Add `_wp_connectors_get_api_key_source()` to detect whether an API key is configured via environment variable, PHP constant, or database. The UI uses this to show the key source and hide "Remove and replace" for externally configured keys.
Replace `_wp_connectors_validate_keys_in_rest()` and `_wp_connectors_get_real_api_key()` with a single `rest_post_dispatch` handler, `_wp_connectors_rest_settings_dispatch()`, that masks keys in all `/wp/v2/settings` responses and validates on POST/PUT, reverting invalid keys.
Simplify `_wp_register_default_connector_settings()` by replacing the closure-based `sanitize_callback` and `option_` mask filter with plain `sanitize_text_field`, since masking is now handled at the REST layer.
Enrich `_wp_connectors_get_connector_script_module_data()` to expose `keySource`, `isConnected`, `logoUrl`, and plugin `isInstalled` / `isActivated` status to the admin screen.
Update `_wp_connectors_pass_default_keys_to_ai_client()` to skip keys sourced from environment variables or constants and read the database directly via `get_option()`.
Set `_wp_connectors_init` priority to 15 so the registry is ready before settings are registered at priority 20.
Backports https://github.com/WordPress/gutenberg/pull/76266.
Backports https://github.com/WordPress/gutenberg/pull/76327.
Props jorgefilipecosta, gziolo, swissspidy, flixos90.
Fixes#64819.
Built from https://develop.svn.wordpress.org/trunk@61985
git-svn-id: http://core.svn.wordpress.org/trunk@61267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enable client-side media processing in the three `test_finalize_item*`
tests so the `/finalize` route is registered before dispatching requests.
Without this, the route does not exist and all assertions fail with
`rest_no_route`.
Extracts the repeated filter-and-reinitialize pattern into a shared
`enable_client_side_media_processing()` helper, used by both the
sideload and finalize tests.
Follow-up to [61982].
Built from https://develop.svn.wordpress.org/trunk@61984
git-svn-id: http://core.svn.wordpress.org/trunk@61266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove `_wp_connectors_get_connector_settings()` and inline `ksort()`
into `_wp_connectors_get_connector_script_module_data()`. Expand
`@return` and `@phpstan-return` array shapes for `wp_get_connector()`
and `wp_get_connectors()`. Make `logo_url` and `credentials_url` truly
optional. Rename test class to `wpGetConnectors`.
Developed in https://github.com/WordPress/wordpress-develop/pull/11227.
Follow-up to [61943].
Props gziolo, westonruter.
Fixes#64791.
Built from https://develop.svn.wordpress.org/trunk@61983
git-svn-id: http://core.svn.wordpress.org/trunk@61265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce a `POST /wp/v2/media/{id}/finalize` REST API endpoint that re-triggers the `wp_generate_attachment_metadata` filter with context `'update'` after client-side media processing completes. This ensures server-side plugins (watermarking, CDN sync, custom sizes, etc.) can post-process attachments when client-side processing is active.
The endpoint reuses `edit_media_item_permissions_check` for authorization and is only registered when `wp_is_client_side_media_processing_enabled()` returns true.
See https://github.com/WordPress/gutenberg/pull/74913.
See https://github.com/WordPress/gutenberg/issues/74358.
Props adamsilverstein, westonruter, mukesh27, divyeshpatel01.
Fixes#64804.
Built from https://develop.svn.wordpress.org/trunk@61982
git-svn-id: http://core.svn.wordpress.org/trunk@61264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures the filters to opt in to loading separate block styles on demand are added at the moment `WP_Styles` is constructed. This accounts for styles being registered at the `init` action before `register_core_block_style_handles()` runs at priority 9. Without this, the `wp-block-library` stylesheet may get registered with the full combined block styles as `style.css` instead of just `common.css`, due to `wp_should_load_block_assets_on_demand()` still returning false. The `wp_default_styles` action still runs during `init`.
Developed in https://github.com/WordPress/wordpress-develop/pull/11232
Follow-up to r61008.
Props westonruter, adamsilverstein.
See #64099.
Fixes#64846.
Built from https://develop.svn.wordpress.org/trunk@61981
git-svn-id: http://core.svn.wordpress.org/trunk@61263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The JavaScript fils within the `build/routes` and `build/pages` directories within the built `gutenberg` asset were not being copied properly into the working directory.
This configures a `grunt copy:gutenberg-js` task to handle this.
Follow up to [61873], [61874].
Props jorgefilipecosta, ellatrix, desrosj.
See #64393.
Built from https://develop.svn.wordpress.org/trunk@61978
git-svn-id: http://core.svn.wordpress.org/trunk@61260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Document-Isolation-Policy (DIP) isolates the document and blocks same-origin iframe access that page builders rely on. Skip DIP setup when a third-party page builder overrides the block editor via a custom `action` query parameter.
Also gates `wp_is_client_side_media_processing_enabled()` on a secure context check, since `SharedArrayBuffer` requires a secure context (HTTPS or localhost).
Props adamsilverstein, westonruter, mukesh27, louiswol94, manhar, illuminea.
Fixes#64803.
Built from https://develop.svn.wordpress.org/trunk@61947
git-svn-id: http://core.svn.wordpress.org/trunk@61229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces placeholder inline `STYLE` tags in the `HEAD` which are used to accurately locate hoisted styles which were printed in the footer. This improves the robustness of the hoisting logic. A style placeholder had been used previously in the inline style for `wp-block-library` for placing core block styles, and new placeholders are added for global styles and non-core block styles.
Furthermore, this fixes the cascade for inline styles added to `wp-block-library`. When separate block styles are not used, these styles would have appeared after the single combined `wp-block-library`. However, in 6.9 the order changed so that separate block styles would appear after. To preserve the original cascade, this splits the `wp-block-library` inline style: the first half (likely just the inlined `block-library/common.css`) appears before the block styles, and the remainder appears in a new `STYLE#wp-block-library-inline-css-extra` element.
Developed in https://github.com/WordPress/wordpress-develop/pull/10875
Follow-up to r61554, r61174, r61122, r61076, r61008.
Props westonruter, joefusco, adamsilverstein, ocean90, mmorris8, ozgursar, vanonsopensource, xwolf, immeet94, george9, joezappie, jorbin, sajib1223, sabernhardt.
See #64099, #64354, #64150, #43258.
Fixes#64389.
Built from https://develop.svn.wordpress.org/trunk@61945
git-svn-id: http://core.svn.wordpress.org/trunk@61227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `WP_Connector_Registry` class and a `wp_connectors_init` action hook so plugins can register their own connectors alongside the built-in defaults (Anthropic, Google, OpenAI).
Key changes:
* `WP_Connector_Registry` — A `final` singleton class managing connector registration and lookup, with validation for IDs, required fields, and authentication methods.
* `wp_connectors_init` action — Fired during `init` after built-in connectors are registered. Passes the registry instance so plugins call `$registry->register()` directly.
* `_wp_connectors_init()` — Private function that creates the registry, merges hardcoded defaults with AI Client registry data, registers them, then fires the action.
* Public read-only functions — `wp_is_connector_registered()`, `wp_get_connector()`, `wp_get_connectors()` for querying the registry after initialization.
* Logo URL support — Connectors can include an optional `logo_url` field resolved from plugin directories via `_wp_connectors_resolve_ai_provider_logo_url()`.
* Timing guards — `set_instance()` rejects calls after `init` completes. Registration is only possible during `wp_connectors_init`.
* Connector API key settings are now only registered when the provider exists in the AI Client registry.
* Refactors `_wp_connectors_get_connector_settings()` to read from the registry via `wp_get_connectors()`.
Developed in https://github.com/WordPress/wordpress-develop/pull/11175
Props gziolo, flixos90, mukesh27, westonruter.
Fixes#64791.
Built from https://develop.svn.wordpress.org/trunk@61943
git-svn-id: http://core.svn.wordpress.org/trunk@61225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove duplicate CSS setting the checked state for checkbox and radio inputs from `_admin.scss`. The duplicate selectors overrode the white checkmark in older browsers, impacting alternate color schemes.
Props sabernhardt, joedolson.
Fixes#64822.
Built from https://develop.svn.wordpress.org/trunk@61940
git-svn-id: http://core.svn.wordpress.org/trunk@61222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates `wp_get_loading_optimization_attributes()` and `wp_maybe_add_fetchpriority_high_attr()` to account for cases where an `IMG` has `fetchpriority=low` or `fetchpriority=auto`:
* `IMG` tags with `fetchpriority=low` are not lazy-loaded since they may be in a Navigation overlay, Details block, or Accordion Item block and need to be loaded the instant the user toggles the block.
* `IMG` tags with `fetchpriority=auto` do not increase the media count since they may be hidden in a viewport by block visibility settings.
* Blocks with conditional visibility (such as hidden on mobile or desktop) now automatically add `fetchpriority="auto"` to their contained `IMG` tags to prevent them from erroneously receiving `fetchpriority=high` or affecting the lazy-loading of subsequent images.
* An `IMG` with `fetchpriority=auto` which also surpasses the `wp_min_priority_img_pixels` threshold will prevent a subsequent image from getting `fetchpriority=high`.
Developed in https://github.com/WordPress/wordpress-develop/pull/11196
Includes backport of [https://github.com/WordPress/gutenberg/pull/76302 Gutenberg#76302].
See related Gutenberg issues:
- [https://github.com/WordPress/gutenberg/issues/76181 76181]: Image in navigation overlay can get `fetchpriority=high` and degrade LCP metric for page.
- [https://github.com/WordPress/gutenberg/issues/76268 76268]: Image in collapsed Details block may erroneously get `fetchpriority=high` even though hidden.
- [https://github.com/WordPress/gutenberg/issues/76301 76301]: Block Visibility: `IMG` in viewport-conditional block may get `fetchpriority=high` even when not displayed.
- [https://github.com/WordPress/gutenberg/issues/76335 76335]: Image in collapsed Accordion block may erroneously get `fetchpriority=high` even though hidden.
Follow-up to r56347, r56037.
Props westonruter, mukesh27, ramonopoly, wildworks.
See #58235.
Fixes#64823.
Built from https://develop.svn.wordpress.org/trunk@61934
git-svn-id: http://core.svn.wordpress.org/trunk@61216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously in r61397, `add_query_arg()` was used to append versions or handle-specific query arguments. This resulted in stripping any existing duplicate query variables in the source URL (common in Google Fonts URLs). This change refactors `WP_Styles::_css_href()` and `WP_Scripts::do_item()` to manually append these parameters to the URL string. This ensures all original query variables are preserved exactly as provided. It also improves fragment handling by ensuring query parameters are inserted before any '#' anchor while maintaining the anchor's presence.
The URL encoding changes in `tests/phpunit/tests/dependencies/scripts.php` are reversions of what had previously been done in r61397.
Developed in https://github.com/WordPress/wordpress-develop/pull/11164
Follow-up to r61397, r61358.
Props westonruter, jonsurrell.
Fixes#64372.
Built from https://develop.svn.wordpress.org/trunk@61927
git-svn-id: http://core.svn.wordpress.org/trunk@61209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This has historically worked until [61892] increased the strictness of the template file validation which dismissed any value of a type other than a string, which a stringable object is not.
Props dmsnell, westonruter.
Built from https://develop.svn.wordpress.org/trunk@61913
git-svn-id: http://core.svn.wordpress.org/trunk@61195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This iterates on the changes from [61438] by removing the need to:
- Check out the WordPress/gutenberg repository at the pinned hash.
- Run `npm install` within that checkout.
- Run `npm build` within that checkout.
Instead, the build script will now download a prebuilt zip file published to the GitHub Container Registry by a GitHub Actions workflow recently merged to the Gutenberg Repository (related PR: https://github.com/WordPress/gutenberg/pull/75844).
This also removes redundant code responsible for:
- Copying files from the `gutenberg` directory to the appropriate locations during the build script in favor of using `grunt copy`.
- Modifying built files to replace specific text, such as `sourceMappingURL`, in favor of `grunt replace`.
The remaining files within the `tools/gutenberg` directory have been renamed to remove `gutenberg` from the file names. Since these are already nested in a `gutenberg` directory, that was redundant.
Since the intention of the pinned value for the repository in the `package.json` file is to specify a full-length commit hash, `ref` has been renamed to `sha`. In Git `ref` encompasses branches, tags, and commit hashes, so this hopefully makes it more clear that something like `branch-name` should not be used.
Follow up to [61438], [61439], [61458], [61492], [61677], [61867].
Props desrosj, dmsnell, westonruter, mcsf, jorbin.
See #64393.
Built from https://develop.svn.wordpress.org/trunk@61873
git-svn-id: http://core.svn.wordpress.org/trunk@61159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `theme.json` file `$schema` URL is relative in the `gutenberg` repository upstream. The URL is not currently being replaced with an aboslute one pointing to w.org due to a missing `transform: true` configuration.
Follow up to [61438], [61439], [61458], [61492], [61677].
See #64393.
Built from https://develop.svn.wordpress.org/trunk@61867
git-svn-id: http://core.svn.wordpress.org/trunk@61154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Though `add_action()` and `add_filter()` are functionally equivalent internally, for proper semantics the former should be used on actions and the latter on filters.
Follow-up to [37920], [38046], [53266].
Props apermo.
Fixes#64828.
Built from https://develop.svn.wordpress.org/trunk@61866
git-svn-id: http://core.svn.wordpress.org/trunk@61153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The option to enable real-time collaboration was first added in [61689] as `enable_real_time_collaboration` with a value of `1` and the `$db_version` was bumped in [61696].
The option then went through a series of changes. This included: the default value changing to `0` in [61702], being renamed to `wp_enable_real_time_collaboration` in [61722], removed entirely in [61828], and finally being re-added as `wp_enable_real_time_collaboration` in [61862].
Because the `$db_version` was not bumped after these changes, it’s possible that the `wp_enable_real_time_collaboration` option is not present on any site that ran the nightly build generated between [61696] and [61702], or a nightly build/beta release published after [61828]. Since `populate_options()` runs when a new site is installed, this issue only affects pre-existing sites that had upgradd their database when `wp_enable_real_time_collaboration` was not specified as a default option within `$defaults`.
This bumps the database version to `61833`, which is the most recent changeset to have modified the `$defaults` array in `populate_options()`.
Props dlh, maxschmeling, smithjw1, kbat82.
See #64824, #64622.
Built from https://develop.svn.wordpress.org/trunk@61864
git-svn-id: http://core.svn.wordpress.org/trunk@61151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Set the generated content in the gallery selection strip to `content: none;` to remove the generated overlay. Follow up to [61757].
Props wildworks, hbhalodia, divyeshpatel01, huzaifaalmesbah, apermo, joedolson.
Fixes#64820.
Built from https://develop.svn.wordpress.org/trunk@61862
git-svn-id: http://core.svn.wordpress.org/trunk@61149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
