Various filters and actions fire during user creation and editing, making available all manner of user data to be acted upon by custom code. However, a user's password was not included in the data that was made available.
This change now fires an existing action, `wp_set_password`, during initial user creation and when an existing user's password is updated.
Props ChloeD, scribu, dd32, pento, chriscct7, johnbillion, logicrays, nimeshatxecurify.
Fixes#22114.
Built from https://develop.svn.wordpress.org/trunk@60634
git-svn-id: http://core.svn.wordpress.org/trunk@59970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The serialize_token() method was added in WordPress 6.7.0 as a protected member on the WP_HTML_Processor class. It wasn’t clear at the time of merging if it would be necessary to expose it as a public method. However, since that time a number of experiments have led to the conclusion that it would be very valuable to do so.
This patch opens up the method for invocation from the outside, trivializing the generation of normative HTML subspans from a parent document.
Developed in https://github.com/WordPress/wordpress-develop/pull/9456
Discussed in https://core.trac.wordpress.org/ticket/63823
Follow-up to [59076].
Props dmsnell, jonsurrell.
Fixes#38044.
Built from https://develop.svn.wordpress.org/trunk@60633
git-svn-id: http://core.svn.wordpress.org/trunk@59969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are several existing mechanisms in Core to determine if a given string contains valid UTF-8 bytes or not. These are spread out and depend on which extensions are installed on the running system and what is set for `blog_charset`. The `seems_utf8()` function is one of these mechanisms.
`seems_utf8()` does not properly validate UTF-8, unfortunately, and is slow, and the purpose of the function is veiled behind its name and historic legacy.
This patch deprecates `seems_utf()` and introduces `wp_is_valid_utf8()`; a new, spec-compliant, efficient, and focused UTF-8 validator. This new validator defers to `mb_check_encoding()` where present, otherwise validating with a pure-PHP implementation. This makes the spec-compliant validator available on all systems regardless of their runtime environment.
Developed in https://github.com/WordPress/wordpress-develop/pull/9317
Discussed in https://core.trac.wordpress.org/ticket/38044
Props dmsnell, jonsurrell, jorbin.
Fixes#38044.
Built from https://develop.svn.wordpress.org/trunk@60630
git-svn-id: http://core.svn.wordpress.org/trunk@59966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`utf8mb4` is the complete UTF-8 implementation in MySQL, supporting the full range of Unicode characters by using up to 4 bytes per character. This includes characters outside the Basic Multilingual Plane, such as emoji and supplementary characters. `utf8mb4` ensures full compatibility with modern text content and diverse character sets.
As of WordPress 4.2, on both new and existing installations, WordPress would automatically upgrade database tables to `utf8mb4` on compatible servers (MySQL 5.5.3 or later). However, the default `DB_CHARSET` value during setup was still set to `utf8` for compatibility with older MySQL versions.
As of WordPress 6.5, the minimum required MySQL version is 5.5.5, so the default can be updated to `utf8mb4`.
Follow-up to [30345], [31349], [57173], [57926].
Props bchecketts, JavierCasares, dmsnell, SergeyBiryukov.
Fixes#48285.
Built from https://develop.svn.wordpress.org/trunk@60629
git-svn-id: http://core.svn.wordpress.org/trunk@59965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The files in this commit have previously contained text encoded as Windows-1252 (commonly mistaken for latin1/ISO-8859-1), in ways that present invalid UTF-8 bytes.
This commit converts the encodings to UTF-8, which resolves the encoding issues. While the whole-posts document could be argued to be intentionally Windows-1252, there was no obvious evidence that this was more than an historic legacy. The JavaScript file, however, definitely ought to be UTF-8.
Developed in https://github.com/WordPress/wordpress-develop/pull/9425
Discussed in https://core.trac.wordpress.org/ticket/63815
Props dmsnell, swisspidy.
Fixes#63815.
Built from https://develop.svn.wordpress.org/trunk@60627
git-svn-id: http://core.svn.wordpress.org/trunk@59963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
GitHub is in the process of deploying an update to their MacOS and Windows GitHub Actions runners that changes the `-latest` tag to point to `macos-15` and `windows-2025`. Once this completes, the number of available runners for the previous version will decline and could result in longer queues.
This updates the build process testing workflow to test against these new versions.
Prop johnbillion.
See #63170.
Built from https://develop.svn.wordpress.org/trunk@60626
git-svn-id: http://core.svn.wordpress.org/trunk@59962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a feature and maintenance release introducing full support for [https://www.rfc-editor.org/rfc/rfc6531 RFC 6531 SMTPUTF8], meaning that plugin or theme developers are now free to use Unicode characters in email addresses, such as `JøeÜser@example.com`, without any complicated encoding schemes. Using this feature requires sending through a mail server that advertises support for SMTPUTF8. For full details see [https://github.com/PHPMailer/PHPMailer/blob/master/SMTPUTF8.md SMTPUTF8.md].
This commit also includes the parts of PHPMailer not previously bundled with core, specifically the DSNConfigurator, OAuth, and POP3 classes, so that plugin developers could use those extended features without including their own versions of the library.
Including the full library aims to make it easier (and faster) for core to update in case of security issues, and to provide more flexibility and security for plugins and (by extension) users of WordPress.
References:
* [https://github.com/PHPMailer/PHPMailer/releases/tag/v6.10.0 PHPMailer 6.10.0 release notes]
* [https://github.com/PHPMailer/PHPMailer/compare/v6.9.3...v6.10.0 Full list of changes in PHPMailer 6.10.0]
Follow-up to [54937], [55557], [56484], [57137], [59246], [59481].
Props agulbra, Ipstenu, JeffMatson, lukecavanagh, dd32, Otto42, JeffMatson, MattyRob, desrosj, SirLouen, SergeyBiryukov.
Fixes#39714, #63811.
Built from https://develop.svn.wordpress.org/trunk@60623
git-svn-id: http://core.svn.wordpress.org/trunk@59959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On small viewports, the total vertical padding of `.misc-pub-section` was adjusted from 14px to 40px.
This significant different made for difficult reading of information in the Post Publish metabox, the Media details meta box, and the comment editing metabox.
Shift the total vertical padding to 24px to improve the readability of metaboxes on mobile.
Props mikinc860, dhrumilk, debarghyabanerjee, mukesh27, hbhalodia, sabernhardt, joedolson.
Fixes#63571.
Built from https://develop.svn.wordpress.org/trunk@60619
git-svn-id: http://core.svn.wordpress.org/trunk@59955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes an issue where `wp_kses_normalize_entities` would transform inputs like "'" into "'", changing the intended HTML text.
This behavior has present since the initial version of KSES was introduced in [649].
[2896] applied the normalization to post content for users without the "unfiltered_html" capability.
Developed in https://github.com/WordPress/wordpress-develop/pull/9099.
Props jonsurrell, dmsnell, sirlouen.
Fixes#63630.
Built from https://develop.svn.wordpress.org/trunk@60616
git-svn-id: http://core.svn.wordpress.org/trunk@59952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reduces the number of database queries made when populating roles during install/multisite site creation by 344 (347 queries down to 3).
`populate_roles()` has been modified to prevent an individual database query each time a role or capability is added to the `WP_Roles` object. Instead the roles option, `{$wpdb->prefix}user_roles` is updated once at the end of the function call.
Introduces a test to ensure that updating the roles option via `WP_Roles` and updating the option in the manner now used by `populate_roles()` results in the same capabilities been applied to a role.
Props fliespl, johnjamesjacoby, ocean90, realloc, rishabhwp, sainathpoojary, sirlouen, spacedmonkey, swissspidy.
Fixes#37687.
Built from https://develop.svn.wordpress.org/trunk@60614
git-svn-id: http://core.svn.wordpress.org/trunk@59950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the bottom `tablenav` container on taxonomy term list screens when it contains a hidden `.tablenav-pages.no-pages` element, to prevent unnecessary vertical spacing when no tags exist.
Props sainathpoojary, dilipbheda, audrasjb, abcd95, dhruvang21, SirLouen.
Fixes#63369.
Built from https://develop.svn.wordpress.org/trunk@60613
git-svn-id: http://core.svn.wordpress.org/trunk@59949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a new filter, `block_bindings_supported_attributes_{$block_type}`, that allows customizing which of a block's attributes can be connected to a Block Bindings source.
Props bernhard-reiter, gziolo, maxschmeling.
Closes#62090.
Built from https://develop.svn.wordpress.org/trunk@60611
git-svn-id: http://core.svn.wordpress.org/trunk@59947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a new Block Bindings source, `core/post-data`, which exposes `date` and `modified` fields for now -- reflecting the publish date and the last modified date of the post, respectively. The source could be subsequently extended to include other fields associated with a post object, such as title, featured image, etc.
Props bernhard-reiter.
Closes#63741.
Built from https://develop.svn.wordpress.org/trunk@60539
git-svn-id: http://core.svn.wordpress.org/trunk@59875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The GitHub Actions workflows currently limit when jobs run for forks by short-circuiting any that are triggered by `push` events when not running within the `wordpress-develop` repository.
Because the large majority of forks are not created under organizations, they will be subject to the individual account limit of 20 concurrent jobs (40 for pro accounts) at any given time instead of the 500 concurrent job limit that applies to the WordPress organization. This means that a single pull request back to a fork can take several hours to complete the workflow jobs that are spawned.
This revises the conditional statements to further limit the number of jobs that spawn within a fork while still allowing the full test matrices for forks within the `WordPress` organization and pull requests back to `wordpress-develop`.
These adjustments result in a maximum of 53 jobs when all workflows configured to run within forks are triggered. Of these, ~66% will run in less than 3 minutes, and ~55% will run in less than 1 minute.
Props jorbin, johnbillion.
Fixes#63752.
Built from https://develop.svn.wordpress.org/trunk@60534
git-svn-id: http://core.svn.wordpress.org/trunk@59870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the PHPUnit test strategy matrix to test current Innovation Releases.
- MySQL 9.4 is now the current Innovation Release.
- With the release of the 11.8 LTS version, MariaDB has no current Innovation Releases.
See #63167.
Built from https://develop.svn.wordpress.org/trunk@60532
git-svn-id: http://core.svn.wordpress.org/trunk@59868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new Site Health test to make site owners more aware when search engines are discouraged from indexing their sites.
It also increases the visibility of the related Dashboard widget notice.
Changes:
- Adds a new Site Health test under the "Privacy" category to check whether search engines are discouraged
- Displays "recommended" status when search engines are discouraged, with clear messaging to review settings
- Provides a direct link to the Reading Settings page to change this option
- Use a red/alert color to the dashicon used on the Dashboard widget notice
Props jeffr0, newyorkerlaura, joedolson, codente, abcd95, andrewhoyer, SirLouen, johnbillion, mymothersdaughter, audrasjb, Emlebrun, gaeldenysiak, beryldlg, Spaceshipone, coralietixeront, peterwilsoncc.
Fixes#63375.
Built from https://develop.svn.wordpress.org/trunk@60529
git-svn-id: http://core.svn.wordpress.org/trunk@59865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Moves the caching of RSS feeds requested via `fetch_feed()` from single site transients (`get|set|delete_transient()`) to global transients (`get|set|delete_site_transient()`).
On multisite installs of WordPress, this replaces per site caching with the global multisite cache to allow a single cache to be shared between all sites. This reduces the amount of data stored in the database and improves performance of feeds when multiple sites are ingesting the same URL.
Props rollybueno, spacedmonkey, peterwilsoncc.
Fixes#63719.
Built from https://develop.svn.wordpress.org/trunk@60524
git-svn-id: http://core.svn.wordpress.org/trunk@59860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In a Block Theme, the Custom CSS from the Customizer is inserted into the global styles, before the global style's Custom CSS. In order to update the Customizer's Custom CSS inside of the global styles, milestone CSS comments are added in the preview so that the live preview logic can do the replacement.
Follow-up to [55192], [58703].
See #57536, #61395.
Props westonruter, wildworks, peterwilsoncc, rollybueno, SirLouen, poojapadamad, rafiq91, audrasjb.
Fixes#63589.
Built from https://develop.svn.wordpress.org/trunk@60522
git-svn-id: http://core.svn.wordpress.org/trunk@59858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replaces `esc_js()` with `wp_json_encode()` for escaping the screen reader announcement when a media upload fails. As the code is within a `<script>` tag rather than an inline script handler, the `esc_js()` function would cause special characters to be announced in their HTML encoded form rather than as the character, eg `&` would be announced as `&`.
Follow up to [60263].
Props peterwilsoncc, joedolson.
Fixes#63114.
Built from https://develop.svn.wordpress.org/trunk@60520
git-svn-id: http://core.svn.wordpress.org/trunk@59856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Switch the display of the Media editor Crop controls to `flexbox` and add a gap of 4px in both column and row directions. Gives space between buttons when they are stacked.
Props presskopp, audrasjb, rishabhwp, joedolson.
Fixes#63672.
Built from https://develop.svn.wordpress.org/trunk@60517
git-svn-id: http://core.svn.wordpress.org/trunk@59853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
