This changeset introduces a `pre_wp_update_https_detection_errors` filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a `WP_Error` object.
Props timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50075 602fd350-edb4-49c9-b593-d223f7449a82
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50072 602fd350-edb4-49c9-b593-d223f7449a82
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.
Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes#52275.
git-svn-id: https://develop.svn.wordpress.org/trunk@50065 602fd350-edb4-49c9-b593-d223f7449a82
Update @wordpress npm packages to the latest published versions. This means that
the block editor includes functionality that exists in Gutenberg 9.8.
See #52334.
Props isabel_brison.
git-svn-id: https://develop.svn.wordpress.org/trunk@50048 602fd350-edb4-49c9-b593-d223f7449a82
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.
Fixes#52299.
Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50037 602fd350-edb4-49c9-b593-d223f7449a82
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.
Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes#51941.
git-svn-id: https://develop.svn.wordpress.org/trunk@50030 602fd350-edb4-49c9-b593-d223f7449a82
These parameters work just the same as `before` and `after` except they operate on the post modified date instead of the post published date.
Props claytoncollie, TimothyBlynJacobs, hellofromTonya
Fixes#50617
git-svn-id: https://develop.svn.wordpress.org/trunk@50024 602fd350-edb4-49c9-b593-d223f7449a82
This allows a menu item `post_date` to be set to particular value, rather than only allowing it to be set to "now". In particular, the WordPress Importer can use this to perform faster, more accurate duplicate checks.
Props jmdodd.
Fixes#52189.
git-svn-id: https://develop.svn.wordpress.org/trunk@50013 602fd350-edb4-49c9-b593-d223f7449a82
`wp_insert_post()` has a few checks using `post_date` and `post_date_gmt`, to determine the correct post date. This functionality is now extracted out into a new `wp_resolve_post_date()` function, allowing the checks to be reused elsewhere.
Props jmdodd.
Fixes#52187.
git-svn-id: https://develop.svn.wordpress.org/trunk@50012 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the `enum` keyword was validated by perform a strict equality check. For `string` types this is generally ok, but it prevented using alternative types like `number` when rich type support isn't available.
Now the same level of type coercion/sanitization is applied when validating `enum` as all other validation checks. This means that a value of `"1"` will be accepted for an `enum` of `[ 0, 1 ]`. Additionally, `object` types now properly ignore key order when checking for equality.
Props yakimun.
Fixes#51911.
git-svn-id: https://develop.svn.wordpress.org/trunk@50010 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the majority of JSON Schema validation errors returned a generic `rest_invalid_param` error code. In preparation for #46191, where the underlying validation error code will be exposed, this commit adds specific error codes for each failure scenario.
Fixes#52317.
git-svn-id: https://develop.svn.wordpress.org/trunk@50007 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
git-svn-id: https://develop.svn.wordpress.org/trunk@49992 602fd350-edb4-49c9-b593-d223f7449a82
Prevent `get_post_status()` returning `false` for attachments if the parent post has been deleted. The returned attachment post status is now passed through the `get_post_status` filter.
Add tests for `get_post_status()`.
Props peterwilsoncc, timothyblynjacobs for review.
Fixes#52326.
git-svn-id: https://develop.svn.wordpress.org/trunk@49985 602fd350-edb4-49c9-b593-d223f7449a82
Related Gutenberg issue: https://github.com/WordPress/gutenberg/pull/28274
With this change it is going to be possible to use the same pattern that wp_style_add_data uses for RTL handling. If the block style file with "-rtl.css" is included in addition to the regular style referenced in "block.json" file then it is going to be automatically registered.
Props swisspidy, aristath.
See #52301.
git-svn-id: https://develop.svn.wordpress.org/trunk@49982 602fd350-edb4-49c9-b593-d223f7449a82
This brings consistency between single site and multisite in REST API plugin installation tests.
Previously, multisite tests were unnecessarily downloading the plugin from WordPress.org on each test run, causing external HTTP requests and leading to failures in case of a timeout.
Follow-up to [48242], [49491], [49913].
See #51669.
git-svn-id: https://develop.svn.wordpress.org/trunk@49951 602fd350-edb4-49c9-b593-d223f7449a82
Adds 2 new hooks in `register_block_type_from_metadata`:
- Named `block_type_metadata` to filter the content of metadata read from `block.json`
- Named `block_type_metadata_settings` to filter the settings object determined from the metadata that is passed to `register_block_type` call
Props swissspidy.
Fixes#52138.
git-svn-id: https://develop.svn.wordpress.org/trunk@49948 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.
This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.
Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes#50152.
git-svn-id: https://develop.svn.wordpress.org/trunk@49925 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
git-svn-id: https://develop.svn.wordpress.org/trunk@49919 602fd350-edb4-49c9-b593-d223f7449a82
This adjusts the logic for determining whether to skip some tests when not in the primary branch, and allows for running these tests locally.
Follow-up to [47000], [47001], [49264], [49267], [49280].
See #50401.
git-svn-id: https://develop.svn.wordpress.org/trunk@49916 602fd350-edb4-49c9-b593-d223f7449a82
This prevents external HTTP requests that are not required for the tests in question and may interfere with the results in case of a timeout.
Follow-up to [48242], [49491].
See #51669.
git-svn-id: https://develop.svn.wordpress.org/trunk@49913 602fd350-edb4-49c9-b593-d223f7449a82
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.
* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.
Props Clorith, flixos90, miinasikk, westonruter.
Fixes#47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@49904 602fd350-edb4-49c9-b593-d223f7449a82
The modified checks of the `read_private_posts` capability could result in unexpected SQL queries when calling `WP_Query` with invalid parameters.
Reverts [49830], [49832] and [49833].
See #48556.
git-svn-id: https://develop.svn.wordpress.org/trunk@49899 602fd350-edb4-49c9-b593-d223f7449a82
This reinstates [49848], previously reverted in [49849], with the addition of `static` keyword for the `wpSetUpBeforeClass()` method, allowing the tests to pass on PHP 8.
Props peterwilsoncc.
See #51802.
git-svn-id: https://develop.svn.wordpress.org/trunk@49863 602fd350-edb4-49c9-b593-d223f7449a82
This most notably affects the response when XML-RPC is disabled or when the supplied username and password is incorrect.
Props ericmann
Fixes#48213
git-svn-id: https://develop.svn.wordpress.org/trunk@49862 602fd350-edb4-49c9-b593-d223f7449a82
Related Gutenberg PR: https://github.com/WordPress/gutenberg/pull/25220.
It aligns with the latest changes added by aristath to the Gutenberg project. As part of styles splitting for core blocks, there was a special pattern introduced for how style handles are named. Ideally, we would apply it to all blocks but there might be some backward compatibility considerations so I left the handling for non-core blocks unchanged.
Props aristath.
See #50328.
git-svn-id: https://develop.svn.wordpress.org/trunk@49850 602fd350-edb4-49c9-b593-d223f7449a82
This brings the behaviour inline with the `<title>` element of the page which always shows the author name.
Props Tkama, subrataemfluence
Fixes#44183
git-svn-id: https://develop.svn.wordpress.org/trunk@49843 602fd350-edb4-49c9-b593-d223f7449a82
This will help catch issues with Ajax related functionality on multisite.
A few tests have also been marked as `skipWithMultisite()` as they require network admin level capabilities when performing the same operations on a multisite install.
Props garrett-eclipse, netweb.
Fixes#46567.
git-svn-id: https://develop.svn.wordpress.org/trunk@49835 602fd350-edb4-49c9-b593-d223f7449a82
After this change, the relevant `read_private_posts` capability is checked for
each queried post type. This ensures that private posts appear in search and
archive queries for users who have the ability to view those posts.
Props leogermani.
Fixes#13509, #48968, #48556.
git-svn-id: https://develop.svn.wordpress.org/trunk@49830 602fd350-edb4-49c9-b593-d223f7449a82
* Expands the capabilities of `wp_filter_content_tags()` to add the attribute to iframe tags if enabled.
* Modifies the default behavior of `wp_lazy_loading_enabled()` so that it returns `true` for `iframe` tags.
* Introduces a `wp_iframe_tag_add_loading_attr()` function.
* Introduces a `wp_iframe_tag_add_loading_attr` filter.
Like for images, the attribute is only added to iframes which have both `width` and `height` specified (see related #50367).
Props azaozz, flixos90, westonruter.
Fixes#50756.
git-svn-id: https://develop.svn.wordpress.org/trunk@49808 602fd350-edb4-49c9-b593-d223f7449a82
When SimplePie parses HTTP headers, it combines multiple values for the same header into a comma-separated string. `WP_SimplePie_File` overrides the parsing, but was leaving them as an array instead.
That lead to a fatal error in PHP 8, because other parts of the codebase ended up passing an array to a function that expected a string.
Props david.binda, litemotiv, inc2734, NicolasKulka, hellofromTonya, mbabker, skithund, SergeyBiryukov, desrosj, timothyblynjacobs.
Fixes#51056. See #51956.
git-svn-id: https://develop.svn.wordpress.org/trunk@49803 602fd350-edb4-49c9-b593-d223f7449a82
