The intention of these headers is to prevent any form of caching, whether that's in the browser or in an intermediate cache such as a proxy server. These directives instruct an intermediate cache to not store the response in their cache for any user – not just for logged-in users.
This does not affect the caching behaviour of assets within a page such as images, CSS, and JavaScript files.
Props kkmuffme, devansh2002, johnbillion.
Fixes#61942
git-svn-id: https://develop.svn.wordpress.org/trunk@59724 602fd350-edb4-49c9-b593-d223f7449a82
Because the build process test workflow accepts an input for runner image, older workflows still use `ubuntu-latest`. This adjusts a conditional check to be more broad, allowing any `ubuntu-` image to match.
Follow up to [59720].
See #62221.
git-svn-id: https://develop.svn.wordpress.org/trunk@59722 602fd350-edb4-49c9-b593-d223f7449a82
While using the `ubuntu-latest`, `macos-latest`, and `windows-latest` runner image tags is convenient, it has proven to be problematic in a number of instances as the runners are slowly updated (see #62808 and #62843).
This switches all workflows to using specific version tags representing the latest non-preview versions, which currently are as follows:
- `ubuntu-24.04`
- `windows-2022`
- `macos-14`
Props swissspidy, johnbillion.
See #62221.
git-svn-id: https://develop.svn.wordpress.org/trunk@59720 602fd350-edb4-49c9-b593-d223f7449a82
The menu, menu item, and menu location endpoints were added to the REST API in [52079]. In that commit, menu data was treated as private and restricted to logged-in users with the edit_theme_options capability. However, in many cases, this data can be considered public. Previously, there was no simple way for developers to allow this data to be exposed via the REST API.
This commit introduces the rest_menu_read_access filter, enabling developers to control read access to menus, menu items, and menu locations in the REST API. The same filter is applied across all three REST API classes, simplifying the process of opting into exposing this data.
Each instance of the filter provides the current request and the relevant class instance as context, allowing developers to selectively or globally enable access to the data.
Props spacedmonkey, antonvlasenko, kadamwhite, julianmar, masteradhoc.
Fixes#54304.
git-svn-id: https://develop.svn.wordpress.org/trunk@59718 602fd350-edb4-49c9-b593-d223f7449a82
The input for providing files to the `codecov/codecov-action` was changed from `file` to `files` in version `5.0.0`.
See #62221.
git-svn-id: https://develop.svn.wordpress.org/trunk@59717 602fd350-edb4-49c9-b593-d223f7449a82
This updates the following GitHub Actions to their latest versions:
- `actions/cache`
- `actions/checkout`
- `actions/setup-node`
- `actions/upload-artifact`
- `codecov/codecov-action`
- `shivammathur/setup-php`
See #62221.
git-svn-id: https://develop.svn.wordpress.org/trunk@59716 602fd350-edb4-49c9-b593-d223f7449a82
Replaced the raw SQL query in the `wp_get_post_autosave` function with a `WP_Query` call. This change improves code maintainability and replaces the raw SQL query with a cacheable query via `WP_Query`.
Props narenin, swissspidy, mukesh27, spacedmonkey, im3dabasia1.
Fixes#62658.
git-svn-id: https://develop.svn.wordpress.org/trunk@59715 602fd350-edb4-49c9-b593-d223f7449a82
Change "Text to have the HTML tags striped out of." to "Text to strip the HTML tags from."
Replaces an unclear statement with a typo with a more clear statement.
Props joedolson, mukesh27, dhruvang21.
Fixes#62851.
git-svn-id: https://develop.svn.wordpress.org/trunk@59714 602fd350-edb4-49c9-b593-d223f7449a82
This sets the same referrer policy of `strict-origin-when-cross-origin` that's used in the admin area to prevent a referrer being sent to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within the URL.
The header can be disabled if necessary by removing the `wp_admin_headers` action from the `login_init` hook.
Props kkmuffme, sagarlakhani, albatross10
Fixes#62273
See #42036
git-svn-id: https://develop.svn.wordpress.org/trunk@59712 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces `title` attributes with `aria-label` for weekdays in `get_calendar()` table cells.
Props sabernhardt, audrasjb, mukesh27, shailu25.
Fixes#62860.
See #24766.
git-svn-id: https://develop.svn.wordpress.org/trunk@59711 602fd350-edb4-49c9-b593-d223f7449a82
This changeset lowers the font-weight value from `600` to `400` for labels located in the Settings screens.
This is an initial implementation of the WordPress design system, aligning with the broader goal of achieving a more consistent and unified design across the administration.
Props karmatosed, audrasjb.
Fixes#62865.
git-svn-id: https://develop.svn.wordpress.org/trunk@59709 602fd350-edb4-49c9-b593-d223f7449a82
This changeset fixes an UI issue where the theme count in the "Add Themes" screen touches the top border on small screens.
Props sukhendu2002, diliphingarajiya, dilipbheda, ankitkumarshah, dhruvang21, im3dabasia1.
Fixes#62499.
git-svn-id: https://develop.svn.wordpress.org/trunk@59708 602fd350-edb4-49c9-b593-d223f7449a82
This changeset fixes a margin issue in the search input box on the Add New Plugins screen, which was previously breaking below 1138px. Specifically, the top margin was set to 0px, and the overall appearance of the search box was inconsistent between 1000px and 1138px. Now, the margin is consistent across all breakpoints.
Props jomonthomaslobo1, narenin, iflairwebtechnologies, peterwilsoncc, audrasjb, shailu25.
Fixes#61785.
git-svn-id: https://develop.svn.wordpress.org/trunk@59706 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces the light grey background color with the white color defined in the Editor Storybook. This change also impacts admin color schemes that previously utilized the default admin background color.
This is an initial implementation of the WordPress design system, aligning with the broader goal of achieving a more consistent and unified design across the administration.
Props karmatosed, audrasjb.
Fixes#62831.
git-svn-id: https://develop.svn.wordpress.org/trunk@59705 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds more details on the `WP_Term` returned by `get_category()` as it contains additional backwards compatible aliases for the era before WP 4.4 and 2.3.
Props apermo, audrasjb.
Fixes#62842.
See #62281.
git-svn-id: https://develop.svn.wordpress.org/trunk@59704 602fd350-edb4-49c9-b593-d223f7449a82
Since [13683], `the_shortlink()` has included a `title` attribute. By default, that gives the sanitized post title, and it does not sanitize custom text. Given the low value of this attribute, this changeset removes it.
Props sabernhardt, audrasjb, joedolson.
Fixes#62838.
See #24766.
git-svn-id: https://develop.svn.wordpress.org/trunk@59703 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces the new `import_filters` action hook at the end of the Import screen, consistently with other admin screens like `export.php`.
Props audrasjb, lenasterg.
Fixes#54419.
See #19863.
git-svn-id: https://develop.svn.wordpress.org/trunk@59701 602fd350-edb4-49c9-b593-d223f7449a82
This new argument, which defaults to the value of `public`, can be used to determine whether a post can be embedded using oEmbed. A new `is_post_embeddable()` function is added to easily check this.
Props pampfelimetten, swissspidy, bradleyt, DrewAPicture, gadelhas, mukesh27.
Fixes#35567.
git-svn-id: https://develop.svn.wordpress.org/trunk@59700 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces new classes to the body tag. The classes `wp-theme-<name>` and `wp-child-theme-<name>` (when the current theme is a child theme) are added, where `<name>` represents the sanitized name of the active theme.
Props cais, GaryJ, nacin, SergeyBiryukov, johnjamesjacoby, nirajgirixd, poena, audrasjb, rinkalpagdar.
Fixes#19736.
git-svn-id: https://develop.svn.wordpress.org/trunk@59698 602fd350-edb4-49c9-b593-d223f7449a82
This resolves a WPCS warning:
{{{
Variable "$ID" is not in valid snake_case format, try "$i_d"
}}}
Follow-up to [28448].
See #62279.
git-svn-id: https://develop.svn.wordpress.org/trunk@59697 602fd350-edb4-49c9-b593-d223f7449a82
Rename the 'Text' tab of the classic editor to 'Code', mimicking the labels used in the block editor: "Visual editor" and "Code editor".
Update code comment and Help documentation to reference the editor using the new label.
Props lukecavanagh, ctienshi, travel_girl, audrasjb, sabernhardt, joedolson, rseigel, mark-k, sergeybiryukov, presskopp, giuriani, afercia, knutsp, audrasjb, sukhendu2002.
Fixes#38061.
git-svn-id: https://develop.svn.wordpress.org/trunk@59696 602fd350-edb4-49c9-b593-d223f7449a82
Remove the option "Disable the visual editor when writing" from the user profile if it is currently false. If enabled, the option will stay available until disabled.
This was blocked due to issues with tab order and focusability in the classic editor environment until [59188].
Props mark-k, SergeyBiryukov, joedolson, pento, iseulde, chriscct7, afercia, prasadkarmalkar, rcreators, jamieblomerus.
Fixes#34681.
git-svn-id: https://develop.svn.wordpress.org/trunk@59695 602fd350-edb4-49c9-b593-d223f7449a82
Prior to r59679 this value was echoed to GitHub output which meant that its surrounding double quotes lost their significance. Now this value is used directly in the job output it needs to be treated as a plain string.
This concludes the conclusion confusion.
See #82221
git-svn-id: https://develop.svn.wordpress.org/trunk@59693 602fd350-edb4-49c9-b593-d223f7449a82
This aims to avoid confusion with `the_date()` and `get_the_date()`.
Includes synchronizing the description for `the_weekday()` and `the_weekday_date()`, which have very similar functionality, except that the latter will only output the weekday if the current post's weekday is different from the previous one output.
Follow-up to [59691].
See #51289.
git-svn-id: https://develop.svn.wordpress.org/trunk@59692 602fd350-edb4-49c9-b593-d223f7449a82
This changeset clarifies the purpose of these functions and make the documentation more accurate and flexible. Instead of referring to the "date the post was written," the functions and filter descriptions now refer to the "date of the post." This change accommodates scenarios where the displayed date might not strictly correspond to the writing date (e.g. scheduled posts, backdated posts, or content where the "date" represents something other than creation).
Props casiepa, audrasjb, SergeyBiryukov, Rarst, helen, azouamauriac, pbearne.
Fixes#51289.
git-svn-id: https://develop.svn.wordpress.org/trunk@59691 602fd350-edb4-49c9-b593-d223f7449a82
This changeset deletes the arrow that is typically added next to WordPress admin menu items that have submenus. The `.wp-menu-arrow` element is no longer visible since the WP 3.8 redesign, but the HTML and CSS remained. With this changeset, the HTML generating the arrow is removed, and the corresponding CSS styling is deleted.
Props helen, azaozz, jbkkd, pbearne, flixos90.
Fixes#26960.
git-svn-id: https://develop.svn.wordpress.org/trunk@59690 602fd350-edb4-49c9-b593-d223f7449a82
The `wp-singular` class includes a `wp` prefix to avoid conflicts with existing classes. This changeset also updates the `Tests_Post_GetBodyClass` PHPUnit test to include the new CSS class.
Props danielpataki, peterwilsoncc, swissspidy, johnbillion, eceleste, poena, audrasjb, raj198, shailu25.
Fixes#35164.
git-svn-id: https://develop.svn.wordpress.org/trunk@59689 602fd350-edb4-49c9-b593-d223f7449a82
This changeset restricts direct access call in `/wp-includes` and its sub directories.
Follow-up to [11768], [59678].
Props deepakrohilla.
Fixes#61314.
git-svn-id: https://develop.svn.wordpress.org/trunk@59688 602fd350-edb4-49c9-b593-d223f7449a82
This updates `@playwright/test` to the latest version, currently `1.49.1`.
In older branches using Playwright, the E2E and Performance workflows have recently started failing. This is due to changes in the GitHub Actions runner images. Updating Playwright ensures more modern dependency trees are used when installing browsers for testing and fixes the issue.
Props swissspidy.
See #62843.
git-svn-id: https://develop.svn.wordpress.org/trunk@59682 602fd350-edb4-49c9-b593-d223f7449a82
The JSON string set as an output for the Slack message payload needs to be one line to prevent causing errors. This ensures `jq` returns a compact JSON string.
Follow up to [59679].
Props johnbillion.
See #62221.
git-svn-id: https://develop.svn.wordpress.org/trunk@59681 602fd350-edb4-49c9-b593-d223f7449a82
This resolves a WPCS warning:
{{{
Variable "$thisEnclosure" is not in valid snake_case format, try "$this_enclosure"
}}}
Follow-up to [16824], [19848].
See #62279.
git-svn-id: https://develop.svn.wordpress.org/trunk@59680 602fd350-edb4-49c9-b593-d223f7449a82
This includes removing use of dangerous inline GitHub Actions expressions, preventing word splitting, further tightening permissions, and generally improving many aspects of the workflows.
This also introduces a new workflow that runs Actionlint to detect incorrect and insecure code and configuration in workflow files.
Props johnbillion, swissspidy, flixos90, desrosj.
See #62221
git-svn-id: https://develop.svn.wordpress.org/trunk@59679 602fd350-edb4-49c9-b593-d223f7449a82
This changeset restricts direct access call in `/wp-admin` and its sub directories.
Follow-up to [11768].
Props deepakrohilla.
See #61314.
git-svn-id: https://develop.svn.wordpress.org/trunk@59678 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures the `target="_blank"` attribute is preserved when adding links in the Biographical Info and Category Description fields. Previously, this attribute was being stripped by the KSES sanitization process.
Additionally, new unit tests have been added to verify the preservation of the `target="_blank"` attribute in these specific contexts.
Props lovewpmu, miqrogroove, bsutcliffe, sjefen6, nofearinc, nacin, harmr, blogitsolutions, stefahn, nirajgirixd, martinkrcho, spacedmonkey, sukhendu2002, audrasjb, gaellebesson, nuryko, guillaumeturpin, maximemeganck, ranafge, azaozz, joedolson, rinkalpagdar, mikinc860.
Fixes#12056.
git-svn-id: https://develop.svn.wordpress.org/trunk@59677 602fd350-edb4-49c9-b593-d223f7449a82
This is part of an effort to reduce `title` attribute usage in WordPress Admin. This changeset updates the Customizer Widgets sidebar list to show sidebar name and description (as these informations may benefit to everyone), and remove the `title` attribute.
Follow-up to [22439], [27548], [31513], [32991], [50804], [53414], [59675].
Props karlgroves, sabernhardt, mukesh27, joedolson.
Fixes#62836.
See #24766.
git-svn-id: https://develop.svn.wordpress.org/trunk@59676 602fd350-edb4-49c9-b593-d223f7449a82
This changeset updates the old list tables for themes and theme installation to remove `title` attributes or replace them with a more acessible implementation:
- Removes `title` attributes from `span` elements
- Replaces `title` with `aria-label` for links whose visible text starts with the same word, consistently with links on the "Add Plugins" screen
- Reuses the `$preview_title` variable to keep ARIA labels consistent for both Preview links
Follow-up to [22439], [27548], [31513], [32991], [50804], [53414].
Props karlgroves, sabernhardt, audrasjb, alh0319.
Fixes#62834.
See #24766.
git-svn-id: https://develop.svn.wordpress.org/trunk@59675 602fd350-edb4-49c9-b593-d223f7449a82
The `start_el()` method in `Walker_Nav_Menu` was calling `get_privacy_policy_url()` for every menu item when building menus. This resulted in redundant queries, particularly for menus with many items. This obtains the `get_privacy_policy_url()` value in the constructor for reuse in the `start_el()` method to improve performance.
Redundant code to construct the privacy policy page is also refactored into the `set_up()` method during tests.
Props arzola, swissspidy, westonruter, mukesh27.
Fixes#62818.
git-svn-id: https://develop.svn.wordpress.org/trunk@59674 602fd350-edb4-49c9-b593-d223f7449a82
The benefit of this is that when PRs are made to make changes to a reusable workflow, the references doesn't need to be updated to point to the fork in order for the changed workflow to run.
A `npm run grunt replace:workflow-references-local-to-remote` command has also been introduced in order to convert these local references back to remote ones. This command can be used to switch release branches over to using remote workflows, as they are currently, so they continue to benefit from workflow changes in trunk without the need for continual backporting to all the branches.
Props desrosj, johnbillion
Fixes#62416
git-svn-id: https://develop.svn.wordpress.org/trunk@59673 602fd350-edb4-49c9-b593-d223f7449a82
This resolves a WPCS warning:
{{{
Variable "$errorString" is not in valid snake_case format, try "$error_string"
}}}
Follow-up to [5054].
See #62279.
git-svn-id: https://develop.svn.wordpress.org/trunk@59672 602fd350-edb4-49c9-b593-d223f7449a82
These cookies are only accessed server-side and don't need to be exposed to JavaScript in the browser.
Props earthman100, kevinlearynet
Fixes#61322
git-svn-id: https://develop.svn.wordpress.org/trunk@59671 602fd350-edb4-49c9-b593-d223f7449a82
This way, warnings for early translation calls can be emitted that aren't attached to any hook.
Follow-up to [59461].
Props swissspidy.
Fixes #62244.See #44937.
git-svn-id: https://develop.svn.wordpress.org/trunk@59670 602fd350-edb4-49c9-b593-d223f7449a82
