- XML-RPC: Switch to `wp_safe_remote()` when fetching a pingback URL.
- HTML API: Prevent `WP_HTML_Tag_Processor` instances being unserialized and add some extra logic for validating pattern and template file paths.
- KSES: Optimize PCRE pattern detecting numeric character references.
- Customize: Improve escaping approach used for nav menu attributes.
- Media: Ensure the attachment parent is accessible to the user before showing a link to it in the media manager.
- Interactivity API: Skip binding event handler attributes. The corresponding `data-wp-on--` attribute should be used instead.
- Administration: Ensure client-side templates are only detected when they're correctly associated with a script tag.
- Filesystem API: Don't attempt to extract invalid files from a zip when using the PclZip library.
- Comments: Don't attempt to create a note if the user cannot edit the target post.
- Media: Disable XML entity substitution in getID3.
Merges [61879-61890] to the 6.8 branch.
Props johnbillion, xknown, dmsnell, jorbin, peterwilson, adamsilverstein, desrosj, luisherranz, ocean90, westonruter, jonsurrell, aurdasjb.
Built from https://develop.svn.wordpress.org/branches/6.8@61901
git-svn-id: http://core.svn.wordpress.org/branches/6.8@61183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces support for Emoji 16:
- replaces emoji support test with splatter ,
- replaces two letter coded flag support test with Sark 🇨🇶,
- introduces the function `emojiRendersEmptyCenterPoint()` to the emoji loader to enable testing of emoji with a single data point.
Not to harp on about it, but Emoji 16 is perfect for tiring yourself out digging up root vegetables while visiting Sark 🇨🇶.
Reviewed by audrasjb.
Merges [60227] to the 6.8 branch.
Props westonruter, kraftbj, pento, JeffPaul, abcd95, SergeyBiryukov, dd32, peterwilsoncc.
Fixes#63324.
Built from https://develop.svn.wordpress.org/branches/6.8@60317
git-svn-id: http://core.svn.wordpress.org/branches/6.8@59653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[59775] resulted in a backwards compatibility break in a now deprecated experimental component, which was stabilized to `LinkControl`. When experimental components are deprecated in favor of being stabilized, the same backwards compatibility policy applies and the shape of the component should not change.
This restores the static properties that were unintentionally removed from the `__experimentalLinkControl` component that was moved to `DeprecatedExperimentalLinkControl`.
Reviewed by joemcgill, wildworks.
Merges [60150] to the 6.8 branch.
Props karthikeya01, mamaduka, joemcgill, fabiankaegy, wildworks.
Fixes#62887.
Built from https://develop.svn.wordpress.org/branches/6.8@60156
git-svn-id: http://core.svn.wordpress.org/branches/6.8@59492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Address a failure in the customizer site logo cropping after r60031. Check to ensure library exists before the call to findWhere.
Follow up to r60031.
Props: domainsupport, joemcgill, joedolson, kawsar007, addweb-solution-pvt-ltd, mukesh27.
Fixes#63121.
Built from https://develop.svn.wordpress.org/trunk@60054
git-svn-id: http://core.svn.wordpress.org/trunk@59390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure that the button to insert a gallery is disabled until all image uploads have completed on the Edit Gallery screen. Prevents an issue where users could insert a gallery with some images missing.
Props: adamsilverstein, gonom9, rishavdutta.
Fixes: #39824.
Built from https://develop.svn.wordpress.org/trunk@60031
git-svn-id: http://core.svn.wordpress.org/trunk@59367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Shifts the `title` attribute on `more` and `page-break` placeholder images to `alt`, moves the `title` attribute to `alt` on the `style` and `script` placeholders and replaces the images to differentiate between CSS and JS content.
Props sabernhardt, abcd95, joedolson.
Fixes#62861.
Built from https://develop.svn.wordpress.org/trunk@60007
git-svn-id: http://core.svn.wordpress.org/trunk@59348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change several error message across core to use WordPress standard styling. Ensure only prefixes are wrapped in `strong` tags rather than the whole message, use `notice notice-error` classes where appropriate, and replace a custom error with `wp_admin_notice()` in multisite.
Props afercia, rajinsharwar, robinmartijn, mukesh27, sabernhardt, oglekler, joedolson, chaion07, im3dabasia1, audrasjb, dkarfa, najmulsaju.
Fixes#50402.
Built from https://develop.svn.wordpress.org/trunk@59960
git-svn-id: http://core.svn.wordpress.org/trunk@59302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following `devDependencies` to their latest versions:
- `@playwright/test` from `1.49.1` to `1.50.1`
- `chalk` from `5.3.0` to `5.4.1`
- `copy-webpack-plugin` from `12.0.2` to `13.0.0`
- `grunt-sass` from `3.1.0` to `4.0.0`
- `postcss` from `8.4.49` to `8.5.3`
- `sass` from `1.83.4` to `1.85.1`
- `terser-webpack-plugin` from `5.3.11` to `5.3.12`
- `uuid` from `11.0.3` to `11.1.0`
- `wait-on` from `8.0.1` to `8.0.2`
- `wepback` from `5.97.1` to `5.98.0`
Additionally, `npm dedupe` and `npm audit fix` have been run.
Fixes#62220.
Built from https://develop.svn.wordpress.org/trunk@59929
git-svn-id: http://core.svn.wordpress.org/trunk@59271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves a bunch of WP-Admin error messages, notably replacing the good old cryptic "Something went wrong" message with more helpful information.
Props peterwilsoncc, netweb, karmatosed, JoshuaWold, mrtortai, audrasjb, sukhendu2002, joedolson.
See #43622.
Built from https://develop.svn.wordpress.org/trunk@59789
git-svn-id: http://core.svn.wordpress.org/trunk@59131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a `ReferenceError` caused by a stray Unicode character in the unminified version of moxie.js. This has long been fixed upstream but the library cannot be wholesale updated in WordPress because of an incompatible license change.
Because of this, a new version is being tagged, `1.3.5.1`, and the file header has been updated to make it more clear that the file is a maintained fork with a high level list of changes made.
Props kinggmobb, jorbin, q0rban, azaozz, desrosj, sukhendu2002.
Fixes#59329.
Built from https://develop.svn.wordpress.org/trunk@59770
git-svn-id: http://core.svn.wordpress.org/trunk@59112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of UglifyJS >= 3.18.0, the default behavior is to process input as an ES module. This updates the relevant configurations to ensure the build process continues to use the previous behavior to avoid JavaScript errors in the minified versions of files.
Follow up to [58563], [58586], and [59509].
Props siliconforks, nataliat2004, poena, mai21, SergeyBiryukov.
Fixes#62767. See #61519, #62220.
Built from https://develop.svn.wordpress.org/trunk@59768
git-svn-id: http://core.svn.wordpress.org/trunk@59110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Rename the 'Text' tab of the classic editor to 'Code', mimicking the labels used in the block editor: "Visual editor" and "Code editor".
Update code comment and Help documentation to reference the editor using the new label.
Props lukecavanagh, ctienshi, travel_girl, audrasjb, sabernhardt, joedolson, rseigel, mark-k, sergeybiryukov, presskopp, giuriani, afercia, knutsp, audrasjb, sukhendu2002.
Fixes#38061.
Built from https://develop.svn.wordpress.org/trunk@59696
git-svn-id: http://core.svn.wordpress.org/trunk@59038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the following `devDependencies`:
- `dotenv` from `16.4.5` to `16.4.7`
- `dotenv-expand` from `11.0.6` to `12.0.1`
- `postcss` from `8.4.47` to `8.4.49`
- `qunit` from `2.22.0` to `2.23.1`
- `sass` from `1.79.4` to `1.79.6`
- `terser-webpack-plugin` from `5.3.10` to `5.3.11`
- `uglify-js` from `3.17.4` to `3.19.3`
- `uuid` from `9.0.1` to `11.0.3`
- `webpack` from `5.90.2` to `5.97.1`
Additionally, `npm audit fix` has been run.
Follow up to [58585].
See #62220.
Built from https://develop.svn.wordpress.org/trunk@59509
git-svn-id: http://core.svn.wordpress.org/trunk@58895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`npm dedupe` is a command that attempts to simplify the structure of the local package tree by moving dependencies higher up. This allows for more effective package sharing, less transfer, and smaller `node_modules` folders.
This change configures npm to `prefer-dedupe` by default so that these benefits persist and the command is not required to be run regularly.
This also brings better alignment with the Gutenberg repository, which has already configured `prefer-dedupe`.
Props jonsurrell.
Fixes#62190.
Built from https://develop.svn.wordpress.org/trunk@59207
git-svn-id: http://core.svn.wordpress.org/trunk@58602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a user uploads an 800x800 image and a 512x512 image is required, then they should be allowed to skip cropping. This still creates the correct crop behind the scenes but simplifies the flow a bit for users.
Props nirajgirixd, celloexpressions, westonruter, azaozz, jorbin.
Fixes#36441.
Built from https://develop.svn.wordpress.org/trunk@59197
git-svn-id: http://core.svn.wordpress.org/trunk@58592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Check whether the media frame menu has action items. If not, hide the sidebar. Prevents showing a sidebar that looks interactive but contains no controls that are interactive. When in Create Gallery mode, the only action available is 'Create Gallery', and it is always active.
Props ukdrahul, ababir, ruchirj, nhrrob, joedolson, shailu25, mukesh27, sudipatel007, dhrumilk.
Fixes#60666.
Built from https://develop.svn.wordpress.org/trunk@59139
git-svn-id: http://core.svn.wordpress.org/trunk@58535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates several `devDependencies` to their latest versions:
- `autoprefixer` (`10.4.20`)
- `cssnano` (`7.0.6`)
- `grunt-contrib-qunit` (`10.1.1`)
- `grunt-webpack` (`7.0.0`)
- `postcss` (`8.4.47`)
- `qunit` (`2.22.0`)
- `sass` (`1.79.4`)
- `uuid` (`10.0.0`)
- `wait-on` (18.0.1`)
Also included are two minor updates to bundled dependencies:
- `json2php` (`0.0.9`)
- `wicg-inert` (`3.1.3`).
After applying these updates, `npm audit fix` and `grunt precommit:css` were run.
See #62137.
Built from https://develop.svn.wordpress.org/trunk@59135
git-svn-id: http://core.svn.wordpress.org/trunk@58531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes the automatic addition of `rel="noopener noreferrer"` from links targeting a new tab or window, `target='_blank'`. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.
Deprecates:
* `wp_targeted_link_rel()`
* `wp_targeted_link_rel_callback()`
* `wp_init_targeted_link_rel_filters()`: converted to a noop function
* `wp_remove_targeted_link_rel_filters()`: converted to a noop function
The deprecated functions are retained in `formatting.php` as in `SHORTINIT` mode the file is included while `deprecated.php` is not.
This also removes the `noopener` from links hard coded within the WordPress dashboard linking to documentation and other resources.
Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes#53843.
Built from https://develop.svn.wordpress.org/trunk@59120
git-svn-id: http://core.svn.wordpress.org/trunk@58516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Script Module has the same API as the `wp-a11y` WP Script.
Key changes:
- Add `@wordpress/a11y` to the list of Script and Module dual packages.
- Update `script-modules-packages.min.php` to include the a11y module.
- Modify `WP_Script_Modules` class to track and handle a11y module availability.
- Add method to print required HTML markup for a11y `speak()` functionality.
See #60647.
Props jonsurrell, gziolo, czapla.
Built from https://develop.svn.wordpress.org/trunk@59089
git-svn-id: http://core.svn.wordpress.org/trunk@58485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a companion to https://github.com/WordPress/gutenberg/pull/65460 that requires syncing in WordPress Core. Namely, the block-library changes require registration with their updated script module IDs so that the blocks continue to work correctly.
They key improvement is script modules registration is handled in one central place, and a combined asset file is used to improve the performance by avoiding multiple disk operations for every individual file.
Props jonsurrell, gziolo, wildworks, noisysocks.
See #60647, #59462.
Built from https://develop.svn.wordpress.org/trunk@59083
git-svn-id: http://core.svn.wordpress.org/trunk@58479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
