- Use a more precise regular expression for identifying "HIT" statuses to avoid false positives (e.g., "no-hit").
- Add specific verification logic for Varnish's `X-Varnish` header.
- Use a `null` value in the header mapping to indicate a header existence check, when no callback is supplied.
- Improve documentation with links for information about certain headers.
Developed in https://github.com/WordPress/wordpress-develop/pull/10855
Follow-up to [61355], [54043].
Props westonruter, dmsnell.
See #63748.
Fixes#64370.
Built from https://develop.svn.wordpress.org/trunk@61711
git-svn-id: http://core.svn.wordpress.org/trunk@61019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bring over the changes required to implement client side media in core. This feature recently graduated from experiments and is ready for testing in beta.
Props adamsilverstein, westonruter, mamaduka, mukesh27, swissspidy, andrewserong, ellatrix, ramonjd.
Fixes#62243.
Built from https://develop.svn.wordpress.org/trunk@61703
git-svn-id: http://core.svn.wordpress.org/trunk@61011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds missing `svn:ignore` entries for files generated by the Gutenberg build process:
* Root directory: `.gutenberg-hash`
* `src/wp-includes/assets`: ignore all generated files
* `src/wp-includes/blocks`: remove versioned directories and ignore all generated files
Follow-up to [61476].
Props ellatrix.
See #64393.
Built from https://develop.svn.wordpress.org/trunk@61701
git-svn-id: http://core.svn.wordpress.org/trunk@61009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress AI Client is a provider-agnostic API for WordPress code to call generative AI models via a consistent interface. Plugins and Core can use it to provide AI driven features for users, while users maintain full autonomy in choosing which AI provider(s) they want to rely on and how they configure them.
This changeset merges the technical foundation for the WordPress AI Client into Core. This foundation was originally implemented in the https://github.com/WordPress/wp-ai-client package, which will be sunset going forward. The underlying https://github.com/WordPress/php-ai-client package is bundled with this changeset and will remain a separate library maintained by the WordPress project, for WordPress Core and the PHP ecosystem.
No AI providers are bundled out of the box. Without explicit configuration and explicit calling code, WordPress will not send prompts or data to any external service. Site owners will be able to install plugins to enable usage of specific AI providers, built on top of this foundation.
This is the first changeset of two that are most relevant for the AI Client feature. The subsequent change will introduce a configuration screen for different AI providers, where users can install provider plugins, configure their credentials, and enable the canonical WordPress AI plugin. Together, this infrastructure and UI will enable the WordPress ecosystem to build AI features in a seamless and interoperable way.
Original merge proposal: https://make.wordpress.org/core/2026/02/03/proposal-for-merging-wp-ai-client-into-wordpress-7-0/
Props jason_the_adams, flixos90, desrosj, dkotter, jorgefilipecosta, peterwilsoncc, johnbillion, jorbin, swissspidy, isotropic.
See #64591.
Built from https://develop.svn.wordpress.org/trunk@61700
git-svn-id: http://core.svn.wordpress.org/trunk@61008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces PHPStan static analysis configured at [https://phpstan.org/user-guide/rule-levels rule level 0], which includes: "basic checks, unknown classes, unknown functions, unknown methods called on `$this`, wrong number of arguments passed to those methods and functions, always undefined variables". Contributors may elect for a higher PHPStan rule level by creating a `phpstan.neon` which overrides `phpstan.neon.dist`.
* Fix various PHPStan level 0 errors by adding `@phpstan-ignore` comments, updating PHPDoc types, and adding missing return values.
* Remove existing `@phpstan-ignore` comments that are now obsolete or inapplicable for level 0.
* Add a new GitHub Actions workflow for PHPStan Static Analysis. Reports are currently provided as warnings with inline annotations in pull requests and do not fail the build.
* Add a `phpstan` Grunt task and include it in the `precommit:php` task to run before `phpunit`.
* Introduce a `typecheck:php` npm script and a `composer phpstan` script to run analysis in local development environments.
* Add documentation for PHPStan usage in `tests/phpstan/README.md`.
Developed in https://github.com/WordPress/wordpress-develop/pull/10419
Props justlevine, westonruter, johnbillion, desrosj, SirLouen, dmsnell, oglekler, joehoyle, jorbin.
See #64238, #63268, #52217, #51423.
Fixes#61175.
Built from https://develop.svn.wordpress.org/trunk@61699
git-svn-id: http://core.svn.wordpress.org/trunk@61007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset does the following:
- Custom statuses added via `plugins_list` now appear as tabs, to filter the related plugins
- The tab label is customizable via the new `plugins_list_status_text` hook
Follow-up to [56068].
Props juliobox, audrasjb, hellofromTonya, khokansardar, sajjad67, davidbaumwald, sukhendu2002, SirLouen, mindctrl, shailu25, huzaifaalmesbah, westonruter.
See #60495.
Built from https://develop.svn.wordpress.org/trunk@61695
git-svn-id: http://core.svn.wordpress.org/trunk@61003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reverts [61600]. Other core abilities did not made into 7.0 beta 1 timeline, so adding just a single ability does not adds much value and we are temporarily reverting this addition.
This commit is just a clean execution of the revert command.
Props jorgefilipecosta, jason_the_adams, justlevine.
See #64455.
Built from https://develop.svn.wordpress.org/trunk@61690
git-svn-id: http://core.svn.wordpress.org/trunk@60998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Syncs/merges the PHP changes from the Gutenberg PR https://github.com/WordPress/gutenberg/pull/75366.
In Gutenberg, we have added support for real-time collaboration using CRDT documents (via the [Yjs library](https://yjs.dev/)). This work has suggested the following additions to WordPress:
1. A default "sync provider" based on HTTP polling that allows collaborators to share updates with each other. Previously, we relied on WebRTC connections between collaborators for this purpose, but it proved unreliable under many network conditions.
- Our solution is designed to work on any WordPress installation.
- HTTP polling is the transport we identified as most likely to work universally.
- Given the isolation and lifecycle of PHP processes, updates must be stored centrally in order to be shared among peers. We have chosen to store updates in post meta against a special post type, but alternate storage mechanisms are possible.
- Collaborative editing can involve syncing multiple CRDT documents. To limit the number of connections consumed by this provider, requests are batched.
- To prevent unbounded linear growth, updates are periodically compacted.
- To avoid excessive load on lower-resourced hosts, this provider will benefit from usage limits (e.g., a maximum of three connected collaborators) enforced by the client (Gutenberg).
2. A new registered post meta that allows Gutenberg to persist CRDT documents alongside posts.
- This provides all collaborators with a "shared starting point" for the collaborative session, which avoids duplicate updates.
- Content stored in the WordPress database always remains the source of truth. If the content differs from the persisted CRDT document, the CRDT document is updated to match the database.
3. A new Writing setting that allows users to opt-in to real-time collaboration.
- Enabling real-time collaboration disables post lock functionality and connects users to the sync provider.
4. A behavior change to autosaves is needed. When the the original author is editing a draft post (post_status == 'draft' OR 'auto-draft') and they hold the post lock, the autosave targets the actual post instead of an autosave revision. This puts the post data and the persisted CRDT document out of sync and leads to duplicate updates. When real-time collaboration is enabled, all collaborators must autosave in the same way.
This PR provides a proposed implementation of the changes above. This corresponding Gutenberg PR moves the work from the `experimental` directory to `lib/compat`:
https://github.com/WordPress/gutenberg/pull/75366
Cumulative work to add this functionality can be found using this label:
https://github.com/WordPress/gutenberg/issues?q=label%3A%22%5BFeature%5D%20Real-time%20Collaboration%22%20is%3Apr
Developed https://github.com/WordPress/wordpress-develop/pull/10894.
Props czarate, paulkevan, ellatrix, timothyblynjacobs, westonruter, jorgefilipecosta, mindctrl.
Fixes#64622.
Built from https://develop.svn.wordpress.org/trunk@61689
git-svn-id: http://core.svn.wordpress.org/trunk@60997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset allow developers to attach custom error handlers into `wp_trigger_error()` even if `WP_DEBUG` is not truthy.
It introduces two new hooks, making `wp_trigger_error()` consistent with what is available in `_doing_it_wrong`:
- `wp_trigger_error_always_run` always fires when the given function triggers a user-level error/warning/notice/deprecation message.
- `wp_trigger_error_trigger_error` filters whether to trigger the error.
Props kkmuffme, swissspidy, audrasjb.
Fixes#60886.
Built from https://develop.svn.wordpress.org/trunk@61688
git-svn-id: http://core.svn.wordpress.org/trunk@60996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, WordPress allowed site owners to open registration AND to set the default new user level to "Administrator" or "Editor". While this combination may make sense for some sites, this is genrally a really really bad idea.
With this changeset:
- Administrator and Editor roles are now removed from the new user default role selector in the General Options admin screen.
- If such a role was selected before, an alert is shown in Site Health.
- A new filter is introduced: `default_role_dropdown_excluded_roles` allows developers to change the default excluded roles in the dropdown.
Props kraftbj, subrataemfluence, roytanck, dd32, ottok, jrf, eatingrules, verygoode, generosus, stevejburge, arunu1996, benniledl, audrasjb, mukesh27, swissspidy, Mte90, zodiac1978, pooja1210, davidbaumwald, johnbillion, jorbin, SirLouen, oglekler, kirasong, shailu25, huzaifaalmesbah, jsmansart.
Fixes#43936.
Built from https://develop.svn.wordpress.org/trunk@61687
git-svn-id: http://core.svn.wordpress.org/trunk@60995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix a few miscellaneous colors and alignment shifts missed in previous updates. Apply the new admin link and button colors on missed cases in the customizer, classic widgets, skip links, help and screen options, and admin nav menus.
Props joedolson, fabiankaegy.
Fixes#64652.
Built from https://develop.svn.wordpress.org/trunk@61682
git-svn-id: http://core.svn.wordpress.org/trunk@60990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds the admin-scheme styles as a dependency for the login and install styles. This is to ensure the CSS variables are available to the login, installation, database repair and upgrade screens.
Modifies the display of notices in the login styles to match those in the new default scheme, "modern".
Props peterwilsoncc, wildworks, westonruter, mukesh27, fabiankaegy, audrasjb, huzaifaalmesbah, sabernhardt, presskopp, SirLouen, ellatrix, nendeb55, neo2k23, jsmansart, joedolson.
Fixes#64640, #64548. See #64308.
Built from https://develop.svn.wordpress.org/trunk@61681
git-svn-id: http://core.svn.wordpress.org/trunk@60989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When building Gutenberg, the `--base-url` argument was forwarded through
`npm run build --`, which passes arguments through a shell layer. The
argument value `includes_url( 'build/' )` contains spaces, parentheses,
and single quotes that could be mangled by shell parsing on some
platforms, causing the generated `constants.php` to lose the trailing
slash in `build_url`.
This invokes `node bin/build.mjs` directly instead, bypassing npm's
shell forwarding entirely. The argument is passed as a single array
element via `spawn`, so it arrives intact regardless of platform.
Props youknowriad, desrosj.
See #64656.
Built from https://develop.svn.wordpress.org/trunk@61679
git-svn-id: http://core.svn.wordpress.org/trunk@60987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `removeSourceMaps` regex in `copy-gutenberg-build.js` was missing the `/g` (global) flag, so it only stripped the **first** `//# sourceMappingURL=` comment per file.
Bundled files such as the `@wordpress/vips` web worker can contain **multiple** `sourceMappingURL` references from concatenated modules (esbuild builds worker bundles with `sourcemap: true`, and when webpack bundles the module entry point it preserves comments from source modules). This causes the `verify:source-maps` build check to fail:
```
Warning: The build/wp-includes/js/dist/script-modules/vips/worker.js file must not contain a sourceMappingURL.
```
Adding the `/g` flag ensures every occurrence is removed, consistent with the existing `replace:source-maps` Grunt task which already uses the global flag.
Fixes the build failure reported in https://github.com/WordPress/wordpress-develop/pull/10968#issuecomment-3920484908.
Developed in https://github.com/WordPress/wordpress-develop/pull/10970.
Props adamsilverstein.
See #64393.
Built from https://develop.svn.wordpress.org/trunk@61677
git-svn-id: http://core.svn.wordpress.org/trunk@60985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a registry class to mediate access to a library of SVG icons. These
icons can be queried by directly interfacing with the singleton class
`WP_Icons_Registry`, or via the REST API using the following GET endpoints:
- /wp/v2/icons
- /wp/v2/icons/$name, e.g. /wp/v2/icons/core/audio
Modifies the Gutenberg-to-Core copy process to copy from `@wordpress/icons`:
- the icons (SVG files) to `wp-includes/icons/library/*.svg`
- the manifest file to `wp-includes/icons/manifest.php`
For 7.0, the registry remains closed to third-party icons, serving only core
icons per the manifest file.
Together, these APIs power the new Icon block.
Developed in https://github.com/WordPress/gutenberg/pull/72215
Developed in https://github.com/WordPress/gutenberg/pull/74943
Developed in https://github.com/WordPress/wordpress-develop/pull/10909
Props mcsf, wildworks, fabiankaegy, joen, jorgefilipecosta, ntsekouras.
Fixes#64651.
Built from https://develop.svn.wordpress.org/trunk@61674
git-svn-id: http://core.svn.wordpress.org/trunk@60982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Gutenberg build copy script was missing `constants.php` from its list of
PHP infrastructure files, causing a fatal error on the Font Library admin page.
Additionally, the `--base-url` argument was missing a trailing slash inside the
`includes_url()` call, resulting in malformed asset URLs.
Also renames the `--fast` build flag to `--skip-types` to match the current
Gutenberg build script option.
Props youknowriad, ellatrix, dd32, westonruter, desrosj.
Fixes#64656.
Built from https://develop.svn.wordpress.org/trunk@61673
git-svn-id: http://core.svn.wordpress.org/trunk@60981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$context` parameter in `sanitize_term_field()` is required and has no default value in the function signature. The PHPDoc previously stated `Default 'display'`, which was incorrect and could lead callers to assume the argument was optional.
Follow-up to [49789].
Props audrasjb, dilipbheda, johnbillion, mindctrl, mukesh27, Presskopp, rollybueno, SirLouen, vishalkakadiya, wildworks
Fixes#63257.
Built from https://develop.svn.wordpress.org/trunk@61672
git-svn-id: http://core.svn.wordpress.org/trunk@60980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow skipping serialization for the `ariaLabel` block support. This enables applying the `aria-label` attribute to inner elements instead of the block wrapper.
Follow-up to [59925].
Props mukesh27, wildworks.
Fixes#64594.
Built from https://develop.svn.wordpress.org/trunk@61671
git-svn-id: http://core.svn.wordpress.org/trunk@60979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These legacy certificates have historically been retained in the certificate bundle so some ancient versions of OpenSSL continue to work with the bundle despite path discovery bugs in those versions.
The affected OpenSSL versions are all over a decade old now. To ensure the ongoing security of the HTTP API these 1024 bit certificates have been removed.
Props kkmuffme, JavierCasares, desrosj
Fixes#64063
Built from https://develop.svn.wordpress.org/trunk@61669
git-svn-id: http://core.svn.wordpress.org/trunk@60977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
