Adds gray WordPress logo image files (`w-logo-gray-white-bg.png` and `w-logo-gray-white-bg.svg`) to `wp-includes/images/`, and updates `the_embed_site_title()` and `do_favicon()` to use the new images as the fallback site icon, maintaining visual consistency with the login screen logo updated in r61989.
Replaces CSS custom property references for focus styles in the embed template (`--wp-admin-theme-color` and `--wp-admin-border-width-focus`) with their literal values, as these admin-theme variables are not defined in the oEmbed template context.
Developed in https://github.com/WordPress/wordpress-develop/pull/11293.
Follow-up to r61652, r61989, r62502.
Props sabernhardt, huzaifaalmesbah, westonruter, jamesbregenzer.
See #64708.
Fixes#64877.
Built from https://develop.svn.wordpress.org/trunk@62521
git-svn-id: http://core.svn.wordpress.org/trunk@61802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `get_site_icon_url()` overwrote a caller-supplied fallback URL with the return value of `wp_get_attachment_image_url()` even when that lookup returned `false`, so a defined fallback (such as the bundled WordPress logo) was silently discarded whenever the assigned site icon attachment could not be resolved. Only update the URL when a non-empty attachment URL is returned.
Additionally, `the_embed_site_title()` now renders the site icon `<img>` only when a URL is available, and omits the `srcset` attribute when the 2x URL is missing or identical to the 1x URL. This avoids the malformed markup (an empty `src` and a bare ` 2x` `srcset`) that produced a broken image and spurious requests in oEmbed cards.
Developed in https://github.com/WordPress/wordpress-develop/pull/11601.
Follow-up to r35571, r36693, r47832.
Props sukhendu2002, sabernhardt, mukesh27, westonruter, pontocinza, mohamedahamed, abcd95, manhar, rollybueno.
Fixes#65098.
Built from https://develop.svn.wordpress.org/trunk@62502
git-svn-id: http://core.svn.wordpress.org/trunk@61783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add `is_array()` checks before accessing return values from `wp_get_attachment_image_src()` in `get_oembed_response_data_rich()`, `wp_playlist_shortcode()`, and `wp_prepare_attachment_for_js()`.
* Guard `wp_getimagesize()` calls within `wp_get_attachment_image_src()` itself.
* Ensure `wp_get_attachment_image_src()` always returns the expected `array{0: string, 1: int, 2: int, 3: bool}` type or `false` by normalizing the filter result with explicit type casting and default values.
* Add `@phpstan-return` annotations to both `wp_get_attachment_image_src()` and `wp_getimagesize()` for the specific array shapes.
Developed in https://github.com/WordPress/wordpress-develop/pull/11073
Props hbhalodia, westonruter, mukesh27, edent, ozgursar, roshniahuja14.
Fixes#64742.
Built from https://develop.svn.wordpress.org/trunk@62176
git-svn-id: http://core.svn.wordpress.org/trunk@61458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This results in the oEmbed discovery links being printed before scripts and styles are printed. This helps ensure they appear within the first 150K bytes of the HTML response, which is required by `WP_oEmbed::discover()`. With increasing the `styles_inline_size_limit` from 20K to 40K in #63018, it becomes more probable that the oEmbed discovery links will be pushed out of range.
For backwards compatibility with themes and plugins that disable the oEmbed discovery links by unhooking `wp_oembed_add_discovery_links()` from running at `wp_head` priority 10 (even though the `oembed_discovery_links` filter is available to disable such links), this callback is added a second time to run earlier at priority 4. The first time the function runs, it checks to see if the callback is still hooked at priority 10. If not, the function short circuits. If it is still hooked at priority 10, however, the function then unhooks itself at priority 10 so that it won't run a second time later during the `wp_head` action, before proceeding with printing the discovery links. A similar back-compat approach was taken previously in [60910]. The back-compat checks are only performed if the function is invoked during the `wp_head` action, allowing the function to be called "idempotently" elsewhere.
Developed in https://github.com/WordPress/wordpress-develop/pull/10449
Follow-up to [61118], [61117].
Props westonruter, swissspidy.
See #64186, #63018.
Fixes#64178.
Built from https://develop.svn.wordpress.org/trunk@61119
git-svn-id: http://core.svn.wordpress.org/trunk@60455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the ability to enqueue scripts and styles wrapped in IE conditional comment tags. Conditional comment support was removed from IE in version 10 in 2012, and no core supported browser renders them in any way. IE9 has global usage approaching zero. WordPress dropped support for IE10 and below in version 4.8.
Patch adds a deprecation notice if the conditional data argument is added. Scripts and styles are not printed, and neither are their dependencies if they are not required by other non-conditional scripts. Conditional dependencies are removed from core enqueues.
Props jonsurrell, joedolson, shailu25, siliconforks, dmsnell, sabernhardt, rollybueno.
Fixes#63821.
Built from https://develop.svn.wordpress.org/trunk@60948
git-svn-id: http://core.svn.wordpress.org/trunk@60284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of manually constructing the markup for `SCRIPT` tags, leverage `wp_print_inline_script_tag()` when available to do the construction while also ensuring filters may inject additional attributes on the `SCRIPT` tags, such as `nonce` for CSP. When the function is not available (prior to WP 5.7), fall back to the manual markup construction.
This also adds the `sourceURL` comments to the inline scripts to facilitate debugging, per #63887.
Developed in https://github.com/WordPress/wordpress-develop/pull/9416.
Follow-up to [60909], [60899].
Props debarghyabanerjee, westonruter, hbhalodia, peterwilsoncc, sabernhardt, poena.
See #63887, #59446.
Fixes#63806.
Built from https://develop.svn.wordpress.org/trunk@60913
git-svn-id: http://core.svn.wordpress.org/trunk@60249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since the function is supposed to output a string and only return a boolean value, this commit ensures that an error message is properly displayed, bringing consistency with a similar fragment a few lines above.
Follow-up to [35436].
Props abcd95, oglekler, SergeyBiryukov.
Fixes#63652.
Built from https://develop.svn.wordpress.org/trunk@60443
git-svn-id: http://core.svn.wordpress.org/trunk@59779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit updates the filter documentation to indicate that it can both take and return a `string|false` value.
Documentation for functions attached to the filter has been similarly corrected:
* `WP_oEmbed::_strip_newlines()`
* `wp_filter_oembed_result()`
* `wp_filter_oembed_iframe_title_attribute()`
Follow-up to [12153], [25723], [34903], [34974], [44942].
Props justlevine.
See #63268.
Built from https://develop.svn.wordpress.org/trunk@60307
git-svn-id: http://core.svn.wordpress.org/trunk@59643 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This new argument, which defaults to the value of `public`, can be used to determine whether a post can be embedded using oEmbed. A new `is_post_embeddable()` function is added to easily check this.
Props pampfelimetten, swissspidy, bradleyt, DrewAPicture, gadelhas, mukesh27.
Fixes#35567.
Built from https://develop.svn.wordpress.org/trunk@59700
git-svn-id: http://core.svn.wordpress.org/trunk@59042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Chrome unreliably loads a lazy-loaded iframe when it is hidden using `clip: rect(1px, 1px, 1px, 1px)`. Instead of using `clip`, a lazy-loaded iframe can also be hidden with `visibility:hidden` which results in it loading not only in Chrome but all other browsers. With this change applied, the hard-coded check to prevent lazy-loading post embeds is now removed. An added benefit to using `visibility:hidden` is that the entire iframe in this case is not interactable, meaning that users navigating the document with the keyboard will not unexpectedly encounter tab stops inside of the hidden iframe, as can happen now with `clip` when the JS fails to reveal the loaded iframe. Note also that the `clip` property is deprecated.
Lastly, when such a post embed iframe is rendered in an RSS feed, the `style` attribute is now removed using the HTML Tag Processor as opposed to using string replacement.
Fixes#58773.
Props westonruter, joemcgill, swissspidy, joedolson, adamsilverstein.
Built from https://develop.svn.wordpress.org/trunk@58143
git-svn-id: http://core.svn.wordpress.org/trunk@57608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows a Multisite network to use an address that includes a port name, such as `example.com:1234`, and adds support for this to the local development environment too. You can now run a Multisite installation on the local development environment, for example at `localhost:8889`.
This also fixes some bugs with running a single site installation on a port, and updates the testing infrastructure so that the whole test suite runs both with and without a port number.
Props djzone, scribu, nacin, ipstenu, F J Kaiser, jeremyfelt, johnjamesjacoby, spacedmonkey, PerS, Clorith, Blackbam, enrico.sorcinelli, Jules Colle, obliviousharmony, desrosj, johnbillion
Fixes#21077, #52088
Built from https://develop.svn.wordpress.org/trunk@58097
git-svn-id: http://core.svn.wordpress.org/trunk@57562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.
To ensure backward compatibility, the following functions have been deprecated and replaced:
- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb
Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.
However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:
- custom-background
- wp-custom
These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.
Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes#58775.
Built from https://develop.svn.wordpress.org/trunk@56682
git-svn-id: http://core.svn.wordpress.org/trunk@56194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
Built from https://develop.svn.wordpress.org/trunk@53455
git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change fixes oEmbed host script enqueueing on front-end when using block themes.
It deprecates `wp_oembed_add_host_js` in favor of `wp_maybe_enqueue_oembed_host_js`. The action is still triggered in `default-filters.php` to ensure backward compatibility for websites that are removing the action. There is now a `has_action()` check in `wp_maybe_enqueue_oembed_host_js()` to see if `wp_oembed_add_host_js()` has not been unhooked from running at the `wp_head` action.
Follow-up to [52132], [52151], [52153], [52325].
Props swissspidy, westonruter, flixos90, kafleg.
Fixes#44632.
Built from https://develop.svn.wordpress.org/trunk@52437
git-svn-id: http://core.svn.wordpress.org/trunk@52029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the way that the `blockquote` and `iframe` are being parsed with a regular expression in `wp_filter_oembed_result()`, if there is any content at all before the `blockquote` start tag then it will fail to be included in the first matching group. By appending the `wp-embed` script instead of prepending it in `get_post_embed_html()`, then the parsing issue is avoided.
Also use non-greedy match `wp_maybe_enqueue_oembed_host_js()`.
Amends [52132].
Fixes#44632.
Built from https://develop.svn.wordpress.org/trunk@52153
git-svn-id: http://core.svn.wordpress.org/trunk@51745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so.
* Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads.
* Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled.
* For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`.
Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes#44632, #44306.
Built from https://develop.svn.wordpress.org/trunk@52132
git-svn-id: http://core.svn.wordpress.org/trunk@51724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove units when the value is zero. Combine redundant values in shorthand declarations.
This was generated with `stylelint --fix` and a custom config (see #53866).
Props ankitmaru, audrasjb, pbiron, ayeshrajans, hareesh-pillai, netweb, mukesh27.
Fixes#53866.
Built from https://develop.svn.wordpress.org/trunk@51727
git-svn-id: http://core.svn.wordpress.org/trunk@51333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is part of a larger project in cleaning up core's admin CSS. This collapses all colors used in the CSS to one of 12 blues, greens, reds, and yellows, 13 grays, pure black, and pure white. The colors are perceptually uniform from light to dark, half of each range has a 4.5 or higher contrast against white, the other half has a 4.5 or higher contrast against black.
Standardizing on this set of colors will help contributors make consistent, accessible design decisions. The full color palette can be seen here: https://codepen.io/ryelle/full/WNGVEjw
Props notlaura, danfarrow, kburgoine, drw158, audrasjb, Joen, hedgefield, ibdz, melchoyce.
See #49999.
Built from https://develop.svn.wordpress.org/trunk@50025
git-svn-id: http://core.svn.wordpress.org/trunk@49726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
Built from https://develop.svn.wordpress.org/trunk@49992
git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that Ctrl/Cmd + click to open a link in the embed iframe in a new tab works as expected.
Props timhavinga, garrett-eclipse, smerriman, swissspidy, johnbillion, Mte90, iandunn, azaozz, afercia, audrasjb, SergeyBiryukov.
Fixes#39097.
Built from https://develop.svn.wordpress.org/trunk@49202
git-svn-id: http://core.svn.wordpress.org/trunk@48964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Weston Ruter