Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.
Props TimothyBlynJacobs, georgestephanis.
Fixes#51583.
git-svn-id: https://develop.svn.wordpress.org/trunk@49276 602fd350-edb4-49c9-b593-d223f7449a82
Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.
Follow up to [47808].
Fixes#51595.
git-svn-id: https://develop.svn.wordpress.org/trunk@49271 602fd350-edb4-49c9-b593-d223f7449a82
This takes into account non-core plugins that rely on `WP_PLUGIN_DIR` being set to the expected plugin's directory in `WP_CONTENT_DIR`, or already have the constant defined.
Follow-up to [49236].
Props pierlo.
Fixes#51594.
git-svn-id: https://develop.svn.wordpress.org/trunk@49269 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that `WP_UnitTestCase::skipOnAutomatedBranches()` has access to these variables so that time sensitive tests can be skipped when appropriate.
This also updates that logic to be more clear.
Follow up to [49264].
Props ocean90, johnbillion.
See #50401, #49050, #47767.
git-svn-id: https://develop.svn.wordpress.org/trunk@49267 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only a small subset of keywords were exposed which limited the utility of `OPTIONS` requests.
Props raubvogel, TimothyBlynJacobs.
Fixes#51020.
git-svn-id: https://develop.svn.wordpress.org/trunk@49257 602fd350-edb4-49c9-b593-d223f7449a82
A new route is introduced, `batch/v1`, that accepts a list of API requests to run. Each request runs in sequence, and the responses are returned in the order they've been received.
Optionally, the `require-all-validate` validation mode can be used to first validate each request's parameters and only proceed with processing if each request validates successfully.
By default, the batch size is limited to 25 requests. This can be controlled using the `rest_get_max_batch_size` filter. Clients are strongly encouraged to discover the maximum batch size supported by the server by making an OPTIONS request to the `batch/v1` endpoint and inspecting the described arguments.
Additionally, the two new methods, `match_request_to_handler` and `respond_to_request` introduced in [48947] now have a `protected` visibility as we don't want to expose the inner workings of the `WP_REST_Server::dispatch` API.
Batching is not currently supported for GET requests.
Fixes#50244.
Props andraganescu, zieladam, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@49252 602fd350-edb4-49c9-b593-d223f7449a82
This allows for REST API routes to define more complex validation requirements as JSON Schema instead of procedural validation.
The error code returned from `rest_validate_value_from_schema` for invalid parameter types has been changed from the generic `rest_invalid_param` to the more specific `rest_invalid_type`.
Props yakimun, johnbillion, TimothyBlynJacobs.
Fixes#51025.
git-svn-id: https://develop.svn.wordpress.org/trunk@49246 602fd350-edb4-49c9-b593-d223f7449a82
This release fixes minor issues with 8 different Emoji and revises the person/woman/man kneeling Emoji to be in a more obvious kneeling position.
🧎
These updates were pushed to a new, `13.0.1` folder on the CDN in [dotorg:16573].
For a full list of changes in this update, see https://github.com/twitter/twemoji/compare/v13.0.0...v13.0.1.
Props hareesh-pillai, otto42, desrosj.
Fixes#51356.
git-svn-id: https://develop.svn.wordpress.org/trunk@49239 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when using `switch_to_locale()` all current loaded text domains were unloaded and added to the `$l10n_unloaded` global. This prevented the just-in-time loading for text domains after a switch. The just-in-time loading was also only possible if the translations were stored in `WP_LANG_DIR`. Both issues have been fixed.
* Adds `WP_Textdomain_Registry` to keep track of the language directory paths for all plugins and themes.
* Updates all `load_*_textdomain()` functions to store the path in `WP_Textdomain_Registry`.
* Adds `$reloadable` parameter to `unload_textdomain()` to define whether a text domain can be loaded just-in-time again. This is used by `WP_Locale_Switcher::load_translations()`.
* Extends `_load_textdomain_just_in_time()` to also support text domains of plugins and themes with custom language directories.
* Fixes the incorrect `test_plugin_translation_after_switching_locale_twice()` test which should have catch this issue earlier.
* Adds a new test plugin/theme to test the loading of translations with a custom language directory.
* Deprecates the now unused and private `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()` functions.
Props yoavf, swissspidy, dd32, ocean90.
See #26511.
Fixes#39210.
git-svn-id: https://develop.svn.wordpress.org/trunk@49236 602fd350-edb4-49c9-b593-d223f7449a82
Since `WP_Image_Editor`'s introduction, stream wrappers have functioned in `WP_Image_Editor_GD`, but haven't been properly supported in `WP_Image_Editor_Imagick`.
- Detects stream wrappers and uses `file_put_contents()` along with `Imagick::read/getImageBlob()` for handling when necessary.
- Introduces private method, `WP_Image_Editor_Imagick::write_image` to handle detection and proper saving.
- Introduces `WP_Test_Stream` class for testing stream wrappers, along with new tests for Imagick's stream handling and a stream filename test.
Adds requirement for `Imagick::readImageBlob()`, available in Imagick >= 2.0.0, which aligns with the current requirement of Imagick >= 2.2.0.
Props p00ya, calin, joemcgill, pputzer, jimyaghi, mikeschroder.
Fixes#42663.
git-svn-id: https://develop.svn.wordpress.org/trunk@49230 602fd350-edb4-49c9-b593-d223f7449a82
This includes the packages that match the Gutenberg 9.2 Release.
It is going to be the last block-editor features update for WordPress 5.6.
It also updates the block-supports code base to the latest APIs.
Props isabel_brison, noisysocks, desrosj.
Fixes#51570.
git-svn-id: https://develop.svn.wordpress.org/trunk@49226 602fd350-edb4-49c9-b593-d223f7449a82
The new block editor included in 5.6 introduces an api_version property
that indicates which block API version the block is using.
This commits makes this property available on the block type and the endpoint.
Props TimothyBlynJacobs, gziolo.
Fixes#51529.
git-svn-id: https://develop.svn.wordpress.org/trunk@49224 602fd350-edb4-49c9-b593-d223f7449a82
After being imported in [49216], Twenty Twenty-One can now be set as the default theme in WordPress.
See #48110.
git-svn-id: https://develop.svn.wordpress.org/trunk@49220 602fd350-edb4-49c9-b593-d223f7449a82
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
git-svn-id: https://develop.svn.wordpress.org/trunk@49215 602fd350-edb4-49c9-b593-d223f7449a82
Instead of one cache entry for all upload folders for a site on multisite, this now caches for each folder and invalidates that cache based on context. In multisite, this should speed up `get_dirsize` calls since older directories that are much less likely to change will no longer have the size recalculated.
Props janthiel, A5hleyRich, batmoo.
Fixes#19879.
git-svn-id: https://develop.svn.wordpress.org/trunk@49212 602fd350-edb4-49c9-b593-d223f7449a82
Prevent `redirect_guess_404_permalink()` from throwing a notice when multiple post types are included in the `post_type` query.
Props junaidbhura.
Fixes#43056.
git-svn-id: https://develop.svn.wordpress.org/trunk@49200 602fd350-edb4-49c9-b593-d223f7449a82
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
git-svn-id: https://develop.svn.wordpress.org/trunk@49193 602fd350-edb4-49c9-b593-d223f7449a82
The allowed format for bulk actions is now an associative array where each element represents either a top level option value and label, or an array representing an optgroup and its options.
For a standard option, the array element key is the field value and the array element value is the field label.
For an optgroup, the array element key is the label and the array element value is an associative array of options as above.
Props goldenapples, mattkeys, valentinbora, davidbaumwald
Fixes#19278
git-svn-id: https://develop.svn.wordpress.org/trunk@49190 602fd350-edb4-49c9-b593-d223f7449a82
Using `var` or only `static` to declare a class property is PHP 4 code.
This updates the codebase to use explicit visibility modifiers introduced in PHP 5.
Props jrf.
Fixes#51557. See #22234.
git-svn-id: https://develop.svn.wordpress.org/trunk@49184 602fd350-edb4-49c9-b593-d223f7449a82
Introduces the action `wp_after_insert_post` inside a wrapper function of the same name. This hook allows plugin developers to access a posts full data (including its terms and meta data) regardless of the workflow used to save it.
A new parameter is introduced to `wp_insert_post()` to indicate whether the hook should be fired within the function call or will be fired afterward.
Props aristath, Collizo4sky, danielbachhuber, joyously, kadamwhite, kraftbj, markparnell, mikeschroder, noisysocks, peterwilsoncc, SergeyBiryukov, talldanwp, thewebprincess, TimothyBlynJacobs.
Fixes#45114.
git-svn-id: https://develop.svn.wordpress.org/trunk@49172 602fd350-edb4-49c9-b593-d223f7449a82
Add a `use` to a closure to avoid an undefined variable throwing a warning. Adds unit tests to ensure the custom callbacks run as expected when defined.
Follow up to [49141].
Props ocean90, dd32.
Fixes#40351.
git-svn-id: https://develop.svn.wordpress.org/trunk@49171 602fd350-edb4-49c9-b593-d223f7449a82
The current user needs to be a super admin to access Site Health on multisite.
Follow up to [49154].
See #48105.
git-svn-id: https://develop.svn.wordpress.org/trunk@49155 602fd350-edb4-49c9-b593-d223f7449a82
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.
Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.
The existing ajax actions have been maintained for backward compatibility.
Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes#48105.
git-svn-id: https://develop.svn.wordpress.org/trunk@49154 602fd350-edb4-49c9-b593-d223f7449a82
r49145 and r49146 were originally planned for 5.6 when they were committed, but are now planned for 5.5.2.
See #51130.
git-svn-id: https://develop.svn.wordpress.org/trunk@49152 602fd350-edb4-49c9-b593-d223f7449a82
* Deprecate the `l10n` property on `communityEventsData`.
* Introduce `version` parameter for `deprecateL10nObject` and backfill the version for deprecated objects in 5.5.0.
* Add a noop version of `deprecateL10nObject` for QUnit testing.
Fixes#51498.
git-svn-id: https://develop.svn.wordpress.org/trunk@49151 602fd350-edb4-49c9-b593-d223f7449a82
The previous commits intentionally didn't include these, because it would have added an unreasonable amount of diff noise.
See #51130
git-svn-id: https://develop.svn.wordpress.org/trunk@49147 602fd350-edb4-49c9-b593-d223f7449a82
The `date` and `end_date` fields are ''WP'' timestamps representing the venue's local time. As of meta:changeset:10270 (#meta4480), new `start_unix_timestamp` and `end_unix_timestamp` values are available, providing a proper ''Unix'' timestamp in the UTC timezone. Using those is more precise, and removes the time window where the event has expired but still appears in the Events Widget.
To simplify the function, it now only accepts and returns the events themselves, rather than the entire response body.
See #51130
See #meta4480
Related: https://make.wordpress.org/core/2019/09/23/date-time-improvements-wp-5-3/
git-svn-id: https://develop.svn.wordpress.org/trunk@49145 602fd350-edb4-49c9-b593-d223f7449a82
When modifying terms assigned to an object, replace full term recounts with incrementing/decrementing the count as appropriate. This provides a significant performance boost on sites with a high number of term/object relationships and/or posts.
Introduces the functions `wp_increment_term_count()`, `wp_decrement_term_count()`, `wp_modify_term_count_by()` and `wp_modify_term_count_by_now()` for updating the term count.
Introduces the function `_wp_prevent_term_counting()` for preventing double counting on posts that are about to transition.
Adds the parameter `update_count_by_callback` to `register_taxonomy()` to allow developers to use a custom callback for incrementing or decrementing a term count.
Props boonebgorges, davidbaumwald, hellofromTonya, johnbillion, lcyh78, mattoperry, peterwilsoncc, rebasaurus, whyisjake.
Fixes#40351.
git-svn-id: https://develop.svn.wordpress.org/trunk@49141 602fd350-edb4-49c9-b593-d223f7449a82
This allows for clients to search the used post formats via the /wp/v2/search endpoint by using a type=post-format query parameter.
Fixes#51459.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@49132 602fd350-edb4-49c9-b593-d223f7449a82
This allows for edits to be made to a restored post before it goes live again. This also prevents scheduled posts being published unexpectedly if they are untrashed after their originally scheduled date.
The old behaviour of restoring untrashed posts to their original status can be reinstated using the `wp_untrash_post_set_previous_status()` helper function.
Also fixes an issue where the incorrect post ID gets passed to hooks if no post ID is passed to the function.
Props harrym, bananastalktome, jaredcobb, chriscct7, melchoyce, johnbillion, pankajmohale
Fixes#23022
git-svn-id: https://develop.svn.wordpress.org/trunk@49125 602fd350-edb4-49c9-b593-d223f7449a82
Fix an issue where users could save a password with only spaces, or spaces at the beginning or end of their password, preventing them from logging in.
Props ronakganatra, 1naveengiri, ajensen, oolleegg55, bookdude13, nrqsnchz, aristath.
Fixes#42766.
git-svn-id: https://develop.svn.wordpress.org/trunk@49118 602fd350-edb4-49c9-b593-d223f7449a82
This brings some consistency to the YouTube and Vimeo URLs used for tests:
* For YouTube, use the video of WordPress 5.0 release.
* For Vimeo, use one of the official test videos.
Props garrett-eclipse, dd32.
Fixes#51487. See #meta5467.
git-svn-id: https://develop.svn.wordpress.org/trunk@49117 602fd350-edb4-49c9-b593-d223f7449a82
This allows multiple errors to be instantiated independently but collected into one without having to manually combine their properties.
Props rmccue, dlh, TimothyBlynJacobs
Fixes#38777
git-svn-id: https://develop.svn.wordpress.org/trunk@49115 602fd350-edb4-49c9-b593-d223f7449a82
This replaces the instances of `$priority` with `$position`, to match the actual parameter name and avoid confusion.
Follow-up to [46197].
See #51344, #39776.
git-svn-id: https://develop.svn.wordpress.org/trunk@49112 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
Jonathan Desrosiers
Timothy Jacobs
Peter Wilson
Sergey Biryukov
Dominik Schilling
Mike Schroder
Riad Benguella
Helen Hou-Sandi
John Blackbourn
Ian Dunn
Jorge Costa
Adam Silverstein
TimothyBlynJacobs