This change adds a new way for users to quickly identify what version of WordPress they are looking at, directly from the "Help" sidebar on the main "Dashboard" page.
* Stable versions will link to their respective support documents.
* Development versions (alpha/beta/RC) will not link anywhere.
Props audrasjb, costdev, donmhico, hellofromtonya, ipstenu, justinahinon, karmatosed, knutsp, marybaum, sergeybiryukov, webcommsat.
Fixes#47848.
git-svn-id: https://develop.svn.wordpress.org/trunk@51985 602fd350-edb4-49c9-b593-d223f7449a82
This change prevents non-visible characters in titles from creating encoded values in permalinks, opting instead for the following replacement strategy:
* Non-visible non-zero-width characters are replaced with hyphens
* Non-visible zero-width characters are removed entirely
Included with this change are 64 additional PHPUnit assertions to confirm that only the targeted non-visible characters are sanitized as intended.
Before this change, URLs would unintentionally contain encoded values where these non-visible characters were. After this change, URLs intentionally strip out or hyphenate these non-visible characters.
Props costdev, dhanendran, hellofromtonya, paaljoachim, peterwilsoncc, poena, sergeybiryukov.
Fixes#47912.
git-svn-id: https://develop.svn.wordpress.org/trunk@51984 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a PHP notice and ensures that a default value is always provided if none is set by the user.
Follow-up to [51145], [51485].
Props davidwebca, mukesh27.
Fixes#54129.
git-svn-id: https://develop.svn.wordpress.org/trunk@51982 602fd350-edb4-49c9-b593-d223f7449a82
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.
It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.
Props ashfame, audrasjb, iluy, johnbillion.
Fixes #53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@51980 602fd350-edb4-49c9-b593-d223f7449a82
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word “we” should be avoided (...) unless its made very clear which group is speaking
(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)
Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.
Fixes #46057.
git-svn-id: https://develop.svn.wordpress.org/trunk@51979 602fd350-edb4-49c9-b593-d223f7449a82
This change adds a filter inside of the `get_header_image_tag()` function allowing developers to filter the attributes of the header image HTML tag before they are escaped, concatenated, and returned.
Before this change, it was not possible to externally and preemptively intercept this array of attributes. After this change, these attributes can now be easily filtered, matching it nicely to the `wp_get_attachment_image_attributes` hook.
Props audrasjb, chaion07, junaidbhura, sabernhardt.
Fixes#38942.
git-svn-id: https://develop.svn.wordpress.org/trunk@51978 602fd350-edb4-49c9-b593-d223f7449a82
This change removes a 1 pixel gap in the measurement of the viewport width when clicking the "Collapse menu" button (at the bottom of the admin menu UI) when already collapsed, causing the menu not to open as intended when exactly 960 pixels wide.
Before this change, the menu would be stuck in the collapsed position. After this change, the menu opens as expected.
Props abesell132, ankit-k-gupta, audrasjb, boniu91, mai21, sabernhardt, webaxones.
Fixes#54210.
git-svn-id: https://develop.svn.wordpress.org/trunk@51977 602fd350-edb4-49c9-b593-d223f7449a82
This changes the descriptive text underneath 3 settings that are frequently overridden by individual posts & pages, and are also often misunderstood to work differently than they do.
"(These settings may be overridden for individual posts.)"
...becomes...
"Individual posts may override these settings. Changes here will only be applied to new posts."
* Parenthesis were removed to improve text layout and flow for RTL languages.
* Original statement was reworded to emphasize "individual posts".
* New statement provides clarity to users about settings changes not being retroactive.
Props audrasjb, johnjamesjacoby, sabbirshouvo, sabernhardt, tobifjellner.
Fixes#54300.
git-svn-id: https://develop.svn.wordpress.org/trunk@51976 602fd350-edb4-49c9-b593-d223f7449a82
This change removes a call to `wp_html_excerpt()` used on the HTML output of the search string, supplied by the current user in the previous page request via the named `s` input in the search-box UI.
If the search string is extremely long, it wraps around the available empty space in a way that is not visually displeasing, confirming that truncation is not a requirement here.
This also addresses a small accessibility concern as the non-truncated string was not alternatively presented, and helps normalize the output of `$_REQUEST['s']` for more broad improvements in the future.
Props hareesh-pillai, jakubtyrcha, johnjamesjacoby, lukecavanagh, sabernhardt.
Fixes#17636.
git-svn-id: https://develop.svn.wordpress.org/trunk@51975 602fd350-edb4-49c9-b593-d223f7449a82
Adds a new REST API endpoint (`/wp-block-editor/v1/url-details`) for retrieving information from an external URL.
Information retrieved:
* Title: content of the `<title>` element
* Icon: favicon image link
* Description: content of the `description` or `og:description` meta element
* Image: OG image link
This endpoint is used by the block editor for link previews.
Props get_dave, aduth, andraganescu, beaulebens, hellofromTonya, kevin940726, mamaduka, marekhrabe, mnelson4, noisysocks, obenland, ocean90, retrofox, shaunandrews, spacedmonkey, swissspidy, timothyblynjacobs, xknown, youknowriad.
Fixes#54358.
git-svn-id: https://develop.svn.wordpress.org/trunk@51973 602fd350-edb4-49c9-b593-d223f7449a82
Remove CSS used in version of `wp_text_diff` prior to [50034]. Orphaned CSS breaks default layout of function output, but is overridden in the revisions screen.
Props mt8.biz, hareesh-pillai, mukesh27.
Fixes#54140.
git-svn-id: https://develop.svn.wordpress.org/trunk@51972 602fd350-edb4-49c9-b593-d223f7449a82
The WordPress Events and News widget used an icon-only button to select a location. The Pencil icon alone provided insufficient context and labeling for accessibility. Add text to clearly describe button action and change icon to represent a location marker.
Props AmethystAnswers, sabernhardt.
Fixes#53311.
git-svn-id: https://develop.svn.wordpress.org/trunk@51971 602fd350-edb4-49c9-b593-d223f7449a82
If a site health info section includes the `show_count` parameter, this commit internationalizes the count.
Follow-up to [45176].
Props johnbillion, swissspidy.
Fixes#54341.
git-svn-id: https://develop.svn.wordpress.org/trunk@51970 602fd350-edb4-49c9-b593-d223f7449a82
Include the current post title in the `title` element when editing a post. Improve accessibility by distinguishing between different edit screens in the browser tab list.
Props skierpage, alexstine, audrasjb, sabernhardt.
Fixes#52314.
git-svn-id: https://develop.svn.wordpress.org/trunk@51969 602fd350-edb4-49c9-b593-d223f7449a82
Adds an expectation for PHP 8.1 "passing null to non-nullable" deprecation notice to select tests where the deprecation is generated by one of the functions in the `wp-includes/formatting.php` file, either via a filter hook callback or by a direct call.
Instead of haphazardly fixing these issues exposed by the tests, a more structural and all-encompassing solution for input validation should be architected and implemented as otherwise, we'll keep running into similar issues time and again with each new PHP version.
To discourage people from "fixing" these issues now anyway, this commit "hides" nearly all of these issues from the test runs.
Once a more structural solution is designed, these tests and the underlying functions causing the deprecation notices should be revisited and the structural solution put in place.
Includes a few minor other tweaks to select tests:
* Removing a stray `return` (twice) from assertion statements.
* Removing calls to `ob_*()` functions in favour of letting PHPUnit manage the output catching. This prevents warnings along the lines of `Test code or tested code did not (only) close its own output buffers`.
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51968 602fd350-edb4-49c9-b593-d223f7449a82
Role="navigation" was required for assistive technology to recognize HTML5 element's native ARIA roles while HTML5 and ARIA were being introduced. With the deprecation of IE11, the role attribute is only required when mapping elements that don't have native role.
Props costdev, mukesh27.
Fixes#54054.
git-svn-id: https://develop.svn.wordpress.org/trunk@51967 602fd350-edb4-49c9-b593-d223f7449a82
Adds end-to-end (e2e) tests for the following test scenarios:
* Create a new application password.
* Create an application password with an existing name.
* Revoke a single application password.
* Bulk revoke applications passwords.
Follow-up to [49109], [49276], [49562], [50001], [50367], [51463].
Props justinahinon, swissspidy, juhise, kevin940726, isabel_brison.
Fixes#54241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51966 602fd350-edb4-49c9-b593-d223f7449a82
Use 3-digit, x.x.x-style semantic versioning for `@since` tags of the `$rest_namespace` property in `WP_Post_Type` and `WP_Taxonomy`.
Add a `@since` note to `WP_REST_Taxonomies_Controller::get_item_schema()` for the `visibility` and `rest_namespace` properties.
The `rest_base` property was also added after the method was initially introduced, but that happened during the same release cycle, so it doesn't need a separate `@since` note.
Follow-up to [38832], [39191], [42729], [51959], [51961], [51962], [51964].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51965 602fd350-edb4-49c9-b593-d223f7449a82
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.
A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.
For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.
Props spacedmonkey.
Fixes#54267.
See [51962].
git-svn-id: https://develop.svn.wordpress.org/trunk@51964 602fd350-edb4-49c9-b593-d223f7449a82
This change adds two now attribute-related config options to KSES:
- An array of allowed values can be defined for attributes. If the attribute value doesn't fall into the list, the attribute will be removed from the tag.
- Attributes can be marked as required. If a required attribute is not present, KSES will remove all attributes from the tag. As KSES doesn't match opening and closing tags, it's not possible to safely remove the tag itself, the safest fallback is to strip all attributes from the tag, instead.
Included with this change is an implementation of these options, allowing the `<object>` tag to be stored in posts, but only when it has a `type` attribute set to `application/pdf`.
Props pento, swissspidy, peterwilsoncc, dd32, jorbin.
Fixes#54261.
git-svn-id: https://develop.svn.wordpress.org/trunk@51963 602fd350-edb4-49c9-b593-d223f7449a82
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument.
A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.
While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.
Props spacedmonkey, swissspidy.
Fixes#53656.
git-svn-id: https://develop.svn.wordpress.org/trunk@51962 602fd350-edb4-49c9-b593-d223f7449a82
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.
Follow-up to [38832], [39097], [39191], [39647], [51959].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51961 602fd350-edb4-49c9-b593-d223f7449a82
Previously, a 200 status code would be sent despite the 500 status code present in the response body.
Props hermpheus, lalitjalandhar.
Fixes#53056.
git-svn-id: https://develop.svn.wordpress.org/trunk@51960 602fd350-edb4-49c9-b593-d223f7449a82
Specifically, this ensures that the DocBlock follows the line wrapping recommendations.
Follow-up to [44986], [45156], [45259], [51949].
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51956 602fd350-edb4-49c9-b593-d223f7449a82
This makes the needed adjustments to fix Slack notifications for `scheduled` and `workflow_dispatch` events. The data needed to send notifications for these events are stored in different locations, or need to be accessed through API requests.
Follow up to [51921], [51937].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51953 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.
Follow-up to [51815].
See #51857, #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51951 602fd350-edb4-49c9-b593-d223f7449a82
This corrects the structure of the documentation so it accurately reflects the array elements contained within.
See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51949 602fd350-edb4-49c9-b593-d223f7449a82
Closes the admin menu on mobile devices when keyboard focus moves outside of the menu or menu toggle elements. Improves the usability of the menu on mobile by allowing closure anywhere outside the menu rather than only on the toggle.
Props kaneva, costdev, sabernhardt
Fixes#53587.
git-svn-id: https://develop.svn.wordpress.org/trunk@51946 602fd350-edb4-49c9-b593-d223f7449a82
The event that fired closing the attachment details modal also removed the keydown event listener, so subsequent modals could not be closed with the escape key.
Props vondelphia, sourovroy, sabernhardt
Fixes#53924.
git-svn-id: https://develop.svn.wordpress.org/trunk@51945 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.
Follow-up to [50973], [51819].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51944 602fd350-edb4-49c9-b593-d223f7449a82
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
git-svn-id: https://develop.svn.wordpress.org/trunk@51943 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.
Follow-up to [51471].
Props aristath, shimon246, jrf, gziolo.
Fixes#54323.
git-svn-id: https://develop.svn.wordpress.org/trunk@51941 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for better readability.
Follow-up to [8516], [51826], [51929], [51931].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51940 602fd350-edb4-49c9-b593-d223f7449a82
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
git-svn-id: https://develop.svn.wordpress.org/trunk@51939 602fd350-edb4-49c9-b593-d223f7449a82
* Move the directory being tested to the `data` directory, for consistency with other test data.
* Set the `svn:eol-style` property to `native`, for consistency with other files.
* Correct the test class name in `dummy.txt`.
Follow-up to [51246], [51910], [51911].
See #52241, #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51938 602fd350-edb4-49c9-b593-d223f7449a82
When a workflow is triggered through a `workflow_run` event, the context is not the original workflow. The details about the original workflow are passed through the `github.event` context.
This also moves the conditional check controlling whether the Slack workflow is run into the calling workflows to prevent them from running for pull requests.
Follow up to [51921-51922,51924-51925,51934].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51937 602fd350-edb4-49c9-b593-d223f7449a82
In [51921], the GitHub Actions workflows were updated to utilize the Slack notifications workflow as a callable one instead of on the `workflow_run` event.
This eliminated the need for an additional “Slack Notifications” workflow run for every completed workflow, but only when other workflows are updated as well. This resulted in notifications from older branches breaking, as the changes in [51921] were not backported.
Instead of backporting the needed changes now (the Slack workflow is still being polished), this commit partially restores the `workflow_run` event for older branches so that notifications will resume.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51934 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [8520], [51826], [51929].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51931 602fd350-edb4-49c9-b593-d223f7449a82
In the docblocks throughout `wp-signup.php` use sign up for verbs and sign-up for nouns.
Props audrasjb, jeffpaul.
Fixes#54041. See #53399.
git-svn-id: https://develop.svn.wordpress.org/trunk@51930 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.
Follow-up to [8516], [51826].
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51929 602fd350-edb4-49c9-b593-d223f7449a82
