While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument.
A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.
While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.
Props spacedmonkey, swissspidy.
Fixes#53656.
git-svn-id: https://develop.svn.wordpress.org/trunk@51962 602fd350-edb4-49c9-b593-d223f7449a82
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.
Follow-up to [38832], [39097], [39191], [39647], [51959].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51961 602fd350-edb4-49c9-b593-d223f7449a82
Previously, a 200 status code would be sent despite the 500 status code present in the response body.
Props hermpheus, lalitjalandhar.
Fixes#53056.
git-svn-id: https://develop.svn.wordpress.org/trunk@51960 602fd350-edb4-49c9-b593-d223f7449a82
Specifically, this ensures that the DocBlock follows the line wrapping recommendations.
Follow-up to [44986], [45156], [45259], [51949].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51956 602fd350-edb4-49c9-b593-d223f7449a82
This makes the needed adjustments to fix Slack notifications for `scheduled` and `workflow_dispatch` events. The data needed to send notifications for these events are stored in different locations, or need to be accessed through API requests.
Follow up to [51921], [51937].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51953 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.
Follow-up to [51815].
See #51857, #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51951 602fd350-edb4-49c9-b593-d223f7449a82
This corrects the structure of the documentation so it accurately reflects the array elements contained within.
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51949 602fd350-edb4-49c9-b593-d223f7449a82
Closes the admin menu on mobile devices when keyboard focus moves outside of the menu or menu toggle elements. Improves the usability of the menu on mobile by allowing closure anywhere outside the menu rather than only on the toggle.
Props kaneva, costdev, sabernhardt
Fixes#53587.
git-svn-id: https://develop.svn.wordpress.org/trunk@51946 602fd350-edb4-49c9-b593-d223f7449a82
The event that fired closing the attachment details modal also removed the keydown event listener, so subsequent modals could not be closed with the escape key.
Props vondelphia, sourovroy, sabernhardt
Fixes#53924.
git-svn-id: https://develop.svn.wordpress.org/trunk@51945 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.
Follow-up to [50973], [51819].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51944 602fd350-edb4-49c9-b593-d223f7449a82
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
git-svn-id: https://develop.svn.wordpress.org/trunk@51943 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.
Follow-up to [51471].
Props aristath, shimon246, jrf, gziolo.
Fixes#54323.
git-svn-id: https://develop.svn.wordpress.org/trunk@51941 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for better readability.
Follow-up to [8516], [51826], [51929], [51931].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51940 602fd350-edb4-49c9-b593-d223f7449a82
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
git-svn-id: https://develop.svn.wordpress.org/trunk@51939 602fd350-edb4-49c9-b593-d223f7449a82
* Move the directory being tested to the `data` directory, for consistency with other test data.
* Set the `svn:eol-style` property to `native`, for consistency with other files.
* Correct the test class name in `dummy.txt`.
Follow-up to [51246], [51910], [51911].
See #52241, #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51938 602fd350-edb4-49c9-b593-d223f7449a82
When a workflow is triggered through a `workflow_run` event, the context is not the original workflow. The details about the original workflow are passed through the `github.event` context.
This also moves the conditional check controlling whether the Slack workflow is run into the calling workflows to prevent them from running for pull requests.
Follow up to [51921-51922,51924-51925,51934].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51937 602fd350-edb4-49c9-b593-d223f7449a82
In [51921], the GitHub Actions workflows were updated to utilize the Slack notifications workflow as a callable one instead of on the `workflow_run` event.
This eliminated the need for an additional “Slack Notifications” workflow run for every completed workflow, but only when other workflows are updated as well. This resulted in notifications from older branches breaking, as the changes in [51921] were not backported.
Instead of backporting the needed changes now (the Slack workflow is still being polished), this commit partially restores the `workflow_run` event for older branches so that notifications will resume.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51934 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [8520], [51826], [51929].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51931 602fd350-edb4-49c9-b593-d223f7449a82
In the docblocks throughout `wp-signup.php` use sign up for verbs and sign-up for nouns.
Props audrasjb, jeffpaul.
Fixes#54041. See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51930 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [51826].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51929 602fd350-edb4-49c9-b593-d223f7449a82
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value.
* Escape the form `name` and `id` attributes.
Follow-up to [12696], [18444], [19033].
Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov.
Fixes#54279.
git-svn-id: https://develop.svn.wordpress.org/trunk@51926 602fd350-edb4-49c9-b593-d223f7449a82
Secrets are not available within callable workflows by default. They must be defined within the callable workflow, and passed from the calling workflow.
Follow up to [51921-51922].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51924 602fd350-edb4-49c9-b593-d223f7449a82
The ability to reuse workflow files within GitHub Action workflows was recently added and allows for less code duplication.
In the context of WordPress Core, this also eliminates the need for an additional “Slack Notifications” workflow to run for every completed workflow.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51921 602fd350-edb4-49c9-b593-d223f7449a82
If the contributor does not have a title, the empty tags are not necessary.
Follow-up to [17877], [17909], [17942], [18162], [19143], [46709].
Props sayedulsayem, audrasjb, mukesh27.
Fixes#54275.
git-svn-id: https://develop.svn.wordpress.org/trunk@51920 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
git-svn-id: https://develop.svn.wordpress.org/trunk@51919 602fd350-edb4-49c9-b593-d223f7449a82
[51916] fixed a bug where `array( `false` )` was added to the cron array when `_get_cron_array()` returned `false`.
This commit:
* Removes any `false` values from the cron array when upgrading to 5.9+.
* Bumps the database version.
Follow-up to [44917], [51916].
Props peterwilsoncc, jrf.
See #53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51917 602fd350-edb4-49c9-b593-d223f7449a82
In `wp_schedule_single_event()`, the cron info array is retrieved via a call to `_get_cron_array()` and straight away cast to an array. But as the documentation for that function (correctly) states, the return type of that function is `array|false`, where `false` is returned for a site where no cron jobs have been scheduled (yet).
In the case that `_get_cron_array()` would return `false`, this would now unintentionally create an array with a single entry with key `0` and as the value `false`.
This is a bug. Fixed now by adding validation to the output of `_get_cron_array()` and initializing `$crons` to an empty array if `false` was returned.
Tests added first to prove the bug (a) was introduced in #44818 [44917] and (b) is now fixed.
Follow-up to [44917].
Props jrf, peterwilsoncc.
Fixes#53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51916 602fd350-edb4-49c9-b593-d223f7449a82
The `get_attached_file()` function is supposed to return the path to the file, but could:
1. Return `false` if the file doesn't exist.
2. Return literally anything else, as a filter is being applied to the value on return.
As the `clean_dirsize_cache()` now has input validation, passing anything but a non-empty string to `clean_dirsize_cache()` will result in a PHP error notice.
This was exposed by the `Tests_Post_GetPostStatus::wpSetUpBeforeClass()` method which started generating unexpected output (the doing it wrong message) during the test run.
While this indicates that there is a flaw in the mocking being done in the test suite, debugging that is outside of the scope of the current patch.
At the same time, as based on the above point, this ''could'' potentially happen in a real-world situation as well, adding additional conditions to the `if` in the `wp_delete_attachment()` function before calling the `clean_dirsize_cache()` function, is warranted.
As there are no tests for the `wp_delete_attachment()` function at all at this time, we're not adding a test specifically for this change for now. This should however be addressed in the future, when tests will be added to cover the `wp_delete_attachment()` function completely.
Follow-up to [32619], [49212], [51910].
Props jrf, hellofromTonya.
See #52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51912 602fd350-edb4-49c9-b593-d223f7449a82
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.
The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.
The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.
By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.
Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.
Includes some girl-scouting: touching up a parameter description and some code layout.
Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/
Follow-up to [49212], [49744].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51911 602fd350-edb4-49c9-b593-d223f7449a82
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.
The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.
The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.
A number of other improvements made:
1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.
2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.
In both these cases, a PHP notice will now be thrown.
3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.
This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.
Unfortunately, no tests can be added to guard against the infinite loop.
For the other fixes, we have added appropriate unit tests.
Follow-up up [49212], [49616], [49744].
Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes#52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51910 602fd350-edb4-49c9-b593-d223f7449a82
