The event that fired closing the attachment details modal also removed the keydown event listener, so subsequent modals could not be closed with the escape key.
Props vondelphia, sourovroy, sabernhardt
Fixes#53924.
git-svn-id: https://develop.svn.wordpress.org/trunk@51945 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.
Follow-up to [50973], [51819].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51944 602fd350-edb4-49c9-b593-d223f7449a82
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
git-svn-id: https://develop.svn.wordpress.org/trunk@51943 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.
Follow-up to [51471].
Props aristath, shimon246, jrf, gziolo.
Fixes#54323.
git-svn-id: https://develop.svn.wordpress.org/trunk@51941 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for better readability.
Follow-up to [8516], [51826], [51929], [51931].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51940 602fd350-edb4-49c9-b593-d223f7449a82
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
git-svn-id: https://develop.svn.wordpress.org/trunk@51939 602fd350-edb4-49c9-b593-d223f7449a82
* Move the directory being tested to the `data` directory, for consistency with other test data.
* Set the `svn:eol-style` property to `native`, for consistency with other files.
* Correct the test class name in `dummy.txt`.
Follow-up to [51246], [51910], [51911].
See #52241, #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51938 602fd350-edb4-49c9-b593-d223f7449a82
When a workflow is triggered through a `workflow_run` event, the context is not the original workflow. The details about the original workflow are passed through the `github.event` context.
This also moves the conditional check controlling whether the Slack workflow is run into the calling workflows to prevent them from running for pull requests.
Follow up to [51921-51922,51924-51925,51934].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51937 602fd350-edb4-49c9-b593-d223f7449a82
In [51921], the GitHub Actions workflows were updated to utilize the Slack notifications workflow as a callable one instead of on the `workflow_run` event.
This eliminated the need for an additional “Slack Notifications” workflow run for every completed workflow, but only when other workflows are updated as well. This resulted in notifications from older branches breaking, as the changes in [51921] were not backported.
Instead of backporting the needed changes now (the Slack workflow is still being polished), this commit partially restores the `workflow_run` event for older branches so that notifications will resume.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51934 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [8520], [51826], [51929].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51931 602fd350-edb4-49c9-b593-d223f7449a82
In the docblocks throughout `wp-signup.php` use sign up for verbs and sign-up for nouns.
Props audrasjb, jeffpaul.
Fixes#54041. See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51930 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [51826].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51929 602fd350-edb4-49c9-b593-d223f7449a82
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value.
* Escape the form `name` and `id` attributes.
Follow-up to [12696], [18444], [19033].
Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov.
Fixes#54279.
git-svn-id: https://develop.svn.wordpress.org/trunk@51926 602fd350-edb4-49c9-b593-d223f7449a82
Secrets are not available within callable workflows by default. They must be defined within the callable workflow, and passed from the calling workflow.
Follow up to [51921-51922].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51924 602fd350-edb4-49c9-b593-d223f7449a82
The ability to reuse workflow files within GitHub Action workflows was recently added and allows for less code duplication.
In the context of WordPress Core, this also eliminates the need for an additional “Slack Notifications” workflow to run for every completed workflow.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51921 602fd350-edb4-49c9-b593-d223f7449a82
If the contributor does not have a title, the empty tags are not necessary.
Follow-up to [17877], [17909], [17942], [18162], [19143], [46709].
Props sayedulsayem, audrasjb, mukesh27.
Fixes#54275.
git-svn-id: https://develop.svn.wordpress.org/trunk@51920 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
git-svn-id: https://develop.svn.wordpress.org/trunk@51919 602fd350-edb4-49c9-b593-d223f7449a82
[51916] fixed a bug where `array( `false` )` was added to the cron array when `_get_cron_array()` returned `false`.
This commit:
* Removes any `false` values from the cron array when upgrading to 5.9+.
* Bumps the database version.
Follow-up to [44917], [51916].
Props peterwilsoncc, jrf.
See #53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51917 602fd350-edb4-49c9-b593-d223f7449a82
In `wp_schedule_single_event()`, the cron info array is retrieved via a call to `_get_cron_array()` and straight away cast to an array. But as the documentation for that function (correctly) states, the return type of that function is `array|false`, where `false` is returned for a site where no cron jobs have been scheduled (yet).
In the case that `_get_cron_array()` would return `false`, this would now unintentionally create an array with a single entry with key `0` and as the value `false`.
This is a bug. Fixed now by adding validation to the output of `_get_cron_array()` and initializing `$crons` to an empty array if `false` was returned.
Tests added first to prove the bug (a) was introduced in #44818 [44917] and (b) is now fixed.
Follow-up to [44917].
Props jrf, peterwilsoncc.
Fixes#53950.
git-svn-id: https://develop.svn.wordpress.org/trunk@51916 602fd350-edb4-49c9-b593-d223f7449a82
The `get_attached_file()` function is supposed to return the path to the file, but could:
1. Return `false` if the file doesn't exist.
2. Return literally anything else, as a filter is being applied to the value on return.
As the `clean_dirsize_cache()` now has input validation, passing anything but a non-empty string to `clean_dirsize_cache()` will result in a PHP error notice.
This was exposed by the `Tests_Post_GetPostStatus::wpSetUpBeforeClass()` method which started generating unexpected output (the doing it wrong message) during the test run.
While this indicates that there is a flaw in the mocking being done in the test suite, debugging that is outside of the scope of the current patch.
At the same time, as based on the above point, this ''could'' potentially happen in a real-world situation as well, adding additional conditions to the `if` in the `wp_delete_attachment()` function before calling the `clean_dirsize_cache()` function, is warranted.
As there are no tests for the `wp_delete_attachment()` function at all at this time, we're not adding a test specifically for this change for now. This should however be addressed in the future, when tests will be added to cover the `wp_delete_attachment()` function completely.
Follow-up to [32619], [49212], [51910].
Props jrf, hellofromTonya.
See #52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51912 602fd350-edb4-49c9-b593-d223f7449a82
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.
The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.
The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.
By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.
Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.
Includes some girl-scouting: touching up a parameter description and some code layout.
Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/
Follow-up to [49212], [49744].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51911 602fd350-edb4-49c9-b593-d223f7449a82
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.
The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.
The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.
A number of other improvements made:
1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.
2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.
In both these cases, a PHP notice will now be thrown.
3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.
This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.
Unfortunately, no tests can be added to guard against the infinite loop.
For the other fixes, we have added appropriate unit tests.
Follow-up up [49212], [49616], [49744].
Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes#52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51910 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that HTML entities like non-breaking spaces are properly displayed instead of being encoded.
Props jdy68, sebastienserre, audrasjb, mukesh27, SergeyBiryukov.
Fixes#54232.
git-svn-id: https://develop.svn.wordpress.org/trunk@51907 602fd350-edb4-49c9-b593-d223f7449a82
Remove outdated list of accepted column name values, add a reference to `WP_Date_Query::validate_column()` and the `date_query_valid_columns` filter instead for a more detailed description.
Follow-up to [25139], [25860], [29933], [29934], [29938], [37477], [51905].
Props dimadin, johnjamesjacoby.
Fixes#54248.
git-svn-id: https://develop.svn.wordpress.org/trunk@51906 602fd350-edb4-49c9-b593-d223f7449a82
Add a `@since` note for `registered` and `last_updated` as default recognized date query columns.
Follow-up to [25139], [25860], [29933], [29934], [29938], [37477].
Props dimadin, johnjamesjacoby.
See #54248.
git-svn-id: https://develop.svn.wordpress.org/trunk@51905 602fd350-edb4-49c9-b593-d223f7449a82
Adds a readme to the `/tests/e2e/` folder to provide (a) instructions of how to run the tests locally and (b) links to documentation.
Follow-up to [45570].
Props isabel_brison, desrosj, justinahinon.
Fixes#53550.
git-svn-id: https://develop.svn.wordpress.org/trunk@51904 602fd350-edb4-49c9-b593-d223f7449a82
* Audio
* Video
* Unattached
This allows for more homogeneous translations in languages where keeping a plural form is important.
Follow-up to [6910], [7397], [8901], [9556], [11749], [13100], [12110], [15491], [15578], [22743], [29426], [29625], [34256], [45651], [46437].
Props jdy68, audrasjb, SergeyBiryukov.
Fixes#54238.
git-svn-id: https://develop.svn.wordpress.org/trunk@51903 602fd350-edb4-49c9-b593-d223f7449a82
This allows these actions to run ''after'' the main process, without affecting the update. Actions running on `shutdown` are immune to PHP timeouts, so in case the failure was due to a PHP timeout, we'll still be able to properly restore the previous version.
Follow-up to [51815], [51898], [51899].
Props aristath, peterwilsoncc.
See #54166.
git-svn-id: https://develop.svn.wordpress.org/trunk@51902 602fd350-edb4-49c9-b593-d223f7449a82
This replaces the `copy_dir()` usage in `WP_Upgrader::install_package()` and aims to avoid PHP timeout issues when installing or updating large plugins on slower systems like Vagrant or the WP Docker test environment.
The new function attempts a native PHP `rename()` function first and falls back to the previous `copy_dir()`.
Follow-up to [51815], [51898].
Props afragen, aristath, peterwilsoncc, galbaras, noisysocks, pbiron.
Fixes#54166. See #51857.
git-svn-id: https://develop.svn.wordpress.org/trunk@51899 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a few type problems further in the code: boolean divided by a number, or passing `false` to `size_format()` which is documented to accept integers or strings only.
Follow-up to [51815].
Props TobiasBg.
See #51857.
git-svn-id: https://develop.svn.wordpress.org/trunk@51898 602fd350-edb4-49c9-b593-d223f7449a82
This allows the parent `WP_List_Table::has_items()` method to work as expected, and the override in the child class can now be removed. It also makes the class more consistent with other list table classes.
As a result of this change, the "Bulk actions" dropdown is no longer unnecessarily displayed if there are no terms.
Follow-up to [15491], [17025], [17026].
Props mattoakley, swissspidy, audrasjb, SergeyBiryukov.
Fixes#54181.
git-svn-id: https://develop.svn.wordpress.org/trunk@51896 602fd350-edb4-49c9-b593-d223f7449a82
These values are added dynamically by the `Twenty_Twenty_One_SVG_Icons::get_svg()` method and are not needed in the source array.
Follow-up to [49216].
Props max-dayala, laxman-prajapati, sabernhardt, Presskopp, mukesh27.
Fixes#54208.
git-svn-id: https://develop.svn.wordpress.org/trunk@51893 602fd350-edb4-49c9-b593-d223f7449a82
The "Documentation on Nginx configuration." link is out of place being below the "Save Changes" button on the Settings > Permalinks UI.
This commit relocates the link to join the other support related content links in the help tab's "For more information:" right sidebar area.
Follow-up to [34691], [45674].
Props audrasjb, hellofromTonya, johnjamesjacoby, mukesh27, peterwilsoncc, timlappe.
Fixes#39258.
git-svn-id: https://develop.svn.wordpress.org/trunk@51892 602fd350-edb4-49c9-b593-d223f7449a82
