Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms.
Fixes#47077.
Props dshanske, cklosows.
git-svn-id: https://develop.svn.wordpress.org/trunk@47239 602fd350-edb4-49c9-b593-d223f7449a82
Pending block editor revisions for WordPress 5.4 will make use of `window.URL` and `window.DOMRect`. These are not available in Internet Explorer (or pre-Chromium Edge for `DOMRect`) and must be polyfilled to avoid script errors.
The changes make use of the existing polyfill pattern, and existing `polyfill-library` dependency. The dependency is bumped to the latest version, since the previous version did not include the `DOMRect` polyfill.
Props jorgefilipecosta.
Fixes#49360.
git-svn-id: https://develop.svn.wordpress.org/trunk@47238 602fd350-edb4-49c9-b593-d223f7449a82
Session tokens contain an IP address and user agent.
Props garrett-eclipse, nickylimjj, lakenh, xkon, rconde.
Fixes#45889.
git-svn-id: https://develop.svn.wordpress.org/trunk@47237 602fd350-edb4-49c9-b593-d223f7449a82
The value is used by the WordPress Events and News widget to show relevant WP community events.
The location information may include an IP address, location description, and latitude/longitude coordinates.
Props garrett-eclipse, coreymckrill, xkon.
Fixes#43921.
git-svn-id: https://develop.svn.wordpress.org/trunk@47236 602fd350-edb4-49c9-b593-d223f7449a82
When used as a noun referring to the "virtual" place, `Trash` should be capitalized.
Props garrett-eclipse, aandrewdixon, Presskopp.
Fixes#45317.
git-svn-id: https://develop.svn.wordpress.org/trunk@47233 602fd350-edb4-49c9-b593-d223f7449a82
Previously the _embed flag would embed all embeddable links in a response even if only a subset of the links were necessary. Now, a list of link relations can be passed in the _embed parameter to restrict the list of embedded objects.
Props rheinardkorf, adamsilverstein, jnylen0, cklosows, chrisvanpatten, TimothyBlynJacobs.
Fixes#39696.
git-svn-id: https://develop.svn.wordpress.org/trunk@47224 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
This allows the icons to be retrieved via `get_post_type_object()`.
Props m.usama.masood, michael.ecklund, SergeyBiryukov.
Fixes#38844.
git-svn-id: https://develop.svn.wordpress.org/trunk@47196 602fd350-edb4-49c9-b593-d223f7449a82
Since MySQL 5.7, InnoDB engine supports `FULLTEXT` indexes, so forcing MyISAM is unnecessary.
Follow-up to [47193], which addressed the issue in `Tests_dbDelta::setUp()`, but missed other tests.
Props xkon, joonasvanhatapio, SergeyBiryukov.
Fixes#49367.
git-svn-id: https://develop.svn.wordpress.org/trunk@47195 602fd350-edb4-49c9-b593-d223f7449a82
* MySQL 8.0.11 changed the `GeometryCollection` data type name to `GeomCollection`, with the latter being the preferred name.
* MySQL 8.0.17 removed support for the display width attribute for integer data types. Previously, default display width of 20 digits was used: `BIGINT(20)`.
The affected tests now check the MySQL server version and use the appropriate data types.
This leaves one unresolved failure on MySQL 8.0.17+ to be addressed in the future, caused by the same `BIGINT` display width discrepancy coming from `wp_get_db_schema()`.
Props kaggdesign, ottok, jeremyfelt, SergeyBiryukov.
Fixes#44384, #49344. See #49364.
git-svn-id: https://develop.svn.wordpress.org/trunk@47184 602fd350-edb4-49c9-b593-d223f7449a82
MySQL 8.0.11 removed support for the `NO_AUTO_CREATE_USER` SQL mode, which was used in as an example of a mode compatible with WordPress.
`NO_AUTO_VALUE_ON_ZERO` is now used in the affected tests instead, which is supported on both MySQL 5.7.x and 8.0.x.
Props kaggdesign, jeremyfelt, afragen.
Fixes#44586. See #49344.
git-svn-id: https://develop.svn.wordpress.org/trunk@47183 602fd350-edb4-49c9-b593-d223f7449a82
If the post status is not registered, assume it's not public, but still allow access to users with edit permissions (same as for a protected post status, e.g. `draft`), so that they could recover orphaned content.
Add unit tests.
Follow-up to [47178].
Props roytanck, SergeyBiryukov.
Fixes#48653.
git-svn-id: https://develop.svn.wordpress.org/trunk@47181 602fd350-edb4-49c9-b593-d223f7449a82
With `map_meta_cap` enabled for a post type, the `read_post` capability for posts with a public status is supposed to be mapped to the post type's `read` capability.
When a post is left in the database after the post status is no longer present, and WP does a `read_post` check against it, a PHP notice was thrown, and the cap check always failed.
As a more graceful fallback, the cap is now mapped onto `edit_others_posts`, which allows highly privileged users to be able to access orphaned content.
A `_doing_it_wrong()` notice is also added, so that developers and site administrators are aware that the cap mapping is failing in the absence of the registered post status.
Follow-up to [34091], which introduced a similar approach to checking mapped caps against an unregistered post type.
Props roytanck, SergeyBiryukov.
Fixes#48653.
git-svn-id: https://develop.svn.wordpress.org/trunk@47178 602fd350-edb4-49c9-b593-d223f7449a82
Core did not include the navigation block PHP files.
This commit fixes the issue referred, and now the navigation block is executed on the frontend. The block still does not work as expected and throws an error during frontend execution. That problem is going to be fixed on the next WordPress package update.
This commit adds the file as it is on the npm package used.
Props gziolo.
Fixes#49348.
git-svn-id: https://develop.svn.wordpress.org/trunk@47176 602fd350-edb4-49c9-b593-d223f7449a82
This makes the function more consistent with `get_the_ID()` or `wp_get_post_parent_id()`, both returning an integer.
Props 0v3rth3d4wn.
Fixes#40096.
git-svn-id: https://develop.svn.wordpress.org/trunk@47160 602fd350-edb4-49c9-b593-d223f7449a82
Using all caps should be avoided for better readability and because screen readers may pronounce all-caps words as abbreviations.
Props afercia, ryokuhi, sabernhardt, garrett-eclipse.
See #47656, #43037, #42945.
git-svn-id: https://develop.svn.wordpress.org/trunk@47156 602fd350-edb4-49c9-b593-d223f7449a82
The produced ZIP archive will now include an `export.json` file along with the current `index.html`.
Props xkon.
Fixes#49029. See #46424.
git-svn-id: https://develop.svn.wordpress.org/trunk@47146 602fd350-edb4-49c9-b593-d223f7449a82
Store each generated embedded object in a temporary cache when querying for linked resources so that repeated links to the same resource do not trigger repeated queries or processing.
Props TimothyBlynJacobs.
Fixes#48838.
git-svn-id: https://develop.svn.wordpress.org/trunk@47138 602fd350-edb4-49c9-b593-d223f7449a82
This information was previously available on the Moderate Comment screen in the admin, but was missing from moderation emails.
Props imath, danieltj, andraganescu, galbaras, SergeyBiryukov.
Fixes#43805. See #43429.
git-svn-id: https://develop.svn.wordpress.org/trunk@47114 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the function has enough context to determine the necessity of replacing the month name with the correct form in locales that require it.
Props SergeyBiryukov, Rarst.
Fixes#48934.
git-svn-id: https://develop.svn.wordpress.org/trunk@47078 602fd350-edb4-49c9-b593-d223f7449a82
This patch integrates DependencyExtractionWebpackPlugin which was battle-tested in Gutenberg.
This will greatly simplify the process of upgrading npm packages which change after every Gutenberg release. It might even useful during the WordPress release cycle as we might need to publish more often as we discover critical bugs and regressions.
Props jonsurrell, adamsilverstein, youknowriad, ocean90, netweb.
Fixes#48154.
git-svn-id: https://develop.svn.wordpress.org/trunk@47035 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
git-svn-id: https://develop.svn.wordpress.org/trunk@47018 602fd350-edb4-49c9-b593-d223f7449a82
This converts the arguments originally meant for `wpmu_create_blog()` to the ones used by `wp_insert_site()`.
Follow-up to [47011].
Fixes#47195.
git-svn-id: https://develop.svn.wordpress.org/trunk@47013 602fd350-edb4-49c9-b593-d223f7449a82
Map some arguments for backward compatibility with `wpmu_create_blog()` previously used there.
Props davidbaumwald, danielbachhuber, jeremyfelt, SergeyBiryukov.
See #47195.
git-svn-id: https://develop.svn.wordpress.org/trunk@47011 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the first available match was returned, regardless of the case, which was not always the expected result.
Props archon810, ben.greeley, tristangemus, vsamoletov, SergeyBiryukov.
Fixes#39768.
git-svn-id: https://develop.svn.wordpress.org/trunk@47010 602fd350-edb4-49c9-b593-d223f7449a82
r46896 was intended to have included unit tests for the block serialization functions added as part of the changeset.
Props: @aduth.
Fixes: #49048
git-svn-id: https://develop.svn.wordpress.org/trunk@46997 602fd350-edb4-49c9-b593-d223f7449a82
* Clarify in the documentation that the function returns `false` on failure.
* Consistently pass the return value through the `get_feed_build_date` filter.
Props Rarst, dd32, azaozz, tellyworth.
Fixes#48957.
git-svn-id: https://develop.svn.wordpress.org/trunk@46974 602fd350-edb4-49c9-b593-d223f7449a82
- Fix PHP warnings in `wp_unique_filename()` when the destination directory is unreadable.
- Run the final name collision test only for files that are saved to the uploads directory.
- Update the unit tests to match.
Props eden159, audrasjb, azaozz.
Fixes#48960 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@46965 602fd350-edb4-49c9-b593-d223f7449a82
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras,
git-svn-id: https://develop.svn.wordpress.org/trunk@46896 602fd350-edb4-49c9-b593-d223f7449a82
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/trunk@46895 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `post_date` or `comment_date` was assumed to be GMT, which is only true if the timezone string for the site matches GMT.
Add unit tests.
Props Rarst, smerriman, justdaiv, wonderboymusic, noyle.
Fixes#30429.
git-svn-id: https://develop.svn.wordpress.org/trunk@46864 602fd350-edb4-49c9-b593-d223f7449a82
Previously, tests could create sequential objects with names like `Term 99`, `Term 100`, which by default would be returned in reverse order when sorted by name alphabetically, causing seemingly random test failures that are extremely hard to debug.
See #48145.
git-svn-id: https://develop.svn.wordpress.org/trunk@46830 602fd350-edb4-49c9-b593-d223f7449a82
Synchronize documentation for `add_filter()`, `tests_add_filter()`, `_wp_filter_build_unique_id()`, `_test_filter_build_unique_id()`.
Add a note that `$tag` and `$priority` are no longer used in `_wp_filter_build_unique_id()` since [46220], and the function always returns a string now.
Props donmhico, remcotolsma, SergeyBiryukov.
Fixes#47407. See #48303.
git-svn-id: https://develop.svn.wordpress.org/trunk@46801 602fd350-edb4-49c9-b593-d223f7449a82
Overriding default PHP timezone with `date_default_timezone_set()`, while not recommended, should not inadvertently result in changing existing permalinks.
Add a unit test.
Props Rarst, steevithak, archon810, maciejmackowiak, Ov3rfly, Cybr, hometowntrailers, scvleon, miette49.
Fixes#48623.
git-svn-id: https://develop.svn.wordpress.org/trunk@46795 602fd350-edb4-49c9-b593-d223f7449a82
With the changes in [45908], `mysql2date()` works correctly for all local time inputs, but should not be used for UTC time inputs.
Add a unit test.
Props Rarst, lisota.
Fixes#48675.
git-svn-id: https://develop.svn.wordpress.org/trunk@46756 602fd350-edb4-49c9-b593-d223f7449a82
This is only a wrapper for the `add_node()` method, but it's in widespread use both in core until [46642] and in thousands of plugins and themes. Deprecating it would have made sense when #19647 was originally opened but that's no longer the case.
Props whyisjake
Fixes#19647
git-svn-id: https://develop.svn.wordpress.org/trunk@46678 602fd350-edb4-49c9-b593-d223f7449a82
Make sure it actually tests the change in behavior, previously it passed both before and after the patch.
Add `wp_unslash()` to the last remaining instance of `$_POST['user_login']` that didn't have it.
See #38744.
git-svn-id: https://develop.svn.wordpress.org/trunk@46650 602fd350-edb4-49c9-b593-d223f7449a82
Move the test to a more appropriate place for consistency with `wp_sanitize_redirect()` and `wp_validate_redirect()` tests.
See #44317.
git-svn-id: https://develop.svn.wordpress.org/trunk@46649 602fd350-edb4-49c9-b593-d223f7449a82
The REST API supports filtering by terms across multiple taxonomies using an AND relation. This adds support for an OR relation by adding "tax_relation=OR" as a query parameter.
Props earnjam.
Fixes#44326.
git-svn-id: https://develop.svn.wordpress.org/trunk@46646 602fd350-edb4-49c9-b593-d223f7449a82
The tests for good redirects send headers that we can't handle in the test suite, so let's just remove them.
Unprops Jorbin.
Fixes#44317.
git-svn-id: https://develop.svn.wordpress.org/trunk@46645 602fd350-edb4-49c9-b593-d223f7449a82
This patch replaces all references to the add_menu() method with the add_node() one. (Also some code structure modifications for wp_admin_bar_appearance_menu().)
Fixes: #19647
Props: linuxologos, paulschreiber, morganestes, akibjorklund, nacin, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46642 602fd350-edb4-49c9-b593-d223f7449a82
Redirects should use redirect status codes and if you attempt to call wp_safe_redirect or wp_redirect with a non redirect status it can lead to undesired behavior and head scratching.
Fixes#44317.
Props spenserhale, johnbillion, mjnewman for initial patch.
git-svn-id: https://develop.svn.wordpress.org/trunk@46641 602fd350-edb4-49c9-b593-d223f7449a82
Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.
Fixes#38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46640 602fd350-edb4-49c9-b593-d223f7449a82
* `_deprecated_function()`
* `_deprecated_argument()`
* `_deprecated_constructor()`
* `_deprecated_file()`
The error level passed is `E_USER_DEPRECATED` for the deprecated function group and `E_USER_NOTICE` for `_doing_it_wrong()`.
Props jrf.
Fixes#36561.
git-svn-id: https://develop.svn.wordpress.org/trunk@46625 602fd350-edb4-49c9-b593-d223f7449a82
Unix vs. Windows EOL style mismatches can cause misleading failures in tests using the heredoc syntax (`<<<`) or multiline strings as the expected result.
Fixes#31432. See #42594, #47411.
git-svn-id: https://develop.svn.wordpress.org/trunk@46612 602fd350-edb4-49c9-b593-d223f7449a82
There is no functional difference between `gmt_offset` and `timezone_string` timezone modes for the issue.
See #48384.
git-svn-id: https://develop.svn.wordpress.org/trunk@46583 602fd350-edb4-49c9-b593-d223f7449a82
Add `$source` parameter to `get_post_datetime()` to instantiate from local or UTC time in database.
Props Rarst, david.binda.
Reviewed by azaozz, SergeyBiryukov.
Fixes#48384.
git-svn-id: https://develop.svn.wordpress.org/trunk@46580 602fd350-edb4-49c9-b593-d223f7449a82
This is a follow-up to [46149] to avoid unnecessary breakage in case of using the old notation.
Props david.binda, jrf.
Reviewed by azaozz.
Fixes#48312.
git-svn-id: https://develop.svn.wordpress.org/trunk@46568 602fd350-edb4-49c9-b593-d223f7449a82
Introduce `make_clickable_rel` filter for the `rel` value that is added to URL matches converted to links.
This is a follow-up to [46349], which added the `rel="nofollow ugc"` attribute to existing `<a>` tags in comments via `wp_rel_ugc()`.
UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.
See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.
Props blogginglife, SergeyBiryukov.
Reviewed by desrosj, audrasjb.
Fixes#48022.
git-svn-id: https://develop.svn.wordpress.org/trunk@46564 602fd350-edb4-49c9-b593-d223f7449a82
Introducing complex meta value handling in [45807] unintentionally removed value casting for empty scalar meta values.
Props TimothyBlynJacobs, chrisvanpatten, rmccue, kadamwhite.
Fixes#48363.
git-svn-id: https://develop.svn.wordpress.org/trunk@46563 602fd350-edb4-49c9-b593-d223f7449a82
Previously, searching for symbol references to replace with post or attachment IDs in array values resulted in a PHP warning.
Props timph, JarretC, SergeyBiryukov.
Fixes#45484.
git-svn-id: https://develop.svn.wordpress.org/trunk@46548 602fd350-edb4-49c9-b593-d223f7449a82
We decided to mark Social Links block as an experimental feature in Gutenberg. In effect, we are moving all related code from WordPress 5.3 release.
Props youknowriad.
Fixes#48263.
git-svn-id: https://develop.svn.wordpress.org/trunk@46543 602fd350-edb4-49c9-b593-d223f7449a82
Coding standards, ensure that nonce is valid with identical, rather then equal operator.
Props vortfu, xknown, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46477 602fd350-edb4-49c9-b593-d223f7449a82
Allows fallback previews (PDF by default, in core) to save image meta
after each size is generated to allow for resuming, and make sizes
immediately available.
Props azaozz, antpb, progremzion, mikeschroder.
See #48111.
git-svn-id: https://develop.svn.wordpress.org/trunk@46459 602fd350-edb4-49c9-b593-d223f7449a82
Slashing non-string data caused PUT requests containing unmodified meta arrays of integers to fail the check against the existing stored meta value, causing a 500 when posting an unmodified response body back to the server.
Props TimothyBlynJacobs, augustuswm.
Fixes#48264.
git-svn-id: https://develop.svn.wordpress.org/trunk@46454 602fd350-edb4-49c9-b593-d223f7449a82
Ensures that the ::get_rest_controller() method will always return an instanceof the expected controller class, or null.
Removes unused private static property $post_type_controllers.
Props dlh, TimothyBlynJacobs.
Fixes#45677.
git-svn-id: https://develop.svn.wordpress.org/trunk@46435 602fd350-edb4-49c9-b593-d223f7449a82
Removes a special-case prohibition against embedding 'self' which prevented ?_embed from being used with the /wp/v2/search endpoint.
Props TimothyBlynJacobs, chrisvanpatten, kadamwhite.
Fixes#47684.
git-svn-id: https://develop.svn.wordpress.org/trunk@46434 602fd350-edb4-49c9-b593-d223f7449a82
The `_publish_post_hook()` function checks for `WP_IMPORTING` before setting meta fields fir enclosures and pings, which means this test is doomed to fail.
The test can be re-implemented if the `WP_IMPORTING` constant gets moved to a function similar to how `wp_installing()` works for the `WP_INSTALLING` constant.
See #48014
git-svn-id: https://develop.svn.wordpress.org/trunk@46428 602fd350-edb4-49c9-b593-d223f7449a82
1. `POST /wp/v2/media`.
2. If the upload failed (HTTP 500 error), look for a response header with `X-WP-Upload-Attachment-ID` header that contains the newly created attachment ID.
3. `POST /wp/v2/media/{id}/post-process` with `{ "action": "create-image-subsizes" }`. This request may still fail, but it will save its progress.
4. On continued failure, `DELETE /wp/v2/media/{id}` to give up on the upload and instruct the user to resize their image before uploading.
Props TimothyBlynJacobs.
Fixes#47987.
git-svn-id: https://develop.svn.wordpress.org/trunk@46422 602fd350-edb4-49c9-b593-d223f7449a82
This prevents standalone percent symbols from being stripped out, e.g. in a default value like `100%`.
Props aristath, kuus, moonomo, westonruter, davetgreen, daviedR, katielgc, noisysocks, SergeyBiryukov.
Fixes#34290.
git-svn-id: https://develop.svn.wordpress.org/trunk@46395 602fd350-edb4-49c9-b593-d223f7449a82