Miscellaneous developer changes in WordPress 6.2

Update on 8 March 2023: Add sections about oEmbed providers, search_columns argument, and privacy-policy attribute.

WordPress 6.2 brings more new hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and methods, as well as security updates.


The Media component brings another filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output., wp_get_attachment_link_attributes which allows developers to filter the link attributes when getting the attachment link. See #41574.

Besides the new filter, Media has a new method for setting Imagick time limit, WP_Image_Editor_Imagick::set_imagick_time_limit(). PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher timeout during the ImageMagick operation can cause multiple problems, such as temporary files not being cleaned by ImageMagick garbage collection. The cause of such a timeout is hard to pinpoint as no clear error is provided.

This method is expected to be run before heavy image routines. It is used in ::resize() and ::crop() and it aligns Imagick’s timeout with PHP’s timeout, assuming it is set, which will resolve the cleaning of temporary files issue. See #52569.

The wp_ajax_save_attachment action hook is renamed to wp_ajax_save_attachment_updated to avoid confusion with the similarly named wp_ajax_save-attachment action. See #23148.

Login and Registration

The new release of WordPress will disable spellcheck for password fields. However small this change might seem at first, spellcheck is considered a security and privacy concern by MDN. The specification does not regulate how spellchecking is done and the element’s content may be sent to a third party for spellchecking results. Thus, it is recommended to set spellcheck attribute to false for elements containing sensitive information, which is the case for password fields. See #56763.

Improvements in writing CSSCSS Cascading Style Sheets.

Position CSS properties (positiontoprightbottomleft, and z-index) are added in safe_style_css filter (#57504) to support sticky position blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. support. Read more about it in a dev notedev note Each important change in WordPress Core is documented in a developers note, (usually called dev note). Good dev notes generally include a description of the change, the decision that led to this change, and a description of how developers are supposed to work with that change. Dev notes are published on Make/Core blog during the beta phase of WordPress release cycle. Publishing dev notes is particularly important when plugin/theme authors and WordPress developers need to be aware of those changes.In general, all dev notes are compiled into a Field Guide at the beginning of the release candidate phase.:

Another improvement in writing CSS happened in #57664, where the aspect-ratio is added as a valid property in kses.

RevisionsRevisions The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision.

WordPress 6.2 introduces a new filter for wp_save_post_revision(), wp_save_post_revision_revisions_before_deletion. It allows extenders to exclude specific revisions from being considered for deletion. See #57320.

Example of using this filter to delete all but the oldest revision:

        function( $revisions, $post_id ) {
                $original_revision = get_transient( 'original_revision_for_post_' . $post_id );
                if ( $original_revision ) {
                        // Always remove the oldest revision from the array of revisions to potentially delete.
                        unset( $revisions[ $original_revision ] );
                } else {
                        // Set the oldest revision in a transient, so we can verify that it is always ignored.
                        $original_revision = array_key_first( $revisions );
                        set_transient( 'original_revision_for_post_' . $post_id, $original_revision );
                return $revisions;

Props to @audrasjb for the snippet.

HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.

Changes in HTTP API modify WP_Http::make_absolute_url() to prevent it from dropping URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org fragments, which, in turn, fixes the same issue for links_add_base_url(). If you wish to maintain the legacy behaviour, include strip_fragment_from_url(). See #56231.

Changes in oEmbed providers

Mixcloud oEmbed URL was updated to their new domain. The old endpoint https://www.mixcloud.com/oembed was replaced with https://app.mixcloud.com/oembed. Old URLs will be automatically redirected by Mixcloud to the new endpoint.

See ticketticket Created for both bug reports and feature development on the bug tracker. #57376 for more information.

oEmbed Support was added for crowdsignal.net surveys. Crowdsignal has a block-editor powered survey/project editor. Surveys created using this editor appears on `*.crowdsignal.net` when published. WP 6.2 adds oEmbed support for these URLs to embed Crowdsignal surveys.

See ticket #57543 for more information.

Props to @audrasjb for the dev note.

Introducing the search_columns argument to control which fields are searched in a search query

Previously, the s argument of the WP_Query::parse_query() method searched the post_title, post_excerpt, and post_content fields, with no way of controlling this apart from using the posts_search filter and adjust the SQL manually.

WordPress 6.2 adds the ability to specify which fields are searched when performing a query, using the search_columns argument.

For now, only the default post_title, post_excerpt and post_content columns are allowed, but it may be extended on further releases of WordPress.

The default value of the  search_columns argument is: array( 'post_title', 'post_excerpt', 'post_content' ).

The example below will search for posts containing  foo in their excerptExcerpt An excerpt is the description of the blog post or page that will by default show on the blog archive page, in search results (SERPs), and on social media. With an SEO plugin, the excerpt may also be in that plugin’s metabox. (post_excerp column), excluding post_title and post_content columns.

$my_query = new WP_Query(
		's'              => 'foo',
		'post_type'      => 'post',
		'search_columns' => array( 'post_excerpt' ),

See ticket #43867 for more information.

Props to @audrasjb for the dev note.

Introducing the privacy-policy rel attribute on Privacy Policy links

WordPress 6.2 introduces a new rel="privacy-policy" attribute to user-facing links to the Privacy Policy of the website when a privacy policy page is set and available.

The rel attribute defines the relationship between a linked resource and the current document. While adding a  rel value for privacy policy links is still a RFC of the Link Types HTML specification, the WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team decided to implement it, to help make Privacy Policy links more discoverable for user agents and HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. parsers.

As of WP 6.2, all links generated via get_the_privacy_policy_link() will return the following markup:

<a class="privacy-policy-link" href="PRIVACY_PAGE_URL" rel="privacy-policy">PRIVACY_PAGE_TITLE</a>

For more information, see ticket #56345.

Props to @audrasjb for the dev note.

Props to @webcommsat, @bph for the peer review.

#6-2, #dev-notes