WordPress Core Weekly – Aug. 24-30, 2015

Welcome back to the weekly core development recap post, with highlights from Trac changesets and other development updates for 4.4. This week’s update covers changesets [33721][33820], Aug. 24-30, 2015. That’s a lot of changes, but there are a few that developers need to be especially aware of:

  • File restructuring: new class and functions files have been introduced, and existing files used as loaders for the new files for backwards compatibility.
  • File and class documentation enhancements: ensuring every file gets a standard file header, even if that file only contains a class that is itself documented.
  • Switching themes now takes menu locations into account so the new theme (maybe) gets the locations of the current theme.
  • New hooks introduced: 'invite_user' (Multisite users) and 'wp_verify_nonce_failed'.
  • The Twenty Sixteen theme is being developed on GitHub.

Now on to the firehose…

Administration

  • Bump h3 headings to h2 on various admin screens for better accessibility:
  • Network Admin: Hide the bulk actions checkbox for super admins. [33777] #28529
  • Avoid PHP notices in redirect_canonical() and _wp_menu_item_classes_by_context() if $_SERVER['HTTP_HOST'] is not set. [33775] #32229

General

  • Remove error from the query variables when cleaning up a URL in wp_admin_canonical_url(). [33770] #32847
  • Prevent unintended password change after clicking “Generate Password” and then “Cancel” when editing a user profile. [33766] #33419
  • When wp_json_encode() calls json_encode(), the latter will generate warnings if the string contains non-UTF-8 characters. No one likes warnings, so we need to do something about that. [33747] #33524
  • Add oEmbed support for ReverbNation. [33745] #33207
  • Remove rounded corners from “Choose from the most used tags” result in Tags meta box. [33742] #31560
  • Add some more data for shortcode unit tests. [33740] #33455
  • Allow these CSS properties in KSES: min-height', 'max-height', 'min-width', 'max-width' [33739] #31949
  • Pass option name to option and transient filters with dynamic names. [33738] #28402
  • In get_home_url(), import the $pagenow global to avoid having to check if it exists before comparing against it. [33736] #33545
  • In WP_Users_List_Table::single_row(), $actions is not always set before being used. [33735] #33491
  • foreach is a statement, not a function. [33734] #33491
  • Instead of [33713], allow WP_Posts_List_Table::get_bulk_actions() to check edit_posts AND delete_posts. [33733] #29789
  • TinyMCE: ensure the wordpress plugin is loaded before calling _createToolbar(). [33728] #33393
  • With a few modifications in wp-admin/menu.php, we can eliminate the extra logic for Post and Page menu registration. Instead, they can just declare menu_position on post type registration. [33723] #16865
  • WP_Query: add changelog for the title param after [33706] [33722] #33074

Restructured some files for separation of purpose, so class files only contain classes, functions files only contain functions, and the existing file loads the new files for backwards compatibility.

Taxonomy

Move WP_Tax_Query into class-wp-tax-query.php and functions into taxonomy-functions.php; taxonomy.php contains only top-level code and loads the new files. [33760] #33413

Posts

Move WP_Post into class-wp-post.php and functions into post-functions.php. post.php contains only top-level code and loads the new files. [33759] #33413

Roles

Move classes into their own files, and functions into its own:

  • class-wp-roles.php
  • class-wp-role.php
  • class-wp-user.php
  • capbilities-functions.php

capbilities.php contains only top-level code and loads the new files. [33752] #33413

HTTP

Move classes into their own files and functions into its own:

  • class-wp-http-cookie.php
  • class-wp-http-curl.php
  • class-wp-http-encoding.php
  • class-wp-http-proxy.php
  • class-wp-http-streams.php
  • http-functions.php

http.php contains only top-level code and loads the new files, so this is 100% BC if someone is loading http.php directly.

class-http.php requires functions from http.php, so loading it by itself wouldn’t have worked.

WP_Http remains in class-http.php. [33748] #33413

Meta

Move WP_Meta_Query into class-wp-meta-query.php and functions into meta-functions.php. meta.php contains only top-level code and loads the new files. [33761] #33413

Rewrite

Move WP_Rewrite into class-wp-rewrite.php, functions into rewrite-functions.php, and constants into rewrite-constants.php. rewrite.php contains only top-level code and loads the new files.

The rewrite functions have all kinds of cross-dependencies (like WP_Query), so loading the file by itself would have been bizarre (and still is). [33751] #33413

Comments

Move WP_Comment_Query into class-wp-comment-query.php, and functions into comment-functions.php. comment.php contains only top-level code and loads the new files. [33750] #33413

Users

Move WP_User_Query into class-wp-user-query.php and functions into user-functions.php. user.php contains only top-level code and loads the new files. [33749] #33413

Widgets

Move classes and functions into their own files:

  • class-wp-widget.php
  • class-wp-widget-factory.php
  • widget-functions.php

widgets.php contains only top-level code and loads the new files. [33746] #33413

Docs

It’s important for every file in WordPress, regardless of makeup or architecture, to have its own file header, even if the file contains nothing but a class. When parsed, files and classes are mutually exclusive and should be documented with this in mind. [33755] [33756] #33413

  • Bring the file header and class DocBlock summaries for class-wp-widget.php in-line with the intention of the docs standard:
    • File headers: What the file is
    • Class DocBlocks: What purpose the class serves. Mentioning the class name in the class DocBlock is redundant [33816] #33413
  • Add inline-docblocks for the require_once() calls that now bring in the WP_Widget and WP_Widget_Factory classes, as well as general core widgets functionality, as of [33746]. [33758] #33413
  • Add a file header description and @since version to wp-includes/widget-functions.php, introduced in [33746].
    Also adds sub-section headers per the inline documentation standards for syntax. [33757] #33413
  • Add a file header to wp-includes/class-wp-widget-factory.php, created when the WP_Widget_Factory class was moved to its own file in [33746]. [33756] #33413
  • Correct the hook docs for the user_profile_update_errors action. [33769] #33537
  • After [33764], fix docblock formatting for wp_list_categories(). [33765] #33460
  • Use proper array documentation formatting for wp_list_categories().
    This changeset also corrects a few parameter descriptions, and adds a few that
    were previously missing. [33763] #33556
  • Fix copy pasta in wp_cache_decr() doc block. [33809] #33548
  • The type for the $t_time parameter in the post_date_column_time filter docs should be string, not array. [33731] #33540
  • Document the default comment data arguments for wp_new_comment(). [33730] #32369
  • After [33698], wrap the time constants in a DocBlock template. [33737] #33397
  • Clarify the return description for wp_create_user() to illustrate that a WP_Error object will be returned on failure. [33725] #33321

Add changelog entries for a variety of hook doc parameters added in [33738]:

hook parameter changeset/ticket
set_site_transient_$transient $transient [33794] #28402
site_transient_$transient $transient [33792] #28402
pre_delete_site_option_$option $option [33789] #28402
pre_add_site_option_$option $option [33788] #28402
pre_site_option_$option $option [33785] #28402
transient_$transient $transient [33783] #28402
option_$option $option [33779] #28402
pre_option_$option $option [33768] #28402
pre_set_site_transient_$transient $transient [33793] #28402
pre_site_transient_$transient $transient [33791] #28402
pre_update_site_option_$option $option [33790] #28402
site_option_$option $option [33787] #28402
default_site_option_$option $option [33786] #28402
pre_set_transient_$transient $transient [33784] #28402
pre_transient_$transient $transient [33782] #28402
update_option_{$option} $option [33781] #28402
pre_update_option_$option $option [33780] #28402
default_option_$option $option [33778] #28402

Themes

  • Get the correct theme when template and stylesheet were both passed as arguments. Fixes a bug introduced in [21131] where $new_theme got set before the second argument was
    appropriately handled, causing the current_theme option to later always be updated to the parent theme’s name. [33815] #32635

Widgets

  • Improve/update escaping in default widgets:
    • wrap some variables in esc_attr() before echoing
    • replace some strip_tags() calls with sanitize_text_field()
    • call esc_url() when wrapping some URLs [33814] #23012
  • Improve/update escaping in WP_Widget_Pages. [33813] #23012
  • Switch back to using array_key_exists() instead of isset() for widget instance existence check.
    Reverts unnecessary change in [32602] since array_key_exists() does actually work with ArrayIterator objects.
    Merges [33696] to the 4.3 branch. [33721] #32474, #33442

Customizer

Comments

  • Fix the doc block syntax for the 'wp_get_current_commenter' filter. [33811] #33304
  • get_comment_count() currently increments awaiting_moderation when comments are in the trash. This occurs because case 0: will match any value passed to switch that is a string that isn’t specified in the list of cases. This is terrifying.
    Cases for 0 and 1 should be '1' and '0'
    Add unit tests for get_comment_count(). Currently, there are none. [33806] #33414

I18N

  • Favor using the consistent and agnostic string ‘Attach’ over ‘Attach to a post’ in the media list table. [33810] #33515
  • Make a period translatable. [33802] #33594
  • Switching themes: if the new theme doesn’t have nav_menu_locations defined, but the old theme does, copy the old theme’s nav_menu_locations into the new theme’s theme mods. [33808] #18588

Media

  • Improve the reliability of the crop returned by image_get_intermediate_size() and add a bunch of unit tests to tests/image/intermediate_size.php. [33807] #17626
  • When inserting an image into a post, the values in wp.media.controller.Library should not default to linking the image when no user settings are present.
    The default display setting value for link is now none. User settings persist and will override or confirm this value based on user actions. [33729] #31467

Posts, Post Types

  • In get_post_type_labels(), ensure that filtered labels contain all required default values. [33776] #33543
  • Don’t change the View Post button permalink in the sample permalink HTML when updating the slug on a published or future post. [33773] #32954
  • Pass taxonomy name to filters in get_adjacent_post(). [33805] #33568
  • Make post meta box toggles accessible. [33762] #33544

Multisite

  • Improve the efficiency of is_user_member_of_blog() by removing its use of get_blogs_of_user(). Adds additional tests. [33771] #32472
  • Add 'invite_user' action that fires immediately after a user is invited to join a site, but before the notification is sent. [33732] #33008

Taxonomy

  • In wp_list_categories(), ‘current_category’ should accept an array of values. [33804] #33565
  • Introduce $hide_title_if_no_cats parameter to wp_list_categories(). [33764] #33460
  • Rename param added to wp_list_categories() in [33764] to $hide_title_if_empty. [33767] #33565
  • Term Splitting: Switch to a faster cron unschedule process to benefit sites with thousands of affected jobs. Fix the cron hook name in the failsafe rescheduler. [33727] #33423
  • In WP_Query::parse_tax_query(), allow ‘cat’ and ‘tag’ querystrings to be formatted as arrays. [33724] #32454, #33532

Date/Time

  • Simplify the weeks-per-year calculation WP_Date_Query::validate_date_values(). [33803] #30845

Users

  • Bring network admin user searching to parity with single site user searching by wrapping search terms in asterisks. This means that searches don’t require an exact match and therefore significantly reduces friction when searching for users on the network admin screens. [33801] #32913

Bundled Theme

Correct license information in readme.txt.

Text Changes

  • Drop the hyphen from e-mail and standardize on email.
    The AP Stylebook changed this in 2011, and we’re woefully inconsistent, so let’s go with the standard. [33774] #26156

Upgrade/Install

Security

  • Add 'wp_verify_nonce_failed' action that fires when nonce verification fails. [33744] #24030
  • Fire the check_ajax_referer action on failure as well as success. [33743] #33342

Build Tools

Thanks to @azaozz, @BinaryKitten, @boonebgorges, @bordoni, @Cheffheid, @chipbennett, @danielbachhuber, @dd32, @DeBAAT, @dimadin, @DrewAPicture, @ebinnion, @egill, @eherman24, @ericlewis, @garza, @hauvong, @helen, @janhenckens, @jjeato, @jmayha, @joedolson, @joehills, @joemcgill, @johnbillion, @KalenJohnson, @kitchin, @liljimmi, @luciole135, @mako09, @MikeHansenMe, @miqrogroove, @morganestes, @niallkennedy, @nikeo, @obenland, @Otto42, @pavelevap, @pento, @peterwilsoncc, @rachelbaker, @rhubbardreverb, @sammybeats, @sboisvert, @scribu, @SergeyBiryukov, @Shelob9, @tyxla, @Veraxus, @vilkatis, @Viper007Bond, @voldemortensen, @welcher, @westonruter, @wonderboymusic, and @yamchhetr for their contributions!

#4-4, #week-in-core