WordPress 4.2.4 Release Candidate 1

tl;dr WordPress 4.2.4 RC1 is available (download) for testing and fixes an issue with inline scripts.

A change in WordPress 4.2.3 had the unintentional side effect of breaking some inline scripts when the CDATA blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. is used (see #33106). For example, consider the intended content here:

<script>// <![CDATA[
_my_function('data');
// ]]>
</script>

In 4.2.2, this content is left as is and _my_function() fires as expected. In 4.2.3, the content is manipulated as such:

<script>// <![CDATA[ _my_function('data'); // ]]></script>

This results in the script being commented out by the // and it will not fire. A workaround for this is to use /* for commenting.

<script> /* <![CDATA[ */ _my_function('data'); /* ]]> */ </script>

However, this workaround should not be necessary. As a result, we intend on releasing WordPress 4.2.4 to fix this issue.

Additionally, WordPress 4.2.3 caused issues when using shortcodes within angle brackets (see #33116). For example, this shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. usage worked in 4.2.2 but did not work in 4.2.3:

<[shortcode]>

While we do not recommend this use of shortcodes and strongly encourage pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party developers to move away from this use of shortcodes, the breakage was unintentional and we have restored the behavior in WordPress 4.2.4 RC1.

Please download and test WordPress 4.2.4 RC1 and report any issues to core trac or to this post.

#4-2, #4-2-4

Changes to the Shortcode API

Earlier today, we released WordPress 4.2.3, which includes a relatively large security fix that affects the ShortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.. Due to the nature of the fix – as is often the case with security fixes – we were unable to alert pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors ahead of time, however we did makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). efforts to scan the plugin directory for plugins that may have been affected.

With this change, every effort has been made to preserve all of the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. features of the Shortcode API. That said, there are some new limitations that affect some rare uses of shortcodes.

Reminder: Never, under any circumstances, should you hack core files. This includes downgrading specific files. Doing so could have unintended consequences on your WordPress installation, including major security implications.

Basic Shortcode Usage

A brief explanation on the original purpose of shortcodes will help to explain the change. In a basic post, like this example, shortcodes are used to insert dynamic code:

Here are my images. [gallery]

Here you can see that the shortcode stands on its own as a dynamic element within the blogblog (versus network, site) post content. This is the central premise of the Shortcode API: make it easy to insert blocks of dynamic code.

Shortcodes with Filtered Styles

In today’s releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. of WordPress 4.2.3, however, we’ve added some new limitations that affect some existing plugins. Take, for example, the following shortcode, which is no longer recognized:

<div style="background-image: url('[shortcode]');">

The shortcode in the example above appears in a context that is no longer supported. Further, this use of a shortcode stretches the imagination for how the Shortcode API was intended to be used. Fortunately, there are some workarounds still available, so that sitesite (versus network, blog) administrators are not overly restricted in their use of HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers..

Workaround

The following example still functions as expected and is considered more acceptable:

<div [shortcode]>

Going forward, plugins implementing shortcodes for inline styles should output the entire style attribute rather than a bare value. Keep in mind that this workaround – just as the original example above – is only available to administrators and editors (i.e. only roles with unfiltered_html). Less-privileged users are still prevented from using shortcodes to output whole attributes in this manner. If a plugin is intended to work with author and contributor roles, we recommend that the plugin output an entire <div>.

Shortcodes with Bad Quotes

The following example is also no longer allowed:

<a href="/[shortcode query="?ref="]">

In the above situation, the shortcode is now properly recognized as HTML and it is rejected by the API. Apart from the example being confusing, WordPress cannot parse that shortcode.

Workaround

Instead, either of the following examples would be appropriate:

Example 1: <a href="/[shortcode query='?ref=']">
Example 2: <a href='/[shortcode query="?ref="]'>

Administrators as well as lesser-privileged authors can continue to use shortcodes in this way, as long is it conforms to the usual HTML filtering rules. However, as explained in the first example, administrators are now somewhat limited in this situation in one case: if the content in this href attribute is generated by a shortcode that does not conform to the HTML filters, then the shortcode is rejected for all users.

We do not make this change lightly and understand that it may affect some usecases. The above examples and explanations should help plugin authors make the modifications needed to support the Shortcode API.

#4-2, #4-2-3, #dev-notes, #plugins, #shortcodes

New Customizer Media Controls in 4.3 and 4.2

Over the past several releases, the CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. has drastically improved its built-in media controls, empowering developers to leverage the power of the WordPress media management experience in themes and plugins with ease. WordPress 4.1 refactored the image and upload controls to leverage the media modal for the first time (see #21483). 4.2 abstracted this functionality to a new base media control class. And now in WordPress 4.3, we’ve added a control for cropped images. In this post, I’ll outline the recent changes in Customizer media controls and explain the differences between the available controls.

WP_Customize_Media_Control

Before WordPress 4.2, all Customizer media controls saved the file url to their corresponding settings. While this facilitates quick access when using the value of the setting in themes and plugins, it makes it more difficult to access other information about that attachment, such as its title/caption, mime type, or in the case of images, accessing specific image sizes.

WP_Customize_Media_Control was introduced to allow this paradigm to change while maintaining backwards compatibility for the existing WP_Customize_Upload_Control and WP_Customize_Image_Control, which now extend the media control class (see #29215). The media control will save the attachment id for the selected media file to the Customizer setting, rather than the file URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org. However, note that the default value of the setting must still be a URL, since a default attachment id doesn’t really makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). sense.

The media control can be used for any type of media, be it an image, audio, video, PDF document, or any other file format that your server supports. To restrict a media control instance to a particular type of content, use the mime_type parameter when adding the control:

$wp_customize->add_control( new WP_Customize_Media_Control( $wp_customize, 'audio_control', array(
	'label' => __( 'Media Control (audio)' ),
	'section' => 'media',
	'mime_type' => 'audio',
) ) );

When working with a setting corresponding with a media control, the sanitize_callback should generally be absint(), since a numerical id is expected. When using get_option() and get_theme_mod(), functions such as wp_get_attachment_url(), wp_get_attachment_image(), wp_get_attachment_image_src(), and even get_post() are useful depending on your needs, with each function taking the attachment id (value of the setting) as a parameter.

The full power of WP_Customize_Media_Control is realized when the control is extended to implement additional custom functionality in a custom child control. WP_Customize_Cropped_Image_Control is a great example of this in coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. The core Customizer control classes provide several working examples of this; see wp-includes/class-wp-customize-control.php and wp-admin/js/customize-controls.js.

WP_Customize_Cropped_Image_Control

New in WordPress 4.3, WP_Customize_Cropped_Image_Control extracts functionality from the headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. image control to allow an image to be cropped to specific dimensions (see #29211). This offers a better user experience than automatic cropping in many cases when images of a certain size or aspect ratio are required in themes and plugins. In core, the new sitesite (versus network, blog) icon feature relies heavily on the cropped-image control, implementing a child custom control to add additional site-icon-specific functionality.

The cropped image control comes with four custom parameters in addition to those available in the media control. These are used to specify the required (or recommended) image dimensions, as well as specifying whether alternative dimensions are allowed (the flex options). Here’s a typical usage when adding a cropped-image control:

$wp_customize->add_control( new WP_Customize_Cropped_Image_Control( $wp_customize, 'cropped_image', array(
	'section'     => 'background_image',
	'label'       => __( 'Croppable Image' ),
	'flex_width'  => true, // Allow any width, making the specified value recommended. False by default.
	'flex_height' => false, // Require the resulting image to be exactly as tall as the height attribute (default).
	'width'       => 1920,
	'height'      => 1080,
) ) );

The cropped-image control creates a child attachment of the original image attachment object for the cropped image, preserving the original version. The cropped-image attachment is given a context based on the control id (with _ replaced by -). The core control doesn’t currently use this, but it could be leveraged to query for previously-cropped images for a specific control to add a library feature in the future or in child controls. Be mindful that a version of the control id is stored in the database for cropped image attachments.

As with the media control, the cropped-image control saves the attachment id instead of the image URL. This can be useful for querying specific sizes of the image, but you’ll typically want the full size image at the cropped dimension. wp_get_attachment_image_src( absint( get_option( 'cropped_image_setting' ) ) ) should do the trick if that’s the case, when outputting the value of the setting.

#4-2, #4-3, #customize, #dev-notes, #media, #media-modal

Spinners and dismissible admin notices in 4.2

There are two UIUI User interface component changes in 4.2 aimed at better experiences moving forward that may affect pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and theme authors. The first is the spinner element, which does come with a non-critical visual breaking change. The second is adminadmin (and super admin) notices, which are an enhancementenhancement Enhancements are simple improvements to WordPress, such as the addition of a hook, a new feature, or an improvement to an existing feature. and do not affect current implementations.

CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’s spinner is implemented using the .spinner class. Up until now, spinners have been hidden using display: none and then toggled using jQuery’s .show()/.hide() methods. While this works, it has two fundamental problems: it ties us to jQuery-specific helpers, and more importantly, does not reserve the space for the spinner when hidden, leading to elements moving around on the screen whenever the spinner would toggle. The more appropriate solution would be to use CSSCSS Cascading Style Sheets.’s visibility property, which does reserve the visual space, and control that visual behavior via a class so that any future changes to CSS are inherited by anybody using that component.

To that end, to show a spinner, you should now add a class of .is-active to the spinner element, and remove that class when it’s no longer active. This state-communicating naming convention is a part of some of our longer-term goals when it comes to semantic markup, so also take note of that. The breakage here is that spinners will no longer show using jQuery’s .show() method, as all it does is set an inline CSS display property, and so you will need to account for that going forward. The best thing to do would be to update to toggling the class as noted, and if maintaining compatibility in the short term with older versions of WordPress is a concern, detect the version and inject CSS into admin_head that applies display: inline-block to .spinner.is-active. There are other methods for handling version compatibility as well, but this is likely to be the method that is most maintainable and easy to immediately understand. Work on this was handled in #22839.

The second UI component that we’ve improved in a more visible manner is admin notices. Admin notices are often a source of confusion – if you publish a post and then refresh the edit screen, you’ll still get the notice that you’ve published the post, leading you to wonder if you’ve published it twice or what exactly is going on. They’re also distracting, takes up precious space, and can cause visual fatigue, leading to users ignoring notices that really do need their attention. So, we’ve done two things: one, we’ve made the vast majority of core notices user-dismissible (#31233), and two, we’ve also made sure those notices won’t come back when you refresh the page and have JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. on/working (#23367).

Any notice can now be made dismissible by ensuring the it has the classes .notice and .is-dismissible (recognize that naming convention?). Core handles adding the close button and removing the notice for you. However, for the best possible user experience, you should ensure that those notices will not come back on a page refresh or when navigating to another page. There are two different paths for this. The first applies to notices that are added when a query arg is present in the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org, such as message=6. Core will now remove certain query args and use JSJS JavaScript, a web scripting language typically executed in the browser. Often used for advanced user interfaces and behaviors. to replace the URL in the browser with that “cleaned up” version. By default, core handles 'message', 'settings-updated', 'saved', 'update', 'updated','activated', 'activate', 'deactivate', 'locked', 'deleted', 'trashed', 'untrashed', 'enabled', 'disabled', 'skipped', 'spammed', and 'unspammed'. To add (or remove) items to this array to accommodate your needs, use the removable_query_args filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output..

The second path, for notices that persist across different page loads, is to bind to the click event on the .notice-dismiss element in your own notice and trigger whatever it is your plugin may need to do to remember that the notice has been dismissed, such as storing a sitesite (versus network, blog) or user option using Ajax. A note of caution that in an ideal scenario, core would eventually provide a framework for persistently dismissible notices that are not tied to query args, so be prepared for future changes if you choose to use this method.

#4-2, #dev-notes

WordPress 4.2 Field Notes

WordPress 4.2 includes both new and improved features. It also includes changes under the hood.  While I’m sure you’ve been testing your themes, plugins, and sites in preparation for the releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software., you may have missed the announcements of all the changes. Here is a quick rundown of developer related things you should know:

  • The new wp.a11y.speak() APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. is available. When a change on the page happens, you can makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). sure that screen reader users are notified with this helper.
  • The default admin color scheme has been tweaked. Minor, but if you use the WordPress colors directly in your code, you should update the code.
  • When possible, WordPress now will use utf8mb4 as the database character set. This change has to the ability to store Emoji, which has lead to a couple of changes to help display emoji on all 💻 and📱.
  • Work along the Taxonomy Roadmap continued with terms being split when one of the terms is updated.  If you are storing term IDs in places such as post metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress., user meta, or options, then it’s likely you’ll need to update your code to prevent problems when a shared term gets split.
  • The default output of comments_popup_link now uses the.screen-reader-text class. The accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) team has put together a post on hiding text for screen readers that includes sample code to use in your themes.
  • order_by and meta_query now have a syntax that makes complex queries for WP_Query, WP_User_Query, and WP_Comment_Query easier.
  • The experimental TinyMCE views API has continued to evolve. As this is an experimental API, use in production is not recommended unless you closely follow the development as breaking changes are possible.
  • Two UIUI User interface components used by coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., spinners and admin notices, have been improved. The change to spinners is a change to how they are added and the change to adminadmin (and super admin) notices is the ability to optionally make them dismissible.

Additionally, the bundled version of jQuery UI has been upgraded from 1.11.2 to 1.11.4 and jQuery to 1.11.2.  The team also fixed 231 defects reported againgst previous versions of WordPress.  Please continue testing in preparation for the imminent 4.2.0.   WordPress wouldn’t be where it is without you.

UPDATE: Add information on spinners and admin notices.

#4-2, #dev-notes, #field-guide

TinyMCE views API improvements

In WordPress 4.2 there will be changes to the experimental TinyMCE views APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.. We don’t recommend this for use in production unless you closely follow the development.

If you’re using it we’d love to get some feedback: bugs, suggestions, things you wish you could do with it… You’re also welcome to leave a comment with a link to your project. I’d love to know what kind of content you’re using it for and how you’re using it.

Summary of the changes:

  • Simpler registration.
  • An easier way to update the view in the edit method.
  • You can choose to leave the text instead of replacing it with a loader. This is especially useful for our oEmbed views because we don’t know if the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org can be embedded until we get a response from the server.
  • You can now update the view text with a text of a different type (e.g. audio to playlist).
  • No need to use the setIframes method directly, render and setContent will handle it for you.
  • Already rendered views will never refresh again while editing other content. They do refresh when undoing or redoing things though, because TinyMCE resets the whole content unfortunately.
  • Options set in the match method (previously toView) will be added automatically to the view instance.
  • A couple of memory leaks were fixed and there’s a better way to bind and unbind views.
  • We added documentation for all the methods.

How to use the API

Registration:

window.wp.mce.views.register( 'unique_name', {
	...
} );

If you’re converting shortcodes to views, makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). sure unique_name is the same. They’ll be matched automatically. If you’re interested in custom matching, take a look at the embedURL registration in core.

If the content of your view is static, you can set the content property directly, if it is dynamic, overwrite getContent. In most cases an ajax request is needed to generate the content, so use the initialize method and cache the content. Passing it through render will cache it automatically.

This example will display the most recent images.

initialize: function() {
	var self = this;

	wp.ajax.post( 'query-attachments', {
		query: {
			post_mime_type: 'image'
		}
	} )
	.done( function( response ) {
		self.render( _.map( response, function( data ) {
			return '<img src=' + data.sizes.thumbnail.url + ' alt=' + data.alt + '>';
		} ).join( '' ) );
	} );
}

To add UIUI User interface for editing a view, you need to add an edit method. This example is taken from the gallery view. Use the callback to update the view with the modified text (shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site.).

edit: function( text, update ) {
	var frame = wp.media.gallery.edit( text );

	frame.state( 'gallery-edit' ).on( 'update', function( selection ) {
		update( wp.media.gallery.shortcode( selection ).string() );
	} );

	frame.on( 'close', function() {
		frame.detach();
	} );
}

It is not recommended to run JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. in the editor iframeiframe iFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser.. If you need to run scripts it is best to use a sandbox iframe inside the view. The API will automatically do this for you if it detects scripts in your content. For example the Google Maps API might alter the editor’s iframe body. This is not acceptable because the body content is serialised by TinyMCE on saving.

In this example the content will be put in an iframe and you can do anything you want in that document.

content: [
	'<script src="//maps.googleapis.com/maps/api/js?sensor=false"></script>',
	'<style>img { max-width: none; }</style>',
	'<div id="map" style="width: 100%;height: 500px;"></div>',
	'<script>new google.maps.Map( document.getElementById( "map" ), { zoom: 0, center: new google.maps.LatLng( 0, 0 ) } )</script>'
].join( '' )

If you do want to run scripts, use the bind and unbind methods and make sure there are no memory leaks.

#4-2, #dev-notes

4.2 Release Dry Run

In preparation for a Thursday releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software., I’d like to do a dry run for 4.2 on Wednesday 15:00 UTC 2015.

The goal would be to complete the dry run and freeze for about a day prior to release. We’ve pushed the scheduled release date by a day due to the 4.1.2 security release that went out on Tuesday morning.

The dry run will include:

  • Testing various features, including Press This and the CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Theme Switcher
  • Generally testing the adminadmin (and super admin) and common features using a multitude of devices and browsers, most notably mobile Safari on IOS and IE8
  • Running our usual unit tests including the specialty groups like multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site and AJAX
  • Doing scratch installs and upgrades from a variety of older versions

If we’re satisfied with the results of the dry run, then we’ll freeze. If not, we’ll discuss our options and makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). a contingency plan going forward.

If you’d like to help out and participate, we’d love to have you. Please come prepared to test!

#4-2, #dry-run

4.2 Scrub

We’ll be scrubbing report 6 in the #core channel on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. in about 20 minutes at Tuesday 18:00 UTC 2015. Join us!

@azaozz @dd32 @nacin @helen @sergeybiryukov @ocean90 @wonderboymusic @mark @johnbillion @jorbin @boone @jeremyfelt @pento

#4-2

This Week in 4.2: April 20 – 26

This is the jump-start post for the fourteenth (and final!) week of the WordPress 4.2 releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. cycle.

Last week, we tagged RC1 and “hard froze” strings. We’ll likely tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) RC2 today as well. We’re still on track for releasing 4.2 this week.

CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Meetings this week:

Priorities this week:

All commits in RC stages must be approved by at least one lead developer, preferably two.

Please, if you’re patching open tickets, ensure you’ve provided enough context on tickets for your fixes to help out those leads who may be coming along to review them.

As of Monday, there are 14 open tickets on report 6:

  • #31651 – Change Twemoji CDN to W.org – @pento
  • #31988 – TinyMCE: pasting an embeddable URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org in Firefox doesn’t show preview – @azaozz
  • #24054 – (get_)comment_class() should include a is_user_member_of_blog() class – @jeremyfelt
  • #31669 – views improvements continued – @azaozz
  • #31890 – Link to existing content added in Text Editor disappear after switch to Visual editor and back – @azaozz
  • #31929 – 4.2 About Page
  • #31984 – Shiny Updates – some glitches – @jorbin
  • #31987 – Theme CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings.: WidgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. search field hidden in Safari – @helen
  • #32002 – Theme Switcher: Missing back button and marking active theme – @helen
  • #32004 – Audio/video list and gallery – date dropdown and message – @helen
  • #32006 – Problem with setting width and height of embedded media – @azaozz
  • #32007 – Twenty Fifteen: Image captions are shifted down in TinyMCE – @azaozz
  • #32022 – Press This: Margin is too big forcing wrapping on mobile – @azaozz
  • #32000 – Some translators comments – @SergeyBiryukov

Recent notable updates:

#4-2, #jump-starts

WordPress Core Weekly

Howdy! Sorry, I dropped the ball last week so this week’s Weekly Roundup is a double issue — it covers April 4, 2015 [32003] to April 18, 2015 [32140].

This week marks the releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. of RC1, which is the first release that many pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors and betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. testers will test heavily. If you don’t already, now is a good time to check out the Alpha/Beta forums for any issues that crop up during this testing cycle.

We’re only days away from the release of 4.2; let’s finish strong! 🏃👏 Here’s the rundown of recent changes:

TinyMCE

  • Update to 4.1.9+. Changes:
    • Fixed bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. where extra empty paragraphs would get deleted in WebKit/Blink due to recent Quriks fix.
    • Fixed bug where the editor wouldn’t work properly on IE 12 due to some required browser sniffing.
    • Fixed bug where formatting shortcut keys where interfering with Mac OS X screenshot keys. [32058] #31895
  • Disable the wp-autoresize plugin in iOSiOS The operating system used on iPhones and iPads.. All iframes there are already expanded to the height of the content document. [32095] #31937
  • Update the “Keyboard Shortcuts” modal. [32060] #29558
  • Fix our shortcuts on Mac, use Ctrl + Opt + letter. [32059] #29558
  • Use window.twemoji directly in the wpemoji plugin. Gives a chance to the browser to lazy load twemoji.js when reloading the page. [32142] #31901
  • Remove the empty paragraph that sometimes is left over after adding an image caption. [32141] #32003

wpView

  • Remove selected views when inserting content but not when loading all content, and remove the ref. to the selected view node on resetting the views. [32140] #31998
  • Resize sandbox iframes on load. [32056] #31480
  • Empty the content in the timeout, so it doesn’t render iframes twice. [32022] #31669

Build/Test Tools

  • During PHPUnit tests, don’t autodetect permalink structure during WP installation. [32139] #31994
  • Move the built media JSJS JavaScript, a web scripting language typically executed in the browser. Often used for advanced user interfaces and behaviors. files up a directory to their previous location and naming convention. [32125] #31912 (see [31373])
  • Don’t reference underscore.js source map. [32065] #31477

General/Misc.

  • WordPress 4.2-RC1 [32137] [32138]
  • Use HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. URLs for codex.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/. [32116] #27115
  • Explain all placeholders in translator comment, not just the first one. [32111] #31675
  • Ensure post title input is not shortened for non-public post types. [32071] #30968
  • Improve handling of incomplete From and Content-Type headers in wp_mail(). [32070] #30266
  • wpLink: always show the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org field at the top. [32017] #28206
  • Force default avatarAvatar An avatar is an image or illustration that specifically refers to a character that represents an online user. It’s usually a square box that appears next to the user’s name. for HiDPI avatars on Discussion Settings. [32129] #31972

Translationtranslation The process (or result) of changing text, words, and display formatting to support another language. Also see localization, internationalization. and Strings

  • Merge strings that describe the same command. [32078] #31776
  • Update placeholder for FTPFTP FTP is an acronym for File Transfer Protocol which is a way of moving computer files from one computer to another via the Internet. You can use software, known as a FTP client, to upload files to a server for a WordPress website. https://codex.wordpress.org/FTP_Clients. credentials. [32077] #31922
  • After [31941], use the decoupled strings from wp-admin/network/themes.php in wp-admin/network/site-themes.php as well. [32029] #28502
  • Correct grammar when referring to “a user” vs “an user” in several places. [32025] #31894

Administration

  • Fix flickering of the adminadmin (and super admin) menu on over-scrolling. [32089] #30900
  • Dashboard: Ensure images other than avatars (such as emoji replacements) in recent comments are not incorrectly positioned. [32076] #31919
  • Admin menu: fix colors for focus state and in IE8. [32075] #31345
  • Dismissible notices: more precise positioning across browsers. [32068] #31233
  • Reset padding for buttons in theme details modal. [32128] #31963
  • Revert [32099] per discussion in #core. [32100] #30900
  • Remove z-index from #adminmenuback. [32099] #30900
  • Don’t print the custom-background class in body_class() when a default color is in use. [32081] #28687
  • Toolbar: Search item consistency for focus state and IE8. [32074] #31322
  • Pointers: Makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). the dismiss icon a consistent size. [32069] #31915
  • Update more instances of default admin blues and grays. [32051] #31234

Emoji and Smilies

  • Tweak which smiley matches which emoji. [32105] [32107] #31709
  • Update our few remaining smilies to better align with Twemoji, and add frownie.png until Twemoji provides a build containing it. [32104] #31709
  • The emoji JS files should be run through the script_loader_src filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output., as they would be if they were registered scripts. [32097] #31938
  • Tidy up the wp_encode_emoji() regex, and clarify the function comment on Unicode 8 support. [32096]
  • Remove an errant / in Twemoji URLs. [32024] #31893
  • Remove executable bit from smilies. [32109] #31709

Themes

  • Twenty Fourteen: update editor styles to better account for adaptive images in small screens. [32094] #31934
  • Twenty Fifteen: update editor styles to better account for adaptive images in small screens. [32090] #31934
  • Theme Compat: Make string translatable and add translator comments. Added in [31941]. [32084] #28502, #31921
  • Move initialization of $customizeSidebar to api.ThemesSection.initialize() to prevent cases where the result can be undefined. [32119] #31793
  • Translator comment should just reference placeholder numbers, not the actual placeholders. [32112] #31675
  • Tell developers how to correctly silence register_sidebar() notices. [32110] #31675

CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings.

  • Refresh nonces when a session expires and the user logs in again. [32054] #31294
  • Widgets: Improve sync logic for select[multiple] inputs. [32012] #31885
  • Fix spinners after [31996]. [32008] #31884
  • Escape theme preview URLs. [32134] #31896
  • Headers: Improve handling of the initial headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. model.[32091] #31786, #31742

Theme Switcher

  • Fix some esoteric breakage in iOS Safari. [32103] #31794
  • Don’t deactivate section on empty search results. [32083] #31889
  • Remove “Add New” reference from customize-controls.js. [32004] #31837
  • Use text input for the search field to prevent double tap issues for Preview and Customize buttons on iOS. [32127] #31794
  • Don’t re-render a theme control if it has already been rendered.
  • Lazy load theme screenshots. [32088] #31793
  • Fix tabbing order if section is open. [32087] #31289
  • Fix preview URL for subfolder installs. [32086] #31896

Shiny Updates

  • Disable shiny updates from modal based on parent window [32082] #31739
  • Fix logic for details based shiny updates. [32080] #31739
  • Disable modal initiated shiny updates on wp-admin/update-core.php. [32067] #31739
  • Use dashes instead of dots as separator for jQuery events in shiny updates . is used for namespaces, so better to use dashes. [32063] #31819
  • Trigger events upon the completion of a shiny update. [32061] #31819
  • Remove Shiny Bulk Updates. Bulk updates don’t need to be ajaxified so let’s revert. [32053] #31770, #29820
  • Conditionally add AYS to leaving shiny updates. [32052] #31769
  • Enable users to initiate a shiny update from plugin detail modal. [32062] #31739

Media

  • Don’t allow whitespace-only image captions from the Media modal. [32079] #21848
  • Fix focus and selected state for the selected attachments set. [32072] #31898
  • Rename get_media_embedded_in_content_allowed filter tomedia_embedded_in_content_allowed_types. [32113] #26675
  • Bring back spinners, now without bouncing select elements. [32101] #22839, #30725
  • Fix the media modal Insert into post button on narrow screens by limiting the width of .media-toolbar-primary and .media-toolbar-secondary only inside .attachments-browser (the top toolbar). [32121] #31908
  • Insert from URL: Make sure the link text is actually used. [32055] #29476
  • Make sure the spinner in the media modal is visible on narrow screens (without affecting the media grid). [32120] #30725

Build Tools

  • Don’t override minified libraries included in coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. [32066] #31477

Docs

  • Remove unnecessary inline @see tags from a variety of parameter and return descriptions in wp-includes/wp-db.php. [32050] #31888
  • Remove unnecessary inline @see tags from the wpdb::process_field_charsets()DocBlockdocblock (phpdoc, xref, inline docs). [32049] #31888
  • Add a missing return description for has_header_image(). [32048] #31888
  • Fix a variety of inline documentation syntactical issues in wp-includes/taxonomy.php. [32047] #31888
  • Add a missing @access tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) to the DocBlock for the WP_Meta_Query->$clauses property. Also adds a missing return description for WP_Meta_Query::get_clauses(). [32044] #31888
  • Add a variety of missing descriptions and fix syntax for wp_scripts(),_wp_scripts_maybe_doing_it_wrong(), and wp_script_add_data(). [32040] #31888
  • Remove an unnecessary inline @see tag and document the $wpdb global in two WP_Comment_Query methods. [32038] #31888
  • Add missing parameter and return descriptions to WP_Customize_Widgets->filter_customize_dynamic_setting_args(). [32036] #31888
  • Add parameter and return descriptions for WP_Customize_Widgets->get_setting_type(). [32035] #31888
  • Add missing @access tags to two DocBlocks in WP_Customize_Setting. [32034] #31888
  • Document the $theme property in WP_Customize_Themes_Section. Also adds a missing@access tag to the DocBlock for WP_Customize_Themes_Section->render(). [32033] #31888
  • Cleanup DocBlock syntax, add a missing parameter description for WP_Customize_Manager->set_post_value(). [32031] #31888
  • Add inline doc syntax fixes for WP_Customize_Manager->doing_ajax(). Also adds a return description. [32030] #31888
  • Add documentation for the $type and $theme properties in WP_Customize_Theme_Control. Also add some missing @access tags to various DocBlocks. [32028] #31888
  • Fix description alignment for the category_css_class filter docs. [32026] #31888
  • Add documentation for the $type, $mime_type, and $button_labels properties in WP_Customize_Media_Control. [32023] #31888
  • Clarify the DocBlock summary and parameter description forwp_edit_attachments_query_vars(). [32019] #31888
  • Add proper descriptions for the @global and @param tags in the wp_media_attach_action() DocBlock. [32018] #31888
  • Clarify the DocBlock description for wp_print_request_filesystem_credentials_modal(). [32016] #31888
  • Clarify 4.2.0 changelog entry, add global description to the DocBlock for WP_Users_List_Table->single_row(). [32015] #31888
  • Add missing @since versions from a variety of methods in WP_Press_This. [32014] #31888
  • Add missing DocBlocks for the _limit_array(), _limit_string(), _limit_url(),_limit_img(), _limit_embed(), and _process_meta_entry() utility methods in WP_Press_This. [32013] #31888
  • Add a return description to the DocBlock for WP_Posts_List_Table->is_base_request(). [32009] #31888
  • Add an @see mention for Plugin_Upgrader, plus spacing to the wp_ajax_update_plugin()delcaration. [32006] #31888
  • Add a more descriptive function summary for options_discussion_add_js(). [32005] #31888
  • Fix Docblock syntax for the taxonomy_parent_dropdown_args filter. [32003] #31888
  • Add a missing return description for wp_styles(). [32041] #31888
  • wp_install_maybe_enable_pretty_permalinks() should have a consistent @return value. [32027] #6481, #31888

Help/About

  • All strings are available for translation. [32132] [32135] [32136] #31929
  • Change the subhead strings on credits.php and freedoms.php to match about.php.
  • Link the Emoji Codex article in the emoji blurb.
  • Add a second sentence to the JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) blurb.
  • Switch positions for the JavaScript Accessibility and Complex Query Ordering sections for balance. [32131] #31929
  • Update about page for 4.2. [32118] [32123] [32130] #31929

Upgrade/Install

  • Move wp-plugin-update-success event to after lock is released [32133] #31978, #31819
  • Use named function instead of anonymous function, making it testable and replaceable. [32126] #31964
  • When dbDelta() is checking whether an index is defined in a CREATE TABLE statement, don’t worry if MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. has a subpart defined on an index, but the CREATE TABLE doesn’t. [32108] #31869

Script Loader

Press This

  • Do not show the bookmarklet upgrade notice when accessing directly press-this.php. [32122] #31968
  • Add mb_strlen() compatibility function. Works the same way as the existing mb_substr() compatibility function. [32114] #31951
  • Check the bookmarklet version and add the update notice from PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20. [32106] #31942
  • Add ARIA attributes to the alerts container. [32102] #31942
  • Fix focusing the Standard Editor link after saving draft, if the user has not focused another element. [32098] #31923
  • Change the link text to Standard Editor. [32093] #31923
  • When saving a draft change the text of the Save Draft button to “Saving…” [32092] #31923
  • Update documentation for press_this_save_redirect filter after [31992]. [32143] #31996

TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies.

  • wp_update_term() should check if get_term() returned null. [32117] #31954
  • Avoid an unexpected object error when syncing global terms. Pass the expected single value, rather than object, when recursively calling global_terms(). [32064] #31914, #31149

Editor

Thanks to @adamsilverstein, @afercia, @awbauer, @azaozz, @boonebgorges, @DavidAnderson, @dimadin, @dlh, @DrewAPicture, @ericlewis, @hauvong, @helen, @hugobaeta, @iseulde, @jamescollins, @jeremyfelt, @joemcgill, @joen, @johnbillion, @jorbin, @kraftbj, @lancewillett, @markjaquith, @mattheu, @Michael-Arestad, @mindrun, @morganestes, @nacin, @nitkr, @obenland, @ocean90, @pavelevap, @pento, @peterwilsoncc, @samuelsidler, @SergeyBiryukov, @siobhan, @sirbrillig, @slobodanmanic, @swissspidy, @tmatsuur, @Tmeiste, @tyxla, @valendesigns, @westonruter, and @wonderboymusic for their contributions!

#4-2, #week-in-core