Dev Chat Summary, May 17, 2023

The WordPress Developers Chat meeting took place on 2023-05-17 at 20:00 UTC in the core channel of Make WordPress Slack.

Key Links

Announcements

Highlighted Posts

  • Proposal: Retiring Older Default Themes: This post summarizes the current state of bundled themes in WordPress before proposes new support states for bundled themes. It also raises two potential ways to decrease the total number of themes receiving regular updates. Thanks to @desrosj and everyone who contributed to this post.
  • Command Center: Request for feedback: Check it out and give your feedback on the UXUX User experience and APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. for this feature.

Release Updates

The next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. is 6.3.

6.2.1 Minor ReleaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. Discussion

@audrasjb provided a summary of the recent 6.2.1 release, which included security patches from 4.1.x through 6.2. One fix in particular led to an issue with utilizing shortcodes in templates. The problem was being actively discussed by the Security Editor team, who began plans for a quick follow-up patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. to address the issue. See this related ticketticket Created for both bug reports and feature development on the bug tracker.: #58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!.

@nekojonez indicated that the issue only happens with FSE themes, confirming that their non-FSE themes were unaffected. @audrasjb agreed that it only affected template blocks [used in FSE themes]. @pbiron added that shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. blocks used in blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. theme template parts remained functional.

@nekojonez also mentioned concern that the new issue may cause users and members of the WordPress community to get the impression that shortcodes would no longer be supported, and referenced a discussion in #forums that could be taken out of context in support of this misunderstanding.

@ipstenu provided a link to the discussion, and indicated that this was a breaking change that did not include a notification to users beforehand. She suggested that the release post could have been more clear as to why shortcode support in block templates was removed. @nekojonez expressed agreement about wishing for more clarity in the post.

@nekojonez noted that workarounds existed for the issue, and might be shared with clear “use as your own risk” language. @pbiron explained that one of the options was to move the shortcode block into a template part, and for the template part to replace the original shortcode block used in the template. He added a comment to the ticket explaining this. @webcommsat asked @audrasjb if the post could be updated with information about the workaround.

@azaozz asked if the workarounds “revert” the security fix, and @audrasjb confirmed that yes, they rewrite the logic and re-introduce the security issuesecurity issue A security issue is a type of bug that can affect the security of WordPress installations. Specifically, it is a report of a bug that you have found in the WordPress core code, and that you have determined can be used to gain some level of access to a site running WordPress that you should not have..

@psdtohtmlguru indicated that the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party-based workaround impacted performance on complex templates, and asked for a link to the security fix ticket. @audrasjb shared a link to the commit, but pointed out the ticket was in Hackerone and not visible to the public. @francina also noted that security fixes are not disclosed publicly, and JB provided a supporting link to the Core Handbook’s security FAQ.

@nekojonez expressed worry that not knowing details of the security flaw may put into question the safety of non-FSE theme shortcode use, and asked for more communication on it. @pbiron added that it was strange the vulnerability would affect shortcode usage directly in a template, but not in a template part of post content. @ndiego asked if anyone could share why shortcodes behaved differently between these usages, and @timothyblynjacobs suggested the discussion was getting too deep for now.

@psdtohtmlguru asked for confirmation that shortcodes in templates don’t work, but that shortcodes in post content would continue to work. @nekojonez indicated the need to await further updates from the security and editor teams, suggesting a clarification post in the meantime. @timothyblynjacobs and @audrasjb agreed, with Timothy suggesting the post primarily clarify that the security team is aware of and discussing solutions to the issue.

@azaozz recommended that shortcodes should not be used in templates, due to performance issues on top of the security concerns. Several attendees responded in the thread explaining that shortcodes were beneficial for numerous reasons, and @asafm7 shared their particular use case. [Editor’s Summary: From this long thread the impression is that regardless of security or performance implications, shortcodes are currently a valuable content mechanism that does not yet have a clear replacement for all use cases.]

6.4 Q&A

@francina asked for an informal Q&A session around WordPress 6.4, details of which can be found in this Slack thread. @karmatosed asked if there was a list of questions for the call, to provide preparation time to address them. @estelaris responded with a link to the spreadsheet (see comment) where more questions could be added. Francesca clarified that the Q&A would be informal and occur on Zoom. @jeffpaul asked about the possibility of two sessions to accommodate timezone differences, the idea which was seconded by Tammie. Francesca agreed to make the calls more formal, and to post about it in make/coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress..

Maintainers: Component Help Requests

wp.zip Domain

@francina proposed that the https://wp.zip domain redirect to the latest WordPress release ZIP file — @sergeybiryukov asked if https://wordpress.org/latest.zip was the suggestion — rather than the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ homepage where it currently leads. @pbiron suggested opening a ticket in Meta Trac, and proposed that https://wordpress.org/download/ might be preferable to avoid user confusion/concern that might result from a link leading to an automatic download. @webcommsat agreed that avoiding automatic downloads would be better for accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility).

6.3 Tickets

@oglekler shared two tickets that could be moved into the 6.3 milestone, which had been tested:

@webcommsat called for help testing the patches, and reiterated adding test results to tickets for visibility.

Open Floor

WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Europe 2023

@webcommsat called for updating Core and Core Test information for Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/., thanking @estelaris for gathering the info. Estela emphasized the need to email the info to first-time contributors by Friday, 19 May.

@webcommsat also asked for volunteers to facilitate the Core tables at the event. Both @oglekler and @sergeybiryukov expressed interest.

@webcommsat asked @estelaris if there was to be a table to assist contributors in setting up local environments, noting that a dedicated table has worked well before. Estela confirmed there would be a table, but that emails to first-time contributors could help ensure they are better prepared, particularly with software downloads. @webcommsat also noted the emails could include the date/time for upcoming new contributor meetings.

@webcommsat said they were reviewing Contributor Day info from WC Asia that should be added to the Core Handbook, noting that it was also being added to the Make Teams introduction document (link provided by @estelaris).

@webcommsat asked that Contributor Day attendees share in this post’s comments if they would be able to help at a Core table. @estelaris indicated that there would be approximately six tables dedicated to the Core team, and @desrosj asked which Core focus area had been identified for each table. Estela referred to the introduction document, and that nothing in particular had been mentioned. Jonathan would review the document and try to find other teams to collaborate with.

Finally, @webcommsat noted that tickets were still available for both the conference and Contributor Day.

Next Meeting

The next meeting will be on May 24, 2023 at 20:00 UTC.

Are you interested in helping draft Dev Chat summaries? Volunteer at the start of the next meeting on the #core Slack channel.

Props @ironprogrammer for co-authoring and @audrasjb for peer review of this summary.

#6-3, #6-4, #6-2-1, #dev-chat, #meeting, #summary, #wceu

CSS Chat Summary: 4th June…

CSSCSS Cascading Style Sheets. Chat Summary: 4th June 2020

Full meeting transcript on Slack: https://wordpress.slack.com/archives/CQ7V4966Q/p1591304484223300

I (@notlaura) facilitated the meeting.

Acknowledging Racial Injustice

I didn’t feel comfortable leading our usual meeting without explicitly acknowledging the racial injustices that have lead to the Black Lives Matter protests in the US and around the world. I invited meeting attendees to converse in a thread during the meeting, if they wanted.

CSS audit updates

I update the Google Doc with the PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher files that contain CSS, and we discussed how to approach the JSJS JavaScript, a web scripting language typically executed in the browser. Often used for advanced user interfaces and behaviors. files that contain CSS, and what specifically to note about the styles in PHP. @kburgoine suggested to focus on any CSS that includes colors and units of measurement that may change in the future.

Color Scheming Updates

Next week, we will have an agenda item to discuss color naming conventions with the design team, but we did have a cursory discussion this week.

@ryelle has been experimenting a PostCSS plugin she mentioned last week that will pull out all colors and replace them with custom properties named according to their selector and property. While it has promise, there will need to be some manual work involved since it creates so many properties and very long property names due to long selectors.

@michael-arestad outlined a couple of alternative approaches that may reduce the amount of the custom properties, but may require selective overrides and may be more difficult to understand. We went back and forth a bit exploring these options and that it would be valuable to have foreground and background colors paired together, and perhaps there is a way with the concept of design tokens to achieve that.

We concluded that a next step would be getting an idea of the scale of actual color values required, and @squarebracket shared a very interesting approach for programming Sass-like color functons with custom properties that would could incorporate into our iteration.

CSS Latest and Greatest Link Share

The clamp() function has very good browser support these days! Here is a great blog post about it – just look at that huge Less/Sass mixin we no longer have to write!

Also, @netweb is doing some work on getting the Stylelint config and tooling into coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. for #wceu Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/.! Very cool.

That was all for this week!

#summary #core-css

Devchat meeting summary – May 20, 2020

@francina facilitated the chat on this agenda.
Meeting recap by @audrasjb and @marybaum.

Full meeting transcript on Slack

Announcements

Just a few hours before the chat, the hardworking team behind the plugins and themes auto-updates feature committed it to Core! Congrats to all!

Check out this related ticketticket Created for both bug reports and feature development on the bug tracker. that adds Help Tabs text to update-core, themes and plugins WP-Adminadmin (and super admin) screens: #50215

If you’d like to be part of the Full Site Editing outreach experiment, the sign-up deadline is now May 22. @chanthaboune noted that’s just to show interest, not a commitment yet.

Highlighted posts

Upcoming releases

WordPress 5.5

The next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. of WordPress is in active development (Alpha cycle).

@francina noted the team is not quite complete, but it’s confirmed that @matt will return as release leadRelease Lead The community member ultimately responsible for the Release.@davidbaumwald as co-lead in the role of Triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. PM and @sergeybiryukov as Core tech lead. The 5.5 team will also mentor the 5.6 team.

WordPress 5.4.2

@audrasjb shared that there are 20 tickets in the milestone. Of those, 17 are closed as fixed.

@whyisjake leads this point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality., and the group firmed plans for a release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). on June 3 and a final release June 10.

Components check-in and status updates

@whyisjake was exuberant that the core team was able to merge the auto-updates code today. This is going to do a great deal to help people stay on top of updates for a safer WordPress ecosystem.

The merge is just the latest significant step toward the master plan for 2020. Lazy-loading of images merged a few weeks ago, and XML sitemaps is making great progress as well.

On the accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) side, @audrasjb shared that most of the accessibility team’s main projects for 5.5 are moving forward. Alternate views for posts, users, and comments lists should be ready for review soon.

@johnbillion wanted to note that weekly meetings for Multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site have restarted, on Tuesdays at 17:00 UTC in #core-multisite. Come join them!

In Site Health, @clorith pointed out that the Theme Review Team has implemented requirements for PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher headers in themes. That move should push users in the right direction for updates.

As well, the Site Health component team has had discussions with hosting about bumping the version for Servehappy dashboard nags.

Open floor

@dlh wanted to highlight #48416. He recently encountered a use for it again. If you’re interested in the taxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. component, please give it a look.

@sippis reminded everyone to register for WCEU 2020 Online Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/., which is Thursday, June 4, 2020 at 13:00 UTC. If you don’t register, you won’t get the emails you’ll need in advance, so don’t forget to register.

#5-4-2, #5-5, #dev-chat, #feature-autoupdates, #fse, #summary, #wceu, #wceu-2020

Help needed —> Core team and WCEU Contributor Day

You may have seen update posts on WCEU’s plans on how to create an online Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/. this year (see posts from April 15th and April 24th). You may have also caught a reference to this in this past week’s devchat (see related summary post).

As part of the coming online/virtual WCEU, we’ve been asked to plan for how CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. will handle an online Contributor Day.  The specific items we’ve been asked to consider:

  • Ensure our Getting Started at a Contributor Day handbook page has been updated as necessary
  • Ensure new contributor meeting happens between 25 May and 3 June, alerting the WCEU Contributor Day team via comment
  • Record a video intro about the Core team, similar to the live intros usually given in-person
  • Confirming list of good-first-issues and experience-issues for Contributor Day
  • Identifying 2+ experienced contributors to help facilities during Contributor Day
  • Plan for a live intro session at the beginning of Contributor Day

So I’m looking to you all to help here: who can help cover any of these tasks and help during the actual WCEU Contributor Day event? Please comment on this post noting which of the bulleted needs above are items you can assist with, thanks!

#contributor-day, #wceu