Week In Core, June 15 – June 22 2016

Welcome back the latest issue of Week in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., covering changes [37720-37800]. Here are the highlights:

  • 80 commits
  • 33 contributors
  • 26 tickets created
  • 9 tickets reopened
  • 37 tickets closed

Ticketticket Created for both bug reports and feature development on the bug tracker. numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

Code Changes

AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)

  • Theme Installer, make the “Upload Theme” button… a button. [37742] #35457
  • Remove the ARIA roles from the wp.a11y.speak() live regions. [37734] #36289

Adminadmin (and super admin)

Autosave

  • improve the notice when the sessionStorage autosave is different than the content. [37737] #37025

Build/Test Tools

Comments

  • Wrap or unwrap the List Table comment_date as comment status changes via Ajax. Introduced in [36521]. [37743] #36742

Customize

  • Make sure that preview and return URLs are URLs. Merges [37527] to supported branches. [37780] [37778] [37777] [37775] [37773] [37772] [37770] [37769] [37768]
  • Separate preview and actions in the site icon control. Reverts [37456]. Merge of [37724] to the 4.5 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch".. [37725] #36749
  • Separate preview and actions in the site icon control. Reverts [37456] [37724] #36749

Docs

  • Clarify documentation for wp_logout_url() and wp_login_url() and corresponding hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same.. [37753] #34352
  • Improve the summaries and return descriptions for get_registered_nav_menus() and get_nav_menu_locations(). [37752] #37106
  • Add a missing summary and @since version to the DocBlockdocblock (phpdoc, xref, inline docs) for WP_MS_Sites_List_Table::prepare_items(). [37739] #36675, #21837, #24833, #33185

Editor

  • Add white outline for contrast on darker backgrounds. Change red colour in toolbar. [37751] #36638
  • after inserting a link detect if the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org is broken, first run. [37741] #36638

Embeds

External Libraries

Grunt

  • when running precommit use regex to check which files have been modified. [37749] #36528

L10NL10n Localization, or the act of translating code into one's own language. Also see internationalization. Often written with an uppercase L so it is not confused with the capital letter i or the numeral 1. WordPress has a capable and dynamic group of polyglots who take WordPress to more than 70 different locales.

  • Add unit tests for the override_load_textdomain filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output.. [37746] #36398

Media

  • Use the correct variable for the file object. [37728] #14244
  • Pass allowed file extensions to Plupload. [37727] #14244
  • properly refresh the position of the Plupload shim so it moves over the Select Files button or off the screen. Fixes #37039. [37722] #37039

Multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site

Permalinks

Posts

  • Unifies the APIs for getting a post’s modified date or time with getting a post’s date or time. [37738] #37059

Query

REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/.

  • Include X-Robots-Tag: noindex headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. in REST API responses to prevent endpoints from being indexed by search engines. [37726] #36390

RevisionsRevisions The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision.

  • Change the capability needed to view revision diffs to edit_post. Merges [37779] to supported branches. [37799] [37797] [37796] [37791]
  • Change the capability needed to view revision diffs to edit_post. [37779]

TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies.

Media

  • Improve handling of extensionless filenames. This ensures files retain a filename after sanitization. [37756]
  • Restore keyboard navigation of the media grid. [37755] #36900

Menus

  • Support nested array variables in POST data when saving menus. Merge of [37748] and [37750] to the 4.5 branch. [37754] #36590, #14134
  • Fix _wp_expand_nav_menu_post_data() for PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher 5.2. [37750] #36590
  • Support nested array variables in POST data when saving menus. [37748] #36590, #14134

Props

Thanks to @adamsilverstein, @afercia, @akibjorklund, @azaozz, @boonebgorges, @coderste, @coffee2code, @dlh, @DrewAPicture, @ericlewis, @Fab1en, @flixos90, @helen, @imath, @iseulde, @jeremyfelt, @joemcgill, @jorbin, @kraftbj, @lukecavanagh, @m_uysl, @nbachiyski, @neverything, @ocean90, @peterwilsoncc, @polevaultweb, @Props, @rabmalin, @rachelbaker, @rockwell15, @Soean, @swissspidy, and @Viper007Bond for their contributions!

#4-5, #week-in-core

Week in Core, Apr 5 – Apr 12 2016

Welcome back the latest issue of Week in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., covering changes [37161-37190]. Here are the highlights:

Ticketticket Created for both bug reports and feature development on the bug tracker. numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel.

Code Changes

AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)

  • Remove redundant title attribute from wp_star_rating(). [36092] #35141
  • Remove the revisionsRevisions The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision. limit title attribute from the Publish box. [36053] #35029
  • Remove title attributes from the updates links on the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and Themes list tables. [36032] #35167
  • Remove title attributes and improve accessibility on the “no-js” Menus screen. [36016] #35134
  • Remove title attributes from the Theme browser. [36015] #35140
  • Improvements for the Authentication Check modal dialog “Close X”. [36014] #35142

Bootstrap/Load

  • In WP::handle_404(), make sure $wp_query->post is a WP_Post object before cloning it. Merges [35994] to the 4.4 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch".. [36064] #35013

Canonical

  • Output correct canonical links for paged posts when not using pretty permalinks. [36103] [36096] #34890

Comments

  • Return early from wp_update_comment_count() if there is not a valid post. [36115] #34977
  • Respect approval status when determining comment page count in comments_template().[36041] [36040] #8071, #35068
  • When a comment is submitted, ensure the user_ID element in the array that’s passed to the preprocess_comment filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. gets populated.[36039] [36038] #34997

Customize

Docs

  • Hash notate properties and defaults for the benefit of $args parameter documentation for WP_Customize_Control::__construct(). [36114] #32246
  • Correct a funky docblockdocblock (phpdoc, xref, inline docs) in funky_javascript_fix(). [36111] #32246
  • Improve documentation for wp_admin_css_color(). [36107] #34857
  • Fix typo in a comment in wp_rand(). [36102] #35228
  • Clarify that get_post_types() accepts 'not' as its $operator parameter. [36091] #35225
  • Clarify that wp_filter_object_list() accepts 'not' as its $operator parameter. [36090] #35225
  • Correct @return type for rest_parse_date(). [36086] #35224
  • Correct @return type for count_user_posts(). [36085] #35222
  • Miscellaneous docblock code quality tweaks. [36074] #32246
  • @see != @since. [36073] #32246
  • Properly mark the optional $redirect, $network_wide, and $silent parameters as such in the DocBlock for activate_plugin(). [36072] #32246
  • Add missing @since and properly mark the optional $type parameter as such in the DocBlock for the deprecated get_others_unpublished_posts() function. Introduced in [5707]. [36071] #32246
  • Properly mark the $exclude_zeros parameter in the DocBlock for get_editable_user_ids() as optional. Also [36070] #32246
  • Miscellaneous docblock corrections. [36069] #32246
  • Fix a typo in the 4.4.0 changlog entry in the intermediate_image_sizes_advanced hook doc. [36054] #35190
  • Add missing notations for the optional $tab_index and $extended parameters in the DocBlock for the deprecated the_editor() function. [36033] #32246
  • Add missing parameter and return notations to the DocBlock for the deprecated get_usernumposts() function. [36030] #32246
  • Add documentation to wp-blogblog (versus network, site)-header.php. [36029] #35161
  • Add missing parameter and return notations in the DocBlock for get_profile(). [36028] #32246
  • Properly mark the $classname parameter as optional. [36027] #32246
  • Add missing parameter and return notations to the DocBlock for the deprecated wp_specialchars() function. [36026] #32246
  • Add missing parameter notations and descriptions in the DocBlock for get_link(). [36025] #32246
  • Add missing parameter and return notations in the DocBlock for the deprecated _nc() function. [36024] #32246
  • Add a missing summary, parameter, and return descriptiosn to the DocBlock for the deprecated function, get_linkrating(). [36023] #32246
  • Add a missing notation for the $gmt_time parameter in the DocBlock for spawn_cron(). [36022] #32246
  • Add missing DocBlocks for hash_hmac() and _hash_hmac(). Introduced in [18111]. [36021] #32246
  • Fix inline comment syntax in _mb_strlen(), an internal compat method for mb_strlen(). [36020] #32246
  • Add missing DocBlocks for mb_strlen() and _mb_strlen(). Introduced in [32114]. [36019] #32246
  • Fix inline comment syntax in _mb_substr(), an internal compat method for mb_substr(). [36018] #32246
  • Add missing DocBlocks for mb_substr() and _mb_substr(). Introduced in [17621]. [36017] #32246
  • Add missing parameter and return descriptions to the DocBlocks for _wp_object_name_sort_cb() and _wp_object_count_sort_cb(), both uasort() callbacks. [36013] #32246
  • Add a missing notation for the $context parameter in the DocBlock for _nx_noop(). [36012] #32246
  • Fix the syntax for the get_previous_post_link() DocBlock to ensure it’s read and parsed as such instead of as a multi-line comment. [36011] #32246
  • Add a missing summary, description, and @since version to the DocBlock for wp_redirect_admin_locations(). Introduced in [19880]. [36010] #32246
  • Add a missing notation for the $bookmark_id parameter in the DocBlock for clean_bookmark_cache(). [36009] #32246
  • Fix copy/paste error in wp_remote_retrieve_cookies() description. [36002] #35157

Editor

  • remove the format_for_editor filter from the_editor_content after it runs as the next editor instance on the same page may not need it. [36062] #28403

Embeds

  • Remove RDIO from oEmbed providers RDIO is shutting down. ?https://www.rdio.com/farewell/ [36066] [36007] #35152
  • Don’t show embed discovery link on a static front pageStatic Front Page A WordPress website can have a dynamic blog-like front page, or a “static front page” which is used to show customized content. Typically this is the first page you see when you visit a site url, like wordpress.org for example.. [36060] [36059] #35194

External Libraries

Formatting

  • Allow map_deep() to work with object properties containing a reference.[36101]  [36100] #22300, #35058
  • Transform & into & in tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) attributes. [36037][36036] #35008

I18Ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill.

  • In wp_maybe_decline_date(), bail early if translationtranslation The process (or result) of changing text, words, and display formatting to support another language. Also see localization, internationalization. functions are not available, e.g. in SHORTINIT mode. Merges [35880] to the 4.4 branch. [36063] #34967

Import

Login

Mail

  • Upgrade PHPMailer from 5.2.10 to 5.2.14. The full list of changes is available here: ?https://github.com/PHPMailer/PHPMailer/compare/v5.2.10…v5.2.14 [36083] #35212

Media

  • When creating srcset do not exclude the image size which is in the src attribute even when it is larger than max_srcset_image_width. [36110] #35108
  • Revert [35804]. This change has unintended side effects, notably that media URLs in the adminadmin (and super admin) area now unexpectedly use the https scheme. [36061] #13941, #35120
  • Fix calculations when determining whether to include particular image file in srcset. [36031] #34955

Menus

  • Avoid a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher Notice when a menu contains a now unregistered post type archive. [36095] #34449
  • Bring back line break between menu items. Reverts [34321].[36082] [36081] #35107
  • Avoid a PHP notice when trying to access the post_parent property of hierarchical post type nav menu items. Merges [35876] to the 4.4 branch. [36044] #34446

Permalinks

Posts/Post Types

  • Improve post-filter sanitization of excluded terms in get_adjacent_post(). [36079] #35211

Query

  • Re-initialise any dynamically-added public query vars before running the public query vars test. [36051] [36048] #35115
  • Introduce a unit testunit test Code written to test a small piece of code or functionality within a larger application. Everything from themes to WordPress core have a series of unit tests. Also see regression. which will fail when new public query vars are introduced without also updating the test. [36046] [36045] #35115
  • Remove title from the public query vars list. [36035] [36034] #35115

Shortcodes

  • = is a reserved character in shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. names, mark it as such.[36098] [36097] #34939

TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies.

  • Force non-public taxonomies to have a query_var of false. [36109] [36108] #35089
  • Pass object ids to delete_* actions. [36080] #35213
  • Move excluded_terms filter in get_adjacent_post(). [36078] #9571, #35211
  • Respect $_wp_suspend_cache_invalidation in clean_object_term_cache(). [36076] #35208
  • Order terms by ‘name’ when populating object term cache. [36057] [36056] #28922, #35180
  • Add current-cat-ancestor class to ancestor items in wp_list_categories(). Pairs nicely with current-cat-parent. [36008] #10676
  • Ensure that wp_list_categories() supports comma-separated lists for ‘exclude’ and ‘exclude_tree’. [36006] [36005] #35156
  • Ensure get_terms() results are unique when using ‘meta_query’. [36004] [36003] #35137

Tests

  • After [36100] use an object style which is compatible with PHP5 get_object_vars(). [36118] [36117] #35058
  • When testing the utf8mb4 charset, ensure that the current MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. server has utf8mb4 support. [36116] #35249
  • Help Tab Order should be based on the Priority Argument. [36104] [36089] #35215, #33941
  • Tests: Use the correct URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org in some shortcode tests. [36099] #
  • Move get_adjacent_post() tests to their own file. [36077] #35211
  • Use the default_storage_engine MySQL option on newer MySQL versions. [36055] #34692
  • Correct the public query vars test for the 4.4 branch. [36052] #35115
  • Prevent role capability pollution in Tests_Post_GetPostsByAuthorSql::test_user_has_access_only_to_private_posts_for_certain_post_types(). [36050] #
  • Fix all the things. [36049] #30017, #32394
  • Shave a second off the user capability tests by reusing its user fixtures. [36047] #30017, #32394

Themes

  • Add singular to the list of body classes when viewing a single post object. Adds tests [36112] #35164
  • Break $wp_file_descriptions array into sections and reorder for consistency and readability. [36088] #35223
  • Add taxonomy.php, home.php, front-page.php, date.php, and singular.php to file descriptions. [36087] #35223

Toolbar

  • In Comments link, replace title attribute containing the number of pending comments with a screen reader text. [36093] #34895

Twenty Fifteen

  • Add left margin for lists inside blockquotes in editor-style.css. [36075] #33380

Users

  • Don’t continue checking a password reset key, if the hash is empty. This [36084] #33926
  • When determining whether to show the reassign content option during user delete, don’t rely upon WP_Query as it doesn’t return all forms of content wp_delete_user() operates on. [36106] [36068] #34993

Widgets

  • Remove extra quotes from widgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. title in WP_Widget_RSS, accidentally added in [33814]. Merges [35978] to the 4.4 branch. [36067] #34978
  • Add missing closing tag for spinner after [35317]. [36001] #35150

Props

Thanks to @jadpm, @aaroncampbell, @afercia, @ambrosey, @ardathksheyna, @azaozz, @barryceelen, @boluda, @boonebgorges, @danielpataki, @dd32, @diddledan, @DrewAPicture, @ericlewis, @gblsm, @hnle, @igmoweb, @jeff, @jeremyfelt, @joemcgill, @johnbillion, @jorbin, @JPry, @jrchamp, @juanfra, @kiranpotphode, @KrissieV, @kucrut, @marcochiesi, @mark8barnes, @meitar, @morganestes, @mwidmann, @nofearinc, @obenland, @pento, @peterwilsoncc, @rabmalin, @rachelbaker, @ramiy, @salcode, @SergeyBiryukov, @ShinichiN, @skithund, @slushman, @swisssipdy, @swissspidy, @tharsheblows, @TimothyBlynJacobs, @tyxla, @wonderboymusic, @wp-architect, and @yetAnotherDaniel for their contributions!

#4-5, #week-in-core

Weekly Dev Chat Agenda for Apr 13 — After 4.5, before 4.6

Agenda for weekly dev meeting on April 13 at 20:00 UTC:

This meeting will be split into two parts. First part is about WordPress 4.5 and the second part about WordPress 4.6. It’s neither the post mortem chat nor the kickoff meeting.

  • WordPress 4.5
    • Announcements
    • Release LeadRelease Lead The community member ultimately responsible for the Release. for 4.5.1
    • What issues do we have? How are support forums looking? – “Do we need to ship a 4.5.1 this week?”
    • Open Discussion
  • WordPress 4.6
    • Announcements
    • Call for Volunteers
    • Call for Component Maintainers
    • Open Discussion

 

If you have anything to propose to add to the agenda, please leave a comment below.

See you in the chat!

#4-5, #4-6, #agenda, #dev-chat

Release Dry Run and Window, RC2 and String Freeze

Hey everyone!

The WordPress 4.5 release proceedings will start at April 12, 2016 at 0900 PDT, with the expectation of release within 2-3 hours of that meeting time. This time allows a decent margin before 5pm EDT (April 12, 2016 at 1400 PDT), at which point a puntpunt Contributors sometimes use the verb "punt" when talking about a ticket. This means it is being pushed out to a future release. This typically occurs for lower priority tickets near the end of the release cycle that don't "make the cut." In this is colloquial usage of the word, it means to delay or equivocate. (It also describes a play in American football where a team essentially passes up on an opportunity, hoping to put themselves in a better position later to try again.) to the next day would be discussed.

To help hit that window, let’s meet the day before at April 11, 2016 at 0900 PDT for a dry run.

As a final note, WordPress 4.5 RC2 has been released, and with it, hard string freeze is upon us.

See you at the dry run, and thanks for your help in getting this far!

#4-5, #dry-run

Dev Chat chat notes for April 6/March 30

This post summarizes the last two dev chat meetings.

March 30 meeting:

Review the full logs on Slack.

Schedule notes

Ticketticket Created for both bug reports and feature development on the bug tracker. review

  • Discussion of the new link dialog and the removed ‘list of recent posts/search’ section that previously existing in the advanced modal (a regressionregression A software bug that breaks or degrades something that previously worked. Regressions are often treated as critical bugs or blockers. Recent regressions may be given higher priorities. A "3.6 regression" would be a bug in 3.6 that worked as intended in 3.5.). It was replaced with the easier inline search, but some users miss it; plan is to restore and rework for the modal.

April 6 meeting:

Review the full logs on Slack.

Schedule notes

  • Release of WordPress 4.5 is scheduled for April 12.
  • About screen nearly complete.
  • Full string freeze by Saturday.

Ticket review

  • The coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. dev team went thru remaining tickets for the 4.5 release to decide what should get committed and what should get pushed to a later release.
  • Extensive discussion over the cropper and how to treat options passed by themes when setting up a theme logo.
  • A data inconsistency bug affecting the WP-API was considered significant enough that it needed fixing.
  • As we approach release and changes have less time to be tested, committers feel reluctant to make any changes.

#4-5, #dev-chat

Week in Core, Mar 29 – Apr 5 2016

Welcome back the latest issue of Week in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., covering changes [37092-37160]. Here are the highlights:

  • 69 commits
  • 16 contributors
  • 62 tickets created
  • 7 tickets reopened
  • 32 tickets closed
  • Target release date for 4.5 is April 12th

Ticketticket Created for both bug reports and feature development on the bug tracker. numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel.

AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)

  • Improvements for the Editor wpLink modal form fields. [37160] #33301

Build/Test Tools

Comments

  • Wrap the formatted comment text on the comment moderation screen in comment_text() so paragraphs and texturisation are applied. [37158] #34133

Customize

  • Fix toggle of title attribute field visibility on nav menus adminadmin (and super admin) page. [37153] #35273, #36353
  • Put focus on change button instead of remove button in media control. [37152] #36337
  • Respect aspect ratio on cropped images. [37113] #36318

Docs

  • Ignore _wp_upload_dir_baseurl() from parsing for the Code Reference. [37114] #36371

Editor

  • Remove trailing space from a help text string. [37159] #36407
  • Restore the bottom half of the modal. Make it always expanded and remove the toggle. It is used as advanced link options now, no need to have simple mode. [37154] #36359

Embeds

  • Improve how iframes are loaded after being initially hidden. [37093] #35894

General

  • Add deprecated notice and removal warning to _wp_upload_dir_baseurl(). [37112] #36371
  • Snoopy: use escapeshellarg instead of escapeshellcmd [37102-37094]

HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.

I18Ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill.

  • Clarify translator comment for an a11yAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) label added in [36618]. [37155] #35111, #36396

JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/.

  • Add nonce to AJAX action for script compression setting. Merges [37143] to the 4.4 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch". [37144] [37143]

Networks and Sites

  • Improve escaping in networknetwork (versus site, blog) settings.  [37132-37124]
  • Validate new email address confirmations. [37111-37103]

Plugins

Role/Capability

  • Add create_sites and delete_sites to the list of capabilities that are checked as part of the comporehensive roles and capabilities tests. [37157] #32394, #36413

TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies.

Themes

  • Remove $size reference from get_custom_logo().  [37135] #36327

Upgrade/Install

  • Add Nonce to updating wporg_favorites user metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. field Merges [37145] to the 4.4 branch [37146] [37145]

Thanks to @adamsilverstein, @afercia, @azaozz, @dimadin, @DrewAPicture, @iseulde, @jeremyfelt, @johnbillion, @jorbin, @nbachiyski, @obenland, @ocean90, @sidati, @swissspidy, @TacoVerdo, and @westonruter for their contributions!

#4-5, #week-in-core

REST API: Slashed Data in WordPress 4.4 and 4.5

Hi everyone. The REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. team recently discovered a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. with parameter parsing in the APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. infrastructure, part of WordPress 4.4. For those of you using the API infrastructure, you need to be aware of a bug fix we’re making with the API.

The Problem

The REST API has several types of parameters that it mixes together. These come from several sources including the request body as either JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. or URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org-encoded form data ($_POST), query parameters ($_GET), the API route, and internally-set defaults. Unfortunately, due to an oversight on our behalf, these parameters can be inconsistently formatted.

In WordPress, the superglobal request variables ($_POST and $_GET) are “slashed”; effectively, turning magic quotes on for everyone. This was originally built into PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher as a feature to help guard against SQL injection, but was later removed. Due to compatibility concerns, WP cannot change this behaviour for the superglobals. This only applies to the PHP superglobals, not to other sources of input like a JSON body or parameters in the URL. It additionally does not apply to form data on PUT or DELETE requests.

Internally, some low-level WordPress functions expect slashed data. These functions internally call wp_unslash() on the data you pass in. This means input data from the superglobals can be passed in directly, but other data needs to be wrapped with a call to wp_slash().

When the REST API gathers the data sources, it accidentally mixes slashed and unslashed sources. This results in inconsistent behaviour of parameters based on their source. For example, data passed as a JSON body is unslashed, whereas data passed via form data in the body is slashed (for POST requests).

For example, the following two pieces of data are equivalent in the REST API:


// JSON body:
{"title": "Foo"}

// Form-data ($_POST)
title=Foo

// Both result in:
$request->get_param('title') === 'Foo';

However, if the data contains slashes itself, this will be inconsistently passed to the callback:


// JSON body:
{"title": "Foo\Bar"}

// Results in:
$request->get_param('title') === 'Foo\Bar';

// Form-data ($_POST) (%3D = "\")
title=Foo%3DBar

// Results in:
$request->get_param('title') === 'Foo\\Bar';

This means that callbacks need to understand where parameters come from in order to consistently handle them internally. Specifically:

  • Data passed in the query string ($_GET, $request->get_query_params()) is slashed
  • Data passed in the body as form-encoded ($_POST, $request->get_body_params()) is slashed for POST requests, and unslashed for PUT and DELETE requests.
  • Data passed in the body as JSON-encoded ($request->get_json_params()) is unslashed.
  • Data passed in the URL ($request->get_url_params()) is unslashed.
  • Data passed as a default ($request->get_default_params()) is unslashed.

In addition, parameters set internally via $request->set_param() are unslashed. Unit and integration tests for API endpoints typically use these directly, so the majority of tested code (such as the WP REST API pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party) assumes parameters are unslashed.

See the related TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. Ticketticket Created for both bug reports and feature development on the bug tracker. #36419 for more information.

The Solution for WordPress 4.4 and 4.5

We are regarding inconsistently-slashed data as a major bug, and are changing the API infrastructure to ensure unslashed data. This will ensure that data is consistent regardless of the source. Callbacks will now receive unslashed data only, and can rely on this regardless of the original data source or request method.

If you are using functions that expect slashed data in your callback, you will need to slash your data before passing into these functions. Commonly used functions that expect slashed data are wp_insert_post, wp_update_post, update_post_meta, wp_insert_term, wp_insert_user, along with others. Before passing data into these functions, you must call wp_slash() on your data.

The fix for this issue, will be included in the WordPress 4.5 release candidates and final release. Due to the severityseverity The seriousness of the ticket in the eyes of the reporter. Generally, severity is a judgment of how bad a bug is, while priority is its relationship to other bugs. of the bug, we are also backporting the fix to the next minor WordPress 4.4 update. This also ensures you can update your plugins can act consistently across all versions of the REST API.

We understand that this may inadvertently break some plugins that are expecting slashed data. Right now, it’s not possible to consistently ensure that callbacks receive slashed data, so it is likely that these plugins will already break in some conditions.

tl;dr: if you’re using wp_insert_* or *_post_meta in your REST API callback, you need to ensure you are calling wp_slash() on data you are passing in, regardless of source.

We apologize for this bug existing in the first place. Slashed data is a problem that has plagued WordPress for a long time, and we’re not immune to getting caught by the issue ourselves.

#4-4, #4-5, #rest-api

Road to 4.5: All Hands on Deck

We’re almost there! Release day is April 12.

In order to get there, help is needed to resolve the remaining issues in the report.

The regular dev meeting will be at April 6, 2016 at 20:00 UTC, where we’ll go over status, but the report should really be clear before then.

There are currently 6 12 tickets in the milestone, which with few exceptions need to be resolved so that we can ship an RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 2 this week in preparation for release next week.

We need all hands on deck — especially if you are a component maintainer or committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component., but all eyes appreciated. Please watch the milestone for tickets you can suggest remedies for or whose patches you can review.

In particular, the help of lead developers and permanent committers is requested, because without approval from two of you for each patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing., we cannot move forward with committing fixes. Thanks to those of you who have been doing reviews!

Tickets with a patch and single sign-off in need of a second are:

  • #34133 – Moderate Comments: Pass through comment_text().
  • #36389 – Selective Refresh: Make sure refresh transport is used only when appropriate.
  • #36410 – I18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill.: Misleading translators comment and bad string

Needs testing and double sign-off:

  • #36380 – Moderate Comments: Show link URLs to avoid abuse.

Has patch and double sign-off, but needs second opinion from Polyglots teamPolyglots Team Polyglots Team is a group of multilingual translators who work on translating plugins, themes, documentation, and front-facing marketing copy. https://make.wordpress.org/polyglots/teams/.:

  • #36407 – I18n: Remove an extra space.

Needs patch:

  • #36412 – Custom Logo: Can’t skip crop for images smaller than specified in theme.
  • #36392 – Script Loader: wp_add_inline_script() breaks script dependency order.
  • #36173 – About Page: Needs commit with final strings by Wednesday. Draft design & strings attached for review.

Can ride:

  • #36354 – Bump coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. themes versions prior to release.
  • #36401 – Bump Akismet for 4.5.
  • #36413 – Additional tests for roles/caps
  • #35857 – Additional tests for customizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings./selective refresh

Thanks for your help in getting us through the final stretch.

#4-5

WordPress 4.5 Field Guide

WordPress 4.5 is the next major version of WordPress and with it come some bang bang changes. This guide will describe many of the developer-focused changes to help you test your themes, plugins, and sites. So grab a ☕️ ,🍷,🍵, or 🍺 and get ready for what’s coming soon.

JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/.! and CSSCSS Cascading Style Sheets.!

Multiple external libraries have been updated with the two that require your attention being Backbone and Underscore. There were some‼️ breaking changes ‼️ with these two libraries, so make sure to test your code if you use either of these.  jQuery and jQuery Migrate have also been updated, please test with the unminified versions in order to ensure future compatibility with WordPress.

The script loader has been updated with three big changes. The build process no longer creates wp-admin.min.css, wp_add_inline_script() joins the family of functions, and better support for multigenerational dependencies is included.

Term Edit Page! –‼️ Backward Incompatible change‼️

The term edit screen has been separated out from the term list screen. This brings greater consistency to how the adminadmin (and super admin) generates screens for terms and posts but at the cost of the need to change how you register scripts and how you detect that you are on a term edit screen.

Live Preview: Faster, ExtensibleExtensible This is the ability to add additional functionality to the code. Plugins extend the WordPress core software., More Features!

Live Preview (also known as “The CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings.”) once again has received attention this release with the addition of new controls, some performance improvements that require your attention to implement, and a two new user-facing features.

Setting-less Controls, Device Previews, and Selective Refresh are the three biggest changes you’ll find. Setting-less controls make it easier for you to implement complex interfaces. Device Preview is a user facing feature that allows users to adjust the preview to match the screens on various devices.  This feature includes filters to change the devices users can choose. Selective Refresh allows for changes to appear quicker inside the preview, and you can do so with less code than before. Theme authors need to make changes to take advantage of selective refresh. Luckily, the change will generally result in fewer lines of codeLines of Code Lines of code. This is sometimes used as a poor metric for developer productivity, but can also have other uses. needed overall ( more 🍎 than 🍏 ).

One area that selective refresh helps live preview function faster is with widgets.

‼️ If you offer sidebars or a widgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. in your theme or pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, please update your code to implement selective refreshBoth themes and widgets need to indicate support, so please update your code accordingly.

The final change to Live Preview involves a control for a new theme feature, and that is Custom Theme Logos.

Custom Theme Logos!

Themes can now offer support for custom logos. Custom Logos add an additional way for users to customize their site and theme developers can customize how custom logos are displayed.

Image Performance!

Following up on the introduction of responsive images in WordPress 4.4, WordPress 4.5 is making changes to improve image performance including improved compression settings and smarter handling of image metadata.

Embed Templates! (and other iterations)

Iterating on embeds has led to the ability to better customize embeds by adding new templates to the template hierarchy for embeds. Embeds have also had some performance improvements for autodiscovery, the ability to embed the front page of a site, and changes to the iframeiframe iFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser. of embedded content.

Comments Component!

The comments component has a few user-facing changes to make comments easier to moderate. For developers, the most notable change is the ability to adjust field lengths for your custom database schema. Additionally, the rel=nofollow attribute and value pair will no longer be added to relative or same domain links within comment_content.

Multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site!

Multisite once again has seen changes with the addition of new filters around site and user creation, and a WP_Site object.

And more!

Overall, 372 bugs have been marked as fixed in WordPress 4.5 (so far). There are also dozens of new hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and dozens of hooks that have received additional parameters. It’s entirely possible that one or more has caused a regressionregression A software bug that breaks or degrades something that previously worked. Regressions are often treated as critical bugs or blockers. Recent regressions may be given higher priorities. A "3.6 regression" would be a bug in 3.6 that worked as intended in 3.5., so please make sure to test your code deeply and report any issues you find.

#4-5, #dev-notes, #field-guide

Reminder – Dev Meeting Time

This is just a reminder that the dev meeting today is shifting an hour earlier today, since Europe has moved into DST.

The meeting will be at March 30, 2016 at 20:00 UTC.

We’ll chat about what’s left in the report. See you there!

#4-5, #agenda