WordPress.org

Make WordPress Core

Updates from December, 2015 Toggle Comment Threads | Keyboard Shortcuts

  • Mike Schroder 10:22 pm on December 30, 2015 Permalink |
    Tags: ,   

    WordPress 4.5: What’s on your Wishlist? 

    A few weeks ago, I put out an initial call for volunteers for 4.5.

    In the spirit of the much-commented @wonderboymusic 4.4 Wishlist post, I’d like to extend the call a bit more.

    • What are you most interested in seeing in WordPress 4.5 — big, or small?
    • What are your or your users’ biggest pain points?
    • What do you see as the most important UX or performance low-hanging fruit to be solved?

    Look forward to hearing from you in the comments!

    The WordPress 4.5 kickoff chat will be next Wednesday, January 6, 2016 16:00 UTC-5.

     
    • Rami Yushuvaev 10:23 pm on December 30, 2015 Permalink | Log in to Reply

      Unifying permission error messages – https://core.trac.wordpress.org/ticket/34521

    • Patrick Daly 10:27 pm on December 30, 2015 Permalink | Log in to Reply

      Editorial Workflow…

      https://core.trac.wordpress.org/ticket/23314 – Allow published posts to be revised without being updated immediately

      https://core.trac.wordpress.org/ticket/12706 – Custom post status bugs in the admin

      • Andrew Nacin 2:54 am on January 3, 2016 Permalink | Log in to Reply

        Both great ideas. Both require a lot of careful planning, decision-making, and implementation. Proposals welcome (from everyone).

    • Mike Schinkel 10:36 pm on December 30, 2015 Permalink | Log in to Reply

      PHP7 as base requirement? 🙂

      • Michael Beckwith 10:39 pm on December 30, 2015 Permalink | Log in to Reply

        If only

      • Matt van Andel 10:50 pm on December 30, 2015 Permalink | Log in to Reply

        I’d wholeheartedly support a bump to 5.3, though.

        • Max Foundry 10:58 pm on December 30, 2015 Permalink | Log in to Reply

          Ditto and +1

        • Jeff Farthing 11:00 pm on December 30, 2015 Permalink | Log in to Reply

          This.

        • rkoller 11:02 pm on December 30, 2015 Permalink | Log in to Reply

          hm but 5.3 as well as 5.4 are already end of life. http://php.net/supported-versions.php . Wouldn’t it be a reasonable move to only support versions with an active support or at least with provided security fixes?

          • Matt van Andel 11:42 pm on December 30, 2015 Permalink | Log in to Reply

            The issue is hosting services that hold onto old versions of php far longer than they should. At this point both 5.3 and 5.4 should be supported by almost all of them precisely because they are so old. With that in mind, I think it’s time we officially bump the requirements.

            • Sybre Waaijer 4:21 pm on December 31, 2015 Permalink

              I think if WordPress would makes this call — as it’s a dominating factor on the internet — hosting providers will be sure to update ASAP to maintain good customer support and reliability. Or create i.e. specific WordPress Hosting Packages which abide to this standard.

          • Erlend Sogge Heggen 3:33 pm on January 1, 2016 Permalink | Log in to Reply

            As a gentle nudge from WordPress’ side, I think it’d be cool if WordPress installs running on EOL PHP versions (5.2, 5.3, 5.4) would show an infobar on the wp-admin.php page, just telling users something like:

            “psst! It seems like you’re using a version of PHP which is at [“end-of-life”](exampe.com/read-more). No need to worry, your WordPress install will continue to work just fine, but you might want to ask your hosting provider if they’re planning to upgrade to a newer version of PHP soon”

        • Daniele Scasciafratte 11:26 pm on December 30, 2015 Permalink | Log in to Reply

          +1

      • Ipstenu (Mika Epstein) 11:31 pm on December 30, 2015 Permalink | Log in to Reply

        Not trolling. Is there a technical reason we need to?

        • Mike Schinkel 1:02 am on December 31, 2015 Permalink | Log in to Reply

          No real reason other than performance and ability to leverage new features like null coalescing, anonymous classes, etc.

          I know it would be a non-starter for backward compatibility though. Just wishing out loud, since he asked. I guess I was really the one trolling, but hopefully not viewed in a bad way. 🙂

          • Ipstenu (Mika Epstein) 1:45 am on December 31, 2015 Permalink | Log in to Reply

            I was legit wondering if there was a feature or such I’d missed that we need 🙂

            Backcompat aside, that’ll be your driving factor. When we have a legit need for 5.4 or 7, it’ll happen 🙂

            • Terence 12:35 pm on January 3, 2016 Permalink

              How about with PHP 7 your apps see up to 2x faster performance and 50% better memory consumption than PHP 5.6, allowing you to serve more concurrent users without adding any hardware? I should have thought that PHP 7 allowing the system to execute twice as many requests per second in comparison with the PHP 5.6, was reason enough.

            • Ipstenu (Mika Epstein) 3:28 pm on January 3, 2016 Permalink

              @pubdirltd – that’s not a feature WordPress needs. It’s one users want, and I want, but it’s in no way preventing the development of WP. Which works fine on 7. So again, if someone has a technical feature of 7 that we actually NEED, I’m all ears.

              Until then, we’re only 25% of the for million sites on the Internet. It’s a lot bigger ocean than just WP.

        • J.D. Grimes 2:27 pm on December 31, 2015 Permalink | Log in to Reply

          Yes. It allows us to more easily build OO code that can take advantage of autoloading. (Technically can be done now, but autoloading can be disabled below 5.3 so there has to be a backup plan for such cases.)

          Test and build tools and Travis CI will all be moving on. Travis already dropped support for 5.2 once and only brought it back mostly for WordPress.

          Neither of these things are necessities, but the extra burden on us all for supporting 5.2 is at some point going to surpass the burden of not supporting it. Maybe we aren’t there yet but waiting another year and a half for the number of site on 5.2 to drop to ~0 probably isn’t worth it.

        • Marcel Pol 11:17 am on January 4, 2016 Permalink | Log in to Reply

          To guard the users against security issues in PHP 5.2.
          Supporting 5.2 sends the message that is is a good idea to use it. Not supporting it anymore will make hosters upgrade their PHP and its security issues.

          • Scott Kingsley Clark 11:20 am on January 4, 2016 Permalink | Log in to Reply

            Text on Requirements page currently says:

            To run WordPress we recommend your host supports:
            PHP version 5.6 or greater
            MySQL version 5.6 or greater

            There are notes further below about support for 5.2.4+ but explicitly saying it exposes your site to security vulnerabilities.

            • summoner 11:37 pm on January 18, 2016 Permalink

              Well actually even PHP 5.5 is near its EOL so i think WP 4.5 should be able to check the server’s PHP version do the following:

              • upon WP’s installation process it should prompt the user that their server uses an EOL PHP version which technically is enough but may have security issues and the user should contact the hoster
              • when an already installed WP gets updated to WP 4.5 it should display a message with a link to detailed info. Similar to cookie notification bars. I would turn it on by default so that a very large number of WP users would contact their hosters (naturally this notification must be turned off extremly easy if the hoster just does not do anything)

              Here is why:

              • most average people will just try to install WP on their own and they will not ever read the requirements page on wordpress.org. So they will not know about security concerns of EOL PHP versions until their site gets hacked…
              • WP is the most widely used CMS and hosters are actually payed to maintain their services. Hosters who have PHP 5.2, 5.3. 5.4 installed should really have their investments payed back by now by their users so they really should be able to upgrade to at least PHP 5.6 (or even to 7) both technically and financially.

              Actually you can not sell a car if you KNOW that the safety belt is not strong enough and will be torn in case of an accident. Hosters who have only EOL PHP versions available do the exactly same thing and without some pressure they will be happy to continue that while collecting some more money from their customers.

            • summoner 12:10 am on January 19, 2016 Permalink

              Sorry, need to be some more exact:
              On upgraded installations the notification bar should be displayed even on the FRONT-END. That is why i compared it to a cookie notification bar. 😉

              I know that might sound as a no go for many of you, but that is why it should be extremly easy to turn off (ex under Settings->general). Otherwise hosters simply will not react as they did not even until now.

          • Ipstenu (Mika Epstein) 4:53 pm on January 4, 2016 Permalink | Log in to Reply

            Not supporting it anymore will make hosters upgrade their PHP and its security issues.

            I disagree. I think it’ll just make the users, not the web hosts, upset that they can’t use WP for reasons they don’t understand.

          • Jonathan Hefner 10:29 pm on January 6, 2016 Permalink | Log in to Reply

            Agreed. I also think that if it is *possible* to run WordPress on an unsupported PHP version, some hosts *will* do it, regardless of the security risks. And users will likely not know any better. And when said users are compromised, it is possible they will ignorantly blame WordPress itself.

            So +1 for bumping PHP version requirement (and even enforcing it with a version check).

        • jrf 2:48 am on January 6, 2016 Permalink | Log in to Reply

          Not so much PHP7, but a technical reason case can easily be made for moving up to PHP5.4, preferably 5.5 as that would provide access to the Intl extension which will enable much improved localization and internationalization functionality as well as better utf-8 support.

      • Sisir 8:54 am on December 31, 2015 Permalink | Log in to Reply

        +1 🙂 Although I don’t see it happening. -_-

      • askoxyz 10:58 am on December 31, 2015 Permalink | Log in to Reply

        Impossible for now, but a bump in requirements would be awesome.

      • Joost Abrahams 9:53 pm on January 5, 2016 Permalink | Log in to Reply

        As end user, non coder, small blogger, wide support for PHP is priceless. No hassle, just works.

    • Ryan Kanner 10:42 pm on December 30, 2015 Permalink | Log in to Reply

      Definitely adding orderby metadata for taxonomy -> https://core.trac.wordpress.org/ticket/34996
      Also would like to see some movement on the shortcake plugin. I think it’s pretty important for the future of shortcodes.

    • sosensible 10:43 pm on December 30, 2015 Permalink | Log in to Reply

      First, LOL Mike… I like the thought but that will be a few years before it happens.

      : : Seeing in 4.5 Notes : :

      • Shortcake plugin as part of the core.
      • Complete RESTful API

      : : Biggest Pain Points : :

      • WP_Query lacks rich relational function.

      : : UX : :

      • Any feature that runs slow is bad. Most companies who extend the page editor to the front side, outside the ADMIN are painful slow. Any speed gains in this area are big wins. While I am open in spirit we should make core perform so well those slow plugins are either dropped or fixed. 🙂
    • Dave Navarro, Jr. 10:44 pm on December 30, 2015 Permalink | Log in to Reply

      When adding new plugins and themes from the repository, I’d REALLY like to have the feature back where I can sort the search results by date, last-date-updated, number-of-installs, ratings, etc… I REALLY REALLY miss that functionality.

      If I upload a plugin or theme ZIP file and the plugin/theme already exists, instead of an error messages, can I be prompted to replace the existing plugin? I have several plugins from third-parties that I get by ZIP file.

    • J.D. Grimes 10:45 pm on December 30, 2015 Permalink | Log in to Reply

      Several tickets I’d like to see action on (no particular order):

      #31281 #34114 #33472 #25137 #27770

    • Matt van Andel 10:49 pm on December 30, 2015 Permalink | Log in to Reply

      I REALLY want to get #16031 finally taken care of. I have a very comprehensive patch uploaded as of last August that does the trick admirably. The alternative is an even more substantial refactoring of the admin screens to merge handling and redirect behavior into the WP_List_Table class(es). I’m happy to work toward the latter solution if necessary, but I think the previous patch is peachy keen as-is.

    • Howdy_McGee 10:53 pm on December 30, 2015 Permalink | Log in to Reply

      I’m a developer who, when I deploy and monitor a theme, like to keep `debug.log` on so I can continually keep any active themes in tip-top shape. My **biggest** peeve is when simple conditionals throw out general `non-object` errors from core `query.php`. There’s a pretty large list which can be found on trac but it doesn’t seem to have gotten a ton of notice ( https://core.trac.wordpress.org/ticket/29660 ).

      The biggest problem is it isn’t just one error, when one of these issues happen there’s at least 4 errors together which spam my error logs like crazy and I have to really hunt down what specifically is causing the issue in my theme. It’s a trial and error process to fix what should be non-issues which I would love to see go away.

    • Pascal Birchler 10:53 pm on December 30, 2015 Permalink | Log in to Reply

      A short list of things I’d be interested in working on:

      • Notifications API — @johnbillion mentioned this first and @rmccue is interested as well. To quote John: “I’m going to kill wp_mail() and replace it with an API.”
      • Improving support options in core: Send anonymous crash reports, search help resources from inside the admin, show videos from WordPress.tv, leveraging WordPress.org as an OAuth provider, etc.
      • Embeds template improvements
      • chriscct7 11:58 pm on December 30, 2015 Permalink | Log in to Reply

        I’d love to help out with Notifications API as well

      • Michael Beckwith 1:48 am on December 31, 2015 Permalink | Log in to Reply

        There’s already early work going on to do something similar with regards to email in BuddyPress. Very exciting.

      • Peter Wilson 4:00 am on December 31, 2015 Permalink | Log in to Reply

        I can help out on embed templates, Pascal.

      • J.D. Grimes 2:27 pm on December 31, 2015 Permalink | Log in to Reply

        +1 for notification API

      • mrjarbenne 4:59 pm on January 1, 2016 Permalink | Log in to Reply

        Has there been any thought to creating embed templates for post formats? Currently text is well supported, but post formats like video and audio create an embed with the post title only. I acknowledge the difficulty in this may be that the majority of these types of of posts are embeds from other sites (YouTube, Soundcloud, etc) which creates an embed of an embed.

      • dmsnell 6:05 pm on January 4, 2016 Permalink | Log in to Reply

        After having done work with notifications at Automattic, I’d be happy to help. Please feel free to ping me in Slack 🙂

    • Aaron Brazell 10:54 pm on December 30, 2015 Permalink | Log in to Reply

      Indexing of meta tables. I’d say that postmeta and usermeta (probably now tax meta) are increasingly important for complex client deliveries

    • petermolnar 10:54 pm on December 30, 2015 Permalink | Log in to Reply

      webmentions (https://wordpress.org/plugins/webmention/) as featured plugin as a future replacement for pingback.

      • dshanske 11:06 pm on December 30, 2015 Permalink | Log in to Reply

        As someone who has contributed to that plugin, made a general nuisance of myself trying to improve trackbacks and pingbacks as well to the point that people wanted to use linkbacks again….+1 if there is such an option. I’m a mediocre programmer, but I would work on such a feature plugin with a strong lead.

        • Daniele Scasciafratte 11:27 pm on December 30, 2015 Permalink | Log in to Reply

          maybe a pingback vs webmention explanation will be improve the propose to a feature plugin.

          • dshanske 12:22 am on December 31, 2015 Permalink | Log in to Reply

            A pingback is an XML-RPC request advising that another site has linked to your site. Your site then goes back and checks the accuracy of that request. The presentation of pingbacks in WordPress, quite frankly, is lacking. The […] presentation is pretty useless.

            Webmention is an update to that, using only HTTP and x-www-form-urlencoded content. (http://indiewebcamp.com/webmention-spec).

            Now part of this goes to the idea of improving Linkbacks, which have become a spammy cesspool that people do not want to play with. But it has a lot of potential.

            In practice, sites that receive webmentions look for microformats markup(or optionally other parsed elements) and use this to render a better response. The Semantic Linkbacks plugin(https://wordpress.org/plugins/semantic-linkbacks/) does this for all types of linkbacks.

    • rkoller 10:55 pm on December 30, 2015 Permalink | Log in to Reply

      Two of my biggest pain points are summed up by Jeff Eaton in the back-end part of the toast redesign article: http://responsivewebdesign.com/toast/backend/

      • The current templates are spaghetti code and could use some sanity with something like Timber/Twig
      • WordPress is badly missing the ability of structured data. You have to use Advanced Custom fields but the content is encoded only as text in the post meta table anway.
      • petermolnar 10:58 pm on December 30, 2015 Permalink | Log in to Reply

        +1 for a Twig based “official” theme.

      • davidshq 3:59 am on December 31, 2015 Permalink | Log in to Reply

        +1 for Twig
        +1 for more ACF functionality. Maybe just buy it out, if he’s willing? 🙂

      • Scott Kingsley Clark 4:55 pm on January 3, 2016 Permalink | Log in to Reply

        Structured data registered via Fields API would be a great next step, there are also plugins that let you create tables for your post type(s) and store those custom fields in a correctly typed DB column.

        • rkoller 12:40 am on January 5, 2016 Permalink | Log in to Reply

          i agree. but wouldn’t it be a reasonable move not to rely on plugins to create tables for the post types with the correctly typed DB columns for the custom fields; instead update the core db schema for wordpress? i know it would extend the scope of the fields api project. but if the fields api would take care of the proper encoding and db storage you would ensure to have a solid, stable and especially more performant foundation for the fields api as well as wordpress in general. better to have that kind of functionality in core than in a plugin?

          • Scott Kingsley Clark 5:37 pm on January 5, 2016 Permalink | Log in to Reply

            I definitely won’t be able to tackle database structures in the Fields API project, that’s far outside of the scope and there’s plenty of debate to be had that I’d rather keep out of 🙂

            Related though, I am the lead developer of the Pods Framework, a content development framework that allows you to create new / extend content types for WP. One of the options is to create a table for your custom fields which get their own DB columns correctly typed — or have a completely custom table outside of the Posts area called an Advanced Content Type.

            I know a thing or two about this, and there’s little or no inkling that the WP core team will be heading in a direction of table manipulation or db restructuring for custom fields in the near future.

            • rkoller 11:13 pm on January 5, 2016 Permalink

              yep i am aware that it is out of the scope of the fields api project; but i wanted to bring it up again in the 4.5 wishlist discussion so maybe some wp core team members might chime in and give it a second thought. cuz if all the new field types are brought in it would be a huge step in the first place but you would still have the issue jeff eaton brought up in the article with acf at the moment: “This isn’t a problem if you’re only using custom field data when a post is loaded and displayed. If you plan to use these custom fields to handle complex relationships—connecting a post to multiple authors, say—the SQL queries to handle that data will be punishingly slow.” but i will give the pods framework a try and see how things are handled there and how it goes with acf pro at the moment. thanks for the headsup. 🙂

      • Jonathan Hefner 10:33 pm on January 6, 2016 Permalink | Log in to Reply

        A huge +1 for both points. The article you linked was very insightful. Someone else in this thread mentioned #33472, which is relevant.

    • seanbennick 11:03 pm on December 30, 2015 Permalink | Log in to Reply

      Improved image management. WordPress is not just a blog anymore, so the date organization structure doesn’t work. Adding categories and maybe even tags for images would solve a lot of issues.

      • petermolnar 11:07 pm on December 30, 2015 Permalink | Log in to Reply

        You could add custom taxonomy for attachments.

        As for the filesystem layout, I’m already moving the genarated images away from the upload directory and I’d welcome this change to WordPress itself to keep the upload dir clean.

      • davidshq 3:59 am on December 31, 2015 Permalink | Log in to Reply

        +1 The Enhanced Media Library plugin is a great place to look to see some of the missing functionality.

      • vherring 5:42 am on December 31, 2015 Permalink | Log in to Reply

        My biggest wish for WordPress is some real work be done on the media library, it’s barely adequate and the management of hundreds of photos is difficult and you absolutely have to resort to a third party to manage thousands. The average blogger has that now days.

      • szabesz 7:34 am on December 31, 2015 Permalink | Log in to Reply

        +1 for this. I should also mention that storing the actual image files in one folder or in folders generated based on the month in which they were uploaded is just not enough. We should have more options, for example: images stored in folders we want to put them into. We should be able to define our own folder structure.
        Another thing is all those resized versions of the images. Other CMS’es store them in a subfolder like “_resampled” or similar. But WordPress makes a big mess by storing them alongside the original.
        And the third thing is gallery management, which is extremely basic. There is a lot of room for improvement is this area. No wonder every week a new gallery plugins is released… Developers are trying to solve it on their own way.

      • Paal Joachim Romdahl 9:48 pm on January 1, 2016 Permalink | Log in to Reply

        A big +1 to better media management!

      • MHagemeister 9:38 am on January 2, 2016 Permalink | Log in to Reply

        That’s my biggest issue with WordPress as well at the moment. I have a huge library with tons of images and the filesystem structure is a mess. Like others have already mentioned, I’d love to keep the uploads folder clean and put all resized media in a seperate “resampled” folder (or whatever it should be called)

      • taloweb 10:44 am on January 2, 2016 Permalink | Log in to Reply

        yes +1 also for me!
        A better media manager without plugins is a must now!
        A tight relation btw posts and media items and no more html insertion (by now to find where is used an image we have to use regexp on html), a robust cache sistem without resized images with size in filenames (when you change theme it is a pain), an easy way to find unused images to clear filesystem and so on…

      • danielgoze 10:08 pm on January 4, 2016 Permalink | Log in to Reply

        +1 Fully agree. Image Categories seem like a must for a site with more than 10 items in Media. Enhanced Media Library does have some great tools.
        Some Ideas I’ve had over the years:
        • Bulk edit to apply/remove image categories.
        • Possibly breakup Media into “views” of Images, Downloads & Video (in the menu rather than the pulldown filter) so that clients can find things easier.
        • Sometimes I hide images that I don’t want the client to change in the theme or a plugin, with the new site icon tool in the customizer, I wouldn’t want the client to go in and put in a much lower res file in when they feel like it, something like a checkbox for “admin only” for any images that the site relies on.
        • Crop for any size – I’ve seen the crop for thumbnail, but sometimes one size needs just a slightly different focus (example: a person is halfway cropped and if the crop started more to the left), especially now with the responsive images.
        • Other plugins already handle this, but regenerating thumbnails, renaming actual files, replacing files with a new file, and cleaning file names as a standard feature would really be appreciated.

      • htrex 11:06 am on January 5, 2016 Permalink | Log in to Reply

        +1 yes, an enhanced media library taxonomy is really needed

      • Anthony Hortin 5:05 am on January 7, 2016 Permalink | Log in to Reply

        +1 for this. Managing a large amount of images is so cumbersome and time consuming. The images library needs the ability to create folders along with being able to drag/drop images into those folders. The current Grid/List UI also needs to be fixed. There’s two completely different workflows, depening on whether you’re loooking at the Grid view or the List view and it’s makes the UI confusing. i.e. there’s multiple screens that perform the exact same function

      • Claude Martin 12:52 pm on January 7, 2016 Permalink | Log in to Reply

        +1 Media management needs improvementS. And thanks for all

    • Jeff Farthing 11:06 pm on December 30, 2015 Permalink | Log in to Reply

    • Dave Navarro, Jr. 11:08 pm on December 30, 2015 Permalink | Log in to Reply

    • Ipstenu (Mika Epstein) 11:16 pm on December 30, 2015 Permalink | Log in to Reply

    • Daniel Bachhuber 11:17 pm on December 30, 2015 Permalink | Log in to Reply

      As a co-maintainer of the Shortcake Feature Plugin, I’d like to get Official Core Direction on shortcodes and shortcode UI before we spend too much more time on it.

    • Daniele Scasciafratte 11:25 pm on December 30, 2015 Permalink | Log in to Reply

      Add get_post filter: https://core.trac.wordpress.org/ticket/12955 the patch is ready with case study and example use
      Introduce helper function for AJAX checks: https://core.trac.wordpress.org/ticket/25669 standardize the check of is an ajax request. patch ready
      Add hook for custom post.php actions: https://core.trac.wordpress.org/ticket/27056 help the plugin developers, patch ready

    • j-falk 11:27 pm on December 30, 2015 Permalink | Log in to Reply

      My wish-list:

    • Giorgos Sarigiannidis 11:29 pm on December 30, 2015 Permalink | Log in to Reply

      My list, starting from the most feasible and moving to the most controversial / impossible to happen:

      1. Better plugin management at the WP Dashboard, taking advantage of your wordpress.org favorites collection. For example, order your favorite plugins based on those that you install more often and allow batch install and activation of multiple plugins at once.

      2. Allow (and perhaps encourage) security adjustments during WP install, like setting a login url other than wp-login.php, disable XML-RPC, disable pingbacks, disable comments etc.

      3. Adding native support for content translation.

      4. Absorb CMB2 to the core.

      5. During WP install, allow us to choose our theme between twenty-whatever and underscore_s.

      6. Add “Child plugin” support, to allow overriding a plugin’s settings the same way we do it in themes, with child themes.

    • Jon Brown 11:29 pm on December 30, 2015 Permalink | Log in to Reply

      So many things… but
      #1 land the Fields API. It’s _long long long_ over due.
      #2 Finish out the REST API.
      #3 Improvements to media management (better CORE tools for organizing and managing large asset libraries).
      #4 Improved image editing and flow. I for one didn’t really like the direction Image Flow was going, but incremental improvements would be welcome.

    • andreasnrb 12:01 am on December 31, 2015 Permalink | Log in to Reply

      #1 custom comment types

    • simonrcodrington 12:29 am on December 31, 2015 Permalink | Log in to Reply

      I’m always pretty keen for additional hooks and filters in the admin area to customize the way the UI works. For example adding new hooks into the new media modal window (https://core.trac.wordpress.org/ticket/35205)

      I’m keep to chase this up (as literally it’s just a quick edit to a few template files in core).

      Love to see more hooks and filters that give me the power to change up and extend the way WordPress does stuff.

    • davetgreen 12:34 am on December 31, 2015 Permalink | Log in to Reply

      Add a ‘Last Updated’ timestamp for each and every plugin in the list of installed plugins, so that admins can see at a glance how long it has been since an update. This way they can make an informed decision as to whether the plugin needs to be replaced by an alternative or not. The security implications of reducing the number of extremely outdated plugins are obvious. 🙂

      A nice to have would be a check carried out by WordPress that alerts the user if the plugin hasn’t been updated in X time frame: possibly 2 years as per the .org repo warning.

      I plan on working on this early in 2016 as my first WP commit proposal. 🙂

    • mbrsolution 12:49 am on December 31, 2015 Permalink | Log in to Reply

      I am sure many have asked this before or it maybe included already in the next version. I would really like the ability to upload an image or photo to the profile without using a plugin, a function and or without having to sign up to gravatar under discussion -> Avatars. …..sorry for this basic request.

      Thank you all for the great work you all put in with developing WordPress…….

    • ChokDK 1:32 am on December 31, 2015 Permalink | Log in to Reply

      I wish there was some kind of help for the “pro theme makers” so adjustment of 3/3 columns spacing/width would be easy and still responsive.
      For now, they don’t dare to make it user adjusted.

      I also wish the Soundcloud pre-picture for 1/3 columns could be resizeable instead of disappearing (as it is working now)

    • Amanda Rush 1:33 am on December 31, 2015 Permalink | Log in to Reply

      I’d like to see post formats given some serious attention. I don’t think they should be left up to theme authors without any kind of guidance as to how they should be handled, ETC. I’d be willing to work on this as I use them quite frequently.

    • KARTHOST 2:10 am on December 31, 2015 Permalink | Log in to Reply

      You asked for a Wish list here it is:

      1) Finish Rest API

      2) SIMPLE SSL Set up, example:
      In Settings
      [ x ] No HTTPS
      [ ] HTTPS Admin Only
      [ ] HTTPS Entire Site

      Make it that simple for the end user.

      3) Built in SMTP to allow site owner to set up a 3rd Party SMTP service (allow SSL Port 465 as well) and disable wp-mail.php or just use wp-mail.php (you can default to wp-mail.php, but email sending should be something related with core and have a choice as to what type service to be used.
      3a) Create email template and allow end user the ability to customize the content in the default emails WordPress install sends out and the email headers.

      Thanks for all considerations

      Roy Randolph

      • J.D. Grimes 2:30 pm on December 31, 2015 Permalink | Log in to Reply

        +1 for better SSL support. It seems like a black box to me, and I’m a dev. 🙂

      • Nico 11:08 pm on January 1, 2016 Permalink | Log in to Reply

        With HTTP/2 only working over SSL I suggest people move to HTTPS only and drop http and set their servers/move hosts if necessary for it.

        There is a useful wp-config setting `define(‘FORCE_SSL_ADMIN’, true);` with that setting it would prevent insecure admin in case of a mis-configured server. This is basically your `[ ] HTTPS Admin Only`.

        As for SSL config its pretty much a server setup thing that has nothing to to with WordPress, you setup your server to server over SSL and then switch the site URLs in the WordPress config from http to https. So I see no need for WordPress to do more then its already doing.

      • thomaswm 5:14 pm on January 2, 2016 Permalink | Log in to Reply

        +1 for simple SSL support. It will become really important now that Let’s Encrypt is handing out free SSL certificates.

        https://core.trac.wordpress.org/query?status=!closed&keywords=~https

      • nathangraham 4:56 am on January 3, 2016 Permalink | Log in to Reply

        +1 for simplifying SSL set up

    • chrishoward 2:17 am on December 31, 2015 Permalink | Log in to Reply

      • Media categories. Pleeeaasse!
      • Hooks on the post listing and post editor screens for displaying instructions or other info to users. This is especially useful for custom post types. Currently I hack into the views-edit-{cpt} and edit_form_after_title hooks, but that’s not tidy.
      • More and better use of contrast and colour in the admin UI. I know minimalism is all the rage, but that doesn’t make it good UX. e.g. The post editor meta boxes could do with stronger headers as almost every thing in the post editor is black/grey on white. The visual hierarchy of WP admin varies from minimal to too subtle.
    • Ben Hansen (ubernaut) 2:19 am on December 31, 2015 Permalink | Log in to Reply

    • Mike Schinkel 2:48 am on December 31, 2015 Permalink | Log in to Reply

      Definable Image Types and associates sizes for those types.

      Rather than have all images have all sizes, frequently is is helpful to design a `’hero’` as having one set of sizes and a `featured-story` as another set of sizes and so on.

      • Andrew Nacin 11:49 pm on January 1, 2016 Permalink | Log in to Reply

        I’ve always liked this in theory, but I’m not sure how you’d auto-magically choose which image gets which treatment. (Beyond say featured image, which has its own UI.)

        I’d be more inclined to spend time to make it so WordPress creates crops only when we need them, and not on upload. We could create a thumbnail and a silver master that is a bit smaller and thus easier to work with from the original, and then generate crops when we need them. (We can even fake non-proportional crop previews using canvas or something else.) This is something we’ve talked about extensively, and notably, @mikeschroder happened to be one of the people who instigated those conversations (and who shepherded WP_Image_Editor into core).

        • heintore 3:00 pm on January 5, 2016 Permalink | Log in to Reply

          @nacin – we’re using the OTF Regenerate Thumbnails plugin extensively on our clients’ sites. It works exactly as advertised by generating images on the fly. No custom functions needed, all calls to the_post_thumbnail and other thumbnail functions are handled automatically.

          There may be plenty of reasons why this particular approach is a terrible solution for WordPress core, but I’m much preferring this plugin over how WordPress handles crops now 🙂

          https://wordpress.org/plugins/otf-regenerate-thumbnails/

      • Joe McGill 9:46 pm on January 2, 2016 Permalink | Log in to Reply

        I’ve thought about having a custom image size created when an image is added as a featured image to a specific post type. Maybe something like that could work?

      • Brad Touesnard 12:38 pm on January 7, 2016 Permalink | Log in to Reply

        +1

        #11895 is related to this and I suggested the same solution:

        > I think there is certainly a need for a “treatments” concept that is independent of size though. For example, it’s pretty common to want to crop a photo a certain way for display on a listing page (e.g. post archive page) but display the uncropped version on the detail page (e.g. single post page). I’m guessing that was the original intention of the “Apply changes to:” feature, but it never really hit the mark.

    • dryanpress 3:13 am on December 31, 2015 Permalink | Log in to Reply

      • SVG Dashicons
      • Update on direction of shortcodes in core and Shortcake
      • WP Admin Toolbar Improvements (https://core.trac.wordpress.org/ticket/32678). Proposed i10 changes look great, love increased negative space, but even fewer sites would be listed in view. A live search and list of recently updated and/or pinned sites would go a long way in moderate and large networks.
      • Native multiple authors for Posts. Co-Authors-Plus may add this in plugin territory, but subsequent integration into a theme requires complicated overriding or child theming. Giving non-developers the ability to add multiple authors on Posts, Books, Report Chapters, Music Videos, etc is important.
    • Peter Wilson 4:08 am on December 31, 2015 Permalink | Log in to Reply

      My wish list/hobby horses:

      • #35206 to control white space in menus, as a follow up to #27762 in 4.4 and later reverted.
      • #32793 to combine jQuery and jQuery migrate and reduce HTTP requests.

      Otherwise, some of the tickets around HTTP2 would be lovely to get in.

    • WP Sites - Brad Dalton 7:11 am on December 31, 2015 Permalink | Log in to Reply

      1. I’d like to be able to wrap opening and closing php tags in code tags using the text editor and 2. link gallery images.

    • Marius (Clorith) 7:39 am on December 31, 2015 Permalink | Log in to Reply

      I’d love to see some kind of merge between #20578 (the option to not trigger `uninstall.php`) and #9757 (better handling of uploads when the theme/plugin exists).

      As it stands it’s painful having to change to a different theme to update a custom theme. The process was made slightly better by core remembering widgets, but you still need to change the look of your site for a period of time while uploading and re-configuring and it is a terrible user experience.

      Of course, premium themes often leverage some filters to apply updates, but imagine the sites that run old premium stuff that are avoiding updating because it’s a tedious process, and the presumably large amount of them that don’t have this filter interaction any way.

    • Rian Rietveld 7:51 am on December 31, 2015 Permalink | Log in to Reply

      The Accessibility team focusses for this release on:

      • Make the colors of the default Admin scheme conform to WCAG 2 AA (tickets are labeled #a11y-color)
      • Remove title attributes from links
      • Improve the accessibility of the customizer (for keyboard only, screen readers and for color contrast)

      Help with this is very welcome.

    • leemon 8:22 am on December 31, 2015 Permalink | Log in to Reply

      https://core.trac.wordpress.org/ticket/9777: Usability : add delete button to edit-tags.php
      https://core.trac.wordpress.org/ticket/20901: Taxonomy descriptions should be TinyMCE editable
      https://core.trac.wordpress.org/ticket/23421: Add sortable to taxonomy column
      https://core.trac.wordpress.org/ticket/14877: Ability to create exclusive custom taxonomies
      https://core.trac.wordpress.org/ticket/22938: Presentation of hierarchical taxonomy in Media modal should be checkboxes rather than comma-separated tag list
      https://core.trac.wordpress.org/ticket/21165: Make categories widget work with custom taxonomies
      https://core.trac.wordpress.org/ticket/5034: Impossible to have duplicate category slugs with different parents
      https://core.trac.wordpress.org/ticket/32378: Image Uploads automatically puts “Olympus Digital Camera” as caption
      https://core.trac.wordpress.org/ticket/32101: Ability to mark plugin as unmanaged
      https://core.trac.wordpress.org/ticket/22355: Template stack – Beyond parent/child theme relationships
      https://core.trac.wordpress.org/ticket/33407: Theme tags overhaul
      https://core.trac.wordpress.org/ticket/19627: Themes should be able to opt-in to a static front page
      https://core.trac.wordpress.org/ticket/22942: Remove Post by Email
      https://core.trac.wordpress.org/ticket/22363: Accents in attachment filenames should be sanitized
      https://core.trac.wordpress.org/ticket/12718: Better structure for admin menu

    • Sisir 8:32 am on December 31, 2015 Permalink | Log in to Reply

      I would love to see my reported bugs are resolved 🙂

      1. https://core.trac.wordpress.org/ticket/24990
      2. https://core.trac.wordpress.org/ticket/35216
      3. https://core.trac.wordpress.org/ticket/32920

      I don’t have #slack account. Never got my invitation. #2 is most critical if not all 😀

    • Martin Stehle 11:09 am on December 31, 2015 Permalink | Log in to Reply

      Please make Google Fonts in the backend and Emojis available only by activated checkboxes. Both features are on by default and generates dispensable traffic.

      More about the Google Fonts issue at ticket https://core.trac.wordpress.org/ticket/26072

      • askoxyz 11:17 am on December 31, 2015 Permalink | Log in to Reply

        +1

      • petermolnar 12:23 pm on December 31, 2015 Permalink | Log in to Reply

        YES, PLEASE.
        ( And that same for EVERY feature that is addon-level, like embed )

      • Last Rose Studios 3:43 pm on January 4, 2016 Permalink | Log in to Reply

        +1 Get rid of emojis – the fact that there area bunch of plugins and how-tos on how to remove them should be a clear indication that people don’t want them. There is no reason something like that should be in the core. At the very least, make it optional (activated only by checkbox).

    • Martin Stehle 11:25 am on December 31, 2015 Permalink | Log in to Reply

      Please make tags hierarchical like categories

    • Gerard Canters 12:20 pm on December 31, 2015 Permalink | Log in to Reply

      RFC:

      WP 4.3 accepted shortcodes with a tag containing a space, WP 4.4 does not. Also, you don’t get an error message or indication.
      Suggest to have add_shortcode funtion return a true result or an error-indication.
      In general should all functions return a true result or error.

    • benoitchantre 1:26 pm on December 31, 2015 Permalink | Log in to Reply

      I would like to see responsive image header and a drag and drop UI to reorder pages and custom post types.

    • Andrea Fercia 1:45 pm on December 31, 2015 Permalink | Log in to Reply

      1) Settings API: get rid of the tables and UI/accessibility improvements
      https://core.trac.wordpress.org/ticket/18801
      https://core.trac.wordpress.org/ticket/16413

      2) Re-think `$content_width`
      We’re in a “responsive era”, maybe re-think the whole idea of `$content_width` ? Some comments collected in the past months:
      https://core.trac.wordpress.org/ticket/21256#comment:25
      https://core.trac.wordpress.org/ticket/23863#comment:10
      https://github.com/Automattic/_s/issues/100#issuecomment-40746610
      https://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2013-04-11&sort=asc#m593089

      3) Add a “typography” focus on Trac 🙂

      • Nico 11:20 pm on January 1, 2016 Permalink | Log in to Reply

        Totally agree with $content_width. I always hated that thing, even when not thinking about responsiveness.

      • robertwhitis 8:15 am on January 4, 2016 Permalink | Log in to Reply

        Along the lines of eliminating tables, the admin CSS classes need support for columns. An example would be the use of a jQuery repeater for a row of fields. There’s not really any built in support for a go-to way to handle columns currently that I am aware of.

      • Ahmad Awais 5:40 pm on January 4, 2016 Permalink | Log in to Reply

        +1 for #2.

    • tomdxw 2:21 pm on December 31, 2015 Permalink | Log in to Reply

      How about bcrypt? https://core.trac.wordpress.org/ticket/21022

      It’s a one-line change and it’ll make a huge difference to the security of 89% of WordPress sites (PHP 5.2 doesn’t support bcrypt, but PHPass falls back to using the old algorithm in that case).

    • Dave McHale 3:53 pm on December 31, 2015 Permalink | Log in to Reply

      One of the biggest complaints I hear from my users is the menu management tools in the admin. A CMS website with a moderate number of pages quickly becomes incredibly difficult to manage. An overhaul there is long overdue IMO.

      The classic widget management tools are equally frustrating to work with, but I think core is already on a path towards getting away from that screen as much as possible – so I don’t know if updates there are really worth time/attention.

      • Andrew Nacin 11:30 pm on January 1, 2016 Permalink | Log in to Reply

        I think a new exploration in menu management would require building an update as a plugin using the feature plugin model.

        Have you looked at menu management in the customizer? I feel like I prefer it. I agree it still becomes tough to work with, with a lot of pages, but have you ever used a menu-building experience that works well with a lot of pages? Actually, have you ever used a menu (as a user) with a lot of pages?

    • Najum Rahim 4:17 pm on December 31, 2015 Permalink | Log in to Reply

      My wishlist
      WP REST API

    • Scott Kingsley Clark 5:16 pm on December 31, 2015 Permalink | Log in to Reply

      I’m totally all about Fields API, there’s just a little bit more left to do and I’ll have it in a place where it’s ready for core proposal!

    • colomet 5:32 pm on December 31, 2015 Permalink | Log in to Reply

      If Photon can not refresh the pictures (in case we do changes). I preffer not to have photon and to have my own CDN.

    • colomet 5:33 pm on December 31, 2015 Permalink | Log in to Reply

      · Speed
      · Lower use of resources

      • Andrew Nacin 11:32 pm on January 1, 2016 Permalink | Log in to Reply

        These are nice wishes, but we realistically need concrete proposals for how to get there. For example, I pull up WordPress in KCacheGrind quite often when contributing, to identify bottlenecks and potential areas for improvement.

    • Justin Sainton 5:51 pm on December 31, 2015 Permalink | Log in to Reply

    • askoxyz 6:12 pm on December 31, 2015 Permalink | Log in to Reply

      Move WP Comment Humility (https://wordpress.org/plugins/wp-comment-humility/) to core, which moves the Comments top level menu under Posts top level menu, where it belongs now that comments are off on Pages by default.

      • Andrew Nacin 11:38 pm on January 1, 2016 Permalink | Log in to Reply

        I saw this proposal on Twitter the other day. I actually like it in theory, but:

        • It would probably be jarring/confusing for a lot of people who don’t know where their comments menu went. (This is a solvable problem, of course.)
        • If a custom post type supported comments, then what? (It could always move back. There’s of course been talk that comments should possibly be moderated per post type, but that gets annoying when all you have is posts and pages and you do use comments on pages — admittedly rare.)

        This absolutely could only be done if there was extensive usability testing with various scenarios that can back up the decision.

    • Ipstenu (Mika Epstein) 7:33 pm on December 31, 2015 Permalink | Log in to Reply

      Posts like this very one make me think that Emoji Reactions should be a thing. If we could all click an emoji +1/-1 (thumbs up/down) to vote, it would be so lovely.

      https://wordpress.org/plugins/emoji-reactions/ ? Pull that in? 😀

    • George 5:40 am on January 1, 2016 Permalink | Log in to Reply

      https://wordpress.org/plugins/custom-upload-dir/

      Add similar functionality to core.

    • luciole135 8:38 am on January 1, 2016 Permalink | Log in to Reply

      Hello,
      I hope to ask the right place unless I should not open a ticket for this?
      Some hosts including mine do not allow REWRITE RULES in the .htaccess file.
      It would be good to check before writing to it if the mod_rewrite is enabled before writing in the .htaccess because it induces 500 errors.

      • John Blackbourn 6:07 pm on January 4, 2016 Permalink | Log in to Reply

        Please open a ticket on core.trac.wordpress.org for this, with as many details as you can. The .htaccess handling code has been in WordPress for the best part of a decade, so it should be pretty stable by now, and there are lots of failsafes in place to prevent such 500 errors.

    • Ulrich 9:56 am on January 1, 2016 Permalink | Log in to Reply

      #32802: Update Masonry (v3.3.2) & imagesLoaded (v3.2.0) package
      #30797: New function for parent theme stylesheet uri
      #33407: Theme tags overhaul
      #26695 Themes: add support for multiple screenshots in themes
      #21256 New theme feature – add_theme_support( ‘content-width’, $defaults )

    • benoitchantre 1:13 pm on January 1, 2016 Permalink | Log in to Reply

    • szaqal21 1:21 pm on January 1, 2016 Permalink | Log in to Reply

      Add filter for _get_list_table() to allow using extended WP_Posts_List_Table class for edit screens, now it is hardcoded!

    • szaqal21 6:11 pm on January 1, 2016 Permalink | Log in to Reply

    • Maren-Reinecke 9:00 pm on January 1, 2016 Permalink | Log in to Reply

      1) I would very much appreciate a file manager for the media! As a photographer I have quite a lot of media and it´s not usefull to have them monthly organized…
      2) For the meta tags an opportunity to add noarchive, my old website worked with index, follow, noarchive, because I don´t want my media in google archives.

      Thanks for taking notice 🙂

      Maren

    • Paal Joachim Romdahl 9:53 pm on January 1, 2016 Permalink | Log in to Reply

      Thanks for asking Mike!

      Drag & drop of All posts/pages/categories.
      Finally getting this trac ticket feature in place: https://core.trac.wordpress.org/ticket/2702

      Additional field options in the customizer. Adjusting site title, description menu etc. As it would make simple design adjustments easier for the beginner without having to get into coding

      That’s all I can remember off the top of my heard right now!

      Happy New Year to everyone!!..:)
      What an awesome year this will become!!

    • davidperez 9:57 pm on January 1, 2016 Permalink | Log in to Reply

      Hello, Have a Button to Update everything: Plugins, Themes and Languages.

      Nice Work!

    • davidperez 10:02 pm on January 1, 2016 Permalink | Log in to Reply

      Another Idea would be Edit Taxonomies as full editor: Thumbnail, WYSIWYG Editor, …

    • christinecooper 10:39 pm on January 1, 2016 Permalink | Log in to Reply

      My wishlist for 4.5 is mainly implementing the fixes that have already been provided to numerous bug tickets.

      For example, view the following ticket:
      https://core.trac.wordpress.org/ticket/15448
      Which I outlined here:
      http://wordpress.stackexchange.com/questions/191923/sending-multipart-text-html-emails-via-wp-mail-will-likely-get-your-domain-b

      That’s only an example. There are too many tickets like these which have been laying there, with completely appropriate solutions, and no sight in adding these fixes to core.

    • luciole135 6:43 am on January 2, 2016 Permalink | Log in to Reply

      Add a third markdown text editor next to the two existing.

    • bonger 9:15 am on January 2, 2016 Permalink | Log in to Reply

      Bugs. 4.4 squashed around 600 gross. A similar drive now would be very worthwhile.

    • Frank Bueltge 1:23 pm on January 3, 2016 Permalink | Log in to Reply

      Wishs are fine, but goals are important.

      • Multisite Maintenance

      ** Like Settings API and much more equally single core.

      • Fields API
      • Notification API ( kills wp_mail() )
      • Working with priority on open bugs.
      • Relationship table, Post2Post – also about the network of Multisite
    • seanbennick 1:31 pm on January 3, 2016 Permalink | Log in to Reply

      I would also like to see Widgets that can be created once and used across multiple sidebars, footers, etc. Widget Builder – https://wordpress.org/plugins/widget-builder/ takes a decent step towards this, but I think this would be a solid addition to the core.

    • Pam Blizzard 7:45 pm on January 3, 2016 Permalink | Log in to Reply

      Please give me an option to hook and/or filter the Cheatin’ eh message. When delivering WP as a CMS, it’s too perplexing for the users and they don’t know what to do next. Give me an option to put meaningful instructions for my users on how to move forward or get help.

      • J.D. Grimes 5:01 pm on January 4, 2016 Permalink | Log in to Reply

        See #14530

        • Pam Blizzard 12:47 am on January 5, 2016 Permalink | Log in to Reply

          I respectfully disagree that it’s fixed, if the message, “Cheatin’, eh?” displays anywhere on a website that doesn’t belong to a WordPress developer.

      • John Blackbourn 6:11 pm on January 4, 2016 Permalink | Log in to Reply

        Do your users regularly see this message? If so, the root cause should be investigated because ideally no user should ever see this message.

        • Pam Blizzard 12:53 am on January 5, 2016 Permalink | Log in to Reply

          No, not regularly, but once is too much IMO. I have had clients email me from time to time upon receiving it and it’s embarrassing, when I have to explain that it’s considered “funny”. I get the joke, but they don’t. The message is not truly helpful, in any way. I know we can do better, and I’m willing to help in any way that I can.

          • Ipstenu (Mika Epstein) 5:33 pm on January 5, 2016 Permalink | Log in to Reply

            Pam, how/when/where are they seeing this?

            Becuase John’s point is that they NEVER should be able to see that. And it indicates something serious is behaving in an unexpected way 🙂 While agreeing that the message should be filterable, we still want to understand the circumstances that make it happen so we can possibly fix THAT too.

            (Of course if it’s ‘a plugin is doing something daft, we may not be able to, but it helps us understand the root cause.)

            To quote Nacin from the trac ticket:

            This warning should never be accessible via the UI. These are nothing more than sanity checks. If they can be accessed in a normal setup via the UI then that is a bug.

            So while it perhaps should be filterable, there’s an underlying bug there. That’s why the initial trac ticket was resolved with “Provide more helpful feedback than just “Cheatin’ uh?” for permission errors in wp-admin/js/customize-controls.js.”

            The bug, the part where people could legit click a link and get there, was fixed.

            Where are you running into this? What are your users doing?

            • Pam Blizzard 5:16 pm on January 6, 2016 Permalink

              I myself got it 3 days ago, when my browser hung after deleting a theme, and I hit refresh. Being experienced, I knew what it was and what the next step was. However, I’ve had 3 phone calls from clients about it in the last year, (prefer not to detail what caused it here, but can if really necessary) they just didn’t know where to go next.

              I searched Twitter, wpStackExchange and WP.org support on that term and found people posting about it within the last few months. The point is, it does appear.

              I’m trying to understand why it’s hard coded 34 times, http://bit.ly/1mGhBwp if it’s not needed, and “shouldn’t appear in the UI”

              Again, I’m willing to help out in any way I can. I’m not just kvetching, I’m here to learn and help.

          • Ipstenu (Mika Epstein) 5:21 pm on January 6, 2016 Permalink | Log in to Reply

            I myself got it 3 days ago, when my browser hung after deleting a theme, and I hit refresh.

            Yeah, that’s one of those cases where we can’t really avoid it. Let me guess, you force quit the browser and reopened with extant tabs? So WP tried to reload with an expired nonce. (Which is personally why I think this message should be filterable/customizable – unavoidable browser crashes happen. We didn’t used to have our browsers be able to reopen all tabs when restarting… Ahh the old days.)

            Can you tell us, in general terms, what the users were doing? Uploading a file, trying to use a specific plugin? I totally get that you can’t give us details 🙂 But if we can narrow down if a plugin is derping or if there’s a legit bug in WP, it helps.

            • Pam Blizzard 12:54 pm on January 7, 2016 Permalink

              I appreciate very much that you’re willing to troubleshoot the problem, and another venue like the support forums is probably more appropriate, and I will open a thread there. My point for the Wish List: The error message displays and is not worthwhile in any way, and in fact detrimental, because “Cheatin’, eh/uh?” is cutesy, flippant, accusatory and snarky and not indicative of the professional tool that WordPress is. If those 34 instances of that literal exist, let’s at least replace them with something like, “something unexpected happened, please return to your Dashboard or contact your support resources.” or something similar that helps the user go to the next step.

    • Spacedmonkey 8:11 pm on January 3, 2016 Permalink | Log in to Reply

    • Knut Sparhell 10:45 pm on January 3, 2016 Permalink | Log in to Reply

      Core framework for multi-language
      Fields API
      Continued Multisite cleanup
      Remove Post-by-email in favor of plugins
      Tool to convert Links to Menus, in preparation for removing Links in a later release
      Continued user facing options cleanup
      Unmanaged/private plugins marker
      Install multiple plugins
      Implement REST API endpoints
      New strategy for bumping requirements
      Framework for 2-factor authentication
      Better password hashing
      Frontend editing of posts (text)
      Customizer: Point at any customizable element to open it
      Customizer: Partial refresh

    • robertwhitis 8:27 am on January 4, 2016 Permalink | Log in to Reply

      I’m always happy to see work put into multisite.

      Domain mapping in core would be huge.

    • rgllm 11:02 am on January 4, 2016 Permalink | Log in to Reply

      User roles.

    • nealumphred 1:35 pm on January 4, 2016 Permalink | Log in to Reply

      Return the VIEW POST option to the Admin Panel so that it can be seen and used after a post has been published.

      • John Blackbourn 6:13 pm on January 4, 2016 Permalink | Log in to Reply

        There are already two (or three, depending on the action) links to view the post from this screen. The ‘View Post’ link in the admin toolbar, and the permalink itself. Removing it was intentional. See #18306.

    • Ahmad Awais 5:54 pm on January 4, 2016 Permalink | Log in to Reply

      Late to the party. I’m looking forward to so many things in 4.5.

      — WP REST API (Of-course!)
      — Fields API (This is a long time coming and is a much-needed improvement)
      PHP Templating Engine Twig could be perfect
      Safe Mode Run
      — Weston Ruter’s idea of adding Add New Post/Page to the customizer
      — UX: I like how easily we can drag & drop images to upload them (Media -> Add New) Screenshot ,maybe we can have a similar drag & drop plugin and theme installer (Plugins -> Add New area)

      That’s all for now.

    • whizadree 5:54 pm on January 4, 2016 Permalink | Log in to Reply

      would like to see 2FA, Recaptcha as core spend much more time with user security and encrypting data within the database (no plain text info ) , more Customization for Admin without plugins , ( customize menus , custom links , hide unused ) , a core file manager with option for changing permissions and warning of security risks for both files and folders as core (with additional plugins to increase usage ) , better admin of sites using mobile devices such as a full WordPress mobile app the manage the system and install plugins from qr codes , and find a proper way to stop fake accounts / users

    • freetheweb 6:19 pm on January 4, 2016 Permalink | Log in to Reply

      • Custom CSS editor in the Customizer instead of having to install Jetpack
      • Enhanced Admin UI
      • Now that WordPress has established itself as a full CMS for the web, I think we should have custom taxonomies as part of the default admin options instead of having to install third party plugins to set them up, which is often confusing
    • Arunas Liuiza 7:16 pm on January 4, 2016 Permalink | Log in to Reply

      My biggest pain point is not in the features/code at the moment, but in the lack of documentation, particularly, on the JavaScript part of things – WP Editor, Media Manager, etc.

      On the code part of things, I’d love for wp_editor to have a flag to return its content instead of echoing everything all the time. I get tired of playing with `ob_start()` and friends every time I need to use it in some callback function or other.

    • calendarboy 12:38 am on January 5, 2016 Permalink | Log in to Reply

      I would like to be able to sort users by name, or by address

      On the Users page it appears you can sort by name, but it does not work. Instead, selecting Name actually just sorts on Username.

      I would like to be able to sort users by Name and by address.

      I have deleted over a thousand bogus “users” created by bots (despite using a catcha) over the past two days. It has taken hours and I’m nowhere near being done.

      With the ability to sort Users, I could have deleted all of the bogus entries in minutes.

    • Andrew Wilder 1:24 am on January 5, 2016 Permalink | Log in to Reply

      Right now, comments can only by linked to by using an anchor tag, and if the pagination is ever changed, then the anchor reference will be broken.

      I’d like to see comments get their own permalink structure — so links to specific comments will stay valid if the pagination ever changes. (I’ve run into changed pagination many times… maybe a site owner changes the comment display order, or changes the number of comments per post, or some comments get deleted, shifting them up to a new page…there are lots of ways the structure of http://oursite.com/blog-post/comment-page-5/#comment-12345” can break over time.)

      https://core.trac.wordpress.org/ticket/26133#comment:3

    • Daniel Llewellyn 4:31 am on January 5, 2016 Permalink | Log in to Reply

      selfishly I’d like #29325 to be merged, so I can wear a new contributor badge with pride 😀

    • Marko Heijnen 6:49 pm on January 5, 2016 Permalink | Log in to Reply

      • More control for images

        • Ability add more information for an image size like quality or zoom
        • Add the image size to the filters for responsive images. width/hight simply doesn’t work
        • Ability to auto generate images and to stop them from getting generated. Internal API which by default is off. Will makes things easier for plugins since internal APIs need to be changed.
        • non web image like Tiff converting to JPG (imagick).
        • Other cool imagick tricks to generate a thumbnail for PDF’s for example
      • XML-RPC component cleanup. What can still be done or where will the REST API be good enough. Making hard cuts.
    • benoitchantre 10:03 pm on January 5, 2016 Permalink | Log in to Reply

      #29783: User Admin Language

    • Nicolas Juen 10:22 am on January 6, 2016 Permalink | Log in to Reply

      More modern tools support :

      • Composer
      • Namespacing
      • Autoloading

      And potential muliple levels of themes, at least allow locate_template working on more than 2 folders with a hook to edit the paths available.

      • Nicolas Juen 10:24 am on January 6, 2016 Permalink | Log in to Reply

        And at least unified fields management (options,users, * meta ) with the currently developping Field API 🙂

    • Zwaar Contrast 2:10 pm on January 6, 2016 Permalink | Log in to Reply

      I’d like to be able to hook into the image editor!

    • Mel Choyce 7:20 pm on January 6, 2016 Permalink | Log in to Reply

    • Ryan Boren 8:11 pm on January 6, 2016 Permalink | Log in to Reply

      Some usability focused wishes.

      We’re WordPress and all about the open web. The open mobile web is rather a mess. The open web needs to be great on mobile, and WordPress can help make that happen.

      https://make.wordpress.org/flow/2015/06/13/the-top-5-impediments-to-flow-on-touch-devices/

      I arrive at WP sites through Twitter and other apps on my touch devices. Lots of people do. We come out of our apps, land on a site, touch an image, and get a bad experience. WP sites have poor media touch flow.

      https://make.wordpress.org/flow/windmills/#carousels-and-touch-media
      https://make.wordpress.org/flow/2015/02/26/core-support-for-wordpress-images-to-open-in-a-modal-window/

      The toolbar is overdue for an update. I like where this ticket is going.

      https://core.trac.wordpress.org/ticket/32678

      Retire media-new.php.

      https://make.wordpress.org/flow/2015/01/29/retiring-media-new-php/

      Continue reducing settings.

      https://core.trac.wordpress.org/ticket/32396
      https://wordpress.org/plugins/wp-core-settings-reduction-project/

      Keep advancing the customizer and live preview.

    • Grant Palin 10:44 pm on January 6, 2016 Permalink | Log in to Reply

      • native post relationships
      • ability to regenerate specific image thumbnails and not the whole lot
    • Rich Tabor 11:48 pm on January 6, 2016 Permalink | Log in to Reply

      How about a drag-and-drop-in-place element for the Featured Image metabox (like what we have for the post editor)?

    • Anthony Hortin 5:38 am on January 7, 2016 Permalink | Log in to Reply

      • Redesigned/improved Image Library along with the ability to create folders.
      • Fix the Image Library Grid/List UI so there’s not multiple screens that perform the exact same function. The whole Gird/List UI has been a mess since the Grid layout was introduced.
      • Customizer redesign including the ability to default to wider 2 column layout so you’re not scrolling for pages and pages when there’s heaps of options.
      • Better consistency with Customizer UI. Sometimes you click a button and more fields appear below it. Other times you click a button and a panel slides in and out of view. Sometimes when you click a button, the panel slides to the left, other times it slides to the right. Users shouldn’t have to wonder what’s going to happen when you click a button.
      • Better notification experience. Too many plugins/themes are cluttering up the WordPress Dashboard with multiple and constant notifications.
      • Redesign of the Show Password/Hide/Show/Cancel/Generate Password buttons on the User Profile screens. The UI is confusing and there are too many unnecessary buttons.
      • Anthony Hortin 6:45 am on January 19, 2016 Permalink | Log in to Reply

        Adding to my list above…

        • The ability to be able to upload AND overwrite existing plugins. So Annoying not being able to upload newer plugin versions through the dashboard and simply overwrite the old version
    • Ross Wintle 9:41 am on January 7, 2016 Permalink | Log in to Reply

      • Any movement towards an efficient API for post-to-post relationships
      • Now that the REST API is (nearly) here, we should start improving the core UI. Could we start by using AJAX for pagination/sorting/filtering on list tables
      • TWIG-like templating. Or at least, some API that enables us to better separate logic and display. Currently I can use things like the query var to pass data to a template (as documented in the codex page for get_template_part: https://codex.wordpress.org/Function_Reference/get_template_part#Passing_Variables_to_Template) but it would be nice to have a data API or some way to pass data to templates. WP isn’t MVC so I’m not entirely sure what this would look like.
      • Ability to both install and upload multiple plugins in one go, and to overwrite existing plugins (for when you’re uploading an update to an existing plugin)
      • Ability to set login/dashboard URL as part of core
    • Lisa 1:49 pm on January 7, 2016 Permalink | Log in to Reply

      Let’s make notifications a thing of delight for the user.

      Can we have a universal inbox for them, and maybe add Wapuu or something that makes people smile. Like – https://cloudup.com/cQtJsMhtf0L

    • HoaSi 11:07 pm on January 11, 2016 Permalink | Log in to Reply

      Further improvement to https://core.trac.wordpress.org/ticket/26937 would be nice.

    • Tim 1:58 pm on January 12, 2016 Permalink | Log in to Reply

      The top pain point for me and my clients is probably management of the media library (as mentioned by lots of others); I’d love to see that a priority.

      Other things I routinely install plugins for, and would love not to have to:

      • Tree view and drag-and-drop sorting of pages (and posts and other types)
      • Global disabling of the comment system for sites where comments are irrelevant
      • Adding featured images to taxonomies
      • Using a visual editor for taxonomy descriptions

      Nice as it would be to have multi-language and page-by-page permissions in core too, I do realise that these are huge endeavours and the core team probably wishes to leave them to third party plugins, even though those plugins are far from perfect. 🙂

    • Ipstenu (Mika Epstein) 9:44 pm on January 12, 2016 Permalink | Log in to Reply

      I’m going to sneak add https://core.trac.wordpress.org/ticket/35429 – Since I upload a LOT of plugins for testing, this would save me oddles of time 🙂

    • shackep 1:53 pm on January 14, 2016 Permalink | Log in to Reply

      I think “enable-media-replace” https://wordpress.org/plugins/enable-media-replace/ should be added to core. Such a simple handy plugin. And perhaps something like https://wordpress.org/plugins/media-item-url/ while we are at it. Small things that many people could find useful.

    • The-Dude 2:57 pm on January 14, 2016 Permalink | Log in to Reply

      Native TOC-Support working together with Pagebreak would be very helpfull! 🙂

    • Damir Calusic 11:02 am on January 17, 2016 Permalink | Log in to Reply

      We really need this simple fix https://core.trac.wordpress.org/ticket/28381

    • summoner 10:35 pm on January 18, 2016 Permalink | Log in to Reply

      +1 for LOT of enhancements in media library (ordered by complexity):

      • Media categories;
      • “enable-media-replace” as mentioned by shackep;
      • Different sizes in different folders;
      • Adding a per file generated pre- or suffix to original file names so that people can not harvest others’ original images by simply deleting some characters of the thumbnail url…;
      • Maybe even some content protection functionality Galleries are great but FB like photo albums would be welcome as well (see in: https://wordpress.org/plugins/simple-photo-albums / this one does not add any new menu items which is great);
      • Image focal points as mentioned by chrishoward;

      +1 WP simply MUST support multilanguage content out of the box (as even personal blogs tend to need that, not to mention business sites)

    • itsnotrocketsurgery 2:45 pm on January 25, 2016 Permalink | Log in to Reply

      A mechanism for tagging and filtering themes would be useful. When I provide my themes/child themes to end users, it would be useful for me to tag them with their colours and be able to provide a filter at the top of the theme selection page.

      I’m not aware that anything like this already exists and I’m not a developer, but it would be handy to freely tag themes somehow, even just from within the theme CSS header.

    • camelotcamel 11:12 am on January 28, 2016 Permalink | Log in to Reply

      It’s all been said before, but anyway:

      Better media management!

      • upload to user defined folders
      • “add from server” functionality
      • media categories
      • media replace
    • Settler11 8:38 am on February 2, 2016 Permalink | Log in to Reply

      The Duplicate Post plugin! Almost a million downloads.
      And media management; but that’s been said a thousand times I think. 🙂

    • ledgoti 3:53 pm on February 4, 2016 Permalink | Log in to Reply

  • morganestes 1:45 am on October 13, 2015 Permalink
    Tags: ,   

    Week in Core: Sept. 28 – Oct. 11, 2015 

    Welcome back to the latest issue of Week in Core, covering changes from Sept. 28 – Oct. 11, 2015, changesets [34659][35029]. Here are the highlights:

    See that ↑ right there? That’s an oEmbed. And it’s loaded from inside this site.

    Feature Plugins Merged

    The Responsive Images, oEmbed Provider, and the “baby” REST API feature plugins have been merged into core. Grab the latest version of trunk and test them out.

    WordPress logo with wordmark below

    Responsive images in your posts. Just upload and insert!

    Potent Notables

    These changes were big enough to merit their own blog posts:

    Deeper Reading

    Some commits pack in a lot of info, from detailed background to best practices in using hooks. Here are a few worth reading the entire commit message:

    • WP_Term class introduced [34997] #14162
    • Fix scalability performance problem for previewing multidimensional settings in the Customizer. [35007] #32103
    • Ensure that wp.customize.Widgets.savedWidgetIds is defined up front. [34883] #33901
    • The history and implementation of oEmbeds. [34903] #32522
    • Improve role-related arguments in WP_User_Query. [34875] #22212
    • Use wp_installing() instead of WP_INSTALLING constant. [34828] #31130
    • Introduce *_network_option functions for Multisite installs. [34777] #28290
    • Ensure that comment permalinks reflect pagination. [34735] #34068, #34073

    (More …)

     
  • Weston Ruter 2:00 pm on September 23, 2015 Permalink
    Tags: , ,   

    Outlining a possible roadmap for the Customizer 

    Planning for the future is a necessary and important part of the WordPress development process. As we consider the future of WordPress – both as a whole and individual features – we publish proposed roadmaps to encourage greater discussion and give insight into the core team’s thought process.

    The process of creating a roadmap is just as important as the vision behind it and the final roadmap itself. This process gives the entire community an opportunity to research and document history, define what specific items can be accomplished to bring us closer to the vision, and outlines how those tasks fit together within a possible timeframe.

    What follows is a potential roadmap for the Customize component. If you’re interested in the future of live preview in WordPress, now is the perfect time to get involved and leave your feedback.


    A couple of months ago, the WordPress lead developers met with the maintainers of the Customize component to discuss the future of live preview in WordPress. The goal of the chat was to come up with a potential roadmap for both the component and for how live preview can improve the user experience of WordPress for all users.

    The ultimate goal of live preview in WordPress is to create user trust and remove the “save and surprise” inherent in some of the backend features.

    After a lot of discussion, the group decided to target the following goals over the next two years:

    • Considerably improve performance.
    • Continue iterating on current live preview features to ensure they are solid and as easy-to-use as possible, including theme browsing and installation, menus, and widgets.
    • Experiment with new and different user interfaces. If we were creating live preview today, what would it look like? In what ways can we ease the feeling that you’re looking through a “porthole”?
    • Removal of the ambiguous mode. Currently, the Customizer is contained in a sidebar without the admin toolbar, but ideally there is the admin and the theme, and no in-between. One direction this may go is enabling “Customize” on the front end to immediately load the Customizer controls.
    • Experiment with a guided new user experience (NUX). Live preview lends itself to site setup. How can we improve the live preview experience and combine it with the NUX? Consider a “setup wizard” use case and ensure the flow has no dead ends, i.e. users can customize everything in one.

    Those overall goals for live preview in WordPress can be rewritten into some specific features that are in development or planned for the future of the Customize component. These include:

    • Transactions. This re-architecture of some of the Customizer internals improves compatibility with themes by loading the preview using a natural URL, and allows Ajax requests or even REST API requests to be previewed. It also allows the preview to be viewed independently of the Customizer, so changes can be shared for others to review. See #30937.
    • Selective refresh. Only a piece of the page will need to be refreshed when this backend feature is implemented. (Formerly known as “Partial Refresh”.) Currently, this is available for menus in the Customizer. This eliminates duplication of display between PHP and JS, keeping it DRY. See #27355.
    • Concurrency. Allows for “locking” settings using the Heartbeat API, improving the overall user experience by preventing users from overwriting each other’s changes. See #31436.
    • Revisions. Enables plugin developers to add features like draft, roll back, and scheduled changes (e.g. “change my background on January 1”). This builds upon transactions, as the setting changes are staged in a transaction, and this facilitates settings to be revisioned and for settings to be scheduled. See #28721, #31089.
    • Theme installation. Iterates on and completes the theme browsing experience.
    • Responsive preview. Iterates on the concept of live preview by giving users a better idea of what their site will look like on other devices. See #31195.
    • Bootstrapped Customizer. Lazy-load the Customizer into the current frontend view without having to leave the page. With selective refresh implemented, inline controls and frontend bootstrapping would be possible since full-page refreshes would no longer be required.
    • Improvements for both touch and small devices.

    Beyond those features, the group identified some specific changes that should be prioritized, in conjunction with the features planned:

    • The sliding animation between panels should feel more like “moving panels” (see: iOS).
    • Keyboard navigation should be consistent and clear.
    • Identify “dead ends” in the interface and remove them, when possible. For example, prior to menus in the Customizer, it was not possible to customize that aspect of your site’s design with the Customizer.

    The concepts surrounding live preview and the Customizer have been in development for a long time. Many of the concepts from Elastic Theme and the Visual CSS Editor have been incorporated over time. Over the next few years, experimentation with these concepts will likely take place in feature plugins. For example, this team may experiment with inline content editing, where it makes sense in the context of customizing a site. Another path for exploration is simple theme customization – e.g. change the header font, change the sidebar color, or change the width of the sidebar.

    As with all components and new features, we shouldn’t be afraid to experiment and fail and should continually push for new experiments and ideas, especially in the context of feature plugins. Further, some of the above experiments may not make it into core, but are meant as a general direction that live preview should take in WordPress.

    Taking these features together, below is a sequence outlining a possible roadmap for live preview and the Customize component in general, along with estimated targets. Please note that this is a proposed roadmap and is entirely dependent on contributor involvement. Additionally, many of these things will take place in a feature plugin prior to core inclusion.

    • Partial refresh. Performance Improvements. (Target: 4.4)
    • Responsive Preview. Transactions. (Target: 4.5)
    • Concurrency. Revisions. Theme Install. Beginning of NUX wizard. (Target: 4.6)
    • Focus on touch screen / small device improvements. (Target: 4.7)
    • Developer API improvements based on feedback from plugin developers. (Target: 4.8)
    • Improved UI after experiments in 2016. NUX “wizard mode.” (Target: 4.9)

    Live preview is one of the most critical features in WordPress as we continually combat “save and surprise.” The Customizer in its current form provides an improved user experience to WordPress users when customizing their site’s design. Each feature mentioned above is a continuation of the live preview concept, building and improving upon the Customizer.

    Everything above is just a proposal and we need your feedback to ensure it is the right direction. If you’re interested in any of the above, comment here with your feedback, or join the team in #core-customize.

    This post was a collaboration between @helen, @nacin, @mark, @celloexpressions, @samuelsidler, and yours truly.

     
    • Davide 'Folletto' Casali 4:46 pm on September 23, 2015 Permalink | Log in to Reply

      > NUX wizard

      I find a bit dangerous to think of it as a “wizard”, mostly because usually wizard UIs have specific connotations. We should think of it more as a “tutorial” like games do. Not separate UIs, but a guide through an existing UI that can be dismissed if you’re expert, or done partially, or followed all along. 🙂

      Other than that… this seems AWESOME. 🙂

      Performance is really the main thing there. That alone would reap huge benefits. Then you add Live Preview and well, boom! 🙂

    • Daniel Bachhuber 6:11 pm on September 23, 2015 Permalink | Log in to Reply

      We (Fusion) are very keen to adopt the Customizer as the UX for frontend management, and look forward to helping out with the feature plugins built as a part of the roadmap.

    • FolioVision 12:43 am on September 24, 2015 Permalink | Log in to Reply

      Weston, thanks for the comprehensive and forward thinking report.

      It would be great if the interface paradigm for Customizer would remain constant for the exterior world (i.e. agencies and clients) while a dev version gets tested by the more progressive among us.

      Perhaps a switch to throw in settings to enable experimental Customizer features? The switch could be retired when Customizer settles a bit.

      • Weston Ruter 4:05 am on September 24, 2015 Permalink | Log in to Reply

        @FolioVision yes, absolutely. This is why most of the new features will be developed in feature plugins so that they will remain opt-in until they are deemed solid for everyone.

    • devolute 4:05 pm on September 25, 2015 Permalink | Log in to Reply

      but ideally there is the admin and the theme, and no in-between.

      Here here! Does this mean that there will be a “front-end” mode, and a “dashboard” mode that fits into the current dashboard so that things can be altered without a preview being available?

      • Weston Ruter 4:16 pm on September 25, 2015 Permalink | Log in to Reply

        @devolute Basically the idea is that there would no longer be a separate “Customizer” URL (wp-admin/customize.php) that you go into. When on any frontend URL, clicking “Customize” would just slide out the Customizer sidebar pane in place. You’d still have the admin bar available and everything else that you would normally when on the frontend, except you’d also be able to make changes to the Customizer as you browse around. So no, this doesn’t have in mind making the Customizer controls available in the wp-admin without a corresponding preview.

        • devolute 4:19 pm on September 25, 2015 Permalink | Log in to Reply

          Ah, I understand your intention. I think my problem is that I’m using the customizer for things like phone numbers, addresses and other options when I perhaps should look at other solutions.

    • Ahmad Awais 3:38 pm on September 26, 2015 Permalink | Log in to Reply

      We at WPTie are slowly yet gradually adopting Customizer in all our themes and plugins (where needed). All in for customizer support in WordPress.

    • Alex Mangini 10:23 pm on September 28, 2015 Permalink | Log in to Reply

      On the “Bootstrapped Customizer” point, is this a move towards inline content editing and possibly even “page builder” type concepts?

      My biggest curiosity about the Customizer and what I really want to use it for as a developer is creating posts and pages without a 3rd party visual editor and without the drawback, as already stated, of guessing what they’ll look like after inputting content into specially built meta boxes or widgets.

      Thanks for doing these write-ups, as I build more and more WordPress plugins/products I find myself lurking around here to better educate myself and plan roadmaps for my own work.

      • Weston Ruter 10:45 pm on September 28, 2015 Permalink | Log in to Reply

        @alexmangini:

        On the “Bootstrapped Customizer” point, is this a move towards inline content editing and possibly even “page builder” type concepts?

        This is already possible, actually. For an example of inline editing, see the Customize Inline Editing plugin. And page builders are also possible now by using widgets in the Customizer. I’m currently working on a site that uses a concept of query-specific widget areas to allow every URL to have custom sidebars configured, where the main content area is just another widget area: this allows drag-and-drop building of pages just with standard widgets and any custom widgets that you define. Widgets still have a lot of room for improvement in Core, but I’m very keen to see them move in the direction of “content blocks” which can be used for building page templates in the Customizer.

    • Nick Halsey 4:19 am on September 29, 2015 Permalink | Log in to Reply

      Thanks for getting this published Weston.

      A couple of additional comments on my end:

      • We need more help. The Customizer can do (and could do) a lot, but without more contributors (not just code), it’ll take time to see big improvements go through. I’d love to see more of an effort to embrace the Customizer throughout various other core projects, and to see more community involvement in Customizer design and development.
      • In the interest of experimentation and building on the benefits of live preview, I’m planning on looking at some ways to integrate things like page templates, post formats, and featured images (with cropping) into the Customizer. While there’s a good chance none of those things will make it into core, I’d like to encourage anyone with any ideas for the Customizer to try them out and offer them for discussion. We’re no where near the limit of what users could do with the Customizer and it’s an amazing framework to build additional features on top of.
      • While many of the topics in the post are fairly developer/backend oriented, it’s important to emphasize that there is still a significant amount of design and UI/UX work to be done, including looking at entirely different approached to the live preview UI concept. Don’t be shy to share your ideas if you have any – the technical side of things is evolving to support pretty much anything we may want to try.
    • pingram3541 3:59 am on November 24, 2015 Permalink | Log in to Reply

      A little late to the game but I just wanted to say thanks for pushing the Customizer forward. I do feel it is given the least amount of attention when it comes feature progression and I can’t figure out why. Yay for menu’s but how did menu’s make it on the plate before posts??? Seriously folks, this is a huge mechanism in which we are losing ground fast to many of the new front end content builders on the web and the Customizer is behind the times.

      @westonruter your example of the Customize Inline Editing is nice but seems only to serve a very narrow focus on ability as it still provides no capability of inline editing for actual post content/post meta. Don’t get me wrong, great working example but real world we need to break outside the box of wp_options, theme_mods…we need simpler access to post objects and other areas in WordPress.

      Again @westonruter looking at your code on the Customize Posts plugin I see that your way of getting around the lack of post object availability is by providing a drop down of all posts/pages of which to perform the query against which is genius. However, it doesn’t seem natural to have to select a page/post when you’re already viewing one in the Customizer already and when needed can navigate to other post/page where their post fields could be provided rather than choose it from a long drop down list, which could become unmanageable on some larger sites.

      So yes, I’m excited for the future and the BIG ONE thing I’d love to see is:

      Access to the current preview’s post object or at least a way to capture the post id for use with $customize_update and $customize_preview. Could be as simple as adding the post id to the $wp_customize object.

      • Weston Ruter 5:54 pm on November 25, 2015 Permalink | Log in to Reply

        @pingram3541 Thanks for the reply.

        I do feel it is given the least amount of attention when it comes feature progression and I can’t figure out why. Yay for menu’s but how did menu’s make it on the plate before posts???

        There are a limited number of people to contribute to each release. @carlhancock wishes that all admin management features could be added to the Customizer at one time instead of one piece at a time, but this is not practical for an open source volunteer effort with three releases a year. As we just saw with Automattic’s Calypso announcement from @matt, it took almost two years and dozens of contributors to re-develop the entire WordPress.com admin into a new JS-driven interface. We don’t have the time or the person power to do that. However, I think that interest is building, and with that, contributors will come.

        Compared to posts, it is relatively much simpler to build support for nav menus in the Customizer. They have a UI that fits in the Customizer pane, and the data model is pretty normalized. Posts, on the other hand, would need a full-on editor experience (inline to the preview) and can have an infinite number of variations to display (shortcodes, media embeds, etc). This is a hard problem to generalize for all themes, but it is something that @iseulde has worked hard on in the Front-end editor plugin. The Customize Posts plugin was developed as a prototype to show the architecture for how posts and postmeta can be managed in the Customizer so that the Front-end editor (or another such plugin) could leverage the Customizer for previewing and staging changes.

        your example of the Customize Inline Editing is nice but seems only to serve a very narrow focus on ability as it still provides no capability of inline editing for actual post content/post meta. Don’t get me wrong, great working example but real world we need to break outside the box of wp_options, theme_mods…we need simpler access to post objects and other areas in WordPress.

        As noted in the plugin’s description, Customize Inline Editing is an example (proof of concept), again to show how inline editing can be implemented in the Customizer. So its focus is intentionally narrow. The approach taken there can be implemented for managing post data inline. See also wp-customize-posts#8.

        on the Customize Posts plugin I see that your way of getting around the lack of post object availability is by providing a drop down of all posts/pages of which to perform the query against which is genius. However, it doesn’t seem natural to have to select a page/post when you’re already viewing one in the Customizer already and when needed can navigate to other post/page where their post fields could be provided rather than choose it from a long drop down list, which could become unmanageable on some larger sites.

        Actually, it’s not a dropdown of all posts/pages. It’s a list of the posts that currently appear in the preview. The dropdown’s options change as you navigate around the site in the preview, meaning that you should only be editing a post in the Customizer that is actually visible in the preview.

        So yes, I’m excited for the future and the BIG ONE thing I’d love to see is: Access to the current preview’s post object or at least a way to capture the post id for use with $customize_update and $customize_preview. Could be as simple as adding the post id to the $wp_customize object.

        The future is now. As noted above, Customize Posts does it to communicate the list of posts in the preview to the pane for the dropdown. Also @ericlewis has implemented this in wp-custom-css-per-post. I also have on my todo list to write a post on how to create a “metabox” in the Customizer for managing postmeta for the current singular post in the preview.

    • Philip Ingram 6:57 pm on November 25, 2015 Permalink | Log in to Reply

      Thanks for the quick and detailed response. I’d love to contribute as long as my foo is strong enough, let me know how I can help or if there is a more appropriate forum for continuing this discussion =)

      Additionally, regarding @ericlewis ‘s wp-custom-css-per-post, I already have a working live css editor using codemirror to provide live updating of the preview as well as updating the hidden Customizer input setting transport to postMessage and this works great allowing live preview before saving but also allowing the saving. This has greatly improved efficiency of my front end design workflow. However this currently is limited to my site-wide custom css via theme options. What brought me here in the first place was seeking out a way to GET and POST the current posts meta which I have a custom css per post option built into my themes. So maybe I can get with @ericlewis and we can figure this out. Looking at WP Customize Posts I see the query for $_POST[‘customized’] to iterate though and retrieve post id’s but when using the Kirki toolset (I’m sure the class needs something extra for this) it’s always an empty array upon initial load of the Cusotmizer and that is where I’m stuck currently. I just need the darned post id!

      You mention that posts are way more complex than menus and yes there’s no debate there, however in the time being, if there was a simple way to capture the current previewed post’s id or maybe a clearer example how to retrieve it, that opens the door for us to pioneer further without waiting for a more core-driven method of updating post data via the Customizer.

    • Philip Ingram 10:20 pm on November 25, 2015 Permalink | Log in to Reply

      @westonruter Yes! Thank you for this.

  • morganestes 9:08 pm on September 21, 2015 Permalink
    Tags: ,   

    Week in Core: Sept. 13-21, 2015 

    Welcome to the Week in Core — Week Four, with super-exciting news from around WordPress-land, and Core changes and updates for Sept. 13–21, 2015 (commits [34093][34361]). This week’s core contributors number 106! I’m especially jazzed about the number of new names on the list, and want to thank everyone for your effort this week.

    News you can use

    The WP REST API team submitted a proposal to merge the plugin into core, with a two-phase integration plan. The merge proposal blog post also does a nice job of presenting the history of the plugin and some use cases.

    Do you use my-hacks.php in your site? Don’t. (A quick search through the plugin and theme repos shows only 10 plugins and 3 themes that mention the file.)

    Multisite is making some pretty big changes, including the addition of the  WP_Network class. Check out this blog post, which outlines some of the changes and a roadmap for future updates for 4.4.

    Interested in the user-focused part of WordPress? Of course you are! Join in the conversation about “Potential UI/UX projects in core.”

    Code changes

    Here are some highlights from the 268 change sets published to Trac; the complete report is available online in plain-text format for a bit more in-depth coverage.

    (More …)

     
  • morganestes 9:04 pm on September 16, 2015 Permalink
    Tags: ,   

    Week in Core: Aug. 31 – Sept. 12, 2015 

    Welcome to the Week in Core, with updates from weeks 2 & 3: Aug. 31 – Sept. 12, 2015, changesets [33821][34092].

    It’s been a busy couple of weeks in Core, with almost too many changes to count (for the record, this one covers 271 commits!). I’m going to keep this update shorter than usual and highlight some of the bigger changes.

    If you’re interested in helping write this weekly post, ping @morganestes in #core-weekly-update on Slack.

    Special Note: WordPress 4.3.1 was released this week, with three security-related fixes. Be sure to update your sites!

    Here’s some highlights of recent changes in core, along with some future plans and ongoing initiatives. Remember, Core moves pretty fast. If you don’t stop and look around once in a while, you could miss it.

    • WordPress will support PHP7 when it’s released. Huzzah!
    • HTTP/2 is coming! Here’s a list of tickets that need attention to get WordPress ready.
    • Get involved in Twenty Sixteen, which is in active development on GitHub.
    • Write better commit messages. The world will thank you for it. 🙂
    • As described in this post by @johnbillion, the show_ui flag for post types now gets fully honored. See #33763 for the ticket discussion.
    • A new helper function, wp_validate_action( $action = '' ), was introduced in [34059] and is used throughout admin instead of directly accessing $_REQUEST['action'].
    • A new file, wp-admin/includes/noop.php, was created to load all of the noop functions for load-script|styles.php and is only loaded by those files. DRYs in the process. [34037] #33813
    • Schema change introduced in [34030] to increase the length of wp_options.option_name to 191 chars. #13310
    • Implement a priority system for Help Tabs to add them at specific positions. [33985] #19828
    • Multisite: Don’t allow sites to be created with the following reserved slugs: wp-admin, wp-content, wp-includes [33952] #33615
    • Updated recommendations for minimum versions of PHP (5.6) and MySQL (5.5), with a special note that Oracle only actively supports MySQL for 5 years after a General Availability release. [33937] [33946]

    For the full report, visit https://core.trac.wordpress.org/log/?verbose=on&format=changelog&rev=34092&stop_rev=33821&limit=400&mode=stop_on_copy.

    Thanks to @adamsilverstein, @afercia, @amereservant, @ankit-k-gupta, @antpb, @austinginder, @azaozz, @BdN3504, @benjmay, @boonebgorges, @bradt, @brettz95, @celloexpressions, @cgrymala, @Cheffheid, @chriscct7, @codeelite, @CoenJacobs, @danielbachhuber, @daniellandau, @dannydehaan, @dd32, @dimadin, @dipeshkakadiya, @dlh, @DrewAPicture, @dustinbolton, @egower, @enshrined, @ericdaams, @ericlewis, @extendwings, @figureone, @filosofo, @gaelan, @GaryJ, @gitlost, @gnaka08, @gradyetc, @gregrickaby, @hauvong, @helen, @imath, @ippetkov, @iseulde, @ixkaito, @jazbek, @jeffstieler, @jeremyfelt, @jesin, @jobst, @johnbillion, @joostdevalk, @jorbin, @juliobox, @JustinSainton, @kevinlangleyjr, @khromov, @kitchin, @kraftbj, @lancewillett, @liljimmi, @lukecarbis, @macmanx, @MatheusFD, @mehulkaklotar, @mercime, @metodiew, @michielhab, @MikeHansenMe, @miqrogroove, @mitchoyoshitaka, @mordauk, @morganestes, @mrahmadawais, @mrmist, @Mte9, @nacin, @netweb, @nikeo, @nikolovtmw, @nofearinc, @obenland, @ocean90, @OriginalEXE, @Otto42, @paulwilde, @pavelevap, @pento, @peterwilsoncc, @racaseh, @rachelbaker, @rajnikmit, @rmccue, @rommelxcastro, @sc0ttkclark, @scribu, @SergeyBiryukov, @sillybean, @solarissmoke, @stevehenty, @swissspidy, @tmatsuur, @trepmal, @tyxla, @umeshnevase, @utkarshpatel, @wen-solutions, @wenthemes, @westonruter, @wojtekszkutnik, @wonderboymusic, @yoavf, and @zeo for their contributions!

     
  • Robert Chapin 10:10 pm on September 2, 2015 Permalink
    Tags: , ,   

    Shortcode Roadmap Draft One (Proposal – Request for Comments) 

    This is the first draft of the Shortcode API Roadmap. It describes in broad terms a new feature set and migration that might take place across versions 4.4 through 4.7. This roadmap gives notice to plugin developers that significant changes in plugin design may be needed for compatibility with future versions of the Shortcode API. This roadmap also identifies steps taken to minimize the impact on plugin developers to allow most plugins to continue working with only small changes.

    The decision to create this roadmap arose from specific needs that are not met by the old code. Our old [ and ] delimiters were easily confused with the way those characters are commonly used in English quotations and sometimes even in URLs. The proposal to use [{{ and }}] instead should allow a better balance between being able to type in the shortcodes and avoiding confusion with any other input. With these more unique delimeters, we will be able to process registered shortcodes more efficiently because we will not have to search for them by name. Unregistered shortcodes will have more consistency because we can find them more accurately.

    Old style delimeters also gave no strong indication whether or not a closing tag was required. The proposal to use }$] as the delimeter of a shortcode with a following closing tag increases the efficiency of regular expressions, because the search for a closing tag will only happen as needed.

    Adding the new style of shortcode syntax provides an opportunity to make significant API changes. One of those major changes is to ensure that shortcodes are processed before paragraphs and before curly quotes. This will lead to greatly simplified code in related functions that currently must find and avoid shortcodes every time they run. We also have an opporunity to re-think the way shortcodes are filtered, and to give plugin authors more control over those filters when registering their shortcodes.

    4.4 – Introduce New Syntax

    A new syntax and documentation of how it works will be created in the 4.4 development cycle. Support for the new syntax will be introduced, allowing plugins to register for extra features. Core shortcodes will use the new syntax in all new posts. The old syntax will not change. Old posts will not be affected. Initial work on the syntax concept follows.

    Proposed New Syntax

    Self-Closing:  [{{shortcode}}]
    
    Attributes:  [{{shortcode  attr1="value1"  attr2='value2'  "value3"  'value4'  value5}}]
    
    Enclosing:  [{{shortcode}$] HTML [${shortcode}}]
    
    Multiple Enclosures:  [{{shortcode}$] HTML [${encl2}$] HTML [${encl3}$] HTML [${shortcode}}]
    
    Escaped Code:  [!{{shortcode}}]
    
    Stripped Unregistered Code:  [{{randomthing}}]
    
    Stripped Unregistered Enclosure:  [{{randomthing}$]  Content also stripped.  [${randomthing}}]
    
    Stripped Empty Code:  [{{ }}]
    
    Ignored Orphan:  [{{shortcode}$]
    
    Ignored Orphan:  [${shortcode}}]
    
    Ignored Orphan:  [${encl2}$]
    
    Ignored Context:  [{{shortcode <br> }}]
    
    Ignored Context:  <a href="[{{shortcode}}]">

    4.5 – Deprecate Old Syntax

    Starting in 4.5, plugins that register shortcodes without declaring support for new features will raise debugging errors to alert developers that support for the old shortcode syntax is ending.

    Old posts will continue to work normally while the old syntax is deprecated.

    4.6 – Upgrade Old Posts

    Old posts will be automatically converted to the new shortcode syntax. The Shortcode API will continue to provide deprecated support for old syntax so that there is no disruption during the conversion process.

    The API should be adequately abstracted so that old plugins are not affected by this conversion. However, as the new syntax will not support HTML inside of shortcode attributes, there is no guarantee that every shortcode will work the same way in 4.6 as in earlier versions.

    4.7 – End of Support for Old Syntax

    Old shortcodes will stop working in 4.7. Plugins that still produce the old shortcode syntax will be ignored by the Shortcode API.

    The upgrade to 4.7 will include a second pass of the conversion of old posts so that any old syntax that was added to posts during 4.6 will still get converted.

    In 4.6 or 4.7, if necessary, a filter could be added to automatically convert any old syntax still being produced by old plugins when new posts are created.

     
    • Daniel Bachhuber 10:15 pm on September 2, 2015 Permalink | Log in to Reply

      Old posts will be automatically converted to the new shortcode syntax. The Shortcode API will continue to provide deprecated support for old syntax so that there is no disruption during the conversion process.

      What about shortcodes stored in other fields?

      • Muhammad 10:18 pm on September 2, 2015 Permalink | Log in to Reply

        Hopefully, we’ll have helper functions to convert those into new format.

      • Robert Chapin 10:38 pm on September 2, 2015 Permalink | Log in to Reply

        Unless there are alternative ideas, I think plugins that do things in non-core ways will be expected to follow the roadmap with their own upgrades. If there are certain fields that are very commonly used in plugins, we should consider doing a core conversion of those, but with much caution.

      • Robert Chapin 11:10 pm on September 2, 2015 Permalink | Log in to Reply

        One alternative would be to leave the old syntax parsers available for plugin filters, while removing them from default filters.

    • AmirHelzer 10:16 pm on September 2, 2015 Permalink | Log in to Reply

      Thanks for the advanced notice on this huge upcoming change. Aren’t you worried that this process will basically break 99% of all existing WordPress sites? Almost all sites use shortcodes in one way or another (like image captions). doing automated updates to CONTENT is certainly possible, but also prone to corner cases and errors.

      It’s great to have a new API. Is it critically important to deprecate the old one?

      Also, for authors, it’s a lot nicer to have a simple [ ] syntax rather than a more complex sequence of characters.

      • Robert Chapin 10:44 pm on September 2, 2015 Permalink | Log in to Reply

        I think the conversion process will be seamless for most sites. This will mainly depend on corner cases such as plugins embedding shortcodes inside of HTML attributes.

    • Nick Haskins 10:18 pm on September 2, 2015 Permalink | Log in to Reply

      The advanced notice is great, but IMO this is absolutely ridiculous. Are there any benchmarks on how much more efficient it is having users type in more characters for a shortcode? Any benchmarks with how much more efficient core will be from having this change made? This is a HUGE change that will affect a VERY large subset of users.

      • chriscct7 10:40 pm on September 2, 2015 Permalink | Log in to Reply

        This is partially about efficiency. This has a lot to do with security, and basically making 4.2.3 impossible as possible to re-occur

        • Nick Haskins 10:45 pm on September 2, 2015 Permalink | Log in to Reply

          I’d love to see benchmarks on the regex processing of the current implementation against the proposed implementation. Re: security; ATM I’m failing to see how [{{this}}] is more secure than [this]?

        • kevinwhoffman 1:13 am on September 4, 2015 Permalink | Log in to Reply

          If the proposal has positive effects on security, it should mention them. A brief summary or a link to the issues with 4.2.3 would help inform that discussion. As of now the only focus seems to be on theoretical improvements to efficiency while complicating the process of using shortcodes.

      • FolioVision 11:31 pm on September 2, 2015 Permalink | Log in to Reply

        This is an absolutely hideous proposal with dreadful syntax. Is the goal of this WordPress project of ours not to bring software to the people? Syntax like this will be the beginning of a new and much better simple CMS which doesn’t do things in the ugliest, most complicated way possible.

        Code better database upgrades, test them properly before releasing and please stop trying to ruin the software for the end users (those who actually use the software and pay all the bills for us to build it).

        • Travis Northcutt 3:54 pm on September 3, 2015 Permalink | Log in to Reply

          “Syntax like this will be the beginning of a new and much better simple CMS which doesn’t do things in the ugliest, most complicated way possible.”

          The sky is falling!

    • Scott Taylor 10:18 pm on September 2, 2015 Permalink | Log in to Reply

      Let’s all note the “Draft One” portion of the title, and let’s all actively give feedback and participate in any decisions on the table here.

      • Nick Haskins 10:21 pm on September 2, 2015 Permalink | Log in to Reply

        My main concern is that this isn’t easier for authors, and that this will affect a very large portion of users and active sites. If I’m understanding correctly, is this being proposed because it’s more efficient for core?

        • Scott Taylor 10:23 pm on September 2, 2015 Permalink | Log in to Reply

          I have the same concerns, and hate the syntax. I also know that the current situation with shortcodes and content-parsing is potentially unstable and unsustainable.

        • Justin Sternberg 10:33 pm on September 2, 2015 Permalink | Log in to Reply

          I’m in agreement here with the concerns. This will break a lot of things because the short code API has been around so long. There’s just no way to account for all the hacks, workarounds, etc, and doing a migration effort on a WP update sounds like a mighty scary prospect.

          • leehodson 10:37 pm on September 2, 2015 Permalink | Log in to Reply

            Should be able to use the existing shortcode parser to recognize old format shortcodes then make the necessary changes to update them. It recognizes shortcodes efficiently enough at the moment.

            Can imagine breakage but as long as the updater shows the changes site admins ought to be able to determine where hands-on intervention is required.

          • FolioVision 11:33 pm on September 2, 2015 Permalink | Log in to Reply

            It seems a make work project. Are there not some important areas where we could make some real progress like integrated multilingual and better native galleries/media management (NOT reliant on external Automattic services)?

            The upgrade process here and cross-version incompatibilities are more than scary.

          • galbaras 11:44 pm on September 2, 2015 Permalink | Log in to Reply

            Backward compatibility should take into account site-specific customizations, i.e. declaring shortcodes in functions.php of a (child) theme. Most site owners use a “build and forget” approach, or at least neglect their sites for long periods. If a new version contains no support for old-style shortcode declarations, sites will break all over the web.

        • Solinx 11:09 pm on September 2, 2015 Permalink | Log in to Reply

          Yes. How am I going to explain anyone that this syntax is an improvement?

          What specifically are the reasons for not using {{shortcode}} and {{shortcode}} {{/shortcode}}? Or [[shortcode]] and [[shortcode]] [[/shortcode]]?

          Other than that the improvements to the API sound good.

          • Robert Chapin 11:18 pm on September 2, 2015 Permalink | Log in to Reply

            Lone curly braces are easily confused with PHP and other C-style code snippets. The latter square brace example is incompatible with the old syntax and would cause migration problems.

    • Andrew Ozz 10:20 pm on September 2, 2015 Permalink | Log in to Reply

      Was just about to say that this is a proposal. Scott beat me to it (as usual) 🙂

    • Pippin Williamson 10:22 pm on September 2, 2015 Permalink | Log in to Reply

      I would assume the answer is “yes”, but have there been benchmarks done that compare the differences in various syntaxes?

      Why [{{shortcode}}] and not {{shortcode}}?

      Most of the proposed syntax seems sane (though still curious on question above), but this one concerns me:

      [{{shortcode}$] HTML [${shortcode}}]

      For most users, that will be exceptionally unintuitive and we will almost certainly see a high error rate with users not being sure where and when a $ is used.

      • Nick Haskins 10:26 pm on September 2, 2015 Permalink | Log in to Reply

        Pippin I have to agree. If we absolutely have to move, how about something as simple as [{this}] HTML [${this}] . it’s easier to digest, and easier to remember that a $ ends a closing statement.

      • webaware 11:19 pm on September 2, 2015 Permalink | Log in to Reply

        The whole proposal sounds pretty horrible to me, but this suggestion by Pippin sounds moderately less ridiculous.

        Re: {{…}}, I would assume that’s because they are already used heavily in non-WP templating, especially JS templating.

        Essentially, this “fix” is coming rather too late in the piece and I think it’ll break more things than it solves. As a plugin writer heavily dependent on shortcodes, I can only see a greater number of support requests from broken shortcodes in my future if this goes ahead.

        Only Shortcake can save us now! 🙂

        • idealien 2:33 am on September 3, 2015 Permalink | Log in to Reply

          “Only Shortcake can save us now!”

          Seriously! If Shortcake were to be brought into core along with this (draft) proposed change – it would go a LONG way to mitigating the concerns many have raised around complexity.

          Without Shortcake:
          “Look – we took this feature you love and made it harder to use….But it’s safer / faster / better”

          With Shortcake:
          “Look – we made is hella-easy to use shortcodes without having to remember syntax type things. Oh, and that syntax is also getting harder b/c it needs to be safer / faster / better.”

          Car metaphor time… With Shortcake: You’re getting automatic transmission and manual is just a little bit harder to use. Without Shortcake: Manual transmission is now harder to use.

          Shortcake FTW!

      • Robert Chapin 11:33 pm on September 2, 2015 Permalink | Log in to Reply

        If we could get this to work…

        [{{shortcode}} HTML {{shortcode}}]

        Is that better? Or still confusing?

      • Mario Peshev 4:16 pm on September 3, 2015 Permalink | Log in to Reply

        I do agree with Pippin’s example with the dollar signs. Seems incredibly easy to mess up by users. I also noticed another syntax including an exclamation sign, which adds an additional layer of complexity for each and every user.

        +1 on the benchmark question. Given the several different supported syntax proposals, I’m curious to see the regex that is parsing those in a sensible and timely manner.

    • AmirHelzer 10:23 pm on September 2, 2015 Permalink | Log in to Reply

      Also, we deal a lot with shortcodes in Toolset plugins. I can’t see any evidence of any user confusing the [ ] characters for anything else than shortcodes.

      Please, besides the code changes, please also consider the huge amount of documentation update that such a change will require.

      Run a quick Google search for “WordPress shortcodes”. A few pages come from wordpress.org, but the majority are old pages, blog posts and tutorials. Nobody is ever going to update them.

      So, after making such a change, people will see two sets of documentation – with new syntax and with old syntax. You know that Google favours ‘old’ content, so the old tutorials that are never going to update will still explain to use [ ]. I don’t think that this will work out well.

      • chriscct7 10:34 pm on September 2, 2015 Permalink | Log in to Reply

        The team working on this is committed to the documentation updates that are necessary.

        • Pippin Williamson 10:35 pm on September 2, 2015 Permalink | Log in to Reply

          Core documentation isn’t an issue. It’s every plugin / theme developer in the world that also has to update their documentation.

          I don’t disagree with updating docs, just making it clear that’s the issue @AmirHelzer is raising.

          Also have to keep in mind the thousands (millions?) of blog posts and tutorials out there.

          • AmirHelzer 10:49 pm on September 2, 2015 Permalink | Log in to Reply

            Exactly. I’m sure that the core team would be quick to update documentation on wordpress.org. I’m talking about the many pages on other people’s sites that will likely never be updated.

    • Scott Fennell 10:25 pm on September 2, 2015 Permalink | Log in to Reply

      Thanks for your work on this!

      I’m trying to understand what I would need to do in order to prevent about 1,200 live blogs from breaking when this syntax is no longer supported:

      [my_shortcode before='<div class="my_class">' after='</div>']

      Andrew offered a helpful suggestion here:

      https://make.wordpress.org/core/2015/08/30/shortcodes-roadmap/#comment-27368

      If I understand his suggestion correctly, I’d be on the hook to do a search and replace in the database, which will be quite scary and expensive for my company. We have literally thousands of posts on thousands of blogs.

      Please, let’s find a way to move forward with this that leaves the old format unscathed.

      • Scott Fennell 10:28 pm on September 2, 2015 Permalink | Log in to Reply

        Sorry, meant to provide the following code.

        http://pastebin.com/1CMN731H

        Is there a reference somewhere for the comment syntax so I can stop posting gibberish?

      • Robert Chapin 11:49 pm on September 2, 2015 Permalink | Log in to Reply

        If the situation doesn’t support

        [{{my_shortcode class="my_class"}}]

        Then the alternative proposed in the roadmap is

        [{{my_shortcode}$] Optional Content [${before}$]<div class="my_class">[${after}$]</div>[${my_shortcode}}]

        We will also likely encode any HTML in attributes during a migration, so you would have the option of decoding that in your plugin.. security implications could be significant though.

        • Scott Fennell 4:10 pm on September 3, 2015 Permalink | Log in to Reply

          “We will also likely encode any HTML in attributes during a migration”

          Can you explain what you mean by migration, exactly? My imagination is running wild a bit with what you might mean by that. Do you mean to propose that, upon this update, the new version of WordPress will automatically fix my post_content across many gigabytes of posts, without me having to do anything to the posts?

          • Aaron D. Campbell 4:29 pm on September 3, 2015 Permalink | Log in to Reply

            That’s definitely the goal. Basically using the existing parser to pull shortcodes and replace them with the new syntax.

            • Scott Fennell 7:43 pm on September 3, 2015 Permalink

              Sorry for sounding clueless here but that would be … amazing. Is there a precedent for this level of work in a similar update? I’m having trouble imagining how this would be possible given a very large database like mine. Would it run as a cron job perhaps?

    • leehodson 10:30 pm on September 2, 2015 Permalink | Log in to Reply

      The new syntax is very confusing to the eye. Users would find it complicated. I feel we could make it less confusing by using back-to-back opening and closing brackets.

      For example

      Self Closing:

      []shortcode[]

      Enclosing:

      []shortcode[] Content [/]shortcode[]

      Note the forward slash between the brackets of the closing tag on the enclosing shortcode.

      Is there a reason this wouldn’t work?

    • Peter Wilson 10:51 pm on September 2, 2015 Permalink | Log in to Reply

      I’d be happier with {{selfclosing}} and {{enclosing}} {{/enclosing}} or similar. Mixing the formats seems fraught.

      Upgrading old content is a necessary evil, backward compatibility on the deprecated format defeats the purpose somewhat. Seeing some benchmarking results would be great.

      As theme and plugin developers, we have been caught out by an ill-defined API and security problems in the past, a long term roadmap makes the best of a bad situation. I’d rather a two year defined process than a repeat of 4.3.2

      • webaware 12:46 am on September 3, 2015 Permalink | Log in to Reply

        [ignoring the double-moustache issue here…] but what signifies that the self-closing shortcode is self-closing? The problem is not merely one of mixed use, it’s the calling syntax that the regex needs to accommodate.

        • Peter Wilson 1:38 am on September 3, 2015 Permalink | Log in to Reply

          Okay, understood – that makes sense.

          {{selfclosing /}} and {{enclosing}} {{/enclosing}}, perhaps. That makes sense to me as a developer, so may be bad for a user.

          Could be double moustache, square, anything. Looking for the balance between performance and teaching.

        • Curtiss Grymala 3:44 pm on September 3, 2015 Permalink | Log in to Reply

          In HTML, what signifies that a self-closing tag is self-closing? Hint: it’s not the / at the end; that’s totally optional; in fact, even the closing HTML tag is optional in a lot of cases.

          For instance:

          <img src="/my-image.png" alt="">

          and

          https://gist.github.com/cgrymala/d61c3cacd6fb07bdcf9a
          (a complete HTML page that is 100% valid HTML)

          are both perfectly valid HTML code samples, even if they do make those of us accustomed to XHTML syntax cringe.

          In a perfect world, there would be some way to indicate when registering the shortcode itself whether or not it’s supposed to be self-closing, but that’s not always possible (I believe there are plenty of use-cases where a single shortcode works one way when it’s self-closing, and works a slightly different way when it’s wrapped around content).

          That said, I would definitely support the idea of at least trying to indicate that in the shortcode registration (for instance, if my shortcode is only ever written to be a self-closing shortcode, let me indicate that when I register it; if it’s only ever intended to wrap around content, let me indicate that when using add_shortcode()).

          • webaware 11:09 am on September 4, 2015 Permalink | Log in to Reply

            Yes, and a parser for HTML is a pretty complex piece of code, much more significant than a handful of regular expressions. Ultimately, a true parser might be needed if we want to keep shortcodes the way they are. But perhaps that discussion is better held on the new post

    • Scott Fennell 10:52 pm on September 2, 2015 Permalink | Log in to Reply

      Othe use case for shortcodes I’m hoping you don’t break: Shortcodes in widget titles and widget text fields. This has been a gloriously simple and helpful solution for our agency, and many others I’d suspect.

      • williampatton 12:36 am on September 3, 2015 Permalink | Log in to Reply

        Shortcodes can be parsed anywhere by passing it through `do_shortcode()` which is what I expect your themes are doing to make use of them in widget titles and content.

        Your use case should be just fine so long as the shortcodes used obey the newer syntax 🙂

    • KalenJohnson 11:10 pm on September 2, 2015 Permalink | Log in to Reply

      I’m most likely horribly biased since I’ve started the discussion about [https://core.trac.wordpress.org/ticket/33472 templating engines], but aren’t those shortcodes looking an awful lot like templating engine syntax?

      I’m mostly confused as to why users apparently would be able to remember all those different syntax’s, yet theme and plugin developers wouldn’t, or rather don’t have built in functionality to.

      Also, I also feel rather strongly that there are MANY options now that are much preferable to shortcodes. Things like ACF, Pods, etc. They are not built in to WP core like shortcodes, but really, shouldn’t we focus on getting the Fields API set up correctly rather than continuing to pursue having complicated layouts in one single WYSIWYG editor (not so much WYSIWYG when it’s littered with shortcodes).

      • Jonathandejong 5:52 am on September 3, 2015 Permalink | Log in to Reply

        I’m with this guy ^ Complicated layouts in a single WYSIWYG field just feels wrong. Altho I recognize there’s a lot more to it than just the editor (do_shortcode(), widget fields etc.).

    • Aristeides Stathopoulos 11:33 pm on September 2, 2015 Permalink | Log in to Reply

      I love it!
      It was about time we use something more unique for shortcodes…

    • nick6352683 11:51 pm on September 2, 2015 Permalink | Log in to Reply

      Priorities core developers, priorities. With so many things to still fix and add to the core, you are going to spend time and energy on this, and for the lamest excuse for doing so? Who uses square brackets for quotations? Way to break millions of web sites, for nothing!

      • webaware 12:48 am on September 3, 2015 Permalink | Log in to Reply

        [I hate to pop your bubble but] many people use brackets for essentially parenthetical in-sentence comments. 🙂

    • Jon Brown 11:53 pm on September 2, 2015 Permalink | Log in to Reply

      Shortcode API, yay! This is an exciting proposal, but I’ve got to echo others that the proposed syntax looks like a disaster. I get it, but I can’t imagine users will. I get avoiding the sane syntax of handlebars, angular, C, etc… but do we really have to be _that_ different. I really hope there is a better way.

      On core updating old shortcodes. I’m sorry but no, just no. Don’t you dare go changing _my content_ on a WP update. Worse still is only planning on updating post_content and ignoring all the other places shortcodes show up. Custom Fields for one, but also in PHP files.

      I’d humbly suggest two significant change to this proposal (beyond finding better syntax).
      1. Don’t plan on actually dropping support for the old shortcodes. Do show deprecated notices, just don’t stop supporting the old syntax until WP 6.0. Of all the deprecated cruft I’d love to see dropped, this will never be one of them.
      2. Build a separate utility/plugin a la the WordPress XML importer that can update old shortcodes in a user controlled fashion. Bonus if it actually scans PHP files and identifies shortcodes there. This could then either bulk update, or step through shortcodes one by one for the super paranoid.

      Summary: Simpler Syntax, No real deprecation, Separate plugin for converting old shortcodes.

    • Alex Mills (Viper007Bond) 11:56 pm on September 2, 2015 Permalink | Log in to Reply

      Going to be… interesting migrating SyntaxHighlighter over to this. Maybe this is the motivation I need to finally finish my rewrite from scratch.

    • Peter Chester 12:44 am on September 3, 2015 Permalink | Log in to Reply

      I love clarity. I love easily parseable content. However, this seems like it’s destined to cause WordPress sites around the world to break. I’m sure we’ll see heaps of bare old shortcodes from this change.

      I’m not sure I understand why it’s a problem to check that a shortcode is actually a shortcode before trying to convert it. Why are we doing this?

      Also, I have a hard time teaching people the existing simple shortcode. I expect the error rate will be quite high for people with a more complicated new format.

      > Our old [ and ] delimiters were easily confused with the way those characters are commonly used in English quotations and sometimes even in URLs.

      What are some examples? I haven’t run into this at all in all my years of working with WordPress.

      • webaware 12:59 am on September 3, 2015 Permalink | Log in to Reply

        Very common to have brackets in quotes, to fill in implied references, like this:

        “I won’t be rushing out to get my daughters vaccinated [for cervical cancer], maybe that’s because I’m a cruel, callow, callous, heartless bastard but, look, I won’t be.” Tony Abbott, November 9th, 2006

        Also for excerpted quotes, like this:

        […] We shall go on to the end, we shall fight in France, we shall fight on the seas and oceans, we shall fight with growing confidence and growing strength in the air, we shall defend our Island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender [… continued]

        For URLs, consider that PHP only handles query parameters as arrays when the parameter name has [] or [key], and some URLs pass such parameters.

    • Greg Ross 12:47 am on September 3, 2015 Permalink | Log in to Reply

      I agree with many of the above comments about the syntax, it’s cumbersome and confusing.

      HTML seems to get by just fine with a single character for it’s delimiters and I see no reason a shortcode can’t as well. Perhaps square brackets are too common, fine let’s change to something else (curly brackets seem reasonable).

      And don’t reinvent the wheel, HTML already has a standard for self-closing and encapsulated tags ( and ) use the same format for shortcodes ( {shortcode /} and {shortcode} {/shortcode}).

      This would also allow both shortcode API’s to run side by side as plugin authors and content creators updated to the new format. Perhaps even make the new syntax a feature plugin for the next few releases until it is merged in to core and then move the old API out to a plugin for several more releases.

      The timeline seems far to aggressive, shortcodes were added way back in WP2.5 and how you want to yank out the old format in just three point releases? The amount of code and content that will require updating is significant.

      My final thought is about the assertion in the proposal that shortcodes *should* only do certain things (like not pass in html as attributes). Keep shortcodes flexible, don’t artificially limit them to certain things. While it may take more to support that flexibility, it would seem to have paid off greatly in the past looking at all the things people have done with them.

      • Ben Huson 4:11 pm on September 3, 2015 Permalink | Log in to Reply

        Completely agree on not re-inventing the wheel for self-closing and encapsulated tags. Stick with the same convention as HTML using the trailing/leading slash within the syntax.

    • Justin Tadlock 1:00 am on September 3, 2015 Permalink | Log in to Reply

      On syntax:

      Users know shortcodes. WP wasn’t the first system to have them. Anyone remember the old BBCodes?

      Open bracket. Type short tag. Close bracket. Simple. Intuitive. Hard to break if you’re not doing anything crazy. Let’s make sure this simplicity is at the core of any discussion on the topic.

      I’d pretty much put the [{{shortcode}}] syntax into the non-starter category. I could get behind {{shortcode}} if we must change syntax, but mixing and matching brackets is destined to fail.

      On updating:

      One thing to watch out for when auto-updating old shortcode syntax in the post content is those of us who output code examples, especially those of us who write in Markdown and don’t need to convert our [ and ].

    • Maxime Jobin 1:04 am on September 3, 2015 Permalink | Log in to Reply

      My main problem is understanding what real problem does it solve ?

      The proposed syntax is really confusing. Isn’t there a way to simply “improve” the actual syntax instead of changing it like this ?

      Also, wouldn’t it a good idea to abstract the concept in the editor. That would mean displaying a visual representation of the shortcode. I would see that as Facebook highlights someone you tag in a status/comment.

      But, that would mean “forcing” developers to specify expected/accepted attributes.

      Aren’t we ready for something more powerful than writing shortcodes ? For devs, it’s perfect. But for non-tech, it’s hard to understand and use. Changing that would mean a lot of confusion.

    • Justin Busa 1:07 am on September 3, 2015 Permalink | Log in to Reply

      If custom fields aren’t going to be migrated to the new syntax, then it would be nice if there was some sort of filter that would allow plugin developers to migrate fields themselves.

      Also, in terms of sites breaking, it would be nice if there was some sort of constant that would enable the old API. Reason being, lets say a site has shortcodes defined in the theme or is using do_shortcode in theme files. Enabling the old API would instantly fix the site while allowing the developer time to update the theme’s code.

    • Ipstenu (Mika Epstein) 1:18 am on September 3, 2015 Permalink | Log in to Reply

      My major concerns have been raised already but I’ll stress if from a different angle.

      If we learned anything from the shortcode change to secure them, we cannot keep breaking users sites. I know that we’re talking about a long term plan to possibly remove shortcodes as we know them by 4.7, but even with all the notification in the world, we will break sites.

      We have 3 releases of WP a year. 4.7 is 18 months away at the outside. That’s a lot of information to get out there really fast and really clearly, AND a lot of code to fix.

      We have to consider:

      • All the plugins and themes on the planet we will break (because we will, they won’t read or test). We have to degrade them as gracefully as humanly possibly. Continuing to say “Well the developers were notified and should have updated” now that we’re as big as we are is not sustainable.
      • All the very (legitimately) angry end users who are broken because they didn’t upgrade plugins and themes (or the themes/plugins didn’t get updated). People were rightly angry last time. It’s the end users, not the developers, who will be hardest hit by this change.
      • Communicating clearly to the users that it’s now {{gallery}}. That’s going to be very hard. Incredibly hard. Updating their old posts (keeping in mind Justin’s Markdown caveat and those who use them as an aside – I know I know) is easier than making sure everyone knows what to do. At best we can keep tabs on the ones built into WP and perhaps use the logic we have in the visual editor NOW to convert them, but we have to figure out how to make sure everyone knows. This is nothing like the move of Menus to customizer. That was confusing, but the users could see what happened. This is a legit change, your old way is no longer going to work. That is huge.
      • The number of users who have premium themes and plugins that do not get update alerts. These people are simply not going to know they need to update and this is not their fault. We should never be breaking them if there’s possibly any alternative.
      • Users will be upgraded by their hosts vis-a-vis one-click installs and managed hosting so they will have up to date WP and out of date plugins/themes. So yes, many users will be on 4.7 and then a theme from 2014. It sucks, it’s the reality, we know it’s the reality, we cannot stick our heads in the sand.
      • Plugins that are already using {{template}} tags in their code. Yeah, I’ve seen it. Most of them use it for search/replace within their own code, but we’ll want to make sure we check for everyone in the repo who might be doing it on their own.
      • Gabe Shackle 1:55 am on September 3, 2015 Permalink | Log in to Reply

        This sums up my feelings perfectly: “we cannot keep breaking users sites”

        Ending support for the current style of shortcode syntax within 18 months will absolutely break sites and frustrate end-users, site owners, and developers in a huge way.

        The best way to make developers stop using a platform is to force them to repeatedly have to retrain their clients and refactor their code.

    • Jean-Francois Arseneault 1:19 am on September 3, 2015 Permalink | Log in to Reply

      Clients, you know, the small business owers, who we train to use their site, and the 3-5 shortcodes they might need, already have a hard time understanding these “square brackets”.

      The draft I read seems to me like the start of “pleasing the machine, and not the human”

    • Luke Carbis 1:20 am on September 3, 2015 Permalink | Log in to Reply

      I’m concerned about client-brain-backward-compatibility. Any changes to the shortcode syntax should still work with my clients brain.

      For example, I provide my client with a site, and teach them to use [button] to insert a button. We finish our contract, and I am no longer in touch with them.

      First the client updates WordPress to 4.4. Nothing changes. Then 4.5. They’re in a production environment, so they don’t see the warnings. Then 4.6. They don’t happen review old posts / pages, but if they do, they don’t realise that their shortcodes have changed.

      Then the client updates to WordPress 4.7, but unlike me, they don’t read the Make WordPress Core blog. They don’t know about the changes. They don’t know that what they’ve learned has become deprecated and now unsupported.

      The client publishes a new page, and they put the button in the way they’ve been taught, which has always worked. But now, it doesn’t work. It’s broken. They call me.

      The client is now angry because a WordPress update cost them money, and confused because the new syntax is much harder to understand.

      I recognise that there are always changes to WordPress, and that the nature of incremental releases is that a user must learn to deal with change. But as far as I know, these changes have always been easy enough for a reasonable user to intuitively navigate. i.e. changes to the menu design, or updates to the nav menu UI.

      I have three questions:

      1. Has there ever been a change to WordPress which could not be intuitively learned by a reasonable user?

      2. Is it okay to introduce unintuitive changes to WordPress?

      3. How can we make this change intuitive to a reasonable user?

      • Luke Carbis 1:29 am on September 3, 2015 Permalink | Log in to Reply

        Here’s a suggestion to answer my third question.

        • When the user enters a shortcode (with either the [simple] or the [{{new}}] format), check if the shortcode exists.
        • If it does, replace the text shortcode with a GUI placeholder element
        • Also, behind the scenes (i.e. in the HTML editor), replace the [simple] shortcode with the [{{new}}] format

        The user experience doesn’t get worse – it gets better. My client enters a shortcode as they always have. They see a visual indicator to show that it was recognised and accepted. Behind the scenes, the new format is saved.

        • Weston Ruter 5:52 am on September 3, 2015 Permalink | Log in to Reply

          Yeah, if this new syntax goes in then GUI placeholders (TinyMCE views) are going to have to be the answer, which also seems like Shortcake.

    • webaware 1:30 am on September 3, 2015 Permalink | Log in to Reply

      Upon some further thought, I think that really there are two problems that are presented:

      1. brackets are already commonly used elsewhere, e.g. quotations, URLs with array parameters

      I see this as being a problem only when developers register shortcodes for real words. Using a sensible prefix for shortcodes prevents this. Unfortunately, there’s been a push for shortcode portability which directly undermines that, e.g. by recommending shortcodes like [product …] for products. [and of course, that prevents combining plugins with similar intent on the same site, but whatever…]

      Has it actually been a problem thus far? I imagine that anyone writing “blah-de-blah [product name] de-blah” will quickly discover that they should use parentheses instead if they don’t want to trigger the shop plugin they’ve installed. Content editors learn. They already have stuff they need to learn, and this is a very simple one that they learn pretty damned quickly anyhow.

      Is it necessary to strip “unregistered shortcodes” when we can just assume that they are part of normal sentence structure? So some websites will display the odd shortcode when its code [e.g. plugin] isn’t active; so what?

      2. self-closing shortcodes don’t look like they are self-closing until they don’t have a closing shortcode

      … which is easily resolved by demanding that they close with /] similarly to XML and HTML.

      To me, this is THE performance problem, and it is easily resolved by not allowing self-closing shortcodes without a terminating /].

      Now, bear in mind also that cleaning up old code might require changing content in:

      • wp_posts.post_content
      • wp_posts.post_excerpt (some plugins / themes use it for rich text)
      • wp_postmeta.meta_value
      • wp_usermeta.meta_value
      • custom tables
      • code (e.g. directly calling `do_shortcode(‘[product …]’);`

      And it has to take into account all sorts of edge cases.

      There’s only so much auto-upgrading that can be achieved. The changes proposed WILL BREAK WEBSITES. Even simply requiring self-closing shortcodes to have /] WILL BREAK WEBSITES. All I can see coming from this proposal is pain. “There will be a great gnashing of teeth” etc. 🙁

    • Jean-Francois Arseneault 1:47 am on September 3, 2015 Permalink | Log in to Reply

      Pardon the pink-colored glasses for a second, but why does it seem that our only choice moving forward, to improve the state of shortcodes, is to change *how* shortcodes work, and not *if* there isn’t a better / newer way to accomplish the goal of inserting content into a page ?

      In the spirit of seing the forest from the trees, why are we still trying to desperately manage mixed-source content using text-based shortcodes ?

      Why are we still using a paradigm where the main content area (if talking about posts) is still an area where we can add content, but also perform layout decisions *within* the content? Where’s the separation of concerns in this way of doing things?

      I think Page Builders are the start of a better solution for managing all these different contents within a page, but perhaps forcing plugin authors to expose their functionality into native widgets and ‘page builder elements’, vs letting them add shortcodes anywhere to render content might be an approach that is easier to grasp, from a UI perspective, for *end-users*.

      Sure, developers, integrators… we can handle everything you throw at us, but in the end, the sites are built for end users, for real-life applications and business purposes. End users are the ones that matter.

      Simplicity always wins.

      • Peter Wilson 2:19 am on September 3, 2015 Permalink | Log in to Reply

        The Shortcake feature plugin covers providing a UI for shortcodes.
        https://wordpress.org/plugins/shortcode-ui/

      • Chris Van Patten 2:30 am on September 3, 2015 Permalink | Log in to Reply

        Although I’m generally in favour of this proposal, I think this merits some consideration too. Is there potentially a way to eliminate shortcodes — as in a manually entered bit of pseudo-tag-like code — altogether? I think Shortcake is an interesting approach, but it still depends on the shortcode API in the backend. What if shortcodes were deprecated, and replaced with an entirely new concept for inserting dynamic “chunks” of content that doesn’t fall back on parsing through plaintext?

        Replacing shortcodes is probably a much-longer term play, but it does mean that instead of patching the old they can be replaced with something newer, more flexible, and more in tune with the direction core has been moving already.

      • John Teague 1:53 pm on September 4, 2015 Permalink | Log in to Reply

        I totally agree. We need to be thinking of an intuitive replacement for shortcodes altogether. That provides incentives for developers and users to make the change.

        I really appreciate the hard work by @Robert Chapman and others putting a lot of effort into solving the increasingly unsustainable shortcode system. Sadly, I think the proposal in its current form, will confuse already error prone users, and likely break a lot of sites.

    • Chris Van Patten 2:36 am on September 3, 2015 Permalink | Log in to Reply

      As a supplement to my other comment (which was a nested reply), I’m generally in favour of this proposal. I think there’s merit in discussing completely new alternatives to shortcodes, but that’s a semi-separate issue.

      Like many others, I’m not sold on the suggested syntax, but it’s obviously still early days.

      One other thought: why not make escaped code the default, and make unescaped the exception with its own special syntax? Are there backcompat reasons that wouldn’t work? Seems like (potentially) an easy win for security.

    • Andrew Nacin 3:03 am on September 3, 2015 Permalink | Log in to Reply

      Thanks for your feedback, everyone. Developers, truly, honestly, really: Thank you for paying attention. I often feel that requests for comments usually fall on deaf ears, and I know I am not the only committer who feels that way. This has been one of the most substantial and productive threads on make/core I’ve seen, and it’s encouraging to see.

      Here are some thoughts on the proposal:

      • This was clearly labeled a “draft”. I am glad many of you noticed that this was not a decree, but a call for feedback. (And thank you again for obliging.)
      • The vision of shortcodes should be something like “it should be easy and intuitive for non-technical authors to embed and enrich their posts” (I have cribbed this from @matt).
      • This vision does not actually mean that shortcodes are the solution. I actually have a strong dislike for shortcodes. I think they are a terrible user experience, and that even something like Shortcake is still only a marginal improvement.
      • Some changes to shortcode parsing is absolutely necessary in order to keep WordPress secure. Yes, this is about security, not just general sanity.
      • The proposed syntax significantly clashes with the proposed vision. And given all of your feedback, we’re clearly going to have to go back to the drawing board. Please note that we still need to do something, but maybe we can think further outside the box.
      • And for goodness sake, PLEASE STOP RELYING ON HTML IN SHORTCODE ATTRIBUTES. This also does not align with the outlined vision, either, and it’s what largely precipitates proposals like these.
      • Thank you @miqrogroove for your incredibly hard work on this. Honestly, folks, many of you simply cannot see how much work Robert has poured into shortcodes over the last year, as it takes place in private security discussions. He’s been a tremendous asset to the project.

      I’m looking forward to future make/core threads getting this much high quality feedback. Now if only it can also carry over to more Trac tickets. 😀

      • Solinx 9:21 am on September 3, 2015 Permalink | Log in to Reply

        Thanks!

        “I’m looking forward to future make/core threads getting this much high quality feedback. Now if only it can also carry over to more Trac tickets.”

        I think this could be helped by making Trac more accessible and by providing a better overview of what is currently going on.

        1. Trac
        When I first heard of Trac I had to get there through google. The “Get Involved” page didn’t help at all. Why not add a link to both the tickets dashboard and the ‘next release’ tickets list at https://make.wordpress.org?

        And why not link to related tickets, github repo’s, slack groups, etc. at the bottom of these blog posts? That makes it a whole lot easier to get to the right places to get involved.

        2. Progress overview
        It is difficult to keep track of all that is going on. The blogs provide updates, but not an overview. Perhaps you could introduce something such as: http://dev.modern.ie/platform/status/adownloadattribute/

        Also here you could link to the related tickets, github, etc.

      • Nick Haskins 12:11 pm on September 3, 2015 Permalink | Log in to Reply

        “Now if only it can also carry over to more Trac tickets.”

        The problem with Trac, for me at least, is that it’s not part of my daily workflow. I’m a bit intimidated by Trac, not to mention making patches. I take part in conversations on Github all day, because that’s how we manage code and issues for my job. I suspect that if these conversations were on Github, with PR’s being allowed there would be a lot more participation. After all, I don’t know any developers outside of WordPress who use SVN in their workflow.

        • NateWr 2:08 pm on September 3, 2015 Permalink | Log in to Reply

          Thanks for outlining this response @nacin. I’d second thinking outside the box. I suspect a lot of the problematic uses of shortcodes stem from people trying to plug gaps in other kinds of functionality (layout, class assignment, conditionals). Maybe solving some of those problems would take a bit of heat off of shortcodes, and make them a smaller attack vector. Or maybe not. Can’t say I really understand the security implications of shortcodes.

        • John Teague 2:33 pm on September 3, 2015 Permalink | Log in to Reply

          Totally agree with you on this Nick. Think how moving to Git would invite solid developers to submit great fixes and features? It’s not that a lot of us can’t use Trac/SVN. It’s just who the hell wants to.

          • Helen Hou-Sandi 4:06 pm on September 3, 2015 Permalink | Log in to Reply

            I imagine that a lot of the workflow folks think of centers around GitHub and pull requests as opposed to Git itself, but just a note that there is a proper Git mirror that many people patch against, including a number of committers. https://make.wordpress.org/core/2014/01/15/git-mirrors-for-wordpress/

            • KalenJohnson 4:49 pm on September 3, 2015 Permalink

              Yes that’s very true, it is Github itself which has become such a boon for developers to be able to quickly and easily find issues, discuss them, and create pull requests. Trac seems very antiquated by comparison, and submitting patch files is not something the rest of the open source web development world does that I’ve seen.

              I can understand how large the move to Github would be for WP, but don’t underestimate that it could really remove WP from the silo it’s in and open up to better quality issues, more issue discussion (as Nacin is looking for), and possibly more patches as people are much more familiar and willing to make pull requests.

            • J.D. Grimes 6:15 pm on September 3, 2015 Permalink

              Yes, the workflow on Trac is needlessly complex. I’d +1 moving to GitHub, or something where we can have PRs instead of patches.

            • John Teague 1:58 pm on September 4, 2015 Permalink

              My bad. I meant github.

      • dlouwe 1:07 am on September 4, 2015 Permalink | Log in to Reply

        “This vision does not actually mean that shortcodes are the solution. I actually have a strong dislike for shortcodes. I think they are a terrible user experience, and that even something like Shortcake is still only a marginal improvement.”

        Very much this. Users shouldn’t have to learn syntax to make use of shortcode-like functionality. They can already use the Visual editor to insert and manipulate HTML without ever knowing what HTML is, and that should be a clear goal for whatever shortcodes end up being in the future. It doesn’t much matter what the new syntax looks like if the only people who are going to be editing it directly are people who have business doing so. As a developer, I don’t mind jumping through some extra hoops to make sure my users have an easy and intuitive experience!

      • raamdev 3:23 am on September 4, 2015 Permalink | Log in to Reply

        > The vision of shortcodes should be something like “it should be easy and intuitive for non-technical authors to embed and enrich their posts”

        I agree. That makes this a good time to redesign shortcodes from scratch, to rethink how we would create something that provides the same flexibility and power of the existing Shortcode API while also more accurately fulfilling the goal of being something that is “easy and intuitive for non-technical authors to embed and enrich their posts”.

        The ideas that came to mind while reading your comment were: Do shortcodes need to be something that is entirely configurable from within the post editor? What if they were instead something that pointed to a configuration, a configuration stored in the database that allowed a plugin or theme to determine what should be returned? (I’m thinking something like `[{{shortcode id=”plugin_slug_123″}}]`, i.e., something like a shortcode with a single attribute.)

        Then a new API could provide plugin and theme developers with a way of building a UI that would allow users to configure ‘shortcodes’ (the configuration being stored in the database, e.g., as `plugin_slug_123`), similar to the way the Plugin API allows plugins to register meta boxes for post types.

        My feeling is that creating something that is both easy and intuitive for non-technical users will require getting rid of syntax as much as possible and replacing that with a UI.

        Building a whole new feature to replace the Shortcode API would also make it easier to transition away from the current Shortcode API: Eventually WordPress Core could disable the old Shortcode API by default (allowing site owners to re-enable it, perhaps using an MU Plugin, with the knowledge that it’s no longer recommended) while plugin and theme developers could update their code to support the new feature (their motivation to do so will be that future versions of WordPress won’t have the old Shortcode API enabled).

    • markkaplun 5:48 am on September 3, 2015 Permalink | Log in to Reply

      [might not be needed after so many comments but…] I want to also voice my opinion against the proposed. I can see how software developer *might* be happy with this kind of syntax but this is very far from freely written text. The need to balance the number of braces is a no go, it is just too easy for my cat to erase one of them and making me waste an hour trying to figure out what is wrong because it will not look obvious. I actually don’t feel too strongly about the syntax of the complex variants, as they require some kind of programming state of mind, but the self closing one should be extremely simple.
      In addition, The use of the $ sign for anything in this context is ridiculous. In free written text it indicates some reference to money or value and the reason it used in regexp is because it is used in free text but rarely in programming.

      Proposals
      1. Whatever is the final syntax, syntax highlighting for shortcodes should be part of both the tinymce and the “text” editors. This will make it easier to identify shortcode and find broken ones.

      2. Since this will be such a big chagne, might as well fix [the lack of] permission checks. On a multi author site everyone can use all shortcodes. There is no reason why a contributor should be able to insert a contact form via a short code. Sure the editor is supposed to review and remove it, but there is no point in giving the ability in the first place.

    • umchal 6:21 am on September 3, 2015 Permalink | Log in to Reply

      The biggest problem of shortcodes from my view is that they remain in the posts even after the plugin which uses the shortcode gets uninstalled.

      I suggest using the HTML comment syntax.

      • HTML

      This way, users do not have to concern about removing them form the post. I suggested this a while back (https://wordpress.org/ideas/topic/commentcode-alternative-to-shortcode).

    • Florian Girardey 7:04 am on September 3, 2015 Permalink | Log in to Reply

      How can you possibly want to break a lot of websites with 4.7 with end of support of the current shortcode syntax and absolutely rejecting the idea of using a recent version of PHP…

      I like the idea of improvement and this roadmap is a good idea but i don’t understand the logic behind the WordPress team right now.

      • BrashRebel 12:43 pm on September 3, 2015 Permalink | Log in to Reply

        If you want to understand, read the whole discussion. In particular @nacin‘s comment https://make.wordpress.org/core/2015/09/02/shortcode-roadmap-draft-one/#comment-27484

        • Florian Girardey 5:51 pm on September 3, 2015 Permalink | Log in to Reply

          I understand why this roadmap is necessary and i absolutely agree.

          But the arguments advanced for such a changement are closely the same that a PHP version update, i don’t understand how the WordPress team can accept this roadmap but also refuse a PHP version update. That’s all

          • Ipstenu (Mika Epstein) 7:18 pm on September 3, 2015 Permalink | Log in to Reply

            While I understand the comparison, it’s a logical fallacy.

            A minimum requirement is just that. A minimum. WP’s minimum is PHP 5.2.4 and MySQL 5.0.15. We still say mod_rewrite is optional. Supporting older versions doesn’t make the codebase insecure in and of itself, and there is no external dependency update that can fix the current security issues with shortcodes.

            The point of this post is to ensure, when we do fix shortcodes, we do it in as graceful and as minimally intrusive a way as humanly possible. To not repeat the shortcode sins of the past. Your concern, while well meaning and valid, has a marked tendency to detract from that.

    • Cristian Antohe 7:10 am on September 3, 2015 Permalink | Log in to Reply

      We’re using Mustache template tags in both our plugins and I can tell you {{tag}} is in no way simpler then [tag]. Once you start adding {{!tag}} or {{^tag}} HTML {{/tag}} things start to go wrong fast. Users simply have a hard time understanding how that works.

      Start to mix up template brakes like [{{tag}}] and that’s just stupid. It’s un-intuitive and will give a lot of headaches to ALL plugin developers who also actively support their plugins.

      • Cristian Antohe 7:19 am on September 3, 2015 Permalink | Log in to Reply

        With these more unique delimeters, we will be able to process registered shortcodes more efficiently because we will not have to search for them by name. Unregistered shortcodes will have more consistency because we can find them more accurately.

        The new syntax is making it harder for users to use shortcodes for the sake of developers who have a hard time working around the constraints that come with using [tag].

    • leemon 7:25 am on September 3, 2015 Permalink | Log in to Reply

      Sorry to say this, but that new syntax is hideous. If this goes forward as it stands, I predict major breakages, lol

    • Mike Schinkel 8:08 am on September 3, 2015 Permalink | Log in to Reply

      Reviewed all the comments and did not see anyone suggest what @cfc suggested on @miqrogroove‘s blog post which just use Custom HTML Elements:

      http://www.miqrogroove.com/blog/2015/shortcode-v44/#comment-515

      They seem perfectly suited for this:

      http://w3c.github.io/webcomponents/spec/custom/#custom-element-lifecycle

      What would they look like?

      Old Shortcode: [foo]bar[/foo]

      New Shortcode: <wp-foo>bar</foo>

      One I saw that idea by @cfc everything else seemed like painful overkill. Besides, shortcodes are very closely aligned with the goal of the custom HTML element proposal with shortcodes being server-side and custom HTML element being client side.

      • Benny 5:56 pm on September 3, 2015 Permalink | Log in to Reply

        I like the idea of custom HTML elements / web components replacing shortcodes. But that still means we can’t phase out the old shortcode syntax because it would break so many sites. How would you suggest to solve that problem? Maybe by adding you’re “You are doing it wrong” notices (for ever)?

      • Michael Davis 10:53 pm on September 3, 2015 Permalink | Log in to Reply

        I hope this gets more discussion. Particularly, what would be potential shortcomings of this method compared to what the new syntax would bring.

      • Knut Sparhell 1:18 am on September 4, 2015 Permalink | Log in to Reply

        I like this idea of custom HTML elements. Registered elements gets executed either server-side or client-side. An advantage is that it’s quite obvious that such elements can’t be used in attribute values, and attributes can’t contain such elements.

        What has to be solved is the slow deprecation of the old shortcode syntax, and if old shortcodes should be replaced upon upgrade, at some point.

        I also look to the more tag and page tags, that are HTML comment tags. When shortcodes was first introduced I was surprised the HTML comment tag was not considered.

        Custom HTML elements seem very future proof, outright elegant, even if the draft never becomes a recommendation or they will never be supported by browsers (for the client side types).

      • webaware 11:09 pm on September 4, 2015 Permalink | Log in to Reply

        Much love. Was thinking about how NextGEN Gallery does its galleries these days (as a decorated image tag it parses out), but this sounds even better.

      • Braad 12:57 am on September 5, 2015 Permalink | Log in to Reply

        +1 for web components. Great idea Mike!

    • chrishoward 8:24 am on September 3, 2015 Permalink | Log in to Reply

      Sorry, I see these new syntax changes as ridiculous.

      The current syntax is untidy and cumbersome enough, and now you want to throw all these braces in it? We should be making shortcodes easier to use, not harder.

      Have you forgotten the user totally?

      These are great for coders. We love “mustaches” and parameters!

      But I pity the user having to key in a multiple-enclosured shortcode.

      Personally, I believe shortcodes should be invisible to the user, just as HTML is. Show the code in text mode, sure, but not in WYSIWYG. In WYSIWYG mode shortcodes should only be entered via a button and form, and then represented in full if possible (like the gallery shortcode) or by a clickable icon.

      For day-to-day users, this new syntax is a big step backwards.

    • asarosenberg 8:45 am on September 3, 2015 Permalink | Log in to Reply

      I agree with previous comments that this suggestion is very bad for users. People can understand shortcodes if they are somewhat familiar with HTML or online forums but the suggested syntax is unreadable to anyone who is not a programmer.

      An easier way to solve the problem with wanting to use brackets for other things is to allow people to escape brackets for example by ignoring brackets prefaced by backslash, star or whatever char that makes sense. If you want WordPress to be a CMS and not just a blog tool, shortcodes are more important than brackets in text.

      As for deprecation and conversion consider that there are shortcodes in meta fields. Many themes use page templates with multiple wp_editors and shortcodes. To avoid massive sudden breakage the old format should work for at least a year or two after the changes have been implemented and announced.

    • Arunas Liuiza 9:07 am on September 3, 2015 Permalink | Log in to Reply

      While I do get the technical reasoning behind this proposal, but I am really worried changes like that will soon make WordPress only usable for people with PhD in Computer Science. Seriously, I think something like 简shortcode简 would be easier to use and understand than the proposed syntax for the average WordPress *user*.

    • andreasnrb 9:27 am on September 3, 2015 Permalink | Log in to Reply

      The first thing I think that should be done before even touching or discussing syntax is to clearly define the purpose of shortcodes and come up with appropriate use cases.
      And just to ignore my first statement. Why not go in other direction and introduce custom HTML tags instead? You register your tag, what attributes it accepts with sanitation callbacks.
      <wp-button href=””>Click me</wp-button>
      register_tag(‘button’,array(‘href’=>’esc_url’))
      Even makes it possible to integrate with HTML5 custom tags later on.

      • andreasnrb 9:31 am on September 3, 2015 Permalink | Log in to Reply

        Yes I know it encodes when written in the HTML window. So it should be combined with a insert button in the menu.

    • HasinHayder 11:56 am on September 3, 2015 Permalink | Log in to Reply

      Now you need a Ph.D in CS to use WordPress 🙁

    • FolioVision 12:11 pm on September 3, 2015 Permalink | Log in to Reply

      I see that doing this will open new possibilities, but I think the basic shortcodes should stay without change:

      Self-Closing: [shortcode]
      Attributes: [shortcode attr1=”value1″ attr2=’value2′ “value3” ‘value4’ value5]
      Enclosing: [shortcode] HTML [/shortcode]
      Escaped Code: [[shortcode]]

      If you want to add more features (like nested shortcodes here), I think yout can do it without breaking too much stuff:

      Multiple Enclosures (this one should work if they could look for closing tag for [shortcode] – a regex won’t suffice though): [shortcode] HTML [encl2] HTML [encl3] HTML [/shortcode]

      I’m not sure about the rest though, but these special cases could probably use the new syntax:

      Stripped Unregistered Code: [{{randomthing}}]
      Stripped Unregistered Enclosure: [{{randomthing}$] Content also stripped. [${randomthing}}]
      Stripped Empty Code: [{{ }}]
      Ignored Orphan: [{{shortcode}$]
      Ignored Orphan: [${shortcode}}]
      Ignored Orphan: [${encl2}$]
      Ignored Context: [{{shortcode
      }}]
      Ignored Context:

      Do you see any issue with keeping the basic shortcodes unchanged?

    • jakeparis 12:46 pm on September 3, 2015 Permalink | Log in to Reply

      I think that the new syntax is difficult and burdensome to the average user. I would suggest:

      a) Make at least the basic “Self-Closing” shortcode operate without the brackers (just as it does now).
      b) The “Enclosing” style should close with a slash, not a $. There is not precedent for using a $ as a closer in any programming language that I know of — therefore that makes this difficult to remember. The slash it a much better choice.

    • J.D. Grimes 1:26 pm on September 3, 2015 Permalink | Log in to Reply

      I do not know how serious the security implications might be, but perhaps we could avoid removing the old syntax at all, and just disable it on new sites, like we’ve done with other deprecated features.

      I think the real lesson here though, is that shortcodes don’t need to be fixed, they need to be removed. We would still have to figure out how to maintain some amount of backward compatibility for old sites, but it might be more productive to work on a broader roadmap that would actually make shortcodes obsolete. Others, including @nacin, have hinted at this. Is a syntax overhaul really necessary as an intermediate step? Is it even plausible as an intermediate step? What if instead we approached it like this:

      1. Bring Shortcake (or some other “shortcode UI”) into core. This would still use the shortcode API, but would provide a UI for it so the user never has to directly manipulate the shortcode string.
      2. Start using an alternate, secure method of indicating the insertion points of the different content bits when this UI is used.
      3. Disable the shortcode API on new sites.
      4. Let the old sites get slowly broken and hacked over time, or break them ourselves all at once with an update.

    • JakePT 2:28 pm on September 3, 2015 Permalink | Log in to Reply

      I’ve got a couple of things I want to say. Firstly, I really need clarification on what these security issues with Shortcodes are. I read the post on the 4.2.3 change and it didn’t really help. Maybe it’s because it’s happening in an area of WordPress development that I just haven’t stepped into, but I’m having trouble understanding what contexts Shortcodes are a problem in. Isn’t their output defined by the plugin? Why isn’t the security problem with the *plugin*? Aren’t authors the only ones who can use them anyway? What could they do with them that’s so bad? I’m having trouble accepting such a drastic proposal when it doesn’t come with a clear rationale.

      But my biggest problem by *far* is that this would be so so so much easier to swallow if there was *any vision at all* for the future of the content editor. A single TinyMCE field just doesn’t cut it anymore. What happened to the content blocks idea that came up around 3.8/3.9? WordPress needs to address the problem of editing and creating more complex layouts, not breaking functionality that is only being abused because of this lack of vision and progress.

      Shortcodes suck, but don’t make them suck more without something better to replace them.

    • Stefano Aglietti 3:02 pm on September 3, 2015 Permalink | Log in to Reply

      I don’t know if someone already rised the question, but apart that making shortcode delimiter like the ones propose make user in a complicated situation.

      Maybe english people don’ìt know that { and } are not present in alla keyboards directly as the [ and ] are, in Italian keyboard [ and ] are generated using ALT-GR+è or ALT-GR++ and keyboards show ALT-GR basic sign like €@## and [ ].

      To get { and } you net to type ALT-GR+SHIFT+è and ALT-GR+SHIFT++. Most people don’t know about this combination (i think only who write code does) and the parentesys are not written on any key.

      This change would be a a really complication for italian users and i supect a lot of non english keyboard suffer from the same problem. Please when you think to change something like this for end users, use ALWAYS the KISS Method, [{{ is not KISS at alli suggest adding after the square bracket somthig that is awailable on alla keyboards like ! or ? or % or & but for sure nothing is really hide in system and that 99% of people ignore that existes or how to get it leke curly braces

    • Curtiss Grymala 3:04 pm on September 3, 2015 Permalink | Log in to Reply

      First of all, let me say “Thank you” for beginning the process of thinking about this issue.

      As we begin to move forward, has anyone thought about trying to identify where & how shortcodes are currently used, then trying to come up with the best solution for each of those situations? Maybe a shortcode isn’t the best solution for all of the situations in which it’s being used; it’s just the only viable solution we’ve had up until now.

      The bottom-line is, we are still going to need placeholders of some sort within WordPress. There are perfectly reasonable uses of placeholders, regardless of the syntax they use.

      Some are within HTML tags, such as <div class=”[my-custom-class extras=’one-third first’]”> or <img src=”[some-img-url]” alt=”This is my awesome image”/> or <a href=”[my-home-page]” title=”Return to [my-site-name]”>. There are perfectly valid & viable reasons to need to use some sort of placeholder inside of HTML (even if it’s not necessarily inside of the Visual Editor). If we stop allowing these sorts of things, then we’re going to end up with more plugins implementing silly things like [custom-html tag="a" href="{{home-page}}" title="Return to {{site-name}}"]Go Home[/custom-html] which will introduce potentially even bigger security issues and more usability issues for the users.

      Some stand on their own, such as We currently have [number-of-users] users on the site.

      Some output HTML, such as .

      Some are, IMHO, poor attempts to get around security restrictions in the editor, such as [iframe] (there are many plugins that implement this, by basically allowing the editor to enter an HTML tag in normal syntax, but replacing the < and > with square brackets).

      Some need to be nested in order to work properly, such as something like:
      [accordion]
      [accordion-title]My accordion item title[/accordion-title]
      [accordion-content]Some content to appear within the accordion item[/accordion-content]
      [/accordion]

      Some are also completely related to formatting the content, attempting to “fix” the problem of only having one content area, and trying to keep editors from needing to enter HTML on their own, such as the various implementations of column shortcodes (this is a very similar reason that implementations like the accordion shortcodes above exist, as well).

      There are many more perfectly valid & useful implementations of the current shortcode API.

      Each of these may have a completely different and much better solution than the others.

      Finally, as WordPress has evolved very, very far from a simple blogging platform, we need to stop thinking that post titles and post content are the only features that people are using.

      There are plenty of places where shortcodes might appear within the Options table, possibly even inside of serialized data. For instance, shortcodes could, potentially be used within widgets or theme options.

      Shortcodes could absolutely be used, within plain-text or serialized data, within the postmeta table (there are a ton of places that custom fields on a post could include shortcodes) or possibly even the usermeta table.

      The problem I see with the original discussion we had after 4.2.3, and the problem I see with some of the comments on this post, are that there still seem to be people saying “You shouldn’t have used shortcodes to do that; that was stupid, so it doesn’t matter if we break them.”

      The thing I appreciate about this original post, regardless of the fact that the proposed solutions are certainly more complicated than they should be, is that the core team is back to at least trying to solve the issue rather than continuing to feel like it’s okay to break sites just because they disagree with the use-case.

      Again, though, I want to thank @miqrogroove for bringing this to the table and beginning the process of trying to move forward.

    • Stanislav Khromov 5:01 pm on September 3, 2015 Permalink | Log in to Reply

      I’d like to echo the dismay most people feel with this proposed roadmap, and also stress that this can cause a fragmentation in the WP ecosystem.

      Consider that it’s easier than ever to not keep WordPress up to date with the latest version – security patches are backported all the way back to 3.7 and minor security fixes get applied automatically.

      By introducing big, “scary” changes that people feel uneasy about (which the comments prove include even seasoned developers), many will just not update. Consider the kind of fragmentation Python faced after they introduced syntax changes in version 3. Most people just didn’t want or need these changes. I feel the same way about this proposed roadmap.

    • Grant Palin 5:07 pm on September 3, 2015 Permalink | Log in to Reply

      One other gripe I have with the current shortcode syntax is that it sometimes confuses Markdown. Particularly when using within posts authored using WP-Markdown plugin. There’s a workaround, but still.

    • Jacob Santos 8:59 pm on September 3, 2015 Permalink | Log in to Reply

      Why was shortcodes added and what problem did they attempt to solve? What was their original purpose?

      The reason it is a bad idea is that it neglects the reason shortcodes were created and why they have the syntax they do. The history for the most part, I believe, was based in part on BBCode. If Handlebars existed and was more popular, then who knows.

      You will always have a security issue. Tough, but true. Introducing a wholly obtuse syntax will not change that and will make it more difficult for users and developers. Most likely you will just see an influx of plugins that put back the same behavior or those who move away from shortcodes altogether. It will also be a slap in the face once another security flaw is discovered.

      Unless you wish to remove the security issue by pushing people away from using shortcodes completely or creating their own solutions of various quality for security.

      The timeline is far too short. If you go back as far as 3.7, then you must follow that pattern. Deprecate it and update it if you can, but you must support the current until 2018 or 2 years after 4.4 is released.

      • Jacob Santos 9:06 pm on September 3, 2015 Permalink | Log in to Reply

        Lest my argument be misconstrued; I am saying that any syntax change is a bad idea. Solve the security problems with the current or work around them. The bed is made, you have to deal with it.

        Biggest problem I have is that it looks like you are creating a new template engine. There are already those that exist. It would be better if you used them as several have already been audited by security professionals or could be audited by security professionals. They also have a community and those that support it outside of WordPress.

        If you are going to introduce a template engine to WordPress posts, which in and of itself is charge to be warily, you are better off going with something developed by professionals.

        Shortcodes were supposed to be an easy replacement for plugins without a lot of features. When did it become the end all, be all to implement a feature?

        If anything, the RFC should formally suggest where shortcodes should and should not be used, deprecate those usages and at a later date, remove support for them. If advanced templating is required, move to an actual established templating engine. Oh my god, I can’t believe I’m writing this.

        I must be in shock, because the horror of this is just beyond comprehension. I can’t imagine the discussions or the problems that lead to, “hey, why don’t we create a template engine for posts?”

        I have to conclude that this is an early or late April Fool’s joke.

    • chriscct7 2:44 am on September 4, 2015 Permalink | Log in to Reply

      As an update, the team working on the Shortcodes Roadmap, has been working on a new draft proposal which will be posted to make at some point in the near future, which is significantly different than Draft 1. Also, there will be a weekly meeting that will be announced during the same post.

      • John Teague 2:10 pm on September 4, 2015 Permalink | Log in to Reply

        Thank you Chris. And to everyone working to find a solution on this. Hope people realize how much time and effort has to go into this.

    • Ustimenko Alexander 4:45 am on September 8, 2015 Permalink | Log in to Reply

      Users must not pay for developers weakness. If you want something stron-n-cool, then incorporate twig syntax here, but this all is for DEVELOPERS an dnot for users. This syntax is super-extra-bad-thing for end user.

    • renzms 11:57 am on September 17, 2015 Permalink | Log in to Reply

      I’d also like to join in to say that this is more of a step sideways rather than forward/backward with this proposed roadmap.

      Whether a seasoned developer, or just a regular user with no coding experience, these shortcodes aren’t in any way user or developer friendly.

      I understand this is a draft, and a new proposal will be made, especially after all the sentiment seen here. So thanks for the warning, and not changing anything right away as drastic as this. I know this proposed change is due to a security issue, but it causes more problems down the road that developers/users just might not use WordPress anymore to begin with. I do hope a simpler and more unified solution is found.

    • Tom Belknap 8:08 pm on December 15, 2015 Permalink | Log in to Reply

      This isn’t quite such a draft when you consider that 4.4 is already here and already, it’s messing up my shortcodes. Specifically the nested ones.

      This might be the worst proposal since the rightfully-maligned “Settings API,” an innovation the devs needed to ditch in favour of the Customizer. How error-prone is this syntax?

      `[{{shortcode}$] HTML [${encl2}$] HTML [${encl3}$] HTML [${shortcode}}]`

      I thought this double curly brace business must have meant that you were calling out the things we were supposed to change. Then I saw you were serious about it.

  • Ryan Boren 4:43 pm on September 2, 2015 Permalink
    Tags: , maintainership   

    Component Page Updates for 4.4 

    Now that 4.4 is underway, let’s update the component pages to reflect 4.4 activity. The Customize, Editor, and Press This pages serve as good templates, though they all need 4.4 updates. The component pages are targeted at beta testers. They should describe the component, list milestones (roadmap), and explain what needs testing and how to test it. Good component pages assist triage. For details, see the previous round of component page updates.

    Also, if your component has a corresponding Slack chat, link to the component page from the chat’s channel topic. This assists using Slack in beta testing flows.

    Component maintainers, here are your component pages…

    (More …)

     
  • Boone Gorges 4:29 pm on August 27, 2015 Permalink
    Tags: , ,   

    Taxonomy roadmap for 4.4 and beyond 

    In WordPress 4.3, we eliminated shared taxonomy terms once and for all. This means that, by the time WordPress 4.4 is released, just about every WordPress installation will have the same number of rows in the wp_terms and wp_term_taxonomy database tables.

    Why does this matter? When terms in different taxonomies could share the same term_id, terms could only be uniquely identified by a ID-taxonomy pair. This is why every nearly function in our taxonomy API has $term_id and $taxonomy as required arguments. (The decision was made long ago to keep the truly-unique term_taxonomy_id internal for most purposes.) The lack of unique IDs for terms made our API interfaces and internals complicated, and it made it cumbersome to add new features like term metadata.

    Now that term IDs are unique, we can begin the projects of unraveling the now-unneeded complications of the taxonomy API and adding new features that take advantage of the simplified data model. In this post, I’ll outline some of these tasks, and point to areas where interested folks can contribute.

    API simplification and other work on taxonomy internals

    Once each row in the wp_terms table corresponds to a single row in wp_term_taxonomy, there’s no point in having two separate tables (and all the JOINs that two tables require). In 2013, @nacin sketched how this might be done, through a combination of $wpdb tricks and a MySQL view. Here, we need someone to write a patch, and we also need to start a discussion about graceful failures for situations where there are still shared terms in the DB, as well as MySQL version compatibility (view functionality was phased in over the 5.0 series). The tracking ticket for simplification of the taxonomy database schema is #30262.

    With a single term table, we can begin to rewrite our internal SQL queries to remove costly table joins. This kind of refactoring is probably at least one version (and a hundred unit tests) away. In the meantime, we can begin the process of simplifying the API interfaces. For example, functions that accept term IDs, like get_term() no longer need to require an explicit taxonomy parameter.

    Having a unique identifiers for terms means this is also a good time to move toward WP_Term; see #14162. This class can start off being a fairly simple model that takes care of things like basic cache management and data integrity – see WP_Post – but over time, I envision moving business logic to the WP_Term, introducing convenience methods for chaining, and so on.

    Term Meta

    There’s been lots of clamoring for taxonomy term metadata #10142. Unique term IDs make it viable, since WP’s *_metadata() functions assume object IDs as identifiers.

    The technical implementation is not complex. We need wrappers for the CRUD functions, ‘meta_query’ support in get_terms(), an update routine to create the database table, metadata pre-caching (‘update_term_meta_cache’) when fetching terms, and maybe a few other small items.

    The larger challenge is to build a core solution that minimizes conflict with third-party tools. Developers have wanted termmeta for a long time, so there are many public plugins and private libraries that provide it. Many of them use unprefixed function names like update_term_meta(), and many of them use a database table called wp_termmeta. We should do a survey of publicly available plugins to get a sense of usage statistics and schema compatibility. We’ll need to organize outreach to developers of known plugins, so that they can add off-switches to their tools before termmeta appears in core. And we may decide to borrow code from one or more of the existing GPL-licensed tools, ideally with the participation of the original author.

    Let’s share this journey

    Many hands make light work. We need code, but more importantly, we need folks who are nuts about strategy and outreach and backward compatibility.

    There’ll be a meeting for all Taxonomy Heroes, on September 3 2015 20:00 UTC, in the #core channel on Slack. If you’re interested in helping out with any of these taxonomy projects, drop a comment below or come to the meeting. We’ll get a team or two together, and make a plan for 4.4 and beyond.

     
    • Scott Taylor 4:36 pm on August 27, 2015 Permalink | Log in to Reply

      You are an American treasure.

    • Felix Arntz 5:08 pm on August 27, 2015 Permalink | Log in to Reply

      That’s an awesome step, standardizing terms (when compared to posts) will make WordPress development a lot more intuitive. I’m looking forward to help, in any way possible! 🙂

    • imath 5:12 pm on August 27, 2015 Permalink | Log in to Reply

      Fantastic!

    • prettyboymp 5:42 pm on August 27, 2015 Permalink | Log in to Reply

      I know there are a lot of smart developers leading this and making these decisions, but I don’t think that adding meta to terms is the best path forward. I think it would be better to move towards a sunset of the terms tables altogether and add the ability to create direct relationships between post objects.

      The addition of term meta will introduce a new way for data to be represented and further reduce compatibility between different themes and plugins. The reason many developers want terms to have meta is because they need them to be more than just a word. Developers will now have to determine whether it is best to represent a data structure as a term or as a post object. The limitation right now is that you can only create a many to many relationship within the current schema by using terms. Wouldn’t it make more sense to move towards treating everything as an object and give the ability to create many to many relationships between any of them?

      • Boone Gorges 5:59 pm on August 27, 2015 Permalink | Log in to Reply

        > I think it would be better to move towards a sunset of the terms tables altogether and add the ability to create direct relationships between post objects.

        I would agree with this more if the post schema (and the “post type” API) had been more explicitly designed for general “object” use. One of the virtues of the taxonomy schema as it currently stands is that it’s fast – it doesn’t store a lot of data (like longtext), and the tables can be joined efficiently. wp_term_relationships is, in fact, a relationship table like what you’re suggesting for posts. The post schema, on the other hand, is loaded with fields that are of questionable value for general objects, fields that make queries cumbersome and resource-intensive. (A related concern, which I think is very legitimate, is that introducing term meta – and especially term meta queries – is going to slow down what is currently a fast API. This is something we should definitely discuss as a part of the initiative.)

        As for the question of whether this “further reduces compatibility between different themes and plugins”, I don’t really agree. In theory, a purely node-based system like Drupal means that all data types can work with all other data types. But how this gets fleshed out by developers and within UIs is far from a foregone conclusion.

        Moveover, by introducing greater parity between the Post and Term APIs, an argument could be made that we’re *increasing* compatibility between various WP components, at least as far as the developer experience is concerned. The API interfaces will be similar enough that it’s possible to imagine building tools that will talk to either terms or posts with a minimal layer of abstraction.

        In any case, these are helpful thoughts, and I hope you’ll think about coming and arguing them next Thursday 🙂

        • Mike Schinkel 6:54 am on August 28, 2015 Permalink | Log in to Reply

          While I am somewhat on the fence about this, I am leaning towards what @prettyboymp said. Rather than blindly adding term meta, it probably makes good sense to first ask if there is actually not a better way.

          For example, what if the post table were split in two, allowing for a lightweight version with limited fields and a heavy version using a join will full fields? It is possible that could also result in significant performance savings when working with posts in addition to making terms less of a special case.

          Note I am not saying this specific idea makes sense (or that it does not), I’m only saying that it would be good to open the floor for alternate strawmen proposals with subsequent discussion before committing to any one particular direction.

          • Boone Gorges 1:55 pm on August 28, 2015 Permalink | Log in to Reply

            I totally agree that we shouldn’t jump into term meta without discussing whether it’s the right thing to do. I meant to say that in the post, but there were so darn many things to say 🙂

            That being said, while I think it’s good to brainstorm and think big, I don’t want to be unrealistic. Massive schema and API changes take huge amounts of effort and time. I don’t want to get so sidetracked talking about a complete rearchitecture of WordPress that we lose track of the very real improvements we can make today – improvements that are often compatible with future changes.

            The one larger item I do want to flag for discussion is a general relationships API. Since Taxonomy already contains a relationship table, I want to make sure that any changes we make in that component don’t block the future development of object-object relationship functionality.

    • SanjayaBhai 6:12 pm on August 27, 2015 Permalink | Log in to Reply

      Wosome Fantastic 😀

    • leemon 6:26 pm on August 27, 2015 Permalink | Log in to Reply

      Many many thanks for championing this feature! 🙂

    • marsjaninzmarsa 6:53 pm on August 27, 2015 Permalink | Log in to Reply

      Count me in of course. 🙂

    • MatheusGimenez 10:57 pm on August 27, 2015 Permalink | Log in to Reply

      Great! Term meta is a very necessary function. 🙂

    • natebald 2:18 am on August 31, 2015 Permalink | Log in to Reply

      Hi, can someone explain what this means for sites that different post types uses the same taxonomy? I am unclear what the end result will be if the site is updated. Thank you in advance.

      • Boone Gorges 12:08 pm on August 31, 2015 Permalink | Log in to Reply

        natebald – The scenario you’ve described here is unaffected by any of these changes. The elimination of “shared terms” is about specific *terms* that are shared between multiple taxonomies.

    • texteditor 2:57 pm on August 31, 2015 Permalink | Log in to Reply

      Greetings. Please count me in with this discussion. I built a site for our university that serves e-textbooks in various download formats. I needed to group the download format types together and associate them with their respective posts. I wrote a query joining term relationships, term taxonomy, terms, and post meta among other things. It serves the purpose very well, but I am certain the upcoming 4.4 changes would affect our site. I can show you our site and the queries during the conference. Thank you in advance.

    • masonjames 10:05 pm on August 31, 2015 Permalink | Log in to Reply

      “We need code, but more importantly, we need folks who are nuts about strategy and outreach and backward compatibility.”

      Welp. You had me at “we need folks who are nuts”

    • Marin Atanasov 8:26 pm on September 3, 2015 Permalink | Log in to Reply

      Wow, this is exciting. I’ve been waiting for that since 2.8.

      It would be awesome to get that in 4.4. But too many things to consider. I’d love to help with any patches, testing or opinion here! 🙂

  • Konstantin Obenland 9:45 pm on May 20, 2015 Permalink
    Tags: ,   

    Dev Chat Summary, May 20 

    Agenda, Slack log.

    Committers Update (#)
    @nacin
    New guest committers: @iseulde, @westonruter, and @obenland, renewed guest committers: @jorbin, @jeremfelt, permanent committers: @pento, @boone, and @johnbillion
    Also see https://make.wordpress.org/core/2015/05/20/new-committers-for-4-3/

    Editor (#)
    @azaozz@iseulde
    No update here. Will discuss goals for this week and next week outside of dev chat.

    Admin UI (#)
    @helen
    @helen is plugging away at some groundwork for the CSS roadmap, @stephdau should be taking a look at the first steps for list tables in the next day or so. Will discuss goals for next week in tomorrow’s UI meeting.

    Network Admin UI (#)
    @jeremyfelt
    They talked through aspects of the Edit Site and Add Site flows yesterday to help @hugobaeta with mock-ups. Hopeful to see a mock up of these soon. They have a couple flows in Make/Flow with more on the way. The 5s flow highlighted an issue with text inputs overflowing. There’s also an updated `WP_Network` patch.

    Things they want to have done by next week:

    • Android and iPad flows.
    • Conversation around updated `WP_Network` patch and a first attempt at `WP_Site`.

    Partial Refresh (#)
    @westonruter
    Now has support for refreshing menus changed by Menu Customizer: https://github.com/xwp/wp-customize-partial-refresh/pull/12/files
    It’s much simpler than partial refresh for widgets, and @westonruter thinks that maybe it could safely be on by default, instead of requiring opt-in as is currently done for widgets. The concern with on-by-default would be if menus get some dynamic behaviors added to them with JS, so maybe it’s just something that theme authors would need to account for.
    Also waiting on feedback and testing from the Menu Customizer, merging the corresponding PR for Menu Customizer, to then merge the PR for Customize Partial Refresh and do a new plugin release.

    Goals for next week: Take what was done for Menus and then abstract a level again to facilitate plugins easily adding their own partial-refreshing.

    Menu Customizer (#)
    @voldemortensen, @celloexpressions
    Lazy loading and error handling were committed. Will discuss goals for next week outside of dev chat.

    Better Passwords (#)
    @markjaquith
    They’ve been working on a mockup of the password UI: http://codepen.io/markjaquith/pen/GJjZbJ
    Probably best to create a temporary hook in core for the password-set UI in the profile, to allow the team to work on this as a plugin. @markjaquith can take care of that core change, and start the plugin on GitHub.
    #32428 is on hold until the Password UI is usable. @voldemortensen started work on expiring reset keys #32429, but hopes to get it showcase-able by the end of the week. @rmarks made a first pass at #32430 but it needs more work.

    Goals for next week:
    1. Hook in core to enable plugin for PW change UI.
    2. Working version of PW change UI on the Profile screen (that is, you can change your password with it… show/hide… back compat for the pw confirmation field… not promising the strength hint stuff yet).
    3. #32430 ready for commit.
    4. Working patch for #32429.

    Favicons (#)
    @johnbillion
    @johnbillion made a start on the site favicon manager. As discussed during dev chat last week and in #16434 it has an API so plugins/themes can register new sizes for favicons/touch icons/etc if the need arises. I’ll be pushed to a GitHub repo by tomorrow. The main thing that will need to be discussed is whether this should just be a customizer setting or not. @johnbillion will post about the repository location and meeting times on this blog.

    Other:
    @ocean90 is looking for feedback on #29783!

    Next chat will be on May 27 2015, 20:00 UTC

     
  • Drew Jaynes 5:44 pm on April 21, 2015 Permalink
    Tags:   

    4.2 Scrub 

    We’ll be scrubbing report 6 in the #core channel on Slack in about 20 minutes at Tuesday 18:00 UTC 2015. Join us!

    @azaozz @dd32 @nacin @helen @sergeybiryukov @ocean90 @wonderboymusic @mark @johnbillion @jorbin @boone @jeremyfelt @pento

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel
Skip to toolbar