Week In Core, June 15 – June 22 2016

Welcome back the latest issue of Week in Core, covering changes [37720-37800]. Here are the highlights:

  • 80 commits
  • 33 contributors
  • 26 tickets created
  • 9 tickets reopened
  • 37 tickets closed

Ticket numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

Code Changes

Accessibility

  • Theme Installer, make the “Upload Theme” button… a button. [37742] #35457
  • Remove the ARIA roles from the wp.a11y.speak() live regions. [37734] #36289

Admin

Autosave

  • improve the notice when the sessionStorage autosave is different than the content. [37737] #37025

Build/Test Tools

Comments

  • Wrap or unwrap the List Table comment_date as comment status changes via Ajax. Introduced in [36521]. [37743] #36742

Customize

Docs

  • Clarify documentation for wp_logout_url() and wp_login_url() and corresponding hooks. [37753] #34352
  • Improve the summaries and return descriptions for get_registered_nav_menus() and get_nav_menu_locations(). [37752] #37106
  • Add a missing summary and @since version to the DocBlock for WP_MS_Sites_List_Table::prepare_items(). [37739] #36675, #21837, #24833, #33185

Editor

  • Add white outline for contrast on darker backgrounds. Change red colour in toolbar. [37751] #36638
  • after inserting a link detect if the URL is broken, first run. [37741] #36638

Embeds

External Libraries

Grunt

  • when running precommit use regex to check which files have been modified. [37749] #36528

L10N

  • Add unit tests for the override_load_textdomain filter. [37746] #36398

Media

  • Use the correct variable for the file object. [37728] #14244
  • Pass allowed file extensions to Plupload. [37727] #14244
  • properly refresh the position of the Plupload shim so it moves over the Select Files button or off the screen. Fixes #37039. [37722] #37039

Multisite

Permalinks

Posts

  • Unifies the APIs for getting a post’s modified date or time with getting a post’s date or time. [37738] #37059

Query

REST API

  • Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines. [37726] #36390

Revisions

  • Change the capability needed to view revision diffs to edit_post. Merges [37779] to supported branches. [37799] [37797] [37796] [37791]
  • Change the capability needed to view revision diffs to edit_post. [37779]

Taxonomy

Media

  • Improve handling of extensionless filenames. This ensures files retain a filename after sanitization. [37756]
  • Restore keyboard navigation of the media grid. [37755] #36900

Menus

Props

Thanks to @adamsilverstein, @afercia, @akibjorklund, @azaozz, @boonebgorges, @coderste, @coffee2code, @dlh, @DrewAPicture, @ericlewis, @Fab1en, @flixos90, @helen, @imath, @iseulde, @jeremyfelt, @joemcgill, @jorbin, @kraftbj, @lukecavanagh, @m_uysl, @nbachiyski, @neverything, @ocean90, @peterwilsoncc, @polevaultweb, @Props, @rabmalin, @rachelbaker, @rockwell15, @Soean, @swissspidy, and @Viper007Bond for their contributions!

#4-5, #week-in-core

Week in Core, Apr 5 – Apr 12 2016

Welcome back the latest issue of Week in Core, covering changes [37161-37190]. Here are the highlights:

Ticket numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update Slack channel.

Code Changes

Accessibility

  • Remove redundant title attribute from wp_star_rating(). [36092] #35141
  • Remove the revisions limit title attribute from the Publish box. [36053] #35029
  • Remove title attributes from the updates links on the Plugin and Themes list tables. [36032] #35167
  • Remove title attributes and improve accessibility on the “no-js” Menus screen. [36016] #35134
  • Remove title attributes from the Theme browser. [36015] #35140
  • Improvements for the Authentication Check modal dialog “Close X”. [36014] #35142

Bootstrap/Load

  • In WP::handle_404(), make sure $wp_query->post is a WP_Post object before cloning it. Merges [35994] to the 4.4 branch. [36064] #35013

Canonical

  • Output correct canonical links for paged posts when not using pretty permalinks. [36103] [36096] #34890

Comments

  • Return early from wp_update_comment_count() if there is not a valid post. [36115] #34977
  • Respect approval status when determining comment page count in comments_template().[36041] [36040] #8071, #35068
  • When a comment is submitted, ensure the user_ID element in the array that’s passed to the preprocess_comment filter gets populated.[36039] [36038] #34997

Customize

Docs

  • Hash notate properties and defaults for the benefit of $args parameter documentation for WP_Customize_Control::__construct(). [36114] #32246
  • Correct a funky docblock in funky_javascript_fix(). [36111] #32246
  • Improve documentation for wp_admin_css_color(). [36107] #34857
  • Fix typo in a comment in wp_rand(). [36102] #35228
  • Clarify that get_post_types() accepts 'not' as its $operator parameter. [36091] #35225
  • Clarify that wp_filter_object_list() accepts 'not' as its $operator parameter. [36090] #35225
  • Correct @return type for rest_parse_date(). [36086] #35224
  • Correct @return type for count_user_posts(). [36085] #35222
  • Miscellaneous docblock code quality tweaks. [36074] #32246
  • @see != @since. [36073] #32246
  • Properly mark the optional $redirect, $network_wide, and $silent parameters as such in the DocBlock for activate_plugin(). [36072] #32246
  • Add missing @since and properly mark the optional $type parameter as such in the DocBlock for the deprecated get_others_unpublished_posts() function. Introduced in [5707]. [36071] #32246
  • Properly mark the $exclude_zeros parameter in the DocBlock for get_editable_user_ids() as optional. Also [36070] #32246
  • Miscellaneous docblock corrections. [36069] #32246
  • Fix a typo in the 4.4.0 changlog entry in the intermediate_image_sizes_advanced hook doc. [36054] #35190
  • Add missing notations for the optional $tab_index and $extended parameters in the DocBlock for the deprecated the_editor() function. [36033] #32246
  • Add missing parameter and return notations to the DocBlock for the deprecated get_usernumposts() function. [36030] #32246
  • Add documentation to wp-blog-header.php. [36029] #35161
  • Add missing parameter and return notations in the DocBlock for get_profile(). [36028] #32246
  • Properly mark the $classname parameter as optional. [36027] #32246
  • Add missing parameter and return notations to the DocBlock for the deprecated wp_specialchars() function. [36026] #32246
  • Add missing parameter notations and descriptions in the DocBlock for get_link(). [36025] #32246
  • Add missing parameter and return notations in the DocBlock for the deprecated _nc() function. [36024] #32246
  • Add a missing summary, parameter, and return descriptiosn to the DocBlock for the deprecated function, get_linkrating(). [36023] #32246
  • Add a missing notation for the $gmt_time parameter in the DocBlock for spawn_cron(). [36022] #32246
  • Add missing DocBlocks for hash_hmac() and _hash_hmac(). Introduced in [18111]. [36021] #32246
  • Fix inline comment syntax in _mb_strlen(), an internal compat method for mb_strlen(). [36020] #32246
  • Add missing DocBlocks for mb_strlen() and _mb_strlen(). Introduced in [32114]. [36019] #32246
  • Fix inline comment syntax in _mb_substr(), an internal compat method for mb_substr(). [36018] #32246
  • Add missing DocBlocks for mb_substr() and _mb_substr(). Introduced in [17621]. [36017] #32246
  • Add missing parameter and return descriptions to the DocBlocks for _wp_object_name_sort_cb() and _wp_object_count_sort_cb(), both uasort() callbacks. [36013] #32246
  • Add a missing notation for the $context parameter in the DocBlock for _nx_noop(). [36012] #32246
  • Fix the syntax for the get_previous_post_link() DocBlock to ensure it’s read and parsed as such instead of as a multi-line comment. [36011] #32246
  • Add a missing summary, description, and @since version to the DocBlock for wp_redirect_admin_locations(). Introduced in [19880]. [36010] #32246
  • Add a missing notation for the $bookmark_id parameter in the DocBlock for clean_bookmark_cache(). [36009] #32246
  • Fix copy/paste error in wp_remote_retrieve_cookies() description. [36002] #35157

Editor

  • remove the format_for_editor filter from the_editor_content after it runs as the next editor instance on the same page may not need it. [36062] #28403

Embeds

External Libraries

Formatting

I18N

  • In wp_maybe_decline_date(), bail early if translation functions are not available, e.g. in SHORTINIT mode. Merges [35880] to the 4.4 branch. [36063] #34967

Import

Login

Mail

  • Upgrade PHPMailer from 5.2.10 to 5.2.14. The full list of changes is available here: ?https://github.com/PHPMailer/PHPMailer/compare/v5.2.10…v5.2.14 [36083] #35212

Media

  • When creating srcset do not exclude the image size which is in the src attribute even when it is larger than max_srcset_image_width. [36110] #35108
  • Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the https scheme. [36061] #13941, #35120
  • Fix calculations when determining whether to include particular image file in srcset. [36031] #34955

Menus

  • Avoid a PHP Notice when a menu contains a now unregistered post type archive. [36095] #34449
  • Bring back line break between menu items. Reverts [34321].[36082] [36081] #35107
  • Avoid a PHP notice when trying to access the post_parent property of hierarchical post type nav menu items. Merges [35876] to the 4.4 branch. [36044] #34446

Permalinks

Posts/Post Types

  • Improve post-filter sanitization of excluded terms in get_adjacent_post(). [36079] #35211

Query

  • Re-initialise any dynamically-added public query vars before running the public query vars test. [36051] [36048] #35115
  • Introduce a unit test which will fail when new public query vars are introduced without also updating the test. [36046] [36045] #35115
  • Remove title from the public query vars list. [36035] [36034] #35115

Shortcodes

Taxonomy

  • Force non-public taxonomies to have a query_var of false. [36109] [36108] #35089
  • Pass object ids to delete_* actions. [36080] #35213
  • Move excluded_terms filter in get_adjacent_post(). [36078] #9571, #35211
  • Respect $_wp_suspend_cache_invalidation in clean_object_term_cache(). [36076] #35208
  • Order terms by ‘name’ when populating object term cache. [36057] [36056] #28922, #35180
  • Add current-cat-ancestor class to ancestor items in wp_list_categories(). Pairs nicely with current-cat-parent. [36008] #10676
  • Ensure that wp_list_categories() supports comma-separated lists for ‘exclude’ and ‘exclude_tree’. [36006] [36005] #35156
  • Ensure get_terms() results are unique when using ‘meta_query’. [36004] [36003] #35137

Tests

  • After [36100] use an object style which is compatible with PHP5 get_object_vars(). [36118] [36117] #35058
  • When testing the utf8mb4 charset, ensure that the current MySQL server has utf8mb4 support. [36116] #35249
  • Help Tab Order should be based on the Priority Argument. [36104] [36089] #35215, #33941
  • Tests: Use the correct URL in some shortcode tests. [36099] #
  • Move get_adjacent_post() tests to their own file. [36077] #35211
  • Use the default_storage_engine MySQL option on newer MySQL versions. [36055] #34692
  • Correct the public query vars test for the 4.4 branch. [36052] #35115
  • Prevent role capability pollution in Tests_Post_GetPostsByAuthorSql::test_user_has_access_only_to_private_posts_for_certain_post_types(). [36050] #
  • Fix all the things. [36049] #30017, #32394
  • Shave a second off the user capability tests by reusing its user fixtures. [36047] #30017, #32394

Themes

  • Add singular to the list of body classes when viewing a single post object. Adds tests [36112] #35164
  • Break $wp_file_descriptions array into sections and reorder for consistency and readability. [36088] #35223
  • Add taxonomy.php, home.php, front-page.php, date.php, and singular.php to file descriptions. [36087] #35223

Toolbar

  • In Comments link, replace title attribute containing the number of pending comments with a screen reader text. [36093] #34895

Twenty Fifteen

  • Add left margin for lists inside blockquotes in editor-style.css. [36075] #33380

Users

  • Don’t continue checking a password reset key, if the hash is empty. This [36084] #33926
  • When determining whether to show the reassign content option during user delete, don’t rely upon WP_Query as it doesn’t return all forms of content wp_delete_user() operates on. [36106] [36068] #34993

Widgets

Props

Thanks to @jadpm, @aaroncampbell, @afercia, @ambrosey, @ardathksheyna, @azaozz, @barryceelen, @boluda, @boonebgorges, @danielpataki, @dd32, @diddledan, @DrewAPicture, @ericlewis, @gblsm, @hnle, @igmoweb, @jeff, @jeremyfelt, @joemcgill, @johnbillion, @jorbin, @JPry, @jrchamp, @juanfra, @kiranpotphode, @KrissieV, @kucrut, @marcochiesi, @mark8barnes, @meitar, @morganestes, @mwidmann, @nofearinc, @obenland, @pento, @peterwilsoncc, @rabmalin, @rachelbaker, @ramiy, @salcode, @SergeyBiryukov, @ShinichiN, @skithund, @slushman, @swisssipdy, @swissspidy, @tharsheblows, @TimothyBlynJacobs, @tyxla, @wonderboymusic, @wp-architect, and @yetAnotherDaniel for their contributions!

#4-5, #week-in-core

Weekly Dev Chat Agenda for Apr 13 — After 4.5, before 4.6

Agenda for weekly dev meeting on April 13 at 20:00 UTC:

This meeting will be split into two parts. First part is about WordPress 4.5 and the second part about WordPress 4.6. It’s neither the post mortem chat nor the kickoff meeting.

  • WordPress 4.5
    • Announcements
    • Release Lead for 4.5.1
    • What issues do we have? How are support forums looking? – “Do we need to ship a 4.5.1 this week?”
    • Open Discussion
  • WordPress 4.6
    • Announcements
    • Call for Volunteers
    • Call for Component Maintainers
    • Open Discussion

 

If you have anything to propose to add to the agenda, please leave a comment below.

See you in the chat!

#4-5, #4-6, #agenda, #dev-chat

Release Dry Run and Window, RC2 and String Freeze

Hey everyone!

The WordPress 4.5 release proceedings will start at April 12, 2016 at 0900 PDT, with the expectation of release within 2-3 hours of that meeting time. This time allows a decent margin before 5pm EDT (April 12, 2016 at 1400 PDT), at which point a punt to the next day would be discussed.

To help hit that window, let’s meet the day before at April 11, 2016 at 0900 PDT for a dry run.

As a final note, WordPress 4.5 RC2 has been released, and with it, hard string freeze is upon us.

See you at the dry run, and thanks for your help in getting this far!

#4-5, #dry-run

Dev Chat chat notes for April 6/March 30

This post summarizes the last two dev chat meetings.

March 30 meeting:

Review the full logs on Slack.

Schedule notes

Ticket review

  • Discussion of the new link dialog and the removed ‘list of recent posts/search’ section that previously existing in the advanced modal (a regression). It was replaced with the easier inline search, but some users miss it; plan is to restore and rework for the modal.

April 6 meeting:

Review the full logs on Slack.

Schedule notes

  • Release of WordPress 4.5 is scheduled for April 12.
  • About screen nearly complete.
  • Full string freeze by Saturday.

Ticket review

  • The core dev team went thru remaining tickets for the 4.5 release to decide what should get committed and what should get pushed to a later release.
  • Extensive discussion over the cropper and how to treat options passed by themes when setting up a theme logo.
  • A data inconsistency bug affecting the WP-API was considered significant enough that it needed fixing.
  • As we approach release and changes have less time to be tested, committers feel reluctant to make any changes.

#4-5, #dev-chat

Week in Core, Mar 29 – Apr 5 2016

Welcome back the latest issue of Week in Core, covering changes [37092-37160]. Here are the highlights:

  • 69 commits
  • 16 contributors
  • 62 tickets created
  • 7 tickets reopened
  • 32 tickets closed
  • Target release date for 4.5 is April 12th

Ticket numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update Slack channel.

Accessibility

  • Improvements for the Editor wpLink modal form fields. [37160] #33301

Build/Test Tools

Comments

  • Wrap the formatted comment text on the comment moderation screen in comment_text() so paragraphs and texturisation are applied. [37158] #34133

Customize

  • Fix toggle of title attribute field visibility on nav menus admin page. [37153] #35273, #36353
  • Put focus on change button instead of remove button in media control. [37152] #36337
  • Respect aspect ratio on cropped images. [37113] #36318

Docs

  • Ignore _wp_upload_dir_baseurl() from parsing for the Code Reference. [37114] #36371

Editor

  • Remove trailing space from a help text string. [37159] #36407
  • Restore the bottom half of the modal. Make it always expanded and remove the toggle. It is used as advanced link options now, no need to have simple mode. [37154] #36359

Embeds

  • Improve how iframes are loaded after being initially hidden. [37093] #35894

General

  • Add deprecated notice and removal warning to _wp_upload_dir_baseurl(). [37112] #36371
  • Snoopy: use escapeshellarg instead of escapeshellcmd [37102-37094]

HTTP API

I18N

Javascript

  • Add nonce to AJAX action for script compression setting. Merges [37143] to the 4.4 branch [37144] [37143]

Networks and Sites

Plugins

Role/Capability

  • Add create_sites and delete_sites to the list of capabilities that are checked as part of the comporehensive roles and capabilities tests. [37157] #32394, #36413

Taxonomy

Themes

  • Remove $size reference from get_custom_logo().  [37135] #36327

Upgrade/Install

  • Add Nonce to updating wporg_favorites user meta field Merges [37145] to the 4.4 branch [37146] [37145]

Thanks to @adamsilverstein, @afercia, @azaozz, @dimadin, @DrewAPicture, @iseulde, @jeremyfelt, @johnbillion, @jorbin, @nbachiyski, @obenland, @ocean90, @sidati, @swissspidy, @TacoVerdo, and @westonruter for their contributions!

#4-5, #week-in-core

REST API: Slashed Data in WordPress 4.4 and 4.5

Hi everyone. The REST API team recently discovered a bug with parameter parsing in the API infrastructure, part of WordPress 4.4. For those of you using the API infrastructure, you need to be aware of a bug fix we’re making with the API.

The Problem

The REST API has several types of parameters that it mixes together. These come from several sources including the request body as either JSON or URL-encoded form data ($_POST), query parameters ($_GET), the API route, and internally-set defaults. Unfortunately, due to an oversight on our behalf, these parameters can be inconsistently formatted.

In WordPress, the superglobal request variables ($_POST and $_GET) are “slashed”; effectively, turning magic quotes on for everyone. This was originally built into PHP as a feature to help guard against SQL injection, but was later removed. Due to compatibility concerns, WP cannot change this behaviour for the superglobals. This only applies to the PHP superglobals, not to other sources of input like a JSON body or parameters in the URL. It additionally does not apply to form data on PUT or DELETE requests.

Internally, some low-level WordPress functions expect slashed data. These functions internally call wp_unslash() on the data you pass in. This means input data from the superglobals can be passed in directly, but other data needs to be wrapped with a call to wp_slash().

When the REST API gathers the data sources, it accidentally mixes slashed and unslashed sources. This results in inconsistent behaviour of parameters based on their source. For example, data passed as a JSON body is unslashed, whereas data passed via form data in the body is slashed (for POST requests).

For example, the following two pieces of data are equivalent in the REST API:


// JSON body:
{"title": "Foo"}

// Form-data ($_POST)
title=Foo

// Both result in:
$request->get_param('title') === 'Foo';

However, if the data contains slashes itself, this will be inconsistently passed to the callback:


// JSON body:
{"title": "Foo\Bar"}

// Results in:
$request->get_param('title') === 'Foo\Bar';

// Form-data ($_POST) (%3D = "\")
title=Foo%3DBar

// Results in:
$request->get_param('title') === 'Foo\\Bar';

This means that callbacks need to understand where parameters come from in order to consistently handle them internally. Specifically:

  • Data passed in the query string ($_GET, $request->get_query_params()) is slashed
  • Data passed in the body as form-encoded ($_POST, $request->get_body_params()) is slashed for POST requests, and unslashed for PUT and DELETE requests.
  • Data passed in the body as JSON-encoded ($request->get_json_params()) is unslashed.
  • Data passed in the URL ($request->get_url_params()) is unslashed.
  • Data passed as a default ($request->get_default_params()) is unslashed.

In addition, parameters set internally via $request->set_param() are unslashed. Unit and integration tests for API endpoints typically use these directly, so the majority of tested code (such as the WP REST API plugin) assumes parameters are unslashed.

See the related Trac Ticket #36419 for more information.

The Solution for WordPress 4.4 and 4.5

We are regarding inconsistently-slashed data as a major bug, and are changing the API infrastructure to ensure unslashed data. This will ensure that data is consistent regardless of the source. Callbacks will now receive unslashed data only, and can rely on this regardless of the original data source or request method.

If you are using functions that expect slashed data in your callback, you will need to slash your data before passing into these functions. Commonly used functions that expect slashed data are wp_insert_post, wp_update_post, update_post_meta, wp_insert_term, wp_insert_user, along with others. Before passing data into these functions, you must call wp_slash() on your data.

The fix for this issue, will be included in the WordPress 4.5 release candidates and final release. Due to the severity of the bug, we are also backporting the fix to the next minor WordPress 4.4 update. This also ensures you can update your plugins can act consistently across all versions of the REST API.

We understand that this may inadvertently break some plugins that are expecting slashed data. Right now, it’s not possible to consistently ensure that callbacks receive slashed data, so it is likely that these plugins will already break in some conditions.

tl;dr: if you’re using wp_insert_* or *_post_meta in your REST API callback, you need to ensure you are calling wp_slash() on data you are passing in, regardless of source.

We apologize for this bug existing in the first place. Slashed data is a problem that has plagued WordPress for a long time, and we’re not immune to getting caught by the issue ourselves.

#4-4, #4-5, #rest-api

Road to 4.5: All Hands on Deck

We’re almost there! Release day is April 12.

In order to get there, help is needed to resolve the remaining issues in the report.

The regular dev meeting will be at April 6, 2016 at 20:00 UTC, where we’ll go over status, but the report should really be clear before then.

There are currently 6 12 tickets in the milestone, which with few exceptions need to be resolved so that we can ship an RC 2 this week in preparation for release next week.

We need all hands on deck — especially if you are a component maintainer or committer, but all eyes appreciated. Please watch the milestone for tickets you can suggest remedies for or whose patches you can review.

In particular, the help of lead developers and permanent committers is requested, because without approval from two of you for each patch, we cannot move forward with committing fixes. Thanks to those of you who have been doing reviews!

Tickets with a patch and single sign-off in need of a second are:

  • #34133 – Moderate Comments: Pass through comment_text().
  • #36389 – Selective Refresh: Make sure refresh transport is used only when appropriate.
  • #36410 – I18n: Misleading translators comment and bad string

Needs testing and double sign-off:

  • #36380 – Moderate Comments: Show link URLs to avoid abuse.

Has patch and double sign-off, but needs second opinion from Polyglots team:

  • #36407 – I18n: Remove an extra space.

Needs patch:

  • #36412 – Custom Logo: Can’t skip crop for images smaller than specified in theme.
  • #36392 – Script Loader: wp_add_inline_script() breaks script dependency order.
  • #36173 – About Page: Needs commit with final strings by Wednesday. Draft design & strings attached for review.

Can ride:

  • #36354 – Bump core themes versions prior to release.
  • #36401 – Bump Akismet for 4.5.
  • #36413 – Additional tests for roles/caps
  • #35857 – Additional tests for customizer/selective refresh

Thanks for your help in getting us through the final stretch.

#4-5

WordPress 4.5 Field Guide

WordPress 4.5 is the next major version of WordPress and with it come some bang bang changes. This guide will describe many of the developer-focused changes to help you test your themes, plugins, and sites. So grab a ☕️ ,🍷,🍵, or 🍺 and get ready for what’s coming soon.

JavaScript! and CSS!

Multiple external libraries have been updated with the two that require your attention being Backbone and Underscore. There were some‼️ breaking changes ‼️ with these two libraries, so make sure to test your code if you use either of these.  jQuery and jQuery Migrate have also been updated, please test with the unminified versions in order to ensure future compatibility with WordPress.

The script loader has been updated with three big changes. The build process no longer creates wp-admin.min.css, wp_add_inline_script() joins the family of functions, and better support for multigenerational dependencies is included.

Term Edit Page! –‼️ Backward Incompatible change‼️

The term edit screen has been separated out from the term list screen. This brings greater consistency to how the admin generates screens for terms and posts but at the cost of the need to change how you register scripts and how you detect that you are on a term edit screen.

Live Preview: Faster, Extensible, More Features!

Live Preview (also known as “The Customizer”) once again has received attention this release with the addition of new controls, some performance improvements that require your attention to implement, and a two new user-facing features.

Setting-less Controls, Device Previews, and Selective Refresh are the three biggest changes you’ll find. Setting-less controls make it easier for you to implement complex interfaces. Device Preview is a user facing feature that allows users to adjust the preview to match the screens on various devices.  This feature includes filters to change the devices users can choose. Selective Refresh allows for changes to appear quicker inside the preview, and you can do so with less code than before. Theme authors need to make changes to take advantage of selective refresh. Luckily, the change will generally result in fewer lines of code needed overall ( more 🍎 than 🍏 ).

One area that selective refresh helps live preview function faster is with widgets.

‼️ If you offer sidebars or a widget in your theme or plugin, please update your code to implement selective refreshBoth themes and widgets need to indicate support, so please update your code accordingly.

The final change to Live Preview involves a control for a new theme feature, and that is Custom Theme Logos.

Custom Theme Logos!

Themes can now offer support for custom logos. Custom Logos add an additional way for users to customize their site and theme developers can customize how custom logos are displayed.

Image Performance!

Following up on the introduction of responsive images in WordPress 4.4, WordPress 4.5 is making changes to improve image performance including improved compression settings and smarter handling of image metadata.

Embed Templates! (and other iterations)

Iterating on embeds has led to the ability to better customize embeds by adding new templates to the template hierarchy for embeds. Embeds have also had some performance improvements for autodiscovery, the ability to embed the front page of a site, and changes to the iframe of embedded content.

Comments Component!

The comments component has a few user-facing changes to make comments easier to moderate. For developers, the most notable change is the ability to adjust field lengths for your custom database schema. Additionally, the rel=nofollow attribute and value pair will no longer be added to relative or same domain links within comment_content.

Multisite!

Multisite once again has seen changes with the addition of new filters around site and user creation, and a WP_Site object.

And more!

Overall, 372 bugs have been marked as fixed in WordPress 4.5 (so far). There are also dozens of new hooks and dozens of hooks that have received additional parameters. It’s entirely possible that one or more has caused a regression, so please make sure to test your code deeply and report any issues you find.

#4-5, #dev-notes, #field-guide

Reminder – Dev Meeting Time

This is just a reminder that the dev meeting today is shifting an hour earlier today, since Europe has moved into DST.

The meeting will be at March 30, 2016 at 20:00 UTC.

We’ll chat about what’s left in the report. See you there!

#4-5, #agenda