-edb4-49c9-b593-d223f7449a82
In [59889] the REST API controllers were adjusted to perform less work when responding to HEAD requests. The WP_REST_Response body would now be `null`, which caused issues with filters that expected the response body to be an array.
This commit sets the response body to be an empty array when preparing the response instead. The body will still be discarded, but this provides better backward comppatibility with code that assumes an array will be used.
See #56481.
Props antonvlasenko, timothyblynjacobs, mamaduka, wildworks.
git-svn-id: https://develop.svn.wordpress.org/trunk@59970 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures that pagination links stay consistent with the chosen permalink structure. When the permalink structure uses a trailing slash, pagination permalinks contain one as well, but when the permalink structure doesn't use trailing slash, then pagination links should not use a trailing slash.
This makes use of `user_trailingslashit()` with a `paged` value for the `type_of_url` parameter.
Props hmbashar, huzaifaalmesbah, rejaulalomkhan, mai21, rahulsprajapati, martinkrcho, ankitkumarshah, adamsilverstein, sourabhjain.
Fixes#61393.
git-svn-id: https://develop.svn.wordpress.org/trunk@59966 602fd350-edb4-49c9-b593-d223f7449a82
The active theme(s) now return two additional properties, `default_template_types` and `default_template_part_areas`, in the REST response.
Props mamaduka, joemcgill, timothyblynjacobs, audrasjb, gigitux, peterwilsoncc, youknowriad, jorbin.
Fixes#62574.
git-svn-id: https://develop.svn.wordpress.org/trunk@59965 602fd350-edb4-49c9-b593-d223f7449a82
Updates the `external-http` group in the PHPUnit test suite to include all tests that rely on network requests. This is to ensure the main test suite runs do not contain any tests that can fail due to network conditions.
Props sukhendu2002, azaozz, audrasjb.
Fixes#62325.
git-svn-id: https://develop.svn.wordpress.org/trunk@59964 602fd350-edb4-49c9-b593-d223f7449a82
This changeset updates `wp_video_shortcode()` to improve boolean attributes handling in accordance with HTML5 standards. Technically, it replaces `attr="1"` with `attr` for the `loop`, `autoplay` and `muted` attributes. The `preload` attribute is also updated to accept only allowed values: `none`, `metadata`, and `auto`. If a value outside of this list is provided, it will be ignored, preventing invalid attribute outputs.
Props jongycastillo, sabernhardt, joedolson, audrasjb, shub07, debarghyabanerjee.
Fixes#60178.
git-svn-id: https://develop.svn.wordpress.org/trunk@59954 602fd350-edb4-49c9-b593-d223f7449a82
This changeset fixes both a visual and functional bug related to template selection in the editor that occurred when having a custom block template registered that was using the same slug as another block template already registered by the theme, including the default block templates.
Props aljullu, antonvlasenko, apermo, audrasjb, azaozz, ntsekouras.
Fixes#62319.
git-svn-id: https://develop.svn.wordpress.org/trunk@59951 602fd350-edb4-49c9-b593-d223f7449a82
Improves caching of the `get_calendar()` function by:
* fixing incorrect cache collisions for different `initial` `post_type` and week values, and,
* ensuring parameter equivalents generate the same cache key, ie passing the same values in a different order.
Improves tests for the function by:
* navigating to February 2025 in test set up to ensure the correct calendar month is displayed,
* adding messages for tests with multiple assertions,
* improving the tests for the calendar captions by wrapping the expected value in the HTML tag,
* adding dedicated test for the different `initial` parameter,
* ensuring caches do not collide for different parameters, and,
* ensuring caches do collide for equivalent parameters.
Follow up to r4522, r59908, r59909, r59917 (reverted), r59918 (reverted), r59930.
Props peterwilsoncc, jorbin, audrasjb.
Fixes#34093.
git-svn-id: https://develop.svn.wordpress.org/trunk@59939 602fd350-edb4-49c9-b593-d223f7449a82
Ensures that the global post object is populated with the autosave post when a preview link is used for a published post. This allows post authors to preview the changes to a post prior to publication.
This modifies `WP_Query::the_post()` to only call `get_post()` if `WP_Query::$posts` does not contain `WP_Post` objects. Other data types (`stdClass` or numeric) indicates partial data was queried, a `WP_Post` object indicates the full data was queried and populated.
Props peterwilsoncc, mamaduka, wildworks, audrasjb.
Fixes#56992.
git-svn-id: https://develop.svn.wordpress.org/trunk@59937 602fd350-edb4-49c9-b593-d223f7449a82
Includes:
* Using a data provider to reduce code repetition.
* Correcting the `group` annotation.
Follow-up to [59931].
See #59980.
git-svn-id: https://develop.svn.wordpress.org/trunk@59936 602fd350-edb4-49c9-b593-d223f7449a82
The data provider for tests added in [59902] had an @test annotation, causing it to be run as if it were a test, throwing a risky test warning. Remove the @test annotation to prevent this undesired warning.
Props johnbillion, joedolson.
Fixes#54738.
git-svn-id: https://develop.svn.wordpress.org/trunk@59934 602fd350-edb4-49c9-b593-d223f7449a82
This aims to bring consistency with the tests for the other functions in `wp-includes/general-template.php`.
Includes correcting the test class name as per the naming conventions.
Follow-up to [59908].
See #34093.
git-svn-id: https://develop.svn.wordpress.org/trunk@59930 602fd350-edb4-49c9-b593-d223f7449a82
Adds server-side registration for `ariaLabel` block support and its required fields. Fully enabling feature support for dynamic blocks and consumers using `ServerSideRender` component.
Props wildworks, fabiankaegy, joemcgill, poena.
Fixes#62919.
git-svn-id: https://develop.svn.wordpress.org/trunk@59925 602fd350-edb4-49c9-b593-d223f7449a82
Modifies `WP_Query::the_post()` to ensure the entire global post object is populated regardless of the `fields` parameter initially set by the developer.
In secondary loops, this ensures that `get_the_content()` and other getter functions operate as documented when called without a post ID and return the appropriate data for the global post object.
This introduces consistency when starting the loop and the `fields` parameter is set to `id=>parent` to the behaviour when set to either `all` or `ids`.
There is no change to the `WP_Query::$posts` parameter nor when a query is made without starting the secondary loop, ie without calling `WP_Query::the_post()`.
Props juzar, mukesh27, oglekler, peterwilsoncc, sirlouen, joemcgill.
Fixes#56992.
git-svn-id: https://develop.svn.wordpress.org/trunk@59919 602fd350-edb4-49c9-b593-d223f7449a82
This changeset updates the `get_calendar()` function to allow post type filtering via the `$post_type` parameter, with backard compatibility for previous params. It also updates the related `get_calendar_args` and `get_calendar` hooks accordingly.
Props sebastianpisula, swissspidy, dwainm, moxie, sukhendu2002, audrasjb, mukesh27.
Fixes#34093.
git-svn-id: https://develop.svn.wordpress.org/trunk@59908 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the hash length from 32 bytes to 30 so the overall length of an activation key after encoding, prefixing, and prepending a timestamp fits into 60 bytes.
A key is also introduced for domain separation. This doesn't affect the output length.
Props dd32, paragoninitiativeenterprises, peterwilsoncc, johnbillion
Fixes#21022
git-svn-id: https://develop.svn.wordpress.org/trunk@59904 602fd350-edb4-49c9-b593-d223f7449a82
Enable `download_url()` to fetch and verify file types if the URL does not contain a file extension. This allows URL downloads to handle media endpoints like istockphoto.com that use file IDs and formatting arguments to deliver images.
Props masteradhoc, mitogh, joedolson, hellofromTonya, antpb, audrasjb, navi161, dmsnell.
Fixes#54738.
git-svn-id: https://develop.svn.wordpress.org/trunk@59902 602fd350-edb4-49c9-b593-d223f7449a82
Adds a check of the `editable_roles` filter when adding users to a multisite sub-site to ensure the role is permitted to be used on the network. If the role is blocked by the filter, attempting to add the role will trigger a `wp_die()` similar to attempting to add a user with the role on a single site install.
Props eartboard, hareesh-pillai, ideag, sukhendu2002, spacedmonkey, thomaswm.
Fixes#43251.
git-svn-id: https://develop.svn.wordpress.org/trunk@59901 602fd350-edb4-49c9-b593-d223f7449a82
By default, the REST API responds to HEAD rqeuests by calling the GET handler and omitting the body from the response. While convenient, this ends up performing needless work that slows down the API response time.
This commit adjusts the Core controllers to specifically handle HEAD requests by not preparing the response body.
Fixes#56481.
Props antonvlasenko, janusdev, ironprogrammer, swissspidy, spacedmonkey, mukesh27, mamaduka, timothyblynjacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@59899 602fd350-edb4-49c9-b593-d223f7449a82
This reinstates the ability for a user to log in to an account where the password is hashed using MD5. This means that the ability to reset a password directly in the database using an SQL query or a database administration tool will be retained without the need to implement or integrate with bcrypt or phpass.
A password hashed with MD5 will get upgraded to bcrypt at the point where a user successfully logs in, just as is the case with a phpass hash.
Props audrasjb, aaronjorbin, johnbillion, david-innes, benniledl.
See #21022.
git-svn-id: https://develop.svn.wordpress.org/trunk@59893 602fd350-edb4-49c9-b593-d223f7449a82
This adds support for passing a `search_columns` argument to the user controller so that users with `list_users` caps can specify which field is being searched.
Props youknowriad, joemcgill, ntsekouras, mreishus, mamaduka.
Fixes 62596.
git-svn-id: https://develop.svn.wordpress.org/trunk@59892 602fd350-edb4-49c9-b593-d223f7449a82
Exit gracefully for requests with a malformed `rest_route` query string parameter, ie anything that is not a string.
This prevents fatal errors from occurring with URLs such as `example.com/?rest_route[]=array` as the URL is user input so logging the data provides no benefit to developers as they are unable to resolve the issue.
Props geekofshire, dd32, timothyblynjacobs.
Fixes#62932.
git-svn-id: https://develop.svn.wordpress.org/trunk@59886 602fd350-edb4-49c9-b593-d223f7449a82
