Make `WP_AI_Client_Ability_Function_Resolver` non-static and require specifying the allowed abilities list in the constructor. This hardens security by ensuring that only explicitly specified abilities can be executed, preventing potential vulnerabilities such as prompt injection from triggering arbitrary abilities.
The constructor accepts either `WP_Ability` objects or ability name strings. If an ability is not in the allowed list, an error response with code `ability_not_allowed` is returned.
Developed in https://github.com/WordPress/wordpress-develop/pull/11103.
Upstream: https://github.com/WordPress/wp-ai-client/pull/61.
Props felixarntz, gziolo, JasonTheAdams, dkotter, johnbillion.
Fixes#64769.
Built from https://develop.svn.wordpress.org/trunk@61795
git-svn-id: http://core.svn.wordpress.org/trunk@61101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Omit these files which offer little value since the VIPS library is primarily inlined WASM. Saves ~30MB total from the build output.
Props swissspidy, westonruter, adamsilverstein, berislav.grgicak, knutsp.
Fixes: #64734.
Built from https://develop.svn.wordpress.org/trunk@61794
git-svn-id: http://core.svn.wordpress.org/trunk@61100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When constructing these objects, the specific instance type is redundantly used in a union with a generic `object`. A generic object can be passed directly from database row result. This also hardens `get_post()` to account for passing an object that lacks an `ID` property. Similarly, `sanitize_term()` is hardened to account for an object lacking a `term_id` property. Comprehensive unit tests are added for `get_post()` and `sanitize_term()`.
Developed in https://github.com/WordPress/wordpress-develop/pull/11096
Props westonruter, apermo.
See #64238, #64225.
Built from https://develop.svn.wordpress.org/trunk@61789
git-svn-id: http://core.svn.wordpress.org/trunk@61095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Exceptions were already caught and transformed into `WP_Error` objects in all instance methods of `WP_AI_Client_Prompt_Builder`, but not in the constructor. This meant that if an exception was thrown during construction, it would not be caught and would cause a fatal error instead of returning a `WP_Error` object.
Props gziolo.
See #64591.
Built from https://develop.svn.wordpress.org/trunk@61787
git-svn-id: http://core.svn.wordpress.org/trunk@61093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These functions, which are needed for the package, are already polyfilled by WordPress Core. They were never loaded by the custom autoloader in Core anyway, so they are dead code that is safe to remove.
Props gziolo.
See #64591.
Built from https://develop.svn.wordpress.org/trunk@61786
git-svn-id: http://core.svn.wordpress.org/trunk@61092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update the sizing of icons in the welcome panel, bulk edit, quick edit, and admin notifications to use relative sizing, fixing alignment issues.
Update focus state for bulk edit remove buttons.
Props mohitbsf, opurockey, sabernhardt, huzaifaalmesbah, madhavishah01, r1k0, ozgursar, noruzzaman, shailu25, joedolson, mukesh27.
Fixes#64684.
Built from https://develop.svn.wordpress.org/trunk@61784
git-svn-id: http://core.svn.wordpress.org/trunk@61090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the code more readable and consistent, as the function is already used extensively in core files.
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
Follow-up to [55703], [58313].
Props Soean, mukesh27.
Fixes#64773.
Built from https://develop.svn.wordpress.org/trunk@61781
git-svn-id: http://core.svn.wordpress.org/trunk@61087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit protects against another multisite cache edge-case where a persistent object-cache drop-in plugin (namely memcached) may use a numerically-keyed `global_groups` array instead of `'key' => true` like the default object-cache class, and includes the following changes:
* Use `wp_is_numeric_array()` inside of `wp_cache_switch_to_blog_fallback()` so that the global group names array are always properly formatted regardless of the caching back-end in use
* Add private helper methods to `Tests_Multisite_WpCacheSwitchToBlogFallback` to properly format global group names, and tweak a few tests to make them more resilient to different caching back-ends
Follow up to r61760.
See #23290.
Built from https://develop.svn.wordpress.org/trunk@61772
git-svn-id: http://core.svn.wordpress.org/trunk@61078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The same error message was returned whether a user attempted bulk edit without selecting an action or attempted without selecting any posts. These two situations need different messages.
Return error messages appropriate to the actual user error.
Props Presskopp, r1k0, pratiknawkar94, joedolson.
Fixes#64659.
Built from https://develop.svn.wordpress.org/trunk@61771
git-svn-id: http://core.svn.wordpress.org/trunk@61077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In General Settings, set the `remove-site-icon` class in initial state and add border for clearer control boundaries.
Props sabernhardt, noruzzaman, madhavishah01, huzaifaalmesbah, hmbashar, shailu25, joedolson.
Fixes#64736.
Built from https://develop.svn.wordpress.org/trunk@61770
git-svn-id: http://core.svn.wordpress.org/trunk@61076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Switch the classic editor's taxonomy tabs to use the APG tablist/tabpanel structure. Add appropriate ARIA roles to tabs and panels and update JS to handle required keyboard events and selected states.
Props alh0319, mukesh27, joedolson.
Fixes#63981.
Built from https://develop.svn.wordpress.org/trunk@61764
git-svn-id: http://core.svn.wordpress.org/trunk@61070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following the admin reskin, community events inputs were misaligned.
Change to `flex` layout to fix alignment and improve handling for translated strings.
Props huzaifaalmesbah, hmbashar, mirmpro, shailu25, joedolson.
Fixes#64753.
Built from https://develop.svn.wordpress.org/trunk@61761
git-svn-id: http://core.svn.wordpress.org/trunk@61067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit protects against an edge-case where a persistent object-cache drop-in plugin not including its own `wp_cache_switch_to_blog()` function would cause non-persistent cache groups to go missing when switching between sites, and includes the following changes:
* A new `wp_cache_switch_to_blog_fallback()` function in `ms-blogs.php` which abstracts duplicated code from `switch_to_blog()` and `restore_current_blog()` for easier unit testing
* A new `wpCacheSwitchToBlogFallback.php` file with approximately 25 new unit tests
* Conditionally declares `wp_cache_switch_to_blog()` in `cache-compat.php` only if it does not already exist, either via core's `cache.php` or a drop-in plugin
With this change, WordPress no longer needs to check if the `wp_cache_switch_to_blog()` function exists (because it always will) so those checks have been removed.
Props ethitter, jeremyfelt, johnjamesjacoby, markjaquith, nacin, ozgursar, r1k0.
Fixes#23290.
Built from https://develop.svn.wordpress.org/trunk@61760
git-svn-id: http://core.svn.wordpress.org/trunk@61066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a visible label with the `aria-label` value for image selection to enable voice control users to select images. Add visible labels on filters to improve access to media filters.
Props grahamarmfield, tomauger, afercia, rianrietveld, antpb, audrasjb, SirLouen, ozgursar, poojapadamad, mukesh27, alh0319, joedolson.
Fixes#23562.
Built from https://develop.svn.wordpress.org/trunk@61757
git-svn-id: http://core.svn.wordpress.org/trunk@61063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds `wp-includes/connectors.php` (loaded from `wp-settings.php`) and registers
a Settings > Connectors submenu when the AI client and Connectors admin page
renderer are available.
Registers connector API key settings in `/wp/v2/settings`, masks key values on
option reads, validates keys against provider configuration, and returns
`invalid_key` for explicitly requested connector fields when validation fails.
Stored connector keys are also passed to the AI client registry on init.
Gutenberg PR at https://github.com/WordPress/gutenberg/pull/75833.
Developed in https://github.com/WordPress/wordpress-develop/pull/11056.
Props jorgefilipecosta, gziolo, flixos90, justlevine, westonruter, jeffpaul, JasonTheAdams, audrasjb, shaunandrews, noruzzaman, mukesh27.
Fixes#64730.
Built from https://develop.svn.wordpress.org/trunk@61749
git-svn-id: http://core.svn.wordpress.org/trunk@61055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
