Archives

Jake Spurlock 8:10 pm on September 22, 2020  

Facebook and Instagram embeds to be deprecated October 24th

9/24/2020: Updated the post to reflect that the oembed_cache post type is only used for caching oEmbeds used within widgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. content. Also added a reference to the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker. focused on removing the oEmbed support. @desrosj

Facebook recently announced that all oEmbed requests for Facebook and Instagram content will be deprecated on October 24th, 2020. These APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. requests are at the backbone of both GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ and the Classic Editor to embed videos, pictures, updates, and more from the popular social platforms.

Changes to tokenless access for User Picture and FB/IG OEmbed endpoints: By October 24, 2020, developers must leverage a user, app, or client token when querying Graph API for user profile pictures via UID, FB OEmbeds and IG OEmbeds. Developers should provide a user or app token when querying for profile pictures via a UID or ASID, though client tokens are supported as well. Please visit our changelog for User PictureFacebook OEmbed and Instagram OEmbed for details on how to start calling these Graph API endpoints today.

Facebook for Developers

In response to this change, WordPress will be removing Facebook and Instagram’s oEmbed endpoints from WordPress Core code. This change will likely be released in WordPress 5.6. But, if a 5.x minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. occurs after October 24th and before 5.6 (currently scheduled to be released on December 8, 2020), it could be included in that release. Gutenberg 9.0 recently removed support.

If you are a WordPress user or developer that is using Facebook or Instagram embeds, there are some community plugins that aim to bring support. For continued support, sites or applications will need to register developer accounts with Facebook, and add the relevant API keys to all requests.

Because oEmbed responses are cached in the database using either post metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. or the hidden oembed_cache post type (currently used only in widgets), any embed added prior to the October 24th deadline will be preserved past the deprecation date. These posts are not purged by default in WordPress Core, so the contents of the embed will persist unless manually deleted.

Any new embeds added after the October 24th deadline will return the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org as a link if the Graph API request is not performed using a token.

To follow along with the changes to address this in WordPress Core, check out the ticket on Trac (#50861).

Props @francina, @desrosj, @clorith for proofread and review.

Kira Schroder 9:55 am on July 27, 2020
Tags: ,   

Opcode Cache Invalidation in WordPress 5.5

Before 5.5, WordPress relied on hosting provider or user settings and plugins to handle purging or invalidating of coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and theme PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher changes. This resulted in problems for users like PHP fatal errors when a cached file included a file that had been deleted during an update.

As of [48160], WordPress attempts to invalidate PHP files when Core, Plugins, or Themes are updated.

To help with this, a new function is available, wp_opcache_invalidate(), a safe-to-call-directly wrapper for PHP’s native opcache_invalidate(). In order to avoid PHP warnings, the function handles the checks necessary to see whether OPcache is available, and whether invalidation is allowed by the current PHP settings.

function wp_opcache_invalidate( $filepath, $force = false )

The function includes a new filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output., wp_opcache_invalidate_file, which allows disabling WordPress’ invalidation by file, in case it is necessary due to platform concerns, or there are certain files that a user wants to keep from being invalidated.

You can skip invalidation for one file like this:

// Disable opcode cache invalidation for `/path/to/myfile.php`.
function disable_myfile_invalidation( $will_invalidate, $filename ) {
    if ( '/path/to/myfile.php' === $filename ) {
        return false;
    }

    return true;
}
add_filter( 'wp_opcache_invalidate_file', 'disable_myfile_invalidation', 10, 3 );

Or disable it entirely:

// Disable all of WordPress' opcode cache invalidation:
add_filter( 'wp_opcache_invalidate_file', '__return_false' );

Does this change fix the issues you’ve been having with opcode cache invalidation?

Please test and leave a comment here or open a ticket if you run into problems, have concerns, or need additional hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. for your use-case.

Thanks to @aaroncampbell for review!

#5-5, #dev-notes

Jb Audras 11:45 pm on June 24, 2020
Tags: 5.4.3, , ,   

Devchat meeting summary – June 24th, 2020

@whyisjake led the chat on this agenda.

Highlighted/Need Feedback Blogblog (versus network, site) Posts

A few blog posts and announcements were shared by @whyisjake and others:

  • GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ 8.4 has been released: What’s new in Gutenberg – June 24, 2020
  • A date/time has been solidified for APAC specific triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. sessions: New date and time for APAC triage sessions
  • @audrasjb announced that @ryokuhi was elected to replace him as AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) Team RepTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts., alongside @nrqsnchz.
  • @jorbin has recently published a proposal on moving git repositories away from master as the main branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch". name to using trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision.: Proposal: Update all git repositories to use trunk instead of master. This work is already on track.
  • @sergeybiryukov published a proposal to change some of the workflow related keywords to be more inclusive: Rename “invalid”, “worksforme”, and “wontfix” ticket resolutions

Upcoming releases

WordPress 5.4.3

WordPress 5.4.2 has been simmering for a few weeks now, and milestone 5.4.3 is open on Trac.

Right now, the majority of the tickets are related to theme updates, with one regressionregression A software bug that breaks or degrades something that previously worked. Regressions are often treated as critical bugs or blockers. Recent regressions may be given higher priorities. A "3.6 regression" would be a bug in 3.6 that worked as intended in 3.5.. As there is less than 2 weeks before WordPress 5.5 betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 1, the main effort is currently concentrated on milestone 5.5.

WordPress 5.5

WP 5.5 Release coordinator @whyisjake shared that beta 1 is roughly two weeks away (July 7, 2020), and there are still around 230 open tickets in the milestone.

@davidbaumwald will bump the remaining early tickets at the end of the week. There are currently 13 tickets marked as early in the milestone. He also shared a general reminder: Beta 1 is the deadline for Feature Requestfeature request A feature request should generally begin the process in the ideas forum, on a mailing list, as a plugin, or brought to the attention of the core team, such as through scope meetings held for each major release. Unsolicited tickets of this variety are typically, therefore, discouraged. and Enhancementenhancement Enhancements are simple improvements to WordPress, such as the addition of a hook, a new feature, or an improvement to an existing feature. type tickets.

@desrosj shared a list of all feature request and enhancement tickets currently in the 5.5 milestone (88).

@pbiron asked if “enhancements” to the three feature plugins merged in WP 5.5 are allowed to be committed after beta 1. @clorith answered Feature plugins should not need enhancements post-merge. However, small enhancements can be labelled as a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority., for example if the enhancement aims to reduce false positives, like #50437 does.

@sergeybiryukov also recommended to branch the next milestone (5.6) right after Beta, so enhancements and other bug fixes could go to trunk for 5.6 and not loose their momentum.

Components check-in and status updates

@antpb shared the Media team next meeting agenda.

@azaozz asked for help with the Test jQuery Updates plugin. Feedback are welcome ont the text/explanations in it, and with the readme file, etc. The pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party is expected to be officially released very soon.

Open Floor

@joyously pointed some tickets that may benefits to plugins and themes auto-updates feature. Her proposal is to add more information to the auto-update email notifications. In the case of themes, adding information from the changelog. @audrasjb to make sure to raise those points during the next auto-updates team meeting.

@carike asked to consider removing coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel from the channels that are auto-joined for Slack. It would be less stressful to try to orientate new users in an environment that is less technically-focused and/or not quite as large as core Slack channel. Everyone agreed this proposal makes sense. @aaroncampbell proposed to use a welcome channel that is locked but had a message with the main channels for each group for people to click to join. A ticketticket Created for both bug reports and feature development on the bug tracker. is about to be opened on MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. to handle ad discuss this task.

#5-4-3, #5-5, #core, #summary

Francesca Marano 2:08 pm on January 31, 2020
Tags:   

Chat recap: Release Model Working Group – January 29, 2020

Today the kickoff meeting for the group happened at in the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. channel, based on this agenda. You can read the whole chat in Slack.

This recap is not in the order things were said, but in the order that (IMHO of course 🙂 ) makes more sense to see the project as a whole.

The Situation Now

As provided by @chanthaboune (thanks!)

  • We have some handbook documentation that has most of the steps plus some out of date things
  • We are lacking full documentation of the interior processes (knowing that some are irresponsible to publish in their entirety).
  • We are also lacking which steps are
    1. out of date
    2. contingent on other steps
    3. should be tied to particular timeframes
    4. automatable

Short introduction of the scope of the group

The increase of the cadence is not a foregone conclusion. The working group is here to research and document.

By documenting the existing release process, the group can:

  • Evaluate the technical changes needed to speed up the release process
  • Evaluate if those changes are doable with the existing resources and tools

The end result will be a few factual, non-opinionated documents which outline the above.

So! What is the group actually working on?

This point sparked a lively conversation! After a bit of back and forth, the group decided to adopt an existing document, put together by @chanthaboune over two years (thanks, again!): it divides the release into phases that group types of work needed.

Some of the attendees have already expresses interest in some specific areas:

  • @aaroncampbell is interested in helping document out the jobs of, and needs/struggles of, the security team.
  • @francina and @audrasjb are interested in the pre-kickoff phase:
    • Talk to leads, committers, and component maintainers.
    • Set a scope
    • Set a schedule
    • Etc…
  • @pandjarov (who wasn’t present, so @francina represented his commitment) is ready to work on E2E tests. These have been identified as a must-have even if the release model doesn’t change.
  • @amykamala is available for general project management and help with facilitating/coordinating E2E testing improvements with the hosting team + document.
  • @clorith can track down all the various teams touched by a release.
  • @marybaum is interested in the human side: making sure we have enough people at any stage and make sure there are backups.

Action item: go over the Google Spreadsheet, see if there is a topic that you are familiar with and it sparks joy. If yes, please see below and start working on it based on the workflow suggested.

Tools

We will be using GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/.

A repo has been created and we can use the Project feature to keep track of the process.

The workflow will be (at least for now, so we can test it):

  1. Create an issue for the topic researched.
  2. All comments, research, findings will be added as comments. This will help keep the discussion focused.
  3. Once the research is ready, recap and move it to a document

Proposed meeting times

  • 1st and 3rd Wednesday, at 20:00 UTC (alternating with the New Contributors chat and back to back with Dev Chat)
  • 1st and 3rd Wednesday, at 8:00 UTC for APAC

Action item: times to be confirmed by group members.

All right, that’s a lot of info: what is next?

  1. Please confirm in the comments that the proposed meeting times are ok and if you are available to facilitate the chats.
  2. @francina – I will create the first issue on GitHub as an example. Done.
  3. Everyone interested: adopt a topic and get working 🙂 PingPing The act of sending a very small amount of data to an end point. Ping is used in computer science to illicit a response from a target server to test it’s connection. Ping is also a term used by Slack users to @ someone or send them a direct message (DM). Users might say something along the lines of “Ping me when the meeting starts.” me if you need to be added to the repo. Use the first issue as an example if you wish.

Thank you for making WordPress, now let’s get working!

#release-process

Gary Pendergast 2:11 am on August 26, 2019
Tags: , , , , ,   

APAC Triage and Bug Scrub Sessions

Living in APAC timezones can be difficult. From waking up at 3am for meetings, to flying 20+ for WCUS or WCEU (WCAsia is coming to fix that!), to hearing “what’s it like living in the future?” jokes for the millionth time. One thing that shouldn’t be hard is contributing to WordPress, and it’s time to make that even easier, with APAC-friendly triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. and bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrub sessions.

You may have already seen GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ meetings happening every second week for the last few months, but starting Thursday at UTC 0600, we’ll alternate each week between working on WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., and Gutenberg! This week, join in the fun in the #core SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel for a WordPress Core bug scrub. Next week, the party will be in the #core-editor Slack channel, for a Gutenberg bug scrub. 🎉

The meeting lead will pick a report to work through, but if there are particular issues you’d like to get more eyes on, or you have a patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing./PR that you’d like reviewed, this is the place to bring it up!

#apac, #bug-scrub, #core, #core-editor, #gutenberg, #triage

Ian Dunn 7:45 pm on August 7, 2019
Tags: ,   

Proposal: Auto-Update Old Versions to 4.7

Foreword: To help anchor some of the main concerns from the comments, I’d like to highlight a few important points in this post. – Josepha

  • This post contains a careful roll out plan. This would not be be a sudden and un-communicated change.
  • There will be options for site admins to opt-out of the update with clear instructions starting 30 days prior.
  • This would apply to small segments of each version sequentially, not all at once. This helps us check the updates in batches and limit the risk of breaking sites irrevocably.

Based on the ideas in last week’s discussion, I’d like to propose a new policy regarding backporting security fixes to old versions, and a plan to implement it.

Policy

Note: This has been edited since it was published, to incorporate feedback from the comments.

Apply security updates to the latest 6 versions, and slowly auto-update insecure sites to the oldest secure version.

That would mean that the currently secured versions would be 4.7 - 5.2, and the 3.7 - 4.6 branches would eventually be auto-updated to 4.7.

In practice, that’d provide roughly 2 years of security fixes for each branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"., and roughly 10% of current sites would eventually be auto-updated to 4.7. Security fixes would not be guaranteed for any specific length of time, though. Once 5.3 is released, 4.8 would become the oldest secured version.

A set number of versions creates a consistent limit on the amount of work required to backportbackport A port is when code from one branch (or trunk) is merged into another branch or trunk. Some changes in WordPress point releases are the result of backporting code from trunk to the release branch. security fixes. Auto-updating insecure versions allows us to continue protecting older sites, rather than seeing them fall into the hands of spammers and criminals.

Implementation Plan

Auto-updating major versions is already a relatively safe process, because of WordPress’ commitment to backwards-compatibility, and the robust safety checks and rollback feature included in the auto-update system. However, this should still be done cautiously, to avoid breaking any sites.

A small subset of sites would be tested first, so that any problems can be identified and corrected before the majority of sites are updated. Sites would be updated one version at a time, to minimize the number of things that could go wrong.

Auto-updates of old branches would be done at a different time than new releases, to avoid a situation where there could be multiple problems to troubleshoot at once.

The process for auto-updating insecure versions would look like this:

Note: This has been edited since it was published, to incorporate feedback from the comments.

  1. Publish a post on wordpress.org/news, to inform the wider world about the upcoming updates as far in advance as possible. A specific date for updates will not be known at this point, but it will be at least 6 weeks in the future.
  2. Release 3.7.30 - 4.6.15, which will:
    1. Allow admins to opt-out of major auto updates by clicking a simple button.
    2. Email all site admins/editors to ask them to upgrade to the latest version, and inform them that their site will be auto-updated to 3.8 in the near future if they don’t opt-out. It will link to some documentation with more details, and include a link that they can click to opt-out. They’ll be warned about the security implications of opting-out. Editors won’t be able to directly install the update, but they can reach out to admins who can.
    3. Add an adminadmin (and super admin) notice within wp-admin, containing similar information as the email. The notice will be visible to all site users.
    4. If users opt out, they will no longer get the emails asking them to update, but will continue seeing the wp-admin notices.
  3. Test auto-updating 3.7 to 3.8 against test sites, and make any necessary improvements to the auto-update system.
    1. One necessary modification would be to email the site owner if the auto-update fails and is rolled back to 3.7. The email should be a strongly-worded warning, letting them know that their site could not be upgraded to a secure version, and that they should manually update immediately. If they don’t update, it’s almost guaranteed that their site will be hackedhacked eventually.
    2. Similarly, if the auto-update fails and the user is stuck on an insecure version, an admin notice should be displayed in wp-admin with a warning similar to the email above. This would replace the pre-release banner from 3.7.30 described above.
    3. We could potentially look into ways to make an educated guess about the chance of an undetectable error, and abort the update on those sites, to minimize the risk of breaking something. For example, if a known incompatible pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party is installed. In those cases, we’d want to send the admin the same warning email & admin notice, letting them know that they’re stuck on an insecure version, and need to manually update immediately.
  4. Update the Core handbook with details on the new process, so that everyone knows how to deployDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. major auto-updates.
  5. Publish a document on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ explicitly stating a support policy, to avoid confusion.
    1. Only the latest major version is officially supported and guaranteed to receive security updates.
    2. There are no LTS releases, and all releases older than the current release are EOL.
    3. We make an effort to backport security fixes to the previous 5 major releases, but no guarantee is made, as sometimes it is not feasible or practical.
    4. Everyone is strongly recommended to always run the latest major version.
  6. T-30 days: Release 3.7.31, which will:
    1. Send all site admins and editors a 2nd email, similar to the 1st, letting them know that their site will be auto-updated to 3.8 in 30-45 days, and include instructions to opt-out, etc.
    2. Update the 3.7.30 wp-admin notice to include the date range of the impending update.
    3. Include any necessary improvements to the auto-update system, as described in step 3.
  7. Deploy the auto-updates in phases:
    1. The general process would be to deploy to a subset of 3.7 sites, then wait 1 week to see if any issues are reported. If anything unexpected happens, the process can be paused in order to fix those issues, and then restarted.
    2. T-0 days: Deploy to 2% of 3.7 sites, selected randomly to get a representative sample.
    3. T+7 days: Deploy to another 18%.
    4. T+14 days: Deploy to the remaining 80%.
  8. If all goes well, the process can be repeated to update 3.8 sites to 3.9, and so on until all sites are running 4.7. Some of the steps can be automated to make the process easier in the future.

Feedback

  • Overall, would you like to move forward with the general approach of this policy/plan?
  • Would you make any tweaks to improve it?

Update: The policy and implementation plan have been updated to clarify some miscommunications that were revealed in the comments:

CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’s official policy has always been to only support the latest version, and this proposal does not intend to change that. It only means to impact the number of versions that we backport to, and to start auto-updating very old versions to a more recent version.

This is consistent with — and moving towards — the Core team’s pre-existing long-term plan of getting to the point where all WordPress sites are running the latest version automatically and transparently, similar to how Chrome and other modern software work.

Older versions are not guaranteed to receive all security updates, since that is not always possible. The versions that receive updates would not be considered LTS versions; they would only receive the security updates that are feasible to backport. Everyone should always run the latest version.

This proposal is not intended to become permanent. It seems like a prudent action for the current situation, but like everything else, it should be re-evaluated in the future, as the situation changes.

#auto-update, #security

designsimply 10:30 pm on February 7, 2019
Tags: ,   

Media Meeting Recap – February 7, 2019

Overview

The following is a summary of the weekly media component meeting that occurred on Thursday, February 7, 2019. Weekly media meetings are held every Thursday at 21:00 UTC. A full transcript can be found here in the #core-media room in the Make WordPress Slack.

Attendees: @antpb, @aaroncampbell, @mikeschroder, @designsimply, @sergeybiryukov, @pbiron, @swinterroth, @dave_navarro

Triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors.

The agenda today was extended ticketticket Created for both bug reports and feature development on the bug tracker. triage for this list.

  • #41753: _wp_get_attachment_relative_path uses hardcoded uploads directory path: noted that it affects multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site and needs testing.
  • #41816: attachment_url_to_postid() should find post_id for URLs of intermediate size images: patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. was previously abandoned because the heuristic wasn’t reliable, @pbiron will dig up the gist and leave a comment. In summary: #44095 and #42437 need to be fixed before moving forward with a revised patch for #41816.
  • #41922: Gallery hard to open for edit – rtl (hebrew) version: @antpb will test and leave feedback in the ticket.
  • #42063: Media: Indicate if image is used as a site option: @mikeschroder will leave a reply. It’s already future release.
  • #42487: Avoid redundant crops for all CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. media controls: moved to future release.
  • #42751: Can we please enqueue media-views independently? @antpb offered to move the question about how mediaelement CSSCSS Cascading Style Sheets. is loaded to a separate issue. No consensus on the original question, left in awaiting review.

Next meeting

The next weekly media meeting will be held on Thursday, February 14, 2019, at 21:00 UTC in the #core-media room in the Make WordPress Slack.

#media, #summary

Joe McGill 2:29 am on January 31, 2019
Tags: , ,   

Dev Chat Summary: January 30th

This post summarizes the weekly dev chat meeting from January 30th (agendaSlack archive).

5.1 updates

BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 3

5.1 Beta 3 was delayed by 24 hours following issues with the PHP error recovery (aka WSOD) feature. The current plan is to release beta 3 a few hours following the dev chat today.

Schedule update

Remaining planned schedule dates remain the same, with RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 1 and a hard string freeze on February 7 and a final release planned for February 21.

See also: WordPress 5.1 Development Cycle

Dev notesdev note Each important change in WordPress Core is documented in a developers note, (usually called dev note). Good dev notes generally include a description of the change, the decision that led to this change, and a description of how developers are supposed to work with that change. Dev notes are published on Make/Core blog during the beta phase of WordPress release cycle. Publishing dev notes is particularly important when plugin/theme authors and WordPress developers need to be aware of those changes.In general, all dev notes are compiled into a Field Guide at the beginning of the release candidate phase. status report

All but three dev notes planned for 5.1 have been published

@desrosj is continuing to coordinate 5.1 dev notes. There are also plans to release a Field GuideField guide The field guide is a type of blogpost published on Make/Core during the release candidate phase of the WordPress release cycle. The field guide generally lists all the dev notes published during the beta cycle. This guide is linked in the about page of the corresponding version of WordPress, in the release post and in the HelpHub version page. for 5.1 on the day that RC1 is released. If any component maintainers have information they would like to have included in the Field Guide, please provide them to @desrosj before February 6, 2019.

Updates from focus reps and component maintainers

Meeting notes and summaries

Other calls/proposals

  • The REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. team is aiming to have owners for every ticketticket Created for both bug reports and feature development on the bug tracker. milestoned for WordPress 5.2, so could use more help if people are looking for tickets to work on.

PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher error recovery (WSOD) update

Earlier this week, security concerns were raised about this feature, which ultimately has lead to the decision by the #core-php team to revert this feature from 5.1 and try again in 5.2 in order to adequately address the issues identified. For additional context, people can reference the original ticket (#44458) and the new ticket created to track new refinements (#46130).

Continued work on this feature will be coordinated in #core-php on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. and during weekly meetings on Mondays at 16:00 UTC.

Additional follow up

  • @flixos90 is in touch with the original reporter of the security concern.
  • @aaroncampbell agreed to follow up with the author of the ZDNet article to inform them about the feature being removed. The article has since been updated to reflect this change.
  • From a marketing perspective, @joostdevalk reminded that because of the open nature of our project, these kinds of things are going to happen, which isn’t itself a concern, as long as we are actively following up.

Open floor

@kadamwhite mentioned that the upcoming GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ roadmap would likely require enhancements to the REST API in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. and suggested that there be closer coordination between the editor team and the REST API team regarding implementation of new features or enhancements.

It was suggested that when new features require knowledge from other teams, that the people working on those features reach out via component slack channels or in comments to component/team meeting notes, which should be published consistently by all active teams.

#5-1, #dev-chat

Joe McGill 11:33 pm on January 17, 2019
Tags: , ,   

Media Meeting Recap – January 17, 2019

Overview

This post is a summary of the latest weekly Media component meeting, which took place in the #core-media SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel, on Thursday, January 17, 2019 at 21:00 UTC. The purpose of these meetings are to move priority tasks forward, provide feedback on issues of interest, and review media focused issues.

Attendees: @joemcgill @mikeschroder @karmatosed @desrosj @antpb @aaroncampbell @designsimply

Transcript: Read on Slack

5.1.0 Triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors.

Earlier in the day, @aaroncampbell, @mikeschroder, and @desrosj cleared the list of tickets reported against trunk awaiting review.

During the meeting, attendees scrubbed the remaining Media tickets in the 5.1.0 milestone.

  • #40590: wp_video_shortcode always adds controls=”controls”: The team wasn’t confident in the current approach. Punted to future release.
  • #45407: Add blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. attributes to wp_calculate_image_sizes to allow for proper handling of sizes attribute: This doesn’t seem to be ready for 5.1 but @joemcgill will make a final determination this week.
  • #40175: Upload Validation / MIME Handling: @joemcgill uploaded a patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. this week. @pento reviewed and this will likely fall out of 5.1 and be marked for early 5.2. Testing/feedback is appreciated.
  • #44563: WordPress 4.9.7 Media delete changes break plugins deleting media via stream wrappers: No movement this week, punted to future release.
  • #44760: Media library module dates filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. doesn’t fully display: @mikeschroder is owning and will either commit or puntpunt Contributors sometimes use the verb "punt" when talking about a ticket. This means it is being pushed out to a future release. This typically occurs for lower priority tickets near the end of the release cycle that don't "make the cut." In this is colloquial usage of the word, it means to delay or equivocate. (It also describes a play in American football where a team essentially passes up on an opportunity, hoping to put themselves in a better position later to try again.).
  • #44836: Uploaded pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party installation page: There is an extra tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) messing with a link: No movement. Punted to future release.
  • #45633: finfo_file() returns text/plain for jsonJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. file instead of application/json: This is punted to future release, pending #40175.
  • #43826: get_post_galleries() should return gallery blocks: This remains a blessed task for now.
  • #45707: Add parameter $real_mime to wp_check_filetype_and_ext: This might land as a relief while #40175 is pending, as long as it doesn’t introduce future compatibility challenges.

Recent TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. Bulk Edit

The team discussed how we should handle the recent bulk edit closing of tickets. Of the tickets closed, 163 are Media component tickets. The general consensus is that we shouldn’t leave them as wontfixwontfix A resolution on the bug tracker (and generally common in software development) that indicates the ticket will not be addressed further. This may be used for acceptable edge cases (for bugs), or enhancements that have been rejected for core inclusion. but no final decisions were made. Next steps are for everyone to leave feedback on the original P2P2 A free theme for WordPress, known for front-end posting, used by WordPress for development updates and project management. See our main development blog and other workgroup blogs. about how to handle this project wide, and we will plan to make a decision about Media tickets next week.

Next meeting

The next #core-media meeting is set for Thursday, January 24, 2019, 21:00 UTC. Leave any agenda suggestions in the comments of this post. See you there!

#media, #summary

Anthony Burchell 4:22 pm on December 27, 2018  

Media Meeting Recap – December 21

Overview

This post is a summary of the latest weekly Media component meeting, which took place in the #core-media SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel, on Thursday, December 21, 2018. The purpose of these meetings are to move priority tasks forward, provide feedback on issues of interest, and review media focused issues.

Attendees: @aaroncampbell @joemcgill @mikeschroder @karmatosed @desrosj @sheri @paaljoachim @antpb

Transcript: Read on Slack

Media triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors./discussion

This meeting focused on triage and to save you from the repetition of the process let’s just focus on the biggest of the issues discussed:

There was an influx in MIME related issues in the uploads sub-component over the last week. @joemcgill stated that he and @tellyworth are working toward resolution in this. The main ticketticket Created for both bug reports and feature development on the bug tracker. to focus attention on (and close duplicate issues in favor of) is: https://core.trac.wordpress.org/ticket/45615

Another issue discussed was: https://core.trac.wordpress.org/ticket/39968
There is an issue where on the last page of the Media Library, deleting all items in that page keeps you on the last page which no longer has content. A suggested fix is taking the page url and subtracting one from the current one if all items are deleted. The ticket has some high level conversation on those suggestions.

Playlist Usage

It was discussed that there is a need to determine a path forward for the playlist functionality in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. Currently, you can still create playlist content using the classic-blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. add media button. It may be time to discuss the possibility of deprecating this feature as usage does not seem to be high. We are in the process of gathering usage data. @aaroncampbell has graciously offered to attempt to pull some data from his wide user base around the beginning of the new year. There were many 👆emoji on @joemcgill‘s comment “we should not just remove it, but move it to a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party that might actually auto-install on sites that use the feature if we can detect it.” I would like to open this post’s comments up to any concerns folks may have in removing the playlist functionality.

Core ‘cruft’ to consider deprecating

The above conversation around feature depreciation led to an excellent point by @mikeschroder and @karmatosed about there needing to be a zoomed out view of deprecating old code and not focusing exclusively on features. @desrosj said “As you all enjoy your time off, try to think about cruft within the media component specifically we can work to retire.” I invite you all to use the comments of this post to identify those pieces that should be considered for retirement and we will review in our first Media meeting of 2019. 🙂

Next Meeting

The next #core-media meeting is set for Thursday, December 27, 2018 at 20:00 UTC This next meeting will be focused around triage as many of our normal attendees are on holiday. See you there!

#core-media, #media, #summary