This sanitisation only needs to be run in `::update()` to correctly clean up the input.
Props welcher, greenshady.
Fixes#42461.
git-svn-id: https://develop.svn.wordpress.org/trunk@44589 602fd350-edb4-49c9-b593-d223f7449a82
What age were you when you learned that there's a `$user_id` global, as well as `$user_ID` global? I was today years old.
Props pento, mukesh27.
Fixes#43448.
git-svn-id: https://develop.svn.wordpress.org/trunk@44586 602fd350-edb4-49c9-b593-d223f7449a82
When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.
Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.
Props fullyint.
Fixes#40020.
git-svn-id: https://develop.svn.wordpress.org/trunk@44580 602fd350-edb4-49c9-b593-d223f7449a82
[41215] supresses these irrelevant error messages from the front end, this removes them from the error log, too.
Props jeherve.
Fixes#43815.
git-svn-id: https://develop.svn.wordpress.org/trunk@44578 602fd350-edb4-49c9-b593-d223f7449a82
This contains a copy of the block, unmodified by other filter functions, so that plugins have a clean reference to work from, if they need.
Props dmsnell.
Fixes#45451.
git-svn-id: https://develop.svn.wordpress.org/trunk@44576 602fd350-edb4-49c9-b593-d223f7449a82
From the `WordPress.NamingConventions.ValidVariableName` sniff, this commit fixes/whitelists all `NotSnakeCaseMemberVar`, `MemberNotSnakeCase`, and `StringNotSnakeCase` violations. It also fixes a handful of the `NotSnakeCase` violations.
See #45934.
git-svn-id: https://develop.svn.wordpress.org/trunk@44573 602fd350-edb4-49c9-b593-d223f7449a82
- `class-wp-block-parser.php` and `wp-includes/blocks/*` are imported from the Gutenberg plugin.
- `speed-trap-listener.php` is a third party library.
See #45934.
git-svn-id: https://develop.svn.wordpress.org/trunk@44571 602fd350-edb4-49c9-b593-d223f7449a82
Of the last four instances of `extract()` occurring, three of them are removed by this commit, and the fourth is appropriately documented.
See #45934.
git-svn-id: https://develop.svn.wordpress.org/trunk@44569 602fd350-edb4-49c9-b593-d223f7449a82
Calling `register_rest_route()` too early in the loading process has the potential to cause some unintentional problems and pitfalls. Because `register_rest_route()` calls `rest_get_server()` (which creates the `WP_REST_Server` instance), calling the function directly and/or before `rest_api_init` should be discouraged.
For example, if `register_rest_route ()` is called on `init`, the REST API server instance is set up (and all functions added to `rest_api_init` and other related hooks are invoked), even though the current request may not be a REST request. Also, if `register_rest_route()` is called even earlier (say, in an `mu-plugin` file), required endpoints may be missing since normal plugins have not yet been loaded and have not had a chance to register their own action hooks.
This adds a `_doing_it_wrong()` notice the first time `register_rest_route()` is called before `rest_api_init` in a request to encourage best practices for registering REST API routes.
Props kraftbj, desrosj, timothyblynjacobs.
Fixes#45265.
git-svn-id: https://develop.svn.wordpress.org/trunk@44568 602fd350-edb4-49c9-b593-d223f7449a82
Both `wp_encode_emoji()` and `wp_staticize_emoji()` perform a PHP version check when deciding how to apply their behaviour, but this check only needs to happen once, rather than every time in their internal looks.
Moving the check outside of the loop reduces processing time by 50%.
Props johnbillion.
Fixes#45930.
git-svn-id: https://develop.svn.wordpress.org/trunk@44554 602fd350-edb4-49c9-b593-d223f7449a82
At the start of `render_block()`, the `pre_render_block` filter allows the function to be short-circuited, and the `render_block_data` filter is applied to the `$block` parameter before it's processed.
Props kkarpieszuk, pento.
Fixes#45451.
git-svn-id: https://develop.svn.wordpress.org/trunk@44553 602fd350-edb4-49c9-b593-d223f7449a82
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
git-svn-id: https://develop.svn.wordpress.org/trunk@44546 602fd350-edb4-49c9-b593-d223f7449a82
Introduces in core new focus styles dedicated to Windows High Contrast mode. The
new styles use a transparent CSS outline as already explored in the Block Editor.
This first part covers some of the main user interface controls like buttons, links,
and media views elements. Other parts will be addressed in the next future.
Fixes#41286.
git-svn-id: https://develop.svn.wordpress.org/trunk@44544 602fd350-edb4-49c9-b593-d223f7449a82
Sometimes, Safari and VoiceOver read out the text hidden with `screen-reader-text`
in a wrong order. While there's no known, full, solution, it is possible to make
them respect the correct order reliably at least within buttons.
Fixes#42006.
git-svn-id: https://develop.svn.wordpress.org/trunk@44543 602fd350-edb4-49c9-b593-d223f7449a82
This function was introduced in 5.0.1, not 4.9.9 as currently indicated. Introduced in [44047].
git-svn-id: https://develop.svn.wordpress.org/trunk@44540 602fd350-edb4-49c9-b593-d223f7449a82