This reverts the real time collaboration option name back to `wp_enable_real_time_collaboration` to avoid the need to turn on a checkbox in order to turn off the feature. This is to reduce the cognitive load on both users and developers of an on is off paradigm.
To ensure Real Time Collaboration is enabled prior to the upgrade routine running on multi-site installs, the option default is filtered on the `default_option_wp_enable_real_time_collaboration` hook to enable the option by default.
Developed in: https://github.com/WordPress/wordpress-develop/pull/11161
Follow up to r61828.
Props peterwilsoncc, czarate, sergeybiryukov.
Fixes#64622.
Built from https://develop.svn.wordpress.org/trunk@61833
git-svn-id: http://core.svn.wordpress.org/trunk@61120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Connector API keys were visible in plain text on `wp-admin/options.php`
because it queries the database directly, bypassing the `get_option()`
filter that normally masks these values.
This adds masking for options matching the `connectors_*_api_key` pattern
using the existing `_wp_connectors_mask_api_key()` function, and disables
editing from this screen.
Props jorgefilipecosta, gziolo, ocean90.
Fixes#64793.
Built from https://develop.svn.wordpress.org/trunk@61829
git-svn-id: http://core.svn.wordpress.org/trunk@61116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Renames the option `enable_real_time_collaboration` to `wp_enable_real_time_collaboration` to include the prefix as has been the practice for new options since WordPress 5.8.0.
Props peterwilsoncc, mukesh27, parthvataliya, czarate.
See #64622.
Built from https://develop.svn.wordpress.org/trunk@61722
git-svn-id: http://core.svn.wordpress.org/trunk@61030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Syncs/merges the PHP changes from the Gutenberg PR https://github.com/WordPress/gutenberg/pull/75366.
In Gutenberg, we have added support for real-time collaboration using CRDT documents (via the [Yjs library](https://yjs.dev/)). This work has suggested the following additions to WordPress:
1. A default "sync provider" based on HTTP polling that allows collaborators to share updates with each other. Previously, we relied on WebRTC connections between collaborators for this purpose, but it proved unreliable under many network conditions.
- Our solution is designed to work on any WordPress installation.
- HTTP polling is the transport we identified as most likely to work universally.
- Given the isolation and lifecycle of PHP processes, updates must be stored centrally in order to be shared among peers. We have chosen to store updates in post meta against a special post type, but alternate storage mechanisms are possible.
- Collaborative editing can involve syncing multiple CRDT documents. To limit the number of connections consumed by this provider, requests are batched.
- To prevent unbounded linear growth, updates are periodically compacted.
- To avoid excessive load on lower-resourced hosts, this provider will benefit from usage limits (e.g., a maximum of three connected collaborators) enforced by the client (Gutenberg).
2. A new registered post meta that allows Gutenberg to persist CRDT documents alongside posts.
- This provides all collaborators with a "shared starting point" for the collaborative session, which avoids duplicate updates.
- Content stored in the WordPress database always remains the source of truth. If the content differs from the persisted CRDT document, the CRDT document is updated to match the database.
3. A new Writing setting that allows users to opt-in to real-time collaboration.
- Enabling real-time collaboration disables post lock functionality and connects users to the sync provider.
4. A behavior change to autosaves is needed. When the the original author is editing a draft post (post_status == 'draft' OR 'auto-draft') and they hold the post lock, the autosave targets the actual post instead of an autosave revision. This puts the post data and the persisted CRDT document out of sync and leads to duplicate updates. When real-time collaboration is enabled, all collaborators must autosave in the same way.
This PR provides a proposed implementation of the changes above. This corresponding Gutenberg PR moves the work from the `experimental` directory to `lib/compat`:
https://github.com/WordPress/gutenberg/pull/75366
Cumulative work to add this functionality can be found using this label:
https://github.com/WordPress/gutenberg/issues?q=label%3A%22%5BFeature%5D%20Real-time%20Collaboration%22%20is%3Apr
Developed https://github.com/WordPress/wordpress-develop/pull/10894.
Props czarate, paulkevan, ellatrix, timothyblynjacobs, westonruter, jorgefilipecosta, mindctrl.
Fixes#64622.
Built from https://develop.svn.wordpress.org/trunk@61689
git-svn-id: http://core.svn.wordpress.org/trunk@60997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to bring consistency with the General Settings screen, where these fields are disabled (read-only) if the `WP_SITEURL` and `WP_HOME` constants are defined in `wp-config.php`.
Follow-up to [208], [5093], [5394].
Props dilipbheda, Presskopp, SergeyBiryukov.
Fixes#63341.
Built from https://develop.svn.wordpress.org/trunk@60237
git-svn-id: http://core.svn.wordpress.org/trunk@59573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents a deprecation warning saving options when the post by email feature is turned off in code using the `enable_post_by_email_configuration` filter.
Props ironprogrammer, manbo, narenin, sebastienserre, siliconforks.
Fixes#61144.
Built from https://develop.svn.wordpress.org/trunk@58963
git-svn-id: http://core.svn.wordpress.org/trunk@58359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When saving options from the Settings page, include the `'ping_sites'` option in the allowed "writing" options list only when the `'blog_public'` option is `'1'`.
Fixes a PHP 8.1 and above "null to non-nullable" deprecation notice in `sanitize_option()` ([https://core.trac.wordpress.org/browser/trunk/src/wp-includes/formatting.php?annotate=blame#L4952 which happens when here] as part of [22255]):
{{{
Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in .../wp-includes/formatting.php
}}}
**Explanation**
[https://developer.wordpress.org/apis/options/#writing Per the documentation], the `ping_sites` option requires the `'blog_public'` option to have a value of `'1'` and must be a `string` data type. `null` is not valid for this option.
The relationship between the 2 options shows itself in the `options-writing.php` code ([https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-admin/options-writing.php#L233 shown here] and in [4326]), as the `textarea#ping_sites` only renders when `'1' === get_option( 'blog_public' )`.
**What happens if `'blog_public'` is not `'1'`?**
The `'ping_sites'` option will not be a field on the page. Upon saving:
* HTTP POST (`$_POST`) does not include `'ping_sites'`.
* Before this commit:
* The [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/options.php#L333 option's value was set to] `null` before being passed to `update_option()`.
* `update_option()` invokes `sanitize_option()`.
* A `null` value for the `'ping_sites'` case was passed to `explode()`, which threw a deprecation notice on PHP 8.1 and above.
* With this commit, the `'ping_sites'` option is no longer included in the allow list and thus will not be passed to `update_options()` > `sanitize_option()` > `explode()`.
Follow-up to [22255], [12825], [4326], [949].
Props kitchin, SergeyBiryukov, swissspidy, devmuhib, rajinsharwar, hellofromTonya.
Fixes#59818.
Built from https://develop.svn.wordpress.org/trunk@58425
git-svn-id: http://core.svn.wordpress.org/trunk@57874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are several exist places in Core that attempt to detect if a blog charset
is UTF-8. Each place attempts to perform the same check, except the logic is
spread throughout and there's no single method provided to make this
determination in a consistent way. The `_canonical_charset()` method exists,
but is marked private for use.
In this patch the new `unicode` module provides `is_utf8_charset()` as a method
taking an optional charset slug and indicating if it represents UTF-8,
examining all of the allowable variants of that slug. Associated code is
updated to use this new function, including `_canonical_charset()`. If no slug
is provided, it will look up the current `get_option( 'blog_charset' )`.
Finally, the test functions governing `_canonical_charset()` have been
rewritten as a single test with a data provider instead of as separate test
functions.
Developed in https://github.com/WordPress/wordpress-develop/pull/6535
Discussed in https://core.trac.wordpress.org/ticket/61182Fixes#61182.
Props dmsnell, jonsurrell.
Built from https://develop.svn.wordpress.org/trunk@58147
git-svn-id: http://core.svn.wordpress.org/trunk@57612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The link is a part of the deprecation notice displayed when saving an unregistered setting.
Follow-up to [13646], [13785], [14070], [32116], [34315], [45674].
Props timse201, sabernhardt, amitraj2203, khokansardar, SergeyBiryukov.
Fixes#61199.
Built from https://develop.svn.wordpress.org/trunk@58140
git-svn-id: http://core.svn.wordpress.org/trunk@57605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.
This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input.
Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes#38073.
Built from https://develop.svn.wordpress.org/trunk@58069
git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This restores the site icon setting to its original home on the settings page where it lives with the title and tagline.
The base for this code was originally added in [32994] and then removed in [33329]. The majority of the modification to that version are to remove the no-js pieces and make the workflow completely inline rather than putting the cropping on a separate page.
Additionally, since image crops rely on the ability to upload an image, this setting is gated by the `upload_files` capability.
Follow-up to: [32994], [33329].
Props jorbin, audrasjb, mukesh27, joedolson, afercia, kebbet, swissspidy, obenland, jameskoster, kjellr, andraganescu, stacimc, mikeschroder, h71, krupajnanda, huzaifaalmesbah.
Fixes#54370.
See #16434.
Built from https://develop.svn.wordpress.org/trunk@57602
git-svn-id: http://core.svn.wordpress.org/trunk@57103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent the saving of invalid timezone string in to the database on the options pages. If an invalid timezone is submitted it is ignored and the setting remains unchanged.
This prevents a warning or fatal (depending on the PHP version) from being thrown by an invalid timezone setting on the Settings > General page.
Props ankit-k-gupta, costdev, huzaifaalmesbah, mrinal013, nicolefurlan, oglekler.
Fixes#58814.
Built from https://develop.svn.wordpress.org/trunk@56949
git-svn-id: http://core.svn.wordpress.org/trunk@56460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:
- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.
Follow-up to [11823], [13177], [21996], [37747], [53714].
Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes#56293.
See #55647.
Built from https://develop.svn.wordpress.org/trunk@54113
git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On sites with a large number of options, the number of inputs when saving all options via the /wp-admin/options.php page may exceed PHP's `max_input_vars` setting, this will prevent saving.
An error is now shown if this is the case.
Props ishitaka, jorbin, maguijo, pento, sergeybiryukov.
Fixes#45438.
Built from https://develop.svn.wordpress.org/trunk@53151
git-svn-id: http://core.svn.wordpress.org/trunk@52740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
