The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations.
This updates the `ca-bundle.crt` file to the latest version, which applies upstream changes from the bundle maintained by Mozilla and keeps all unexpired legacy 1024bit certificates which are kept for backward compatibility purposes (see [35919]).
Partially merges [59740] and [59969] to the 6.1 branch.
Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry.
See #62811, #62711.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@59999 602fd350-edb4-49c9-b593-d223f7449a82
The previous domain that was used to test for a host whose IPv4 address cannot be resolved, `exampleeeee.com`, got registered and has an A-record now, so it's not invalid anymore.
`.invalid` is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.
Reference: [https://datatracker.ietf.org/doc/html/rfc2606#section-2 Reserved Top Level DNS Names: TLDs for Testing, & Documentation Examples].
Follow-up to [52084], [58384], [58388].
Reviewed by peterwilsoncc.
Merges test changes from [59293] to the 6.1 branch.
Props sippis, johnbillion, MattyRob, swissspidy, SergeyBiryukov.
Fixes#62303.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@59303 602fd350-edb4-49c9-b593-d223f7449a82
This changes the default values for `LOCAL_PHP` and `LOCAL_DB_VERSION` in the 6.1 branch from `latest` to `8.2-fpm` (with beta support) and `5.7`, respectively, to properly reflect the highest versions of PHP and MySQL that this branch will support.
See #61533.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@58662 602fd350-edb4-49c9-b593-d223f7449a82
- Editor: Fix Path Traversal issue on Windows in Template-Part Block.
- Editor: Sanitize Template Part HTML tag on save.
- HTML API: Run URL attributes through `esc_url()`.
Merges [58470], [58471], [58472] and [58473] to the 6.1 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@58480 602fd350-edb4-49c9-b593-d223f7449a82
This updates the 6.1 branch to utilize the new reusable workflows in trunk introduced in [58165].
This also includes backports for a some additional improvements and bug fixes that are necessary for the local development environment to continue working long term:
- The `image` and `platform` properties for the `mysql` container have been updated to always prefer `amd64` containers (#60822).
- `macos-13` is now pinned for MacOS jobs instead of `macos-latest` (#61340).
- Removes the performance testing workflow. This workflow was overhauled in 6.4 to use Playwright. Continuing to support Puppeteer-based performance testing in 6.1-6.3 (which was historically very flaky) in a reusable workflow outweighs the benefit.
- Run E2E tests with and without `SCRIPT_DEBUG` (#58661).
- Migrating to Docker Compose V2 (#60901).
- Removing the `version` property from `docker-compose.yml` (#59416).
- Improvements to how artifacts and comments for Playground testing are generated.
- Removing SVN related commands causing failures (#61216).
- Updating the `actions/github-scripts` action to the latest version.
Merges [56113], [56114], [57918], [58157], [57124], [57125], [57249] to the 6.1 branch.
Props johnbillion, joemcgill, swissspidy, thelovekesh, narenin, mukesh27, JeffPaul, peterwilsoncc, zieladam, ockham, SergeyBiryukov, jorbin.
See #61340, #60822, #61216, #60901, #61101, #59416, #59805, #61213, #58661.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@58330 602fd350-edb4-49c9-b593-d223f7449a82
This warning is legitimate but needs to be investigated more thoroughly across all branches. Ignoring these files allows the build to complete without warnings.
Props gziolo, jorbin, desrosj
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@57957 602fd350-edb4-49c9-b593-d223f7449a82
Due to some changes on the WP.com side to compress the requested images on the fly, the exact image size in the response could be different between platforms.
This commit aims to make the affected tests more reliable.
Follow-up to [139/tests], [31258], [34568], [47142], [57903], [57904], [57924].
Merges [57931] to the 6.1 branch.
Props peterwilsoncc, jorbin.
See #60865.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@57941 602fd350-edb4-49c9-b593-d223f7449a82
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 6.1 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@57394 602fd350-edb4-49c9-b593-d223f7449a82
This changes the default value for `LOCAL_PHP` in the 6.1 branch from `latest` to `8.2-fpm` to reflect the highest version of PHP this branch will support (with beta support).
After this change, future updates to the `latest` container built and published by the `wpdev-docker-images` repository will not cause failures in this branch.
This also pins the version of PHP used in the E2E test workflow to PHP 8.0 to avoid deprecated notices mostly related to #54504, which were not fixed until version 6.2.
Follow up to [57198], [57199], [57200], [57201], [57202].
See #60095.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@57205 602fd350-edb4-49c9-b593-d223f7449a82
- REST API: Limit `search_columns` for users without `list_users`.
- Comments: Prevent users who can not see a post from seeing comments on it.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
- Restrict media shortcode ajax to certain type
- REST API: Ensure no-cache headers are sent when methods are overriden.
- Prevent unintended behavior when certain objects are unserialized.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 6.1 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@56867 602fd350-edb4-49c9-b593-d223f7449a82
This updates three GitHub Actions to their latest versions:
- `shivammathur/setup-php`
- `actions/cache`
- `wow-actions/welcome`
The welcome action now uses the `GITHUB_TOKEN` by default, so it no longer needs to be passed manually.
Merges [55487] to the 6.1 branch.
See #57572.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55489 602fd350-edb4-49c9-b593-d223f7449a82
This updates the third-party action used to post a welcome message to pull requests opened by first time contributors.
This release updates the action to use Node.js version 16 instead of 12, the latter of which support has been deprecated for in GitHub Action runners.
The action has also changed from `bukboo/welcome-action` to `wow-action/welcome`.
Merges [54651] to the 6.1 branch.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55488 602fd350-edb4-49c9-b593-d223f7449a82
As of PHP 8.1.12, which includes libmagic/file update to version 5.42, the expected mime type for WOFF files has changed to `font/woff`, so the type needs to be adjusted accordingly in `wp_check_filetype_and_ext()` tests.
References:
* [https://github.com/php/php-src/issues/8805 php-src: #8805: finfo returns wrong mime type for woff/woff2 files]
* [https://www.php.net/ChangeLog-8.php#8.1.12 PHP 8.1.12 changelog]
Follow-up to [40124], [54508], [54509], [54724].
Props costdev, SergeyBiryukov.
Merges [55462] to the 6.1 branch.
Fixes#56817.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55463 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.
Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 6.1 branch.
Fixes#57216.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55371 602fd350-edb4-49c9-b593-d223f7449a82
This backports updates to GitHub Actions workflows required to address deprecated notices related to `save-output` and `set-output`.
Merges [54650], [54750], [54851], [54852], [54856], and [55152] to the 6.1 branch.
See #56882, #56820.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55357 602fd350-edb4-49c9-b593-d223f7449a82
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `setImagickTimeLimit()` function will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev.
Fixes#52569.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@55348 602fd350-edb4-49c9-b593-d223f7449a82
Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 6.1 branch.
Fixes#57306.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54974 602fd350-edb4-49c9-b593-d223f7449a82
Because themes are updated independently of Core updates, any deleted files from bundled themes should not be included in the `$_old_files` list.
Any file included in this list is deleted on update, which could cause problems for sites with a given theme active if the removed files were required in earlier versions of that theme and that theme is not updated at the same time.
Props desrosj, costdev, SergeyBiryukov.
Merges [54849] to the 6.1 branch.
Fixes#56936.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54966 602fd350-edb4-49c9-b593-d223f7449a82
In [54352] `update_post_caches()` was replaced by `_prime_post_caches()` to reduce excessive object cache calls. That's because `_prime_post_caches()` checks first if post IDs aren't already cached. Unfortunately this becomes an issue if a post itself is cached but not the meta/terms.
To fix this regression, `_prime_post_caches()` now always calls `update_postmeta_cache()` and `update_object_term_cache()` depending on the arguments passed to it. Both functions internally check whether IDs are already cached so the fix from [54352] remains in place.
Props peterwilsoncc, spacedmonkey, ocean90.
Fixes#57163.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54892 602fd350-edb4-49c9-b593-d223f7449a82
This properly deletes the now empty `src/wp-includes/blocks/comments-query-loop` directory and adds that directory to the `$_old_files` array.
The files in this directory were removed in [54257], but the directory was not marked as deleted in SVN.
Props azaozz, jorbin, SergeyBiryukov.
Merges [54836] to the 6.1 branch.
Fixes#57080.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54837 602fd350-edb4-49c9-b593-d223f7449a82
[54768] added a few tests to verify that caching within `WP_Query` is bypassed when the `SELECT` clause has been modified via a filter, to avoid cache key collisions and the returning of incomplete or unexpected results.
However, creating several posts with the same date/time fields can result in inconsistent sort ordering between MySQL and MariaDB, as each engine refines the order further using a different index.
This commit aims to stabilize the tests by using `assertEqualSets()` instead of `assertEquals()`, since testing the order is out of their scope. Includes removing `array_unshift()` and `array_reverse()` calls as no longer needed.
This resolves a few test failures on MariaDB along the lines of:
{{{
Tests_Query_FieldsClause::test_should_limit_fields_to_id_and_parent_subset
Posts property for first query is not of expected form.
Failed asserting that two arrays are equal.
--- Expected
+++ Actual
@@ @@
Array (
0 => stdClass Object (
- 'ID' => 36019
+ 'ID' => 36015
'post_parent' => 0
)
1 => stdClass Object (
- 'ID' => 36018
+ 'ID' => 36016
'post_parent' => 0
)
2 => stdClass Object (...)
3 => stdClass Object (
- 'ID' => 36016
+ 'ID' => 36018
'post_parent' => 0
)
4 => stdClass Object (
- 'ID' => 36015
+ 'ID' => 36019
'post_parent' => 0
)
)
/tmp/wp-test-runner/tests/phpunit/tests/query/fieldsClause.php:67
/tmp/wp-test-runner/phpunit-5.7.phar:598
}}}
Follow-up to [54768].
Props peterwilsoncc, SergeyBiryukov.
Merges [54829] to the 6.1 branch.
Fixes#57012.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54830 602fd350-edb4-49c9-b593-d223f7449a82
- Where no fluid max values are set (e.g., single or custom font size values), the "size" value will act as the maximum value in a `clamp()` function.
- In the absence of any fluid `min`/`max` values, the lower bound rule of `>16px` will be enforced. This applies to custom values from the editor or single-value `theme.json` styles. Font sizes below this will not be clamped.
- In a preset, if a `fluid.min` value has been specified, the lower bound rule of `>16px` won't be enforced on this value. Presets with a fluid object therefore, give precedence to theme author's values.
- In a preset, if there is NOT a `fluid.max` but there is `fluid.min`, use the incoming "size" value as the `max`.
- In a preset, if there is NOT a `fluid.min` but there is a `fluid.max`, use `size * min_size_factor` as the `min`. The lower bound rule of `>16px` is enforced here, because the block editor is computing the `min` value. This is consistent with the way minimum sizes are calculated for single or custom values.
Props ramonopoly, mamaduka, andrewserong, aristath, joen, desrosj.
Merges [54823] to the 6.1 branch.
Fixes#57075.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54825 602fd350-edb4-49c9-b593-d223f7449a82
When separator blocks are configured using only a `background-color`, they are shown correctly within the editor but not on the front end.
This changes `WP_Theme_JSON` to detect this scenario and move the `background-color` value to just `color` when both `color` and `border-color` are missing.
Props cbravobernal, flixos90, davidbaumwald, hellofromTonya, desrosj, andrewserong, czapla, glendaviesnz, wildworks.
Merges [54821] to the 6.1 branch.
Fixes#56903.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54822 602fd350-edb4-49c9-b593-d223f7449a82
Since this specific call to `wp_get_theme()` is found within `wp-includes/blocks`, this change will need to be made upstream in the Gutenberg repository.
Merges [54819] to the 6.1 branch.
See #57057.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54820 602fd350-edb4-49c9-b593-d223f7449a82
Calling the `wp_get_theme` function creates a instance of the `WP_Theme` class. This can be a performance issue, if all you need is one property of the class instance. This change replaces the usage of `wp_get_theme()->get_stylesheet()` with `get_stylesheet()` to improve performance.
Props spacedmonkey, flixos90, peterwilsoncc, desrosj.
Merges [54817] to the 6.1 branch.
Fixes#57057.
git-svn-id: https://develop.svn.wordpress.org/branches/6.1@54818 602fd350-edb4-49c9-b593-d223f7449a82
