This fixes a potential illegal offset error introduced in [50134] if the `$image_meta` doesn't include a `file` key.
Props dd32.
Fixes#51865.
git-svn-id: https://develop.svn.wordpress.org/trunk@50136 602fd350-edb4-49c9-b593-d223f7449a82
Runs cron jobs later on sites using alternative cron, ie the `ALTERNATE_WP_CRON` constant is true, to more closely match when standard cron jobs are run. Jobs now run on the `wp_loaded` hook at priority `20`. Prior to this change they would run on the `init` hook. This ensures custom post types and taxonomies are registered prior to the jobs running.
This change also prevents alternative wp-cron from running on archived or suspended multisite blogs as these are shut down prior to the `wp_loaded` hook from running.
Moves the existing functionality of `wp_cron()` in to a new private function `_wp_cron()`.
Props flixos90, jeremyfelt, johnbillion, jrf, kurtpayne, nacin, peterwilsoncc, prettyboymp, r-a-y, ryan, stevenkword, swissspidy.
Fixes#20537, #24160.
git-svn-id: https://develop.svn.wordpress.org/trunk@50135 602fd350-edb4-49c9-b593-d223f7449a82
This adds a new filter, `wp_image_src_get_dimensions` to the `wp_image_src_get_dimensions()` function to correct the dimensions returned for a file whenever WordPress isn't able to correctly get the dimensions from attachment metadata.
Fixes#51865.
git-svn-id: https://develop.svn.wordpress.org/trunk@50134 602fd350-edb4-49c9-b593-d223f7449a82
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
git-svn-id: https://develop.svn.wordpress.org/trunk@50133 602fd350-edb4-49c9-b593-d223f7449a82
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.
Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.
Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.
Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.
Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes#5272.
git-svn-id: https://develop.svn.wordpress.org/trunk@50132 602fd350-edb4-49c9-b593-d223f7449a82
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
git-svn-id: https://develop.svn.wordpress.org/trunk@50131 602fd350-edb4-49c9-b593-d223f7449a82
Introduces `is_post_status_viewable()` as a sibling to `is_post_type_viewable()`. Internal and protected statuses are never considered viewable. For built in posts statuses the `public` attribute is checked, for custom statuses the `publicly_queryable` attribute is checked.
Introduces `is_post_publicly_viewable()` for determining if an individual post can be viewed by logged out users. A post is considered viewable if both `is_post_status_viewable()` and `is_post_type_viewable()` return `true` for the post's attributes.
Additionally modifies `is_post_type_viewable()` to return `false` if an unregistered post type is passed to the function to avoid attempting to access properties on a non-object.
Props peterwilsoncc, SergeyBiryukov, whyisjake, TimothyBlynJacobs.
Fixes#49380.
git-svn-id: https://develop.svn.wordpress.org/trunk@50130 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
git-svn-id: https://develop.svn.wordpress.org/trunk@50128 602fd350-edb4-49c9-b593-d223f7449a82
These functions are simple but reduce the logic needed in themes and plugins.
Props ramiy, sebastian.pisula, birgire, audrasjb, xkon
Fixes#33045
git-svn-id: https://develop.svn.wordpress.org/trunk@50127 602fd350-edb4-49c9-b593-d223f7449a82
Switch the Sass implementation used by Grunt to `sass` (the Dart version), since LibSass & `node-sass` have been deprecated.
Props desrosj.
Fixes#51763.
git-svn-id: https://develop.svn.wordpress.org/trunk@50126 602fd350-edb4-49c9-b593-d223f7449a82
This also removes a CSS rule in the light scheme which was flagged as temporary and overrides the hover text color.
Fixes#52229.
git-svn-id: https://develop.svn.wordpress.org/trunk@50125 602fd350-edb4-49c9-b593-d223f7449a82
Introduces new endpoints to allow for batch image editing using the REST API.
The new endpoints can take an array of modifiers that will be applied in the order they appear.
Props ajlende, TimothyBlynJacobs, hellofromTonya, Mista-Flo.
Fixes#52192.
git-svn-id: https://develop.svn.wordpress.org/trunk@50124 602fd350-edb4-49c9-b593-d223f7449a82
`render_block_{$this->name}`
This complements the existing `render_block` hook and allows for filtering the content of a specific block without having to use conditionals inside the filter callback.
Props manzoorwani.jk, noisysocks, birgire, johnbillion.
Fixes#46187.
git-svn-id: https://develop.svn.wordpress.org/trunk@50123 602fd350-edb4-49c9-b593-d223f7449a82
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
git-svn-id: https://develop.svn.wordpress.org/trunk@50121 602fd350-edb4-49c9-b593-d223f7449a82
This provides a more consistent location for these strings and allows for reusing them in other places without hardcoding them in the markup.
Props nicolalaserra, audrasjb, johnjamesjacoby, SergeyBiryukov.
Fixes#42421.
git-svn-id: https://develop.svn.wordpress.org/trunk@50120 602fd350-edb4-49c9-b593-d223f7449a82
Add a new `login_site_html_link` filter that developers can use to adjust the "Go to site" link displayed in the login page footer.
Props ebinnion, DrewAPicture, audrasjb, hellofromTonya, sabernhardt.
Fixes#35449.
git-svn-id: https://develop.svn.wordpress.org/trunk@50117 602fd350-edb4-49c9-b593-d223f7449a82
These properties have been in use since 2.5 and 2.6 but were never added as actual properties on the class. This fixes that.
Props gunnard, SergeyBiryukov
Fixes#52142
git-svn-id: https://develop.svn.wordpress.org/trunk@50116 602fd350-edb4-49c9-b593-d223f7449a82
Make the navigation menu footer sticky so a Save Menu button is always available in the viewport. Improves usability and effectiveness of the interface when in a responsive view.
Props garrett-eclipse, audrasjb, maxpertici, sabernhardt, kburgoine, poena
Fixes#51631
git-svn-id: https://develop.svn.wordpress.org/trunk@50115 602fd350-edb4-49c9-b593-d223f7449a82
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.
Props johnbillion, TimothyBlynJacobs.
Fixes#51703.
git-svn-id: https://develop.svn.wordpress.org/trunk@50114 602fd350-edb4-49c9-b593-d223f7449a82
The opt-in form is shown after the comment is submitted and held for moderation.
Sorry this took five years.
Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion
Fixes#33717
git-svn-id: https://develop.svn.wordpress.org/trunk@50109 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
git-svn-id: https://develop.svn.wordpress.org/trunk@50082 602fd350-edb4-49c9-b593-d223f7449a82
This updates the following dependencies:
- `@wordpress/browserslist-config` from `2.7.0` to `3.0.0`.
- `autoprefixer` from `9.8.5` to `9.8.6`.
- `node-sass` from `4.14.1` to `5.0.0`.
- `postcss-cli` from `7.1.1` to `7.1.2`.
- `postcss-focus-within` from `3.0.0` to `4.0.0`.
- `rtlcss` from `2.5.0` to `2.6.2`.
There are no changes after running `build`.
See #51801.
git-svn-id: https://develop.svn.wordpress.org/trunk@50081 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a `wp_robots_max_image_preview_large()` function which is hooked into the `wp_robots` filter to include the `max-image-preview:large` directive for all sites which are configured to be indexed by search engines. The directive allows search engines to display large image previews for the site in search results.
Props adamsilverstein, Clorith, flixos90, helen, joostdevalk, tweetythierry, westonruter.
Fixes#51511.
git-svn-id: https://develop.svn.wordpress.org/trunk@50078 602fd350-edb4-49c9-b593-d223f7449a82
This updates the following packages:
- `@wordpress/browserslist-config` from `2.6.0` to `2.7.0`.
- `autoprefixer` from `9.6.1` to `9.8.6`.
- `concurrently` from `5.2.0` to `5.3.0`.
- `postcss-cli` from `7.1.1` to `7.1.2`.
- `rtlcss` from `2.5.0` to `2.6.2`.
See #51801.
git-svn-id: https://develop.svn.wordpress.org/trunk@50077 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a `pre_wp_update_https_detection_errors` filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a `WP_Error` object.
Props timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50075 602fd350-edb4-49c9-b593-d223f7449a82
This updates the following dependencies:
- `@wordpress/browserslist-confg` from `2.7.0` to `3.0.0`.
- `@wordpress/eslint-plugin` from `7.3.0` to `8.0.1`.
- `sass` from `1.29.0` to `1.32.5`.
- `stylelint` from `13.8.0` to `13.9.0`
There are no changes after running `build`.
See #51801.
git-svn-id: https://develop.svn.wordpress.org/trunk@50073 602fd350-edb4-49c9-b593-d223f7449a82
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50072 602fd350-edb4-49c9-b593-d223f7449a82
The `defaultEditorStyles` setting was missing from the default block
editor settings. This causes the "Use theme styles" setting which was
added in WordPress 5.6 to not function properly.
Also, the RTL version of editor styles were not being loaded. This
change has not yet been ported over from Gutenberg.
Fixes#52394.
git-svn-id: https://develop.svn.wordpress.org/trunk@50069 602fd350-edb4-49c9-b593-d223f7449a82
In [50067] `props.cache` was removed as it was unused. This left a lingering unused `refresh` in the `_requery` function.
Props peterwilsoncc.
See #50025.
git-svn-id: https://develop.svn.wordpress.org/trunk@50068 602fd350-edb4-49c9-b593-d223f7449a82
Previously, newly uploaded media attachments were missing when filtering media items by date due to lack of cache invalidation.
Props adamsilverstein, teamdnk, afercia, Mista-Flo, joedolson, youknowriad, talldanwp.
Fixes#50025.
git-svn-id: https://develop.svn.wordpress.org/trunk@50067 602fd350-edb4-49c9-b593-d223f7449a82
Moves src/wp-includes/blocks/classic to src/wp-includes/blocks/freeform. This
reflects the 'classic' block being renamed to 'freeform'.
Follows [50048].
See #52334.
git-svn-id: https://develop.svn.wordpress.org/trunk@50066 602fd350-edb4-49c9-b593-d223f7449a82
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.
Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes#52275.
git-svn-id: https://develop.svn.wordpress.org/trunk@50065 602fd350-edb4-49c9-b593-d223f7449a82
